Running commands on managed nodes

This section includes information about how to send commands from the Amazon Systems Manager console to managed nodes. This section also includes information about how to cancel a command.

Note that if your node is configured with the noexec mount option for the var directory, Run Command is unable to successfuly run commands.

Important

When you send a command using Run Command, don't include sensitive information formatted as plaintext, such as passwords, configuration data, or other secrets. All Systems Manager API activity in your account is logged in an S3 bucket for Amazon CloudTrail logs. This means that any user with access to S3 bucket can view the plaintext values of those secrets. For this reason, we recommend creating and using SecureString parameters to encrypt sensitive data you use in your Systems Manager operations.

For more information, see Restricting access to Parameter Store parameters using IAM policies.

Execution history retention

The history of each command is available for up to 30 days. In addition, you can store a copy of all log files in Amazon Simple Storage Service or have an audit trail of all API calls in Amazon CloudTrail.

Related information

For information about sending commands using other tools, see the following topics:

Walkthrough: Use the Amazon Tools for Windows PowerShell with Run Command or the examples in the Amazon Systems Manager section of the Amazon Tools for PowerShell Cmdlet Reference.
Walkthrough: Use the Amazon CLI with Run Command or the examples in the SSM CLI Reference

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Setting up Run Command

Running commands from the console

Running commands on managed nodes

Important

Execution history retention

Related information

Contents