Running commands using Systems Manager Run Command
This section includes information about how to send commands from the AWS Systems
Manager
console, and how to send commands to a fleet of instances by using the
Targets
parameter with EC2 tags. This section also includes information
about how to cancel a command.
If this is your first time using Run Command, we recommend executing commands against a test instance or an instance that is not being used in a production environment.
For information about how to send commands using Windows PowerShell, see Walkthrough: Use the AWS Tools for Windows PowerShell with Run Command or the examples in the AWS Systems Manager section of the AWS Tools for PowerShell Cmdlet Reference. For information about how to send commands using the AWS CLI, see the Walkthrough: Use the AWS CLI with Run Command or the examples in the SSM CLI Reference.
When you run a command in Run Command, do not include any sensitive information
formatted as plaintext, such as passwords, configuration data, or other secrets. All
Systems Manager API activity in your account is logged in an Amazon S3 bucket, in
AWS CloudTrail logs.
This means that any user with access to that S3 bucket can view the plaintext values
of those secrets. For this reason, we strongly recommend creating and using
SecureString
parameters to encrypt the sensitive data you use in
your Systems Manager operations.
For more information, see Restricting access to Systems Manager parameters using IAM policies.
Contents