Run commands/scripts on EC2 via AWS SSM Run Command
Project description
ssm-run
Run shell commands or scripts on EC2 instances via AWS Systems Manager (SSM) Run Command.
Features
- Resolve targets by:
- EC2 instance ID (
i-...) - Name tag / hostname / FQDN
- Private/Public IPv4
- EC2 instance ID (
- Target expansion:
myserver{600..605}
- Run:
- Inline command (
-- "uptime") - Local script file (
--file ./cmd.sh)
- Inline command (
- SSM online filtering (with opt-out)
- Parallel result collection for faster output fetch
- Optional S3-backed full output (
--s3-bucket) to avoid API truncation - Debug mode to inspect exact remote command (
--debug-command)
Installation
From PyPI
pip install ssm-run
Upgrade
pip install --upgrade ssm-run
From source (repo)
git clone https://wwwin-github.cisco.com/skumble/ssm-cli.git
cd ssm-cli
pip install .
Requirements
- Python 3.9+
- AWS credentials configured (profile/role/SSO)
- IAM permissions for:
ec2:DescribeInstancesssm:DescribeInstanceInformationssm:SendCommandssm:ListCommandInvocationsssm:GetCommandInvocation
- If using
--s3-bucket:- instance role needs
s3:PutObject - caller credentials need
s3:GetObject
- instance role needs
CLI Usage
ssm-run [OPTIONS] <target> [<target> ...] -- "<command>"
ssm-run [OPTIONS] <target> [<target> ...] --file ./script.sh
ssm-run [OPTIONS] -f hosts.txt -- "<command>"
ssm-run [OPTIONS] -f hosts.txt --file ./script.sh
Options
-r, --region <region>AWS region (supports shortcuts:use1,euw1,aps1)-f, --hosts-file <file>Read targets from file (one per line,#comments allowed)--file <script.sh>Run local script file instead of inline command--batch-size <1..50>Instances perSendCommandcall--timeout-seconds <sec>Global wait timeout--poll-interval <sec>Poll interval--no-online-filterSkip SSM online filtering--only-failedPrint output only for failed instances--s3-bucket <bucket>Store/fetch full output from S3--s3-prefix <prefix>Optional S3 key prefix--debug-commandPrint decoded command and exit--max-workers <n>Parallel workers for output fetching-h, --helpHelp
Examples
1. Simple inline command
ssm-run --region euw1 myserver{600..605} -- 'uptime'
2. From hosts file
ssm-run -r use1 -f hosts.txt -- 'df -h'
3. Complex command using script file (recommended)
echo 'sudo grep -m1 "HUMIDITY" /mnt/logs/webex-api-streams.log' > cmd.sh
ssm-run --region euw1 myserver{600..605} --file cmd.sh
4. Long-running command with higher timeout
ssm-run --region euw1 --timeout-seconds 300 myserver{600..605} --file cmd.sh
5. Avoid output truncation using S3
ssm-run --region euw1 --s3-bucket my-ssm-logs myserver{600..605} --file cmd.sh
6. Validate what would run (no execution)
ssm-run --region euw1 --debug-command myserver601 -- 'uptime'
Notes on Quoting
For commands with JSON, nested quotes, pipes, or shell special characters, prefer --file instead of inline -- "<command>".
This avoids local shell quoting issues before the command reaches the instance.
Exit Behavior
- Returns non-zero on major failures (for example: AWS API errors, no valid targets).
- Prints per-instance status and summary with success/failed/skipped/timeout counts.
Development
Build wheel/sdist:
python -m pip install --upgrade build
python -m build
Install local build:
python -m pip install --force-reinstall dist/*.whl
Publishing (maintainers)
python -m pip install --upgrade twine
python -m twine check dist/*
python -m twine upload dist/*
Versioning and Release Notes
- Versioning follows Semantic Versioning (
MAJOR.MINOR.PATCH). - Update version in
pyproject.tomlbefore each release. - Add release notes in
CHANGELOG.md.
First Public Release Checklist
- Confirm package name availability on PyPI (
ssm-run). - Verify metadata in
pyproject.toml(name/version/urls/classifiers). - Build artifacts:
python -m pip install --upgrade build
python -m build
python -m twine check dist/*
- Test local install from built wheel:
python -m pip install --force-reinstall dist/*.whl
ssm-run --help
- Publish:
python -m twine upload dist/*
- Tag release in git (example):
git tag -a v0.1.0 -m "Release v0.1.0"
git push origin v0.1.0
License
Add your project license here (for example: MIT, Apache-2.0, or internal Cisco license).
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
ssm_run_cli-0.1.0.tar.gz
(16.9 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ssm_run_cli-0.1.0.tar.gz.
File metadata
- Download URL: ssm_run_cli-0.1.0.tar.gz
- Upload date:
- Size: 16.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.19
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1f0f7e4cc91e93509b32a787ce859eb6060f84f5991b5f4e71cf0710cbc881b2
|
|
| MD5 |
eba6d0741ff2025ed6c00a1e62f4fa98
|
|
| BLAKE2b-256 |
5e506b7301cc7542c4722ef6df4ccf731d4bc0610323510534a7d5f5dd2a466d
|
File details
Details for the file ssm_run_cli-0.1.0-py3-none-any.whl.
File metadata
- Download URL: ssm_run_cli-0.1.0-py3-none-any.whl
- Upload date:
- Size: 15.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.19
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
331681af4bfb167c48aed26172aaa5f4708b6dabc78c500d52787f7a4f0f7c31
|
|
| MD5 |
4bc13b047c3321e340aa9f0c1ecd4a8b
|
|
| BLAKE2b-256 |
611c6e19b9a3b8fb6763b60562b2d26d9cd6b9bb3714fdddf2c43b3b5f19f6fb
|
