Implementation Plan:
- Use AWS Systems Manager to take action on AWS resources, EC2 instances in this case.
- Create maintenance windows to schedule and automate the start and stop of EC2 instances. This will automatically perform tasks in a defined time window.
- Register the EC2 instance(s) as targets. The schedule/window applies to these targets.
- Registering tasks, these tasks will be performed on the targets.
- IAM role which SSM assumes and is allowed to make changes to the EC2 instances.
IAM role:
- Trust relationship
- Permissions - Use built-in permissions policy AmazonSSMAutomationRole:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "lambda:InvokeFunction" ], "Resource": [ "arn:aws:lambda:*:*:function:Automation*" ] }, { "Effect": "Allow", "Action": [ "ec2:CreateImage", "ec2:CopyImage", "ec2:DeregisterImage", "ec2:DescribeImages", "ec2:DeleteSnapshot", "ec2:StartInstances", --> Ec2 start instance allow action "ec2:RunInstances", "ec2:StopInstances", --> Ec2 stop instance allow action "ec2:TerminateInstances", "ec2:DescribeInstanceStatus", "ec2:CreateTags", "ec2:DeleteTags", "ec2:DescribeTags", "cloudformation:CreateStack", "cloudformation:DescribeStackEvents", "cloudformation:DescribeStacks", "cloudformation:UpdateStack", "cloudformation:DeleteStack" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "ssm:*" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "sns:Publish" ], "Resource": [ "arn:aws:sns:*:*:Automation*" ] } ]}
Systems Manager Maintenance Windows
- I used Maintenance Windows sub-feature of Change Management under Systems Manager to start and stop the EC2 instances.
- Schedule:
- Targets: - Here we have a few options. I chose to select instance manually since I only had once instance to work with. It auto populates all the running instances.
- A resource group can also be selected in case resources are grouped together based on a criteria. - The selection criteria in these set of screenshots are: Resource Types → AWS::EC2::Instance Tags → Key:env , value:dev
The resources fulfilling the criteria can then be selected after selecting the Preview group resources option:
Tasks:
- Navigate to tasks:
- Select the Automation Document: - I selected EC2 Start Instance document
-Since our target type is INSTANCE, {{RESOURCE_ID}} parameter yields the instance ID only. When the maintenance window task runs, it passes the correct values instead of the pseudo parameter placeholders. More information here.
Additional Pointers:
- Execution history of tasks can be checked under the history tab:
- If for some reason, the schedule needs to be changed, click on edit in the window description tab:
The current schedule is set to run everyday at 9:15 AM :
cron(0 15 9 ? * * *)
This can be changed, for example, to run at 11:30 PM everyday:
cron(0 30 23 ? * * *)
Testing:
- Stop Instance maintenance window: - At a set schedule, the task execution starts and the instance stops as shown in the screenshots below:
- Start Instance maintenance window: - At a set schedule, the task execution starts and the instance goes into a running state again as shown in the screenshots below:
For further reading:
- I will implement this feature in my upcoming blog here.
- I will also be making sure that: - Docker service on the instance keeps running after the instance is stopped and started following the schedule. - Docker container keeps running and serving the web application as usual even after the instance is re-started.
Thanks for reading!