Using AWS Systems Manager to Monitor Disk Usage on Amazon EC2 Instances

Introduction

AWS Session Manager is a capability of AWS System Manager, which does not require opening inbound ports and doesn’t require public IP addresses for Amazon EC2 instances. It also removes the need for a bastion host. To get the disk utilization without needing to RDP/SSH for each instance, we can use System Manager by following the steps below.

Pre-requisites

• AWS Account: Ensure you can access an AWS account with appropriate permissions.
• AWS IAM Role: Create an AWS IAM role with the AmazonSSMManagedInstanceCore policy attached. This role should be assigned to the Amazon EC2 instances.
• SSM Agent: Ensure that the SSM Agent is installed and running on your Amazon EC2 instances. By default, SSM Agent is pre-installed on Amazon Linux, Amazon Linux 2, and Ubuntu 16.04, 18.04, and 20.04 instances.

Steps to Get Disk Utilization for an Amazon EC2 Instance Using AWS Systems Manager Agent

• Go to the “Run Command” under Node Management in Session Manager. Select “AWS-RunShellScript” as shown below. The ‘aws:runShellScript’ command in AWS Systems Manager runs shell scripts on managed instances.

• Put the commands in the ‘Command Parameters’. In this case, “df -h” command in Linux displays the disk space usage in a human-readable format.

• Select the Target Instances for which we need to know the disk utilization. We can select multiple instances simultaneously.

• Click on ‘Run Command’. We can view the output once the Command status is successful.

Components in the Process

• Amazon EC2 Instances: Virtual servers running in the AWS cloud.
• AWS IAM Role: Provides necessary permissions for the SSM Agent to interact with the AWS Systems Manager.
• SSM Agent: An agent that runs on Amazon EC2 instances and enables AWS Systems Manager to manage these instances.
• AWS Systems Manager: A service that provides operational data and automation for your infrastructure.
• Run Command: A feature of AWS Systems Manager that allows you to remotely and securely manage the configuration of your managed instances.

Benefits and Limitations of Using this Approach

Benefits:

• No open inbound ports and no need to manage bastion hosts or SSH keys- Session Manager helps you improve your security posture by letting you close these inbound ports, freeing you from managing SSH keys and certificates, bastion hosts, and jump boxes.
• Scalability: Efficiently run commands across a fleet of instances.
• Enhances Security: Ensures only authenticated users can access specific resources. Also, it manages session timeouts and invalidation to prevent unauthorized access.
• Logging and Auditing: Integrated with services like AWS CloudTrail, Amazon Simple Storage Service, Amazon CloudWatch Logs, and Amazon Simple Notification Service for recording connections made to the managed nodes and also receive notifications when a user in the organization starts or ends session activity.

Limitations:

• Initial Setup Complexity: Requires proper AWS IAM role configuration and ensures SSM Agent is installed and running in the Amazon EC2 Instances. This may lead to security or access control issues if access is not provided properly.
• Execution Delays: Command execution might take time depending on the number of instances and network latency.

Alternate Way of Getting the Disk Utilization

Alternate Option 1: Amazon CloudWatch Agent and Amazon CloudWatch Logs

• Install CloudWatch Agent on Amazon EC2 instances. For Amazon Linux:

• Create and edit agent’s config file:

• Restart the agent and check the agent’s logs:

• Go to the Amazon CloudWatch Console and check the Metrics Section. CWAgent installed on the instance is visible on the screen.

• Click the instance, and the disk utilization of the EBS volume will be visible on the screen.

Alternate Option 2: AWS Session Manager

• Go to the AWS Session Manager, and click ‘Start Session’.

• The instance in the target instances will only be visible if the role has been attached to the instance.

• Click on ‘Start Session’. Here, the user initiates an SSH session through Session Manager and sends API calls to the Amazon EC2 instance.

• The AWS Systems Manager SSM Agent, installed on the Amazon EC2 instance, connects to Session Manager and runs the command ‘df -h’.

‘df’ command displays the information about total and available space on a file system.

Conclusion

The ability to run commands across multiple instances simultaneously further streamlines your operations, making it easier to maintain optimal performance and resource allocation.

Drop a query if you have any questions regarding AWS Systems Manager and we will get back to you quickly.

About CloudThat

CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.

CloudThat is recognized as a top-tier partner with AWS and Microsoft, including the prestigious ‘Think Big’ partner award from AWS and the Microsoft Superstars FY 2023 award in Asia & India. Having trained 650k+ professionals in 500+ cloud certifications and completed 300+ consulting projects globally, CloudThat is an official AWS Advanced Consulting Partner, Microsoft Gold Partner, AWS Training Partner, AWS Migration Partner, AWS Data and Analytics Partner, AWS DevOps Competency Partner, Amazon QuickSight Service Delivery Partner, Amazon EKS Service Delivery Partner, AWS Microsoft Workload Partners, Amazon EC2 Service Delivery Partner, and many more.

To get started, go through our Consultancy page and Managed Services Package, CloudThat’s offerings.