1
00:00:00,090 --> 00:00:00,840
Hello and welcome back.

2
00:00:01,020 --> 00:00:06,290
Now with more capabilities of IT OBVIOUS systems manager or assess them.

3
00:00:06,330 --> 00:00:12,060
And in this lecture we're going to look at the automation capability automating actions on you manage

4
00:00:12,060 --> 00:00:12,830
instances.

5
00:00:12,840 --> 00:00:17,700
And also we'll look at the assets and capabilities that run command which is very important as well

6
00:00:17,790 --> 00:00:19,750
in systems manager.

7
00:00:19,770 --> 00:00:28,110
So let's start with the automation so automation action in systems manager refer to what systems manager

8
00:00:28,140 --> 00:00:33,150
can do to the unmanaged instances at scale one or more individually or in groups.

9
00:00:33,150 --> 00:00:38,290
Of course in groups is the main strength or the point of strength of systems manager.

10
00:00:38,340 --> 00:00:44,850
What that commission does it simplifies common maintenance and deployment tasks for Amazon easy to instances

11
00:00:44,880 --> 00:00:46,760
and an example of what it can do.

12
00:00:46,890 --> 00:00:53,730
Can Build automation workflows to configure and manage instances and NWS resources create custom Workflows

13
00:00:53,760 --> 00:00:59,730
or use the predefined ones receive notifications about automated automation tasks and workflows by Amazon

14
00:00:59,730 --> 00:01:00,750
Cloud watch events.

15
00:01:00,810 --> 00:01:06,120
You can monitor the progress and execution details and if there are areas that are pertaining you can

16
00:01:06,120 --> 00:01:09,090
even cancel the tasks that you are trying to do.

17
00:01:09,090 --> 00:01:15,480
Examples of this specific tasks that you can do using the automation so I can use it to create a demise

18
00:01:15,570 --> 00:01:22,440
or update existing earmarks and you can apply drivers to the instances and assess same agent update

19
00:01:22,560 --> 00:01:29,550
you can reset passwords for Windows instances and you also you can reset the SSL keys on Linux instances

20
00:01:29,700 --> 00:01:33,540
and you can apply OS patches or application updates.

21
00:01:33,560 --> 00:01:34,950
I use case for automation.

22
00:01:34,950 --> 00:01:40,620
You can when you are doing the workflow you can request that this change will not be a done unless if

23
00:01:40,620 --> 00:01:43,350
one or more IAM users will approve it.

24
00:01:43,440 --> 00:01:48,980
So now we are building a change management or a service management kind of services one use case that

25
00:01:48,980 --> 00:01:49,950
you can do.

26
00:01:49,990 --> 00:01:55,220
Am using my instances to do our task and the task only runs from Monday through Friday.

27
00:01:55,290 --> 00:01:56,880
But then I don't need it over the weekend.

28
00:01:56,920 --> 00:01:58,500
I need to stop the instances.

29
00:01:58,680 --> 00:02:04,800
I don't have to run it and waste money on using these instances over the weekend so you can build an

30
00:02:04,800 --> 00:02:10,530
automation task or commission action in systems manager that will start the instances at a specific

31
00:02:10,530 --> 00:02:13,730
time on Monday and then it will end on Friday.

32
00:02:13,830 --> 00:02:19,710
And for that you can use the Amazon cloud or watch events or you can use the maintenance window task

33
00:02:19,710 --> 00:02:22,490
or action in or capability in systems manage.

34
00:02:22,500 --> 00:02:26,430
You can also update resources that were deployed by cloud formation template.

35
00:02:26,430 --> 00:02:29,950
But in this case automation will create a new template for that.

36
00:02:30,000 --> 00:02:37,260
And also you can have an approval done first by an IAM user before the template is changed and you can

37
00:02:37,320 --> 00:02:43,710
the automation can target a large number of easy two instances target groups of instances basically

38
00:02:43,710 --> 00:02:45,060
not not the individual ones.

39
00:02:45,060 --> 00:02:51,570
And that could be based on easy to tax create golden air miles from source a source EMI on one of the

40
00:02:51,570 --> 00:02:57,720
instances and you can run custom scripts before and after updates are applied and you can of course

41
00:02:57,720 --> 00:03:03,360
include or exclude specific patches from being installed on specific instances using automation as well.

42
00:03:03,390 --> 00:03:05,880
You can also recover impaired instances.

43
00:03:05,880 --> 00:03:11,130
So if an instance was connected to a system and becomes unreachable you can use automation to recover

44
00:03:11,160 --> 00:03:13,890
that instance and reconnect to it again run command.

45
00:03:13,920 --> 00:03:16,000
The next one the next capability the next action.

