As an active user of Amazon Web Services (AWS), you’ve likely encountered situations where optimizing costs while maintaining operational efficiency is essential. Managing EC2 instances effectively is a key aspect of cost control, and implementing a scheduled start/stop routine can lead to substantial savings. While multiple approaches exist, one of the most efficient and streamlined solutions is leveraging AWS Systems Manager.

AWS Systems Manager not only simplifies EC2 instance management but also enhances security and compliance, making it a valuable component of Cloud Based Security Solutions. By using the AWS-StartEC2Instance and AWS-StopEC2Instance Automation documents, businesses can orchestrate actions effortlessly.

For organizations looking to optimize cloud operations further, AWS Managed Services provide expert guidance and automation capabilities, ensuring cost efficiency, security, and operational excellence.

Prerequisites and Setup

Create Service IAM Role for Automation:

1. To perform stop and start actions on EC2 instances, the Systems Manager requires a service role to be passed in the maintenance window.
2. Go to IAM Service -> Roles -> Create Role and use the Systems Manager Use case.
3. Add the following AWS managed policies to the role: AmazonSSMMaintenanceWindowRole and AmazonSSMAutomationRole.
4. Add the Tags to the instances that you want to target in the maintenance window. For example, add StopDaily to the instances that you want to stop.

Create the Maintenance Window

1. Go to Systems Manager -> Maintenance Windows and enter the time as per your use case. It will pick up UTC time by default.
2. You can set up cron schedules as per your needs.
3. Register the Resource Group as the Target.
4. Once the maintenance window has been created, we need to configure it with tasks and targets. Open the maintenance window and go to the Targets section to add the instances (Resource Group) that we take the action on. If you don’t have a resource group for the target instances, you can create it by going to View Resource Groups.
5. Creating the Resource Group based on the tags StopDaily:Yes.
6. Register the Automation Task.
7. Now move on to the Tasks Section and register the AWS-StopEC2Instance / AWS-StartEC2Instance Automation Task.
8. Select the Target that we created earlier in the maintenance window and add {{RESOURCE_ID}} in the input parameter (InstanceId).
9. Enter the rate control and the IAM Role that we created specifically for this automation.
10. Once the Automation Task has been registered, all the setup has been completed and the maintenance window will run as per your defined schedule.

The automation components are now linked together to achieve the task. You can view your executions in the History tab of the maintenance window.

Like what you read? Share our post. Have any topics you’d like to hear about from us? Drop a comment below.