9

Background

I want to automatically configure an EC2 via a build, using the aws cli and ssm.

The (manual) setup for the container looks something like this:

  • Create an EC2
  • Run a shell script as root
  • Run a shell script as a specific user

Question

Is it possible to run a command on an ec2 utilising a tool such as aws ssm send-command specifying the linux user which will execute the command?

Assuming the command is a shell script, would specifying the user inside the script do the same job? e.g using sudo su my_user

Max Colledge
  • 195
  • 1
  • 6
  • Welcome to DevOps.SE. Running sudo when you're already root is superfluous. Just su and then do stuff as that user. https://stackoverflow.com/a/3420291/2002471 – chicks Jul 24 '20 at 15:38

1 Answers1

10

I didn't find anything on AWS or boto3 docs that allows for that, but I was able to execute as a different user using the runuser command. In theory, you could do the same thing with a combination of sudo and su commands, but this one is pretty simpler.

For that, you can do as follows:

runuser -l  userNameHere -c '/path/to/command arg1 arg2'

Since send-command executes as root, you don't have any issues.

Note: I thought that send-command uses in some way a session managed by the SSM Session Manager, but I was wrong. I spent a good time configuring SSM Session Manager preferences and tagging IAM resources according to this doc and this one, but send-command always execute as root as far I saw.

Sources:

M. Gleria
  • 216
  • 3
  • 4
  • Thank you! This also helped me when trying to execute a script via AWS Systems Manager - Run Command, since su - username wasn't allowing me to switch the user from root. – Leo Folsom Feb 09 '22 at 19:03
  • 1
    Thank you so much for this, you saved my day. Documentation is so weak. And running command after or with sudo su - username did not work at all, even if I send it in same command separated with ; or as list of command. – MohitC Dec 07 '23 at 17:15