0

I'd like to create a bash script using aws cli that

  • start an ec2 image
  • clone a github repo
  • build a docker image
  • stops the ec2 image.

I managed to make the start and stop using aws ec2 start-instances and aws ec2 stop-instances But I am struggling to run the other bash commands. I saw this: Run a command remotely on ec2 That explains how to run a bash command.

So I tried:

aws ssm send-command \
--instance-ids "i-02ae********" \
--region "us-east-2"\
--document-name "AWS-RunShellScript" \
--parameters commands="git clone https://myrepo.git" \
--output text

But I get as output

COMMAND 77821510-9094-4d3d-b7c0-99a9d0c46716            0       0       AWS-RunShellScript      $DEFAULT        0       2022-08-07T01:04:19.705000+02:00        50      0                       us-east-2       2022-08-06T23:04:19.705000+02:00                Pending Pending 1       3600
CLOUDWATCHOUTPUTCONFIG          False
INSTANCEIDS     i-02aef7e********
NOTIFICATIONCONFIG              
COMMANDS        git clone https://github.com/myrepo.git

And if I ssh into the ec2 instance, I don't see any effect of the command. Can someone give me some hint on how to proceed?

XxcoralloxX
  • 49
  • 6
  • Have you checked the logs in `/var/log/amazon/ssm`? What if you tried specifying `--working-directory /root` or some directory and then see if the clone happens inside `/root`? – wkl Aug 06 '22 at 21:20
  • 1
    Check the directory of ssm user, I tried this and I do see that repo is cloned to the directory : /var/snap/amazon-ssm-agent/5656. Or you can simple log in using session manager and do ls to check if the repo is cloned. – X-Men Aug 07 '22 at 01:26
  • ooh! that was the problem, the clone is done in /var/snap/amazon-ssm-agent, thanks for clarifying! – XxcoralloxX Aug 07 '22 at 01:52
  • Why not just pass those commands to the EC2 instance as `user-data` since you want it to at startup? – Mark B Aug 07 '22 at 13:26
  • 1
    @MarkB it's harder to monitor user-data. Anyway, Systems Manager have ability to make this 4 steps in one job, so I assume OP is using it with automation – ZabielskiGabriel Aug 10 '22 at 02:33
  • Exactly, doing it in the user-data makes it very static, and then I have to use more tricks to get parameters for the startup-script. Instead using the system manager I can make a script in python that is more versatile. – XxcoralloxX Aug 10 '22 at 07:35

2 Answers2

1

send-command executing an asynchronous execution. In the response, you have information about status of your command - pending. You can monitor the status of your execution using https://docs.aws.amazon.com/cli/latest/reference/ssm/get-command-invocation.html

Btw, you can always find your command execution, with logs, in the AWS console - SSM service -> run command. There you will find the answer to your question.

Btw2, it is strongly recommended to don't use SSH, if you can use Systems Manager - I assume it is possible in you're case, because you can use send-command API, so start-session should be allowed as well. https://docs.aws.amazon.com/cli/latest/reference/ssm/start-session.html

ZabielskiGabriel
  • 551
  • 3
  • 12
  • Yes, I am using indeed System manager with boto3. The point is that I was not finding the results of those actions. But as @X-men said, it is because the syster manger user have their own workspace. Now I found it – XxcoralloxX Aug 10 '22 at 07:37
0

For the start and stop portion...

If you want to run a script every time that an Amazon EC2 instance starts, simply place the script in:

/var/lib/cloud/scripts/per-boot/

Any script in that directory will run every time that the instance boots.

When the script has finished processing, run:

sudo shutdown now -h

This will shutdown the instance from within the instance, rather than having to call an AWS API.

For more details, see: Auto-Stop EC2 instances when they finish a task - DEV Community

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
  • The problem is that in this way the script has to be static, I need at least to be able to change parameters – XxcoralloxX Aug 07 '22 at 00:02
  • There are many ways to pass values. Some ideas: Put a file in S3; put values in the instance User Data (it's doesn't have to be a script!); send a message to an SQS queue; set a Tag on the instance; store a value in Parameter Store. I'd suggest storing it in S3 and the script can use the AWS CLI `aws s3 cp` command to download the configuration file. – John Rotenstein Aug 07 '22 at 05:59
  • Recommended by aws is to always use Parameter store, and never store the configuration in the S3 bucket... Btw, I updated my previous answer - sorry for the mistake. – ZabielskiGabriel Aug 10 '22 at 02:14
  • Yes, Parameter Store would be excellent for storing a static configuration (eg database passwords, server names) but it would not be a good approach for passing variables that are specific to a job to be performed, especially if there might be multiple jobs running in parallel. – John Rotenstein Aug 10 '22 at 03:32