{SystemsManager}チュートリアル: Run Command で AWS CLI を使用する


https://docs.aws.amazon.com/ja_jp/systems-manager/latest/userguide/walkthrough-cli.html

https://docs.aws.amazon.com/ja_jp/systems-manager/latest/userguide/systems-manager-setting-up-ec2.html

 


-- 1. コマンド等のインストール

-- 1.1 aws cli version 2 インストール

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
aws --version


-- 1.2 jqインストール
sudo yum -y install jq

 

-- 2. IAMロール作成
vim role01.json

{
    "Version": "2012-10-17",
    "Statement": [
      {
        "Effect": "Allow",
        "Principal": {
          "Service": "ec2.amazonaws.com"
        },
        "Action": "sts:AssumeRole"
      }
    ]
}

 

aws iam create-role \
--role-name role01 \
--assume-role-policy-document file://role01.json


-- 3. ポリシーをロールにアタッチ

aws iam attach-role-policy \
--policy-arn arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore \
--role-name role01

 

-- 4. インスタンスプロファイルを作成

aws iam create-instance-profile --instance-profile-name profile01

aws iam list-instance-profiles | grep InstanceProfileName

-- 5. インスタンスプロファイルにロールを追加
aws iam add-role-to-instance-profile --instance-profile-name profile01 --role-name role01

aws iam list-instance-profiles-for-role --role-name role01

 


-- 6. IAM ロールを使用したEC2インスタンス起動

aws ec2 run-instances \
--image-id ami-0404778e217f54308 \
--instance-type t3.nano \
--key-name key1 \
--tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=instance01}]' \
--instance-market-options '{"MarketType": "spot","SpotOptions": {"SpotInstanceType": "one-time"}}' \
--iam-instance-profile Name="profile01"

aws ec2 describe-instances

 

-- 7. マネージドノードの確認

aws ssm list-documents

aws ssm describe-instance-information \
--output text \
--query "InstanceInformationList[*]"

aws ssm describe-instance-information \
--instance-information-filter-list key=InstanceIds,valueSet=i-11111111111111111


-- 8. シェルスクリプトを実行してリソースの詳細を表示する

aws ssm describe-document \
--name "AWS-RunShellScript" \
--query "[Document.Name,Document.Description]"

aws ssm describe-document \
--name "AWS-RunShellScript" \
--query "Document.Parameters[*]"

 

-- 9. AWS-RunShellScript ドキュメントを使用して簡単なコマンドを送信する

aws ssm send-command \
--instance-ids "i-11111111111111111" \
--document-name "AWS-RunShellScript" \
--comment "IP config" \
--parameters commands=ifconfig \
--output text

 

aws ssm list-command-invocations \
--command-id 22222222-2222-2222-2222-222222222222 \
--details

 

sh_command_id=$(aws ssm send-command \
--instance-ids "i-11111111111111111" \
--document-name "AWS-RunShellScript" \
--comment "Demo run shell script on Linux managed node" \
--parameters commands=whoami \
--output text \
--query "Command.CommandId")

echo "${sh_command_id}"


aws ssm list-commands \
--command-id "${sh_command_id}"

aws ssm list-command-invocations \
--command-id "${sh_command_id}" \
--details


sh_command_id=$(aws ssm send-command \
--instance-ids "i-11111111111111111" \
--document-name "AWS-RunShellScript" \
--comment "Demo run shell script on Linux Instances" \
--parameters commands='python3 -V' \
--output text --query "Command.CommandId")

echo "${sh_command_id}"


sh -c 'aws ssm list-command-invocations \
--command-id '"${sh_command_id}"' \
--details \
--query "CommandInvocations.CommandPlugins.{Status:Status,Output:Output}"'

 

-- 10. Run Command を使用して簡単な Python スクリプトを実行する

sh_command_id=$(aws ssm send-command \
--instance-ids "i-11111111111111111" \
--document-name "AWS-RunShellScript" \
--comment "Demo run shell script on Linux Instances" \
--parameters '{"commands":["#!/usr/bin/python","print \"Hello World from python\""]}' \
--output text \
--query "Command.CommandId")

echo "${sh_command_id}"

sh -c 'aws ssm list-command-invocations \
--command-id '"$sh_command_id"' \
--details \
--query "CommandInvocations.CommandPlugins.{Status:Status,Output:Output}"'

 


-- 11. Run Command を使用して Bash スクリプトを実行する

aws ssm send-command \
--document-name "AWS-RunShellScript" \
--targets '[{"Key":"InstanceIds","Values":["i-11111111111111111"]}]' \
--parameters '{"commands":["#!/bin/bash","yum -y update","yum install -y ruby","cd /home/ec2-user","curl -O https://aws-codedeploy-us-east-2.s3.amazonaws.com/latest/install","chmod +x ./install","./install auto"]}'

sh -c 'aws ssm list-command-invocations \
--command-id '"33333333-3333-3333-3333-333333333333"' \
--details \
--query "CommandInvocations.CommandPlugins.{Status:Status,Output:Output}"'

 

vim installCodeDeployAgent.json

{
    "Parameters": {
        "commands": [
            "#!/bin/bash",
            "yum -y update",
            "yum install -y ruby",
            "cd /home/ec2-user",
            "curl -O https://aws-codedeploy-us-east-2.s3.amazonaws.com/latest/install",
            "chmod +x ./install",
            "./install auto"
        ]
    }
}


aws ssm send-command \
--document-name "AWS-RunShellScript" \
--targets "Key=InstanceIds,Values=i-11111111111111111" \
--cli-input-json file://installCodeDeployAgent.json

sh -c 'aws ssm list-command-invocations \
--command-id '"44444444-4444-4444-4444-444444444444"' \
--details \
--query "CommandInvocations.CommandPlugins.{Status:Status,Output:Output}"'

 

-- 12. クリーンアップ


-- EC2インスタンスの削除

aws ec2 describe-instances

aws ec2 terminate-instances --instance-ids i-11111111111111111


-- インスタンスプロファイルの削除

aws iam remove-role-from-instance-profile --instance-profile-name profile01 --role-name role01


aws iam delete-instance-profile --instance-profile-name profile01

aws iam list-instance-profiles | grep InstanceProfileName

 

-- IAMロールの削除
aws iam list-roles | grep role01

aws iam detach-role-policy \
--role-name role01 \
--policy-arn arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore

aws iam delete-role --role-name role01