Skip to main content

Managing Infrastructure State with State Manager and Run Command

Hands-On Lab

 

Photo of Moosa Khalid

Moosa Khalid

AWS Training Architect II

Length

00:45:00

Difficulty

Intermediate

Run Command and State Manager are two core features of the SSM service. They enable users to administer managed hybrid infrastructure remotely as well as maintain persistent configurations on instances on a schedule. Both of these features are used heavily during basic SSM tasks such as Session Manager sessions (Run Command) and querying and maintaining systems inventory (via State Manager associations). These features can be extremely handy when remotely managing a ton of systems spread across different cloud providers and on-prem datacenter. State Manager Associations can prove useful in enforcing a fixed configuration across your fleet of instances thereby reducing their drift from standard configuration over time.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Managing Infrastructure State with State Manager and Run Command

Introduction

Run Command and State Manager are two core features of the SSM service. They enable users to administer managed hybrid infrastructure remotely as well as maintain persistent configurations on instances on a schedule. Both of these features are used heavily during basic SSM tasks such as Session Manager sessions (Run Command) and querying and maintaining systems inventory (via State Manager associations).

Log in and Head to AWS Systems Manager Console

  1. Log in to the live AWS environment using the credentials provided.
  2. Navigate to AWS Systems Manager.

Check Managed Instance, Run Command, and State Manager Association

Check Managed Instance

  1. Click Managed Instances in the left-hand menu.
  2. Make sure you see the pre-configured SSM EC2 Linux instance, named SSMInstance.

Execute Run Command

  1. Click Run Command in the left-hand menu.
  2. Click Run a Command.
  3. In the search box, select Platform types: and then Linux.
  4. Select AWS-ConfigureDocker.
  5. In the Targets section, select Choose instances manually.
  6. In the Instances table, select the listed SSMInstance.
  7. In the Rate control section, change the targets to 1.
  8. In the Output options section, un-select the checkbox where it says Enable writing to an S3 bucket.
  9. Click Run.
  10. After a few seconds, click the refresh icon to make sure it has a Success status.
  11. Click the listed instance ID.
  12. Expand the Step 1 - Output section to see what commands were run.

Update SSM Agent

  1. Click Managed Instances in the left-hand menu.

  2. Click Agent auto update.

  3. In the dialog, click Auto update SSM Agent.

  4. Click State Manager in the left-hand menu. Here, we should see an association that's just been established and has a status of Pending.

  5. Click its ID.

  6. Click Managed Instances in the left-hand menu, where we'll see the Agent version is now the latest one.

  7. Click Session Manager in the left-hand menu.

  8. Click Start session.

  9. Select the listed SSMInstance, and then click Start session.

  10. In the Session Manager CLI, see if Docker is installed:

    sudo docker ps -a

    It should run successfully, meaning Docker is installed.

  11. See the SSM Agent log:

    sudo tail -f /var/log/amazon/ssm/amazon-ssm-agent.log

Execute Another Run Command

  1. Back in the AWS Systems Manager console, click Run Command in the left-hand menu.
  2. Click Run command.
  3. In the search box, select Platform types: and then Linux.
  4. Select AWS-ConfigureDocker.
  5. In the Command parameters section, change Action to Uninstall.
  6. In the Targets section, select Choose instances manually.
  7. In the Instances table, select the listed SSMInstance.
  8. In the Output options section, un-select the checkbox where it says Enable writing to an S3 bucket.
  9. Click Run.
  10. In the Session Manager CLI browser tab, we should now see a bunch of actions take place within the SSM Agent log.
  11. Press Ctrl+C to exit the process.
  12. See if Docker is still installed:

    sudo docker ps -a

    We should see it isn't found, which is what we want since we uninstalled it.

Execute Another State Manager Association

  1. Back in the AWS Systems Manager console, click State Manager in the left-hand menu.

  2. Click Create association.

  3. Give it a Name of "MySSMAssociation".

  4. In the Document section, in the search box, select Platform types: and then Linux.

  5. Select AWS-ConfigureDocker.

  6. In the Targets section, select Manually Selecting Instance.

  7. In the table, select the listed SSMInstance.

  8. In the Specify schedule section, with On Schedule selected, choose Rate schedule builder.

  9. In the Advanced options section, set Compliance severity to High.

  10. Click Create Association.

  11. Refresh the page to make sure it has a status of Success.

  12. Back in the Session Manager CLI, make sure the association ran successfully:

    sudo docker pull centos:7

    It should work, which means Docker was successfully reinstalled using the association.

  13. Back in the AWS Systems Manager console, click Compliance in the left-hand menu. We should see one resource in compliance: the ManagedInstance we just ran the associations against.

  14. Click the 1 compliant resource.

  15. Click the instance ID. We should then see the two associations being run against it: the one that was created when we updated SSM Agent, and the other we just created.

Conclusion

Congratulations on successfully completing this hands-on lab!