Run Command is an awesome feature of Systems Manager, which basically allows you to execute remote commands over your managed fleet of EC2 instances. You can perform a vast variety of automated administrative tasks, such as installing software or patching your operating systems, executing shell commands, managing local groups and users, and much more! But that's not all! The best part of using this feature is that it allows you to have a seamless experience when executing scripts, even over your on-premises Windows and Linux operating systems, whether they be running on VMware ESXi, Microsoft Hyper-V, or any other platforms. And the cost of all this? Well, it's absolutely free! You only pay for the EC2 instances and other AWS resources that you create and nothing more!

Here's a brief list of a few commonly predefined commands provided by Run Command along with a short description:

• AWS-RunShellScript: Executes shell scripts on remote Linux instances
• AWS-UpdateSSMAgent: Used to update the Amazon SSM agent
• AWS-JoinDirectoryServiceDomain: Used to join an instance to an AWS Directory
• AWS-RunPowerShellScript: Executes PowerShell commands or scripts on Windows instances
• AWS-UpdateEC2Config: Runs an update to the EC2Config service
• AWS-ConfigureWindowsUpdate: Used to configure Windows Update settings
• AWS-InstallApplication: Used to install, repair, or uninstall software on a Windows instance using an MSI package
• AWS-ConfigureCloudWatch: Configures Amazon CloudWatch Logs to monitor applications and systems

Before we proceed with the actual execution of the Run Commands, it is important to remember that the Run Command requires both the SSM agent as well as the right set of permissions and roles to work with. So if you haven't performed the SSM agent's installation or the setup of the IAM polices and roles, then now would be a good time to revisit this!

In this section, let's look at a simple way of executing a simple set of commands for our newly added managed instance:

1. To begin with, first log in to the AWS Management Console and select the EC2 service from the main dashboard. Alternatively, you can even launch the EC2 dashboard via https://console.aws.amazon.com/ec2/.
2. Next, from the navigation pane, select the Run Command option from the Systems Manager Services section. You will be taken to the Run Command dashboard where you will need to select the Run a command option to get started.
3. In the Run a command page, the first thing we need to do is select a Command document that we can work with. A command document is basically a statement or set of information about the command you want to run on your managed instances. For this scenario, we will select the AWS-RunShellScript command document to start with.
4. In the next Select Targets by section, you can optionally choose whether you wish to execute your command document manually by selecting individual instances or specify a particular group of instances identified by their tag name.
5. The Execute on criteria provides you with the option to select either the Targets or Percent of instances you wish to execute the command document on. Selecting Targets allows you to specify the exact number of instances that should be allowed to execute the command document. The execution occurs on each instance one at a time. Alternatively, if you select the Percent option, then you can provide a percentage value of the instances that should be allowed to run the command at a single time.
6. You can optionally set the Stop after x errors to halt the execution of your command document in case an instance encounters an error.
7. Finally, you can paste your execution code or shell script in the Commands section as shown in the following screenshot. In this case, we are running a simple script that will install and configure a Zabbix monitoring agent on our Dev instance for easy monitoring of our EC2 resources:

8. Copy and paste the following code snippet or, alternatively, tweak it according to the EC2 instance operating system that you may have selected for this exercise:

sudo wget http://repo.zabbix.com/zabbix/3.2/ubuntu/pool/main/z/zabbix-release/zabbix-release_3.4-1+xenial_all.deb 
sudo dpkg -i zabbix-release_3.4-1+xenial_all.deb 
sudo apt-get update -y 
sudo apt-get install zabbix-agent -y 
 
sudo bash -c "cat > /etc/zabbix/zabbix_agentd.conf <<EOF 
PidFile=/var/run/zabbix/zabbix_agentd.pid 
LogFile=/var/log/zabbix/zabbix_agentd.log 
LogFileSize=0 
Server=192.168.32.50 # Private IP of my Zabbix Server on EC2 
ServerActive=192.168.32.50 # Private IP of my Zabbix Server on EC2 
Include=/etc/zabbix/zabbix_agentd.d/*.conf 
EOF" 
 
sudo service zabbix-agent status 
sudo service zabbix-agent restart 

9. The rest of the options provide other configurational items such as setting up an optional working directory where the commands get executed on the remote managed instances.

Additionally, you can even choose to Enable SNS notifications as well as write your command output logs to S3 using the Advanced Options sections, as shown here:

10. Once the configuration items are filled in, simply select the Run option to start the execution of your command document. During this time, Systems Manager will invoke the execution of your supplied commands over the list of managed instances that you provided. If there is an error during the execution, Systems Manager will halt the execution and display the Status of your output as either Success or Failed.

Simple isn't it? You can use this same mechanism to manage and execute commands remotely over your fleet of EC2 instances with ease and consistency and even leverage the AWS CLI to perform the same set of actions we have explored in this section.

In the next section, we will be learning a bit about yet another really useful feature provided by Systems Manager: State Manager.