As an active user of Amazon Web Services (AWS), you’ve likely come across situations where optimizing costs while maintaining operational efficiency is paramount. One common scenario involves managing your EC2 instances, where the ability to implement a scheduled start/stop routine can result in substantial savings. While various approaches exist to achieve this, one particularly streamlined and efficient solution is leveraging the capabilities of AWS Systems Manager.

In this mini blog, we’ll check out how AWS Systems Manager empowers us to orchestrate actions on the instances with ease, and in this context, with the power of the AWS-StartEC2Instance and AWS-StopEC2Instance Automation documents.

Prerequisites and Setup

Create Service IAM Role for Automation:

1. To perform stop and start actions on EC2 instances, the Systems Manager requires a service role to be passed in the maintenance window.
2. Go to IAM Service -> Roles -> Create Role and use the Systems Manager Use case.
3. Add the following AWS managed policies to the role: AmazonSSMMaintenanceWindowRole and AmazonSSMAutomationRole.
4. Add the Tags to the instances that you want to target in the maintenance window. For example, add StopDaily to the instances that you want to stop.

Create the Maintenance Window

1. Go to Systems Manager -> Maintenance Windows and enter the time as per your use case. It will pick up UTC time by default.
2. You can set up cron schedules as per your needs.
3. Register the Resource Group as the Target.
4. Once the maintenance window has been created, we need to configure it with tasks and targets. Open the maintenance window and go to the Targets section to add the instances (Resource Group) that we take the action on. If you don’t have a resource group for the target instances, you can create it by going to View Resource Groups.
5. Creating the Resource Group based on the tags StopDaily:Yes.
6. Register the Automation Task.
7. Now move on to the Tasks Section and register the AWS-StopEC2Instance / AWS-StartEC2Instance Automation Task.
8. Select the Target that we created earlier in the maintenance window and add {{RESOURCE_ID}} in the input parameter (InstanceId).
9. Enter the rate control and the IAM Role that we created specifically for this automation.
10. Once the Automation Task has been registered, all the setup has been completed and the maintenance window will run as per your defined schedule.

The automation components are now linked together to achieve the task. You can view your executions in the History tab of the maintenance window.

Like what you read? Share our post. Have any topics you’d like to hear about from us? Drop a comment below. Follow us with our hashtag #cloudifyopsminiblogseries to be notified when we next post.