As you may be aware, RunCommand works with the SSM service. Because of this, it requires some prerequisites to be achieved before being able to configure it.
For this use case, having in mind your configuration, you just need to attach the instance role to each instance that will be chose a target for the command.
For rekated article see: Build a Scalable VPC for Your AWS Environment, Various ways to restart an AWS EC2 instance and How to use GitHub as Source Provider for AWS CodePipeline.
This are the steps you need to follow to Run Command on AWS:
1. Open the IAM console at https://console.aws.amazon.com/iam/.
2. In the navigation pane, choose Roles, and then choose Create New Role.
3. On the Select role type page, under AWS Service Role, choose Select in the Amazon EC2 section.
4. On the Attach Policy page, choose the option beside AmazonEC2RoleforSSM, and then choose Next Step.
5. On the Set role name and review page, type a name in the Role name box, and then type a description.
6. Choose Create Role. The system returns you to the Roles page.
Once you have done this, you need to attach the role to your instance. Follow these steps to do so:
1. Open the EC2 console
2. In the navigation pane, choose instances, and then select the instance that will have the role available.
3. Click on Actions, Instance Settings and Attach/Replace IAM Role.
4. Select the role you just created in the previous steps.
5. Click on Apply.
At this point, you should be able to list your instances as target for RunCommand.
I hope you found this blog post on How to Run Command on AWS helpful. if you have any question, leave a comment below.