SSM Send Command Failed,Is it possible to run ssm command from one aws account to another

Question

I have the Jenkins node in Account A that builds the angular application For Deploying the dist folder I need to copy files from s3 to the angular instance. But the angular Instance is in Account B

Script:

aws --region us-west-2 ssm send-command --instance-ids i-xxxxxx --document-name AWS-RunShellScript --comment 'Deployment from Pipeline xxx-release-pipeline' --cloud-watch-output-config 'CloudWatchOutputEnabled=true,CloudWatchLogGroupName=SSMDocumentRunLogGroup' --parameters '{"commands":["aws --region us-west-2 s3 cp s3://xxxx/dist/*.zip /var/www/demo.com/html", "unzip -q *.zip"]}' --output text --query Command.CommandId

So when I run ssm send-command from node(in Account A) it shows Invalid Instance Id.

An error occurred (InvalidInstanceId) when calling the SendCommand operation

Jenkins node -> Account A Angular Instance(with ssm agent) -> Account B

In the pipeline for deploy stage I need to copy files from s3 to instance in Account B Is there a way to implement this use case in a better way with or without ssm?

Answer 1

I don't think you can directly run run-command accross account. But you could run in through AWS Systems Manager Automation. In your automation document you can use aws:runCommand.

This is possible because SSM Automation supports cross-account and cross-region deployments.