Injecting Chaos to Amazon EC2 using AWS System Manager

Chaos Engineering on AWS

Ansible, Chef, and Bastion host — these are the standard, widely known tools and techniques, used to execute ad-hoc commands on remote servers. While brilliant, all these tools require quite a bit of setup and patience to get started with and to maintain — especially at scale. There is also no simple ways to enforce log trails from the execution of commands and especially who executed them.

The EC2 Run Command EC2, introduced in 2015, was initially built to help administer instances easily and securely. This feature was first designed to support customers running Windows workloads and remotely installing software, running ad hoc scripts or Microsoft PowerShell commands or configuring Windows Update settings.

Today, it is part of the AWS Systems Manager (SSM) offering and is available for every workload and instance type. By integrating with AWS Identity and Access Management (IAM), SSM gives more control over managing remote command executions but also provides logs of the remote commands for auditing purpose.