Summary: AWS SSM Automations

AWS Systems Manager (SSM) Automations allow you to automate common maintenance and deployment tasks for AWS resources such as EC2 instances, EBS volumes, and RDS databases. These tasks can include restarting instances, creating AMIs, and taking EBS snapshots.

• Runbooks: Automation documents in SSM are referred to as Runbooks. They can be custom-created or predefined by AWS.
• Execution: Automations can be triggered manually via the AWS Management Console, CLI, SDK, or automatically using AWS EventBridge rules, Maintenance Windows, or AWS Config rules.
• Examples: Automations can perform a variety of tasks, such as attaching EBS volumes, managing IAM roles, and managing Auto Scaling groups.

How to Execute an SSM Automation

1. Navigate to Automation: In the AWS Management Console, go to Systems Manager > Change Management > Automation.
2. Execute Automation: Select 'Execute Automation' and choose a document (either your own or one provided by AWS).
3. Document Categories: AWS provides categories like Patching, Security, Instance Management, Data Backups, AMI Management, etc.
4. Choose the Document: For example, select AWS-RestartEC2Instance to restart instances.
5. Execution Settings: Choose the execution mode (Simple, Rate Control, Multi-account/Multi-region, or Manual).
6. Specify Targets: Define targets by Instance IDs, resource groups, tags, or parameter values.
7. Approval Steps (Optional): Include an approval step if necessary.
8. Execution Role: Specify an IAM role for the automation to assume if different from the current user.
9. Rate Control: Set the number of targets and error threshold for stopping the automation.
10. Execute: Initiate the automation and monitor the steps.

Example: Restarting EC2 Instances

• Document Used: AWS-RestartEC2Instance with Rate Control.
• Target: Specified by resource group (e.g., Dev Instances).