Tanishq dubey
Tanishq dubey

Reputation: 1542

AWS Lambda run command on EC2 instance and get result

I have an EC2 instance that is running a few processes. I also have a Lambda script that is triggered through various means. I would like this Lambda script to talk to my EC2 instance and get a list of running processes from it (Essentially run ps aux on the EC2 box, and read the output).

Now this is easy enough with just one instance and its instance-id. Just SSH in, run the command, get the output, and be on my way. However, I would like to scale this to multiple EC2 instances, for which only the instance-id is known and SSH keys may not be given.

Is such a configuration possible with Lambda and Boto (or other libraries)? Or do I just have to run a microserver on each of my instances that will reply with the given information (something I'm really trying to avoid)

Upvotes: 8

Views: 14651

Answers (3)

tomahawk
tomahawk

Reputation: 206

You can do this easily with AWS Systems Manager - Run Command

AWS Systems Manager provides you safe, secure remote management of your instances at scale without logging into your servers, replacing the need for bastion hosts, SSH, or remote PowerShell.

Specifically:

  • Use the send-command API from Lambda function to get list of all processes on a group of instances. You can do this by providing a list of instances or even a tag query
  • You can also use CloudWatch Events to trigger a Run Command directly

Upvotes: 16

Roshan
Roshan

Reputation: 1390

Like Yeshodhan mentioned, There is no direct approach for this.

However, There is one more approach.

1) Save your private key file to an s3 bucket, Create a lambda function and use python fabric module to login to the remote machines from lambda function and execute commands.

The above-mentioned approach is possible but I highly recommend launching a separate machine and use a configuration management system (Preferably ansible) and get the results from remote machines.

Upvotes: 0

Yeshodhan Kulkarni
Yeshodhan Kulkarni

Reputation: 2943

I don't think there is something available out of the box for this scenario.

Instead of querying, try an alternate approach. Install an agent on all ec2 instances, which reports the required information to a central service or probably a DynamoDB table, with HashKey as InstanceId.

You may want to bake this script as a cron job, (executed probably hourly?) in the AMI itself.

With this implementation, you reduce the complexity of managing and running a separate web service on each EC2 instance.

Query the DynamoDB table on demand. There will be a lag, as data may not be real time, but you can always reduce the CRON interval per your needs.

Upvotes: 0

Related Questions