As you may be aware, RunCommand works with the SSM service. Because of this, it requires some prerequisites [2] to be achieved before being able to configure it.
For this use case, having in mind your configuration, you just need to attach the instance role[3] to each instance that will be chose a target for the command.
This are the steps you need to follow:
1. Open the IAM console at https://console.aws.amazon.com/iam/.
2. In the navigation pane, choose Roles, and then choose Create New Role.
3. On the Select role type page, under AWS Service Role, choose Select in the Amazon EC2 section.
4. On the Attach Policy page, choose the option beside AmazonEC2RoleforSSM, and then choose Next Step.
5. On the Set role name and review page, type a name in the Role name box, and then type a description.
6. Choose Create Role. The system returns you to the Roles page.
Once you have done this, you need to attach the role to your instance. Follow these steps to do so:
1. Open the EC2 console
2. In the navigation pane, choose instances, and then select the instance that will have the role available.
3. Click on Actions, Instance Settings and Attach/Replace IAM Role.
4. Select the role you just created in the previous steps.
5. Click on Apply.
At this point, you should be able to list your instances as target for RunCommand.