Author: Dean Suzuki, Siavash Irani (Last Updated: 4/4/20)
Imagine that you have a fleet of Windows web servers and you need to perform some action against them. In this session, you will learn about a couple tools to help you remotely manage your server using:
Session Manager: Interactive remote shell environment
Run Command: Used to execute commands against a fleet of servers.
In this scenario, you have a fleet of web servers (ok, two, but you can imagine ). They are not working and you need to figure out what’s wrong.
Let’s begin by looking at the resources that make up the application.
Right click on “WEB01”, choose Instance Settings, and View/Change User Data. Note the PowerShell script that is being used to boot strap the instance. Something must be wrong with it?
Session Manager is a fully managed AWS Systems Manager capability that lets you manage your Amazon EC2 instances through an interactive one-click browser-based shell or through the AWS CLI. Session Manager provides secure and auditable instance management without the need to open inbound ports, maintain bastion hosts, or manage SSH keys. Session Manager also makes it easy to comply with corporate policies that require controlled access to instances, strict security practices, and fully auditable logs with instance access details, while still providing end users with simple one-click cross-platform access to your Amazon EC2 instances.
Once connected to the session, run a PowerShell command to read the content of the User Data execution log to identify the cause of execution failure.
Get-Content -Path C:\\ProgramData\\Amazon\\EC2-Windows\\Launch\\log\\UserdataExecution.log
Make a note of the error message: The errors from user scripts: Install-WindowsFeature : ArgumentNotValid: The role, role service, or feature name is not valid:‘WebServer’. The name was not found.
The above error states that the Windows Server Role name “WebServer” defined in the User Data script is invalid. It should have been “Web-Server”. Oops!
While we could fix this in the instance, we would have to log into each instance to fix them individually. There is a better way. Let’s use Run Command to fix all the instances at once.
AWS Systems Manager Run Command lets you remotely and securely manage the configuration of your managed instances. A managed instance is any Amazon EC2 instance or on-premises machine in your hybrid environment that has been configured for Systems Manager. Run Command enables you to automate common administrative tasks and perform ad hoc configuration changes at scale. You can use Run Command from the AWS console, the AWS Command Line Interface, AWS Tools for Windows PowerShell, or the AWS SDKs. Run Command is offered at no additional cost.
Scroll down to Commands and enter the following. Note that the second line is wrapping and may need to be fixed after you copy and paste it.
Install-WindowsFeature -Name Web-Server -IncludeAllSubFeature Add-Content c:\inetpub\wwwroot\default.aspx '<%@ Page Title="" Language="C#" Trace="true"%>' del c:\inetpub\wwwroot\iisstart.htm
Scroll down to Targets and enter “Role” for the Tag Key and “WebServer” for TagValue. (NOTE – Key/Value pair is cAsEsEnSiTivE)
Press the Add button, then scroll down to the bottom and click the Run button.
Wait for the action to complete on both instances. It will take a 3-5 minutes to complete. You will see the Status change to Success. You may need to hit the Refresh button to update the status more frequently.
When it completes, click on the instance Ids to see the output.