********************************************************************************
* Description: Send command from MSWIN AWS CLI to Linux server on cloud via SSM
* Date: 12:09 PM EST, 03/19/2018
********************************************************************************

		 
<1> In some practical cases, a large company's IT environment could contain hundred or thousand servers on AWS Cloud needs to be patched:
     |
     |__ o. AWS provides an option that SYS admin can send Linux command within an API request to remote servers from Windows latop to remote servers, performing operation in batch.
 	 
		  



<2> Step 1 - Download and install AWS CLI for Windows platform:
     |
     |__ The Windows 64-bits .msi installer attached as "Download" option with the itme.
     |
     |__ Reference: https://docs.aws.amazon.com/cli/latest/userguide/awscli-install-windows.html#awscli-install-windows-path





<3> Step 2 - Create AWS programatic access key pair:
     |
     |__ o. Login AWS Console 
             ==> AMI
             ==> Users
             ==> Click on the choosen "username"
             ==> Security Credentials
             ==> Create access key
             ==> Save "Access key ID" [like username] and "Secret access key" [similar to password]. 
                 CAUTION: "Secert access key" only show up once when it got created. So, it needs to be saved properly somewhere.
			 
			 
             



			 

<4> Step 3 - Configuring AWS CLI with "Access Key Pair" on local Windows laptop via CMD:
     |
     |__ CMD> aws configure
	 

                 AWS Access Key ID: AKIOK8RM2WTOJ8J2HWSQ
                 AWS Secret Access Key: BYpos8lDuuKPpqmJdqIdOl2UYZglXfydKhlLwqI+
                 Default region name [us-east-1]: us-east-1
                 Default output format [json]: json	 
		  
		  
		  
		  
		  
<5> Step 4 - Install Amazon Service System Manager[SSM Agent] on remote Cloud Linux servers:
     |
     |__ o. SSM is acting as an agent receiving commands from remote servers via AWS API to munipulate AWS services without log into console.
     |
     |__ o. Reference - https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent.html
     |
     |__ o. Different Linux Platform and version have various installation utility or method: 
         |
         |
         |__ a) Redhat [64-bit]: 
         |
         |
         |          $ yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm
         |          $ systemctl status amazon-ssm-agent ............ [RHEL 7.x]
         |          $ status amazon-ssm-agent ...................... [RHEL 6.x]
         |
         |
         |__ b) Ubuntu [64-bit, either of below installation utility]:
		 
                    $ wget https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/debian_amd64/amazon-ssm-agent.deb
                    $ dpkg -i amazon-ssm-agent.deb          
                    $ status amazon-ssm-agent ..................... [Ubuntu 14.x]
                    $ systemctl status amazon-ssm-agent ........... [Ubuntu 16.x]
		 
		 
		  
		  
		  
		  
<6> Step 5 - Grant SSM Policy to either AWS user or EC2 server IAM role:
     |
     |__ o. IAM Role:
     |   |
     |   |__ o. Login AWS console, and go to "IAM"
     |   |      ==> "Roles"
     |   |      ==> "Create Roles" 
     |   |      ==> "AWS Services" 
     |   |      ==> "EC2" 
     |   |      ==> "EC2 Role for Simple Systems Manager" 
     |   |      ==> "AmazonEC2RoleforSSM"
     |   |      ==> Assign the role to target EC2 instance.
     |   |
     |   |__ o. CAUTION: One EC2 instance could have only one IAM role, but "AmazonEC2RoleforSSM" can be attached with existing role.
     |    
     |
     |__ o. AWS user:
         |
         |__ o. If the user have "Administor" permission, you can "add permission" and "attach existing policy directly" with "AmazonSSMFullAccess".