EC2 Run Command (PowerShell)

Overview

The EC2 Run Command (RunPowerShellScript) action runs a PowerShell script on targeted EC2 instances.

This allows you to remotely execute PowerShell scripts on your EC2 instances to support streamlined management and maintenance of your Windows-based infrastructure, including automating system administration tasks, troubleshooting problems, deploying applications and managing security patch updates on EC2 instances.

This action is designed for use with Windows-based EC2 instances only. To run a shellscript on Unix/Linux-based instances, use the EC2 Run Command (RunShellScript) action instead.

How it works

The EC2 Run Command (RunPowerShellScript) action uses these endpoints to target EC2 instances and execute a PowerShell script from them using Systems Manager:

• DescribeInstances, from AWS’s EC2 API
• SendCommand, from AWS’s SSM API

Before you can use the EC2 Run Command (RunPowerShellScript) action, your EC2 instance must be ready to use with AWS Systems Manager.

The first step is to install the SSM Agent on your EC2 instance, unless your EC2 instance was based on an AMI that came with the SSM Agent pre-installed.

The second step is to provide AWS Systems Manager with the necessary permissions to send shellscripts to your targeted EC2 Instances.

We do not advise manually modifying the permissions attached to the cross-account role that is created by GorillaStack in AWS. GorillaStack updates this role with your permission when you change your account preferences, and this may cause any manual changes to be lost. Instead, follow the instructions provided in the AWS docs under “To create an instance profile for Systems Manager managed instances (console)”.

Targeting Windows-only EC2 instances

This action automatically targets Windows-only EC2 instances using the Platform key that AWS normally applies automatically. However, a very small number of Windows-only instances that are based on very old AMIs and/or custom AMIs may lack this key. To ensure those instances are targeted by this action too, add the following tag to each Windows-only instance that lacks the Platform key:

• Key: GS_PLATFORM_OVERRIDE_FLAG
• Value: 'windows`