AWS Cloud Operations & Migrations Blog

Amazon EC2 Systems Manager Automation is now a Amazon CloudWatch Events Target

Today we are excited to announce a new target for Amazon CloudWatch Events: Amazon EC2 Systems Manager Automation. Through this integration, Automation workflows can be triggered by a schedule, or when specific AWS system events occur.

  • Automation is part of Amazon EC2 Systems Manager.  Using Automation you can build workflows that are streamlined, repeatable and auditable. For example, you can create workflows to patch, update agents, or bake applications into an Amazon Machine Image (AMI). You can also avoid the time and effort associated with updating your images manually, and instead build AMIs that meet your IT standards and make the approved AMIs available to you teams.
  • Amazon CloudWatch Events allows you to create rules that trigger based on AWS events, or on a periodic schedule.  CloudWatch Events can be setup to respond to Amazon EC2 Service state changes, Amazon Simple Storage Service (S3) bucket operations, and other events automatically. Supported targets include AWS Lambda, Amazon SNS, Amazon EC2 Systems Manager Run Command, and now Amazon EC2 Systems Manager Automation.

With Automation as a supported CloudWatch Events target, you can take advantage of some interesting use cases. You can perform routine tasks better when you schedule tasks for specific days and times or after specific event patterns. In this blog, we are going to show examples of how you can use CloudWatch Events and Automation to automate repetitive tasks, such as periodically starting and stopping instances.

Automatically stop and start instances on weekends

Identifying and automatically stopping unused non-production instances in your account can save costs and improve efficiency of how you use your resources. Suppose you would like to automatically stop an instance every Friday evening and start it back on Monday morning. You can easily accomplish this using two CloudWatch Events that triggers an Automation Document for stopping and starting instances.

Create an Automation Document

For this example, follow the steps to create an Automation Document. The following code can be used to quickly create the Document.

{
"description":"Systems Manager Automation Demo - Start Instances via CWE",
   "schemaVersion":"0.3",
   "parameters":{
      "automationRoleArn":{
         "type":"String",
         "description":"(Required) The ARN of the role that allows Automation to perform the actions on your behalf."
      },
    "instanceIds":{
         "type":"StringList",
         "description":"(Required) The Instance ID(s) to Stop or Start."
      },
    "state":{
         "type":"String",
         "description":"(Required) The state you would like the Instance(s) placed in. Options are: running | stopped"
      }
   },
   "assumeRole":"{{automationRoleArn}}",
   "mainSteps":[
       {
         "name":"startStopInstance",
         "action":"aws:changeInstanceState",
         "maxAttempts":2,
         "timeoutSeconds":120,
         "onFailure":"Continue",
         "inputs":{
            "InstanceIds":["{{instanceIds}}"],
            "DesiredState":"{{state}}"
         }
      }
   ]
}

Steps to create CloudWatch event rules to trigger Automation

After you have created the Document and saved it, you can create two CloudWatch event rules that automatically trigger at specific times.

Step 1. In the AWS Management Console, choose CloudWatch, Events, Rules and Create rule.

Step 2:  Under Event Source, choose Schedule, Cron expression. To stop specified instances automatically at 6 PM every Friday, enter the following cron expression to trigger the rule:

0 18 ? * FRI *

 

Step 3: Under Targets, choose Add target, SSM Automation.

Step 4: For Document, select the Automation Document you saved for stopping and starting specified instances.

Step 5: For Configure document version, choose Default or a particular version number.

Step 6: Choose ‘Constant’ automation  and enter the enter instance ID that you would like to be stopped automatically per the rule that you are creating. You can also choose ‘Input Transformer’ to provide custom inputs based on a template.

Step 7: Provide permission for CloudWatch event to call SSM Start Automation Execution. You can either create an existing role that you previously created or create a new role.

Step 8: Choose Configure details, and enter a name and description for your rule. Ensure that Enabled is selected.

Step 9: Choose Create rule.

Your rule is now created and automatically executes every Friday at 6 PM to stop your specified instance. To start the instance back up say on Monday morning, repeat the steps to create another CloudWatch event rule, set your cron expression to Monday AM at your desired time, and target the same Automation Document. Make sure you provide “running” as your desired state.

With this setup you can now automatically stop and start your instances, thus using your resources optimally.

Additional methods to trigger Automation

Outside of setting up an Automation workflow to be triggered on a schedule, you can also trigger executions based on event patterns. For example, you can setup a CloudWatch event on a Parameter Store value. Based on changes to the value you can trigger an Automation workflow. You can create a Parameter Store key/value to store AMI Ids which you typically use to create golden images for your organization. Every time you change the value of the key to a new AMI ID, you can setup a CloudWatch event rule on that parameter and target Automation. The target can point either to your custom Document or the AWS-UpdateWindowsAMI Document published by AWS. This automatically creates a new image with the latest updates that you can provide as inputs to your CI/CD pipeline or to Auto Scaling groups. For your reference, here is a blog that talks about how you can update and patch your Windows AMIs using Automation.

 

Conclusion

Automation simplifies common system maintenance and deployment tasks. By using CloudWatch Events, you can orchestrate task execution based on any events relating to AWS services. You can also trigger your predefined workflows on a schedule. Using this integration, you can easily orchestrate management of your resources and expect your workflows to perform tasks at scale automatically.

About the author

Venkat Krishnamachari is a Product Manager in the Amazon EC2 Systems Manager team. Venkat is excited by the opportunities presented by cloud computing, and loves helping customers benefit from the value of efficient infrastructure and management. In his personal time Venkat volunteers with NGOs and loves producing live theater and music shows.