46
00:03:16,050 --> 00:03:21,540
The wrong command is used to remotely and securely manage the configuration of the Managed instances

47
00:03:21,540 --> 00:03:26,160
at scale could be tens could be hundreds of instances and still the right command can can do that.

48
00:03:26,190 --> 00:03:29,420
So now when I'm saying that on command is that a command.

49
00:03:29,430 --> 00:03:29,920
I am running.

50
00:03:29,940 --> 00:03:30,290
No.

51
00:03:30,300 --> 00:03:35,760
It is called the wrong command capability but it is used to run or documents or commanding documents

52
00:03:36,180 --> 00:03:37,720
in systems manager.

53
00:03:37,800 --> 00:03:41,000
So it is a facility or a feature called run command.

54
00:03:41,100 --> 00:03:42,030
That's the name of it.

55
00:03:42,180 --> 00:03:45,720
And it is used to execute commands on your manage these two instances.

56
00:03:45,720 --> 00:03:46,590
And why would you use it.

57
00:03:46,590 --> 00:03:51,850
Use it to automate common administrative tasks and perform ad hoc configuration changes at scale.

58
00:03:51,900 --> 00:03:54,300
Use the wrong command from the console.

59
00:03:54,300 --> 00:04:00,150
You can access it from the console from the Seelye from the database tools for Windows power shell and

60
00:04:00,150 --> 00:04:01,570
from Italy as is the case as well.

61
00:04:01,650 --> 00:04:05,060
And there is no additional cost for running these comments.

62
00:04:05,100 --> 00:04:11,340
What are example tasks I can do with our increment updating applications you can do that you can run

63
00:04:11,430 --> 00:04:17,580
linux shell scripts and Windows power shell the Linux shell scripts will be used with a document it

64
00:04:17,660 --> 00:04:24,390
yes hyphen run shell script the windows if you will use database run power shell document for Windows

65
00:04:24,390 --> 00:04:30,720
instances you can use it to install or bootstrap applications you can use it to build a deployment pipeline

66
00:04:30,840 --> 00:04:36,360
you can capture log files when an instance is terminated from an auto Skilling group and you can join

67
00:04:36,360 --> 00:04:37,800
instances go into.

68
00:04:38,130 --> 00:04:43,230
This is also very important and it's a potential scenario in the example auto scaling when a cloud watch

69
00:04:43,230 --> 00:04:48,900
event that an instance is going to be terminated on an auto scaling decides to terminate an instance

70
00:04:49,070 --> 00:04:53,980
OK unhealthy whatever reason and you would like to get the logs from the instance before it terminate

71
00:04:54,030 --> 00:04:59,750
so run command will help you do that and of course this can be automated how when cloud.

72
00:05:00,150 --> 00:05:02,670
Events finds out that there's going to be terminated.

73
00:05:02,670 --> 00:05:09,870
You can configure that cloud launch event that the target or when that happens execute the file the

74
00:05:09,870 --> 00:05:11,330
following document.

75
00:05:11,340 --> 00:05:16,500
Using that on command to collect the logs from the instance and you can use it to join instances to

76
00:05:16,500 --> 00:05:17,160
own this domain.

77
00:05:17,160 --> 00:05:21,960
So now you can automate joining instances to a Microsoft domain.

78
00:05:21,960 --> 00:05:23,750
Let's look at run command and cloud watch.

79
00:05:23,760 --> 00:05:29,100
How do they closely integrate when you are running comments you'd like to probably have the output just

80
00:05:29,100 --> 00:05:34,320
in case if it goes wrong and if the command is the wrong command was configured to cancel after three

81
00:05:34,320 --> 00:05:38,340
errors then you would like to find the output and troubleshoot.

82
00:05:38,340 --> 00:05:42,930
Now by default does the systems manager contain or include that output.

83
00:05:42,930 --> 00:05:49,920
It only gets out part of that 1200 bytes in that case then you can configure that and command to through

84
00:05:49,920 --> 00:05:55,530
the command output or one executes the command it will take the output and put it in send it to cloud

85
00:05:55,530 --> 00:06:02,220
watch logs you can do that at the same time you can use run command with the cloud to watch events where

86
00:06:02,220 --> 00:06:04,660
the wrong command will be the target.

87
00:06:04,680 --> 00:06:09,600
As we mentioned just a few seconds ago that when an instance is about to be terminated what I'd like

88
00:06:09,600 --> 00:06:10,380
to maintain the logs.

89
00:06:10,380 --> 00:06:11,270
What do I do.

