Using AWS Systems Manager to save money with automation



Hi everyone !

How u guys doing today ?

We all know very well cloud computing has a lot of benefits but, we should also say that when you get your bill, you may be surprised if you are not enough diligent and organised. Remember, you pay for what you use, for as long as you use it.

I will bring up a real case a friend of mine was tellling me the other day. He works for an university in Canada and a lot of users are professors. They do a lot of research and as a result, they need multiple machines and , many times, very robust machines. In the cloud world, this can cost a lot of money. As we know, you pay for what you use.
Can you imagine how the bill can go high if you don't manage those machines very well ?

He was telling me how surprised they were when, a few times,  they got the bill and they found out, many machines had been let running when there was no need and as a result, the bill was insanely high.

Well, in this case, systems manager can help us out. We can set up an automation in such a way that a given group of machines will be shut down on a schedule.

For instance, let's say these professors only work from Monday to Friday, of course, you are going to discuss and both parties have to agree, but the point is, you can set up a maintenance window where these machines will be shut down every Friday at 8PM, for instance. By doing this, you make sure they will remain off over the weekend and not incur any extra cost.

I will show you today how to do that.

Here is the scenario :

I got 4 windows servers for this example.
My goal is to shut them off every Friday at 8 PM. No manual intervention should be needed.

Voila ! Go ahead and figure it out!

Of course you have more than one way of doing this but, I will leverage AWS Systems Manager for this.

Here is what you are going to need to make this happen :

  • Have SSM agent installed on those servers;
  • Tag the servers properly. I will use "Owner: Professor" to identify the targeted servers;
  • Have a document created to perform the shutdown action;
  • Setup a maintenance window that will take place every Friday at 8PM to execute the shutdown command on a group of servers.                                                                                                                                                                                                                                                        Open the console and go to Services>type "Systems"> then pick Systems Manager                                                             
  Scroll all the way down and click on "Documents"


 Click on create "command or session"

Name the document with a name of your choice and pick "Command document" as document type

Scroll down, switch to yaml and type the content below (this issues a powershell command to stop the machine. It only works if target machine is a windows) and finally hit "Create Document"


    Click on "Owned by me"and you will find the document in there: (shutdown_prof_Servers)


Now you have the document. You need now the resource group that will be your target for this job.

Go to AWS Systems Manager > Resource Groups > Create Resource Groups



Pick Tag based, then EC2 Instance and in tag you do Owner:Professor (this is for my example), fill in the group details and hit create group.




These are my 4 servers that need to be shut down.


Here is how you tag them.


Here are they after being tagged.



If you check the resource group you have created (Professors_Machines) you can verify it has 4 members.



Alright, the only thing missing now is the maintenance window.

Go to AWS Systems Manager > Maintenance Window > Create maintenance window


Fill the details in.


Set the schedule as per your need. In my case, it will run every Friday, for 1 hour.







Once you have created a maintenance window, you need to set up a task and the target.
In my case, need to register a run command task

Fill that in


Look for the document you created earlier (shutdown_prof_servers)



This is the script that will run each time this maintenance window kicks in.

Same idea for target.



Remember you've tagged your servers that were after added into a resource group. Now, it's time to pick them up.




Here you can determine how many servers this task can run on simultaneosly and the error threshold that will make this script stop running.


Do not forget to set up an IAM service role. This is required because Systems Manager needs some access on EC2 to perform the actions.


If you want, you can enable writting on S3, cloudwatch and send SNS notifications.



Then you have it.  This is a summary of what this maintenance window will do.


Alright, if you've come to this point, you just need to wait for the task to kick in. The history tab will show you whether the maintenance window was successfully executed, which was, in my case.


As you can see, my 4 servers have been shut down.


And, from within my maintenance window I can have more details.


There you go folks !

I hope you have found this useful. Thanks for reading it.


Location: Toronto, ON, Canada

Comments

Post a Comment

Popular posts from this blog

Understanding Azure AD Device Management

Image
Hi folks !!! How are you all doing ? It's been a looooonnnggg time since my last post. Yeah !! I know !! A lot going on. But I am back. This time, I would like to talk about a very cool feature in Azure that is called Azure AD Device Management. In today's world, technology has drastically changed the way we work and we need to keep up with the changes. Today, you can easily be working while you are commuting to the office, while you are at home or traveling. All that you need is to have a device, internet connection and , voila, you are connected to your company. Because of this, Microsoft came up with this pretty cool feature. So , basically , in order for you to access your company resources you can use a device that is company issued but, maybe you want to use your own device, I mean, it could be a tablet or a macbook and you can access company resources. No matter which device you use to connect, this brings some concerns because somehow, the device has a certain level of
Read more

Certification or Degree ??

Image
Hi guys !! I hope you are doing great and enjoying summer (at least for Northern Hemisphere folks). I know my friends in Brazil are struggling with a super cold winter (10 C/50 F ??). Oh !!! I'd love having a winter "that" cold here in Montreal but, anyways. So, today I'd like to talk about certification or degree. In IT, which one is more important ? People have different thoughts about this topic and I think there is no wrong or right. It depends on your situation. I personally tend to agree that , perhaps, having both is the best as you could benefit from the great things both of them can give to you but, if you can't afford having both, I'd tend to agree that keeping your certifications up to date is probably better than having only a degree. Let me tell you why I believe in this. I have an associate's degree in computer networking that was achieved in 2009. My first certification, I got in 2009. I got started in the certification world wi
Read more

What if I am asked to provide last time a particular attribute was modified in Active Directory ?

Image
How to detect when and on which DC a particular AD object attribute was last modified ? Well, as part of our job, as a SysAdmin, from time to time you may get requests from people that want to know when a particular modification was made to an AD object. For instance, the mail attribute was modified on an account and it caused an issue to the user. When you are doing a RCA (Root Cause Analysis), you may be asked to identify when the attribute change was made so you can know when the problem occurred. So, this is something that you can achieve by executing a simple command : Repadmin. :) Although you can't see when all changes were made, you can check date and time of the last change that was made to a particular attribute. Here is what you need to do: Prerequisites Powershell where Active Directory module is loaded; Repadmin command line(depending on the machine you are running this from , you may need to get RSAT installed so Repamin can be available); The AD object y
Read more