1 00:00:06,900 --> 00:00:07,920 - Welcome. 2 00:00:07,920 --> 00:00:12,920 In this demonstration, we are going to use SSM Run Command, 3 00:00:13,250 --> 00:00:17,850 using the AWS CLI, to perform a couple 4 00:00:17,850 --> 00:00:22,850 of fleetwide operations that any company might choose to do. 5 00:00:24,380 --> 00:00:25,950 So we're gonna start off by recognizing 6 00:00:25,950 --> 00:00:28,730 that we have a couple of EC2 instances. 7 00:00:28,730 --> 00:00:32,370 Both of these have the appropriate permissions 8 00:00:32,370 --> 00:00:35,353 and the Systems Manager Agent installed. 9 00:00:36,370 --> 00:00:40,500 And so from there, we can go straight to our terminal 10 00:00:40,500 --> 00:00:41,663 to perform work. 11 00:00:42,510 --> 00:00:47,510 And our first operation is to issue a command 12 00:00:48,200 --> 00:00:53,200 that will install the AWS CLI v2 on the instance 13 00:00:53,550 --> 00:00:56,530 or upgrade it to the latest version, 14 00:00:56,530 --> 00:00:58,800 if it's already installed. 15 00:00:58,800 --> 00:01:03,800 And for that, we have to determine the CPU architecture 16 00:01:04,310 --> 00:01:09,310 of the instance itself, whether it is ARM64 or x86. 17 00:01:10,430 --> 00:01:12,270 If we go back to the EC2 dashboard, 18 00:01:12,270 --> 00:01:15,700 we'll see that these are t4g micros. 19 00:01:15,700 --> 00:01:20,700 The G indicates gravitron, which means that they are ARM64. 20 00:01:21,930 --> 00:01:26,070 And so that is the script we're gonna run. 21 00:01:26,070 --> 00:01:27,283 Let's take a look at it. 22 00:01:29,840 --> 00:01:32,330 It's a relatively straightforward script. 23 00:01:32,330 --> 00:01:37,330 Now, I have provided an option for deploying this 24 00:01:37,770 --> 00:01:41,680 in multiple regions that all you would have 25 00:01:41,680 --> 00:01:45,880 to do is graviton that line and then comment out 26 00:01:45,880 --> 00:01:46,713 the following one. 27 00:01:46,713 --> 00:01:49,600 But since we only have instances in us-east-1, 28 00:01:49,600 --> 00:01:53,230 that's the only region that we need to use. 29 00:01:53,230 --> 00:01:56,210 Then, we are going to loop through each 30 00:01:56,210 --> 00:01:59,040 of those regions defined by that variable, 31 00:01:59,040 --> 00:02:03,130 and we're gonna issue SSM Run Command as an operation, 32 00:02:03,130 --> 00:02:06,743 which is AWS SSM send-command. 33 00:02:07,850 --> 00:02:09,670 And then, we provide a document name that, 34 00:02:09,670 --> 00:02:12,770 in this case, is AWSRunShellScript. 35 00:02:12,770 --> 00:02:14,600 Document version is one. 36 00:02:14,600 --> 00:02:18,000 And this next piece is important, our targets. 37 00:02:18,000 --> 00:02:22,793 We are going to target everything that has a tag 38 00:02:23,640 --> 00:02:28,470 with a key value of name, and that's it. 39 00:02:28,470 --> 00:02:32,230 As long as it has a name tag, regardless of the value, 40 00:02:32,230 --> 00:02:34,453 that's what we're going to execute this on. 41 00:02:35,400 --> 00:02:36,720 And then, we have everything else. 42 00:02:36,720 --> 00:02:38,600 We have the working directory. 43 00:02:38,600 --> 00:02:41,020 We have execution time out. 44 00:02:41,020 --> 00:02:42,520 And then we have the actual commands. 45 00:02:42,520 --> 00:02:47,520 And this is taken mostly from the AWS Documentation. 46 00:02:49,050 --> 00:02:52,070 Installing unzip, just in case. 47 00:02:52,070 --> 00:02:57,070 Executing a curl to download the actual CLI zip file. 48 00:02:58,460 --> 00:03:02,970 Unzipping it, and then doing a sudo./AWSinstall. 49 00:03:02,970 --> 00:03:05,420 And we have our timeout on individual instances 50 00:03:05,420 --> 00:03:10,420 of 600 seconds, max concurrency of 50, max errors of 50%, 51 00:03:11,330 --> 00:03:13,130 and then we just specify our region. 52 00:03:14,220 --> 00:03:19,220 So with that, let's go ahead and execute the script. 53 00:03:23,010 --> 00:03:26,140 The output is going to be the equivalent 54 00:03:26,140 --> 00:03:31,140 of having issued a described command from SSM Run Command. 55 00:03:31,284 --> 00:03:33,960 And you can see it gives you the command ID 56 00:03:33,960 --> 00:03:36,760 and all the same information that we provided, 57 00:03:36,760 --> 00:03:38,363 along with a bunch of defaults. 58 00:03:39,820 --> 00:03:43,763 And so at this point, we could switch back to the console, 59 00:03:44,870 --> 00:03:49,333 go to SSM Run Command, and view the results. 60 00:03:51,862 --> 00:03:55,710 And what's interesting is it says no commands are executing. 61 00:03:55,710 --> 00:03:57,460 Why is that? 62 00:03:57,460 --> 00:04:01,058 SSM Agent issues a long poll 63 00:04:01,058 --> 00:04:03,070 against the service API endpoint. 64 00:04:03,070 --> 00:04:07,030 That means it is constantly looking for work. 65 00:04:07,030 --> 00:04:10,920 When you execute that command, it is taken care of 66 00:04:10,920 --> 00:04:13,820 almost immediately by the clients. 67 00:04:13,820 --> 00:04:17,820 So now, if we go to command history, we can see here 68 00:04:17,820 --> 00:04:21,508 the most recent command that was run is successful 69 00:04:21,508 --> 00:04:23,900 on two targets. 70 00:04:23,900 --> 00:04:26,680 So we can then click on the command ID, 71 00:04:26,680 --> 00:04:28,260 and we can dig a little deeper. 72 00:04:28,260 --> 00:04:33,103 We'll pick an instance as an example, and we can see 73 00:04:34,040 --> 00:04:37,200 that we have a standard error just says is really 74 00:04:38,182 --> 00:04:39,810 from the curl command. 75 00:04:39,810 --> 00:04:42,170 And then the output will tell us 76 00:04:42,170 --> 00:04:46,579 that it's inflated all of those executables 77 00:04:46,579 --> 00:04:50,110 and documents and bits and pieces of the AWS CLI. 78 00:04:50,110 --> 00:04:52,210 And if we scroll all the way down to the bottom, 79 00:04:52,210 --> 00:04:55,383 we'll see that it completed successfully. 80 00:04:56,290 --> 00:04:58,243 And that completes this demonstration.