90
00:06:11,430 --> 00:06:17,640
Make the run command to be the target and pass the instance or the event will know and it will run the

91
00:06:17,640 --> 00:06:21,200
command on that instance in order to capture the logs before it is terminated.

92
00:06:21,400 --> 00:06:26,250
So with cloud watch logs if the full details of the command output are required you need an S three

93
00:06:26,250 --> 00:06:30,200
bucket can be specified and or Amazon Cloud watch logs to send the output to.

94
00:06:30,210 --> 00:06:31,180
So you have two options.

95
00:06:31,200 --> 00:06:37,110
Send it on your bucket or to Amazon Cloud watch logs if you choose the Amazon cloud watch logs then

96
00:06:37,260 --> 00:06:42,920
it will then command will periodically send all the command output an error logs to cloud watch logs

97
00:06:43,090 --> 00:06:48,420
I am permissions for the instance to send output to us 3 or cloud watch logs must be granted.

98
00:06:48,420 --> 00:06:53,640
So here is just heads up that you need the AC two instances or the managed instances to have that kind

99
00:06:53,640 --> 00:06:59,220
of permission in their roles because the SSA agent is the one that will collect that and will send it

100
00:06:59,220 --> 00:07:03,050
to the S3 bucket or the cloud which looks for cloud watch events.

101
00:07:03,060 --> 00:07:06,620
Cloud measurements can be used to log command execution status messages.

102
00:07:06,630 --> 00:07:10,410
That's one thing or are uncommon can be specified as the target.

103
00:07:10,410 --> 00:07:13,210
As we mentioned before selecting instances for the wrong comment.

104
00:07:13,260 --> 00:07:19,320
Let's say when you are about to run and run command you're expecting a few instances to to show in the

105
00:07:19,320 --> 00:07:21,540
list of instances when you are selecting them.

106
00:07:21,540 --> 00:07:24,270
But some of them they don't show up then what is the problem.

107
00:07:24,270 --> 00:07:25,310
How can we troubleshoot it.

108
00:07:25,320 --> 00:07:26,120
What to look for.

109
00:07:26,130 --> 00:07:26,910
What is suspect.

110
00:07:26,940 --> 00:07:29,410
A user selected the SSN document to run.

111
00:07:29,670 --> 00:07:34,050
So now when you are running are uncommon the first thing you will you will choose is which document

112
00:07:34,080 --> 00:07:34,850
you want to run.

113
00:07:34,890 --> 00:07:39,270
The document would have as we'll see later on we'll have the instructions or the actions that will be

114
00:07:39,270 --> 00:07:41,310
performed on these instances.

115
00:07:41,310 --> 00:07:47,450
Then under that uncommon page you can't see or the user can't see the instances he wants to select to

116
00:07:47,450 --> 00:07:48,780
run the command on.

117
00:07:48,780 --> 00:07:50,910
So let's look at some possibilities.

118
00:07:50,910 --> 00:07:54,990
One of the possibilities is check your SSN agent on these instances.

119
00:07:54,990 --> 00:07:55,720
Why.

120
00:07:55,920 --> 00:08:00,150
Because you want to make sure that the latest version of this as invasion is installed on the instance

121
00:08:00,360 --> 00:08:04,560
such that you are sure that it supports all the features and the different documents and on that and

122
00:08:04,560 --> 00:08:06,980
only Amazon easy to win does air miles.

123
00:08:06,990 --> 00:08:09,660
And some links in my eyes are pre configured within the system.

124
00:08:09,660 --> 00:08:14,020
As we mentioned before the second thing to suspect is look at the IAM instance.

125
00:08:14,100 --> 00:08:19,170
Verify that the instance is configured with an A.M. roll that enables the instance to communicate with

126
00:08:19,170 --> 00:08:20,060
the systems manager.

127
00:08:20,070 --> 00:08:24,270
Maybe the instance is not communicating with the SSA is not going to hit him with a systems manager.

128
00:08:24,270 --> 00:08:32,880
Also make sure that your account the user account that is using this feature has the right to run commands

129
00:08:33,000 --> 00:08:34,120
on these instances.

130
00:08:34,140 --> 00:08:38,920
And last thing is make sure that the SSN document that supports the type of instances you want to update

131
00:08:38,920 --> 00:08:42,800
some some documents are only for windows some are only for Linux.

132
00:08:42,810 --> 00:08:45,290
Not all of them support both the instance.

133
00:08:45,300 --> 00:08:46,830
All right so time for a break.

134
00:08:46,830 --> 00:08:48,510
I'll see you after the break with more.

135
00:08:48,510 --> 00:08:50,390
Systems Manager lectures.

136
00:08:50,430 --> 00:08:50,840
Thank you.