AWS SSM Automation with Terraform & Python This project enables automated execution of shell scripts on existing EC2 instances using AWS SSM and Terraform. It ensures that:
β Pre-existing EC2 instances get an IAM role with SSM permissions. β SSM Agent is installed on all target instances (supports Amazon Linux, RHEL, Ubuntu, Debian, Windows). β Batch execution of scripts using AWS SSM Run Command. β Works with private instances in the same VPC (via SSM). π οΈ Project Structure graphql
/ssm-automation/ βββ terraform/ # Terraform for SSM role attachment β βββ main.tf # Terraform config (IAM Role & Instance Profile) β βββ variables.tf # Terraform variables β βββ terraform.tfvars # Variable values βββ scripts/ # Folder to store shell scripts β βββ install_grafana.sh # Example script (replace with any script) βββ config/ # Configuration files β βββ config.json # Target instances and script details βββ run_script.py # Python script to install SSM and execute commands βββ requirements.txt # Required Python packages βββ README.md # Project documentation 1οΈβ£ Setup & Prerequisites πΉ AWS Setup Ensure you have AWS CLI installed and configured with credentials: bash
aws configure Install Terraform (v1.0+): bash
brew install terraform # macOS sudo apt install terraform # Ubuntu/Debian Install Python 3.8+ and dependencies: bash
pip install -r requirements.txt 2οΈβ£ Configure Terraform πΉ Update terraform/terraform.tfvars Modify this file to specify:
AWS region Existing EC2 instance IDs where SSM should be attached Example: hcl
aws_region = "us-east-1" instance_ids = ["i-0abcd1234efgh5678", "i-0123456789abcdef0"] πΉ Deploy IAM Role & Attach to EC2 bash
cd terraform terraform init terraform apply -auto-approve β This attaches the SSM IAM role to existing instances.
3οΈβ£ Configure Python Script πΉ Update config/config.json Modify this file to specify:
Instance IDs where the script should run Script name (must be inside the scripts/ folder) Batch size (optional) json
{ "instance_ids": ["i-0abcd1234efgh5678", "i-0123456789abcdef0"], "script_name": "install_grafana.sh", "batch_size": 5 } 4οΈβ£ Run the Automation Run the Python script to:
Ensure SSM Agent is installed Execute the specified script on target instances bash
python run_script.py β This will install SSM Agent (if missing) and execute the script via AWS SSM.
5οΈβ£ Example Script (install_grafana.sh) Any shell script can be placed in scripts/ and referenced in config.json. Example scripts/install_grafana.sh:
sh
#!/bin/bash echo "Installing Grafana..." sudo apt update -y sudo apt install -y grafana sudo systemctl enable grafana-server sudo systemctl start grafana-server echo "Grafana installation complete!" Replace install_grafana.sh with any script of your choice! 6οΈβ£ How It Works β Step 1: Terraform assigns IAM SSM Role to EC2 instances. β Step 2: Python script checks if SSM Agent is installed (installs if missing). β Step 3: It batches instances and executes the shell script via AWS SSM. β Step 4: Scripts run without SSH access, making it secure and scalable.
7οΈβ£ Cleanup To remove IAM Role attachments, run:
bash
cd terraform terraform destroy -auto-approve πΉ Future Enhancements β Add support for dynamic inventory with Ansible β Implement error handling & logging β Schedule automatic script execution using AWS Lambda π Now you can run any script on any EC2 instance automatically! π