How to minimize your cloud spending on AWS resources using Systems Manager Automation documents
Revathi Joshi
Posted on March 8, 2024
An easy way to accomplish unneccessary spending and to minimize infrastructure when it’s not under heavy use, is - by turning off Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Relational Database Service (Amazon RDS) instances for workloads outside of business hours. For workloads that cannot be turned off (due to dependencies on other systems), downsizing instance types is a good alternative.
Applying these measures you can save companies up to 70% in infrastructure costs.
In this post, I will show you how to use AWS Systems Manager Automation documents to turn off your Amazon EC2 and Amazon RDS instances. These Automation documents can then be scheduled for known low usage periods such as nights, holidays, and weekends.
You can use pre-defined Automation documents (prefixed with AWS) or define your own. These can be invoked on a schedule or via a trigger. For more information, check Systems Manager automation.
Let’s get started!
Please visit my GitHub Repository for EC2 articles on various topics being updated on constant basis.
Please visit my GitHub Repository for RDS articles on various topics being updated on constant basis.
For my article, I am going to use pre-defined Automation documents:
AWS-StartEC2Instance
AWS-StopEC2Instance
AWS-StartRdsInstance
Objectives:
1. Create an RDS database
2. Create EC2 Instance
3. Create an IAM Role
4. Add an Inline Policy to the IAM Role to allow Systems Manager to manage RDS Instance
5. Create an Association - Scheduling through State Manager to stop EC2 Instance
6. Create an Association - Scheduling through State Manager to stop RDS database
Pre-requisites:
- AWS user account with admin access, not a root account.
- Create an IAM role
Resources Used:
AWS Systems Manager Automation
AWS Systems Manager
State Manager Associations
IAM
EC2
RDS
Steps for implementation to this project:
1. Create an RDS database
1
2. Create EC2 Instance
1
8
3. Create an IAM Role
1
- Next 4
- Next
5
- Create role
4. Add an Inline Policy to the IAM Role to allow Systems Manager to manage RDS Instance
- Find out the ARN of your RDS database
- Choose the role that you just created.
- In the Permissions tab, choose Add inline policy, select the JSON tab, and replace the JSON content with the following code.
- Make sure you replace both resource parameters with one or more ARNs of your databases
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"rds:StopDBInstance",
"rds:StartDBInstance"
],
"Resource": "arn:aws:rds:us-east-1:xxxxxxxxxxxx:cluster:database-1"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "rds:DescribeDBInstances",
"Resource": "arn:aws:rds:us-east-1:xxxxxxxxxxxx:cluster:database-1"
}
]
}
1
2
- Next
3
- Create policy
5. Create an Association - Scheduling through State Manager to stop EC2 Instance
1
5
- select the SSM Automation document named
AWS-StopEC2Instance
. - press Enter
6
- For a single EC2, choose Simple execution.
- in the Input parameters section enter the EC2 instance id
- In the AutomationAssumeRole box, pick the role
EC2toSystemsManager
.
- In the Specify schedule section, choose On Schedule and CRON schedule builder.
- Under Association runs, choose the last option, then choose Day, enter 18 and 00. You should now have the following: “Every Day at 18:00”. (that means Stop the EC2 instance at 6:00 pm or 18:00).
- To ensure that the association doesn’t run upon creation, choose the Apply association only at the next specified cron interval check box.
- Create association
- you should now see your association in the list.
- After waiting for 10-15 min, stops the EC2 instance
6. Create an Association - Scheduling through State Manager to stop RDS database
- Follow all the steps as you did for
AWS-StopEC2Instance
1
2
3
- Use
AWS-StopRDSInstance
5
- In the Specify schedule section, choose On Schedule and CRON schedule builder.
- Under Association runs, choose the last option, then choose Day, enter 18 and 20. You should now have the following: “Every Day at 18:20”. (that means Stop the EC2 instance at 6:20 pm or 18:20).
- To ensure that the association doesn’t run upon creation, choose the Apply association only at the next specified cron interval check box.
- After waiting for 10-15 min, stops the RDS database
Cleanup
- delete RDS Database
- delete EC2 instance
- delete Association
What we have done so far
I showed you how to cut off your cloud spending for stopping EC2, and Amazon RDS instances based on a schedule.
Posted on March 8, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.
Related
March 8, 2024