AWS Utilities
Two workflows let you execute commands on AWS EC2 instances — one via AWS Systems Manager (SSM) without opening any ports, and one via traditional SSH.
aws-ssm-send-command​
Execute bash commands on EC2 instances via AWS Systems Manager (SSM) — no SSH keys or open ports required. The instance needs the SSM agent installed (pre-installed on most Amazon Linux and Ubuntu AMIs).
When to use: Running deployment scripts, restarting services, or any automation on EC2 instances without exposing SSH.
jobs:
deploy:
uses: clouddrove/github-shared-workflows/.github/workflows/aws-ssm-send-command.yml@master
with:
command: |
cd /opt/myapp
git pull origin main
systemctl restart myapp
working-directory: /opt/myapp
slack-notification: true
secrets:
AWS_REGION: ${{ secrets.AWS_REGION }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
INSTANCE_ID: ${{ secrets.EC2_INSTANCE_ID }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
| Input | Required | Description |
|---|---|---|
command | Yes | Bash commands to run on the instance |
working-directory | No | Working directory for the command |
slack-notification | No | Send Slack notification on completion |
IAM requirements: The IAM role used needs ssm:SendCommand and ssm:GetCommandInvocation permissions on the target instance.
aws-remote-ssh-command​
Execute commands on servers via SSH — connects to a server using a private SSH key and runs the specified script, with optional Slack notification on success or failure.
When to use: Deployments or maintenance tasks on servers where SSM is not available, or for non-EC2 servers (e.g., bare-metal, other cloud VMs).
jobs:
deploy:
uses: clouddrove/github-shared-workflows/.github/workflows/aws-remote-ssh-command.yml@master
with:
port: 22
command_timeout: 10m
slack_notification: true
slack_username: deployment-bot
script: |
cd /var/www/myapp
git pull
npm install --production
pm2 restart myapp
secrets:
PRIVATE_SSH_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
HOST: ${{ secrets.SERVER_HOST }}
USERNAME: ${{ secrets.SERVER_USER }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
| Input | Required | Default | Description |
|---|---|---|---|
port | No | 22 | SSH port |
command_timeout | No | 10m | Timeout for the script |
script | No | — | Shell commands to run |
slack_notification | No | false | Send Slack notification |
slack_username | No | — | Username shown in Slack |
Prefer aws-ssm-send-command when your instances are on AWS — it requires no open ports and provides a full audit trail in AWS CloudTrail.
Use aws-remote-ssh-command for non-AWS servers or instances without the SSM agent.