DEV Community

Cover image for Amazon Simple Systems Manager (SSM)
πŸš€ Vu Dao πŸš€
πŸš€ Vu Dao πŸš€

Posted on • Updated on

Amazon Simple Systems Manager (SSM)

AWS Systems Manager is a collection of capabilities that helps you automate management tasks. This post describe how to send command to an EC2 instance using python boto3

Alt Text

1. Systems Manager prerequisites

1.1 Install SSM agent

  • SSM Agent is installed, by default, on the following EC2 instances and Amazon Machine Images (AMIs):

    • Amazon Linux
    • Amazon Linux 2
    • Amazon Linux 2 ECS-Optimized AMIs
    • Ubuntu Server 16.04, 18.04, and 20.04
  • There's manual way to install it Manually install SSM Agent on EC2 instances for Linux

  • How to check if the target instance installed SSM agent

dev:/home/ubuntu# systemctl status
● - Service for snap application
   Loaded: loaded (/etc/systemd/system/; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2020-11-19 20:47:31 UTC; 4 weeks 1 days ago
 Main PID: 27709 (amazon-ssm-agen)
    Tasks: 23 (limit: 4915)
   CGroup: /system.slice/
           β”œβ”€27709 /snap/amazon-ssm-agent/2996/amazon-ssm-agent
           └─27837 /snap/amazon-ssm-agent/2996/ssm-agent-worker
Enter fullscreen mode Exit fullscreen mode

1.2 Setup IAM role so that user/client has SSM permission

            "Effect": "Allow",
            "Action": [
            "Resource": [
Enter fullscreen mode Exit fullscreen mode

Alt Text

2. Using boto3 to send SSM command

  • The code using tag key-value to get dynamic instances target, so create tag for target instance
    Alt Text


import boto3
import time

def send_cmd(region):
    """ Use describe instance information to get instance id base on region """
    ssm_filter = [{'Key': 'tag:SSM', 'Values': ['ssm-cmd']}]
    ssm = boto3.client('ssm', region_name=region)
    instance_info = ssm.describe_instance_information(Filters=ssm_filter).get('InstanceInformationList', {})[0]
    instance_id = instance_info.get('InstanceId', '')
    cmd1 = "echo 'Start running services'"
    cmd2 = 'whoami'
    response = ssm.send_command(InstanceIds=[instance_id],
                                Parameters={"commands": [cmd1, cmd2]}
    command_id = response.get('Command', {}).get("CommandId", None)
    while True:
        """ Wait for SSM response """
        response = ssm.list_command_invocations(CommandId=command_id, Details=True)
        """ If the command hasn't started to run yet, keep waiting """
        if len(response['CommandInvocations']) == 0:
        invocation = response['CommandInvocations'][0]
        if invocation['Status'] not in ('Pending', 'InProgress', 'Cancelling'):
    command_plugin = invocation['CommandPlugins'][-1]
    output = command_plugin['Output']
    print(f"Complete running, output: {output}")

Enter fullscreen mode Exit fullscreen mode
  • Run
~/⚑ $ python
Complete running, output: Start running services
Enter fullscreen mode Exit fullscreen mode


Top comments (0)