Passing command once logged through aws ssm start session in AWS CLI

Question

I need to pass "sudo su - < user >" command once i logged though AWS CLI using aws ssm?

aws ssm start-session --target "instance ID" ??????? "sudo su - < user >"

Is there any way? Passing as parameters or something?

Answer 1

You need to use send_command, not start session

Python code example:

def send_command(self, instanceID: str) -> str:
    ssm_client = boto3.client('ssm')
    response = ssm_client.send_command(
        InstanceIds=[instanceID],
        DocumentName="AWS-RunShellScript",
        Parameters={'commands': ['sudo su - < user >']}, 
        Comment='test comment',
        TimeoutSeconds=60, )
    command_id = response['Command']['CommandId']
   
    waiter = ssm_client.get_waiter('command_executed')
    waiter.wait(
        CommandId=command_id,
        InstanceId=instanceID,
        )
 
    output = ssm_client.get_command_invocation(
        CommandId=command_id,
        InstanceId=instanceID,
        )
    return output

Answer 2

It is possible to get into an EC2 instance from the command line without SSH. Whenever you can avoid using SSH, and use more cloud-native approaches such as System Manager's Session Manager, that is recommended.

The documentation says:

Example 1: To start a Session Manager session

This start-session example establishes a connection with an instance for a Session Manager session. Note that this interactive command requires the Session Manager plugin to be installed on the client machine making the call.

aws ssm start-session \
    --target "i-1234567890abcdef0"

Output:

Starting session with SessionId: Jane-Roe-07a16060613c408b5

So you can get into your EC2 instance that way, and then enter "sudo su - < user >".

However, passing in parameters with the aws ssm start-session AWS CLI command is currently not supported, as that same documentation page says:

--parameters (map)

Reserved for future use.

key -> (string)

value -> (list)

(string)