AWS Management and Governance Tools Workshop > Operations - 2022 > Respond > SSM Automation

SSM Automation

Automation, a capability of AWS Systems Manager, simplifies common maintenance and deployment tasks of Amazon Elastic Compute Cloud (Amazon EC2) instances and other AWS resources. Automation helps you to do the following:
- Build automations to configure and manage instances and AWS resources.
- Create custom runbooks or use pre-defined runbooks maintained by AWS.
- Receive notifications about Automation tasks and runbooks by using Amazon EventBridge.
- Monitor Automation progress and details by using the Systems Manager console.

We’ll start with a very simple example to run an Automation document to terminate an EC2 instance.
- Return to the Systems Manager service in your AWS console.
- On the left hand navigation menu, locate Change Management and click on Automation.
- Click on the orange button for Execute Automation.
- Staying within the “Owned by Amazon” tab, search for Document name prefix: Equals: AWS-TerminateEC2Instance
- Click on the document to bring it up in a new tab. Take some time to read through the Description, Content, Version, and Details sections of the document.
- When you done reviewing, click on the orange button for Execute Automation, you should see the below screen:
- From here, select one of the EC2 instances named Lab App host, then click the button at the bottom to Execute.
- The following screen will show the status in real time as the document executes:
- When the status flips to Success, browse to EC2 Instances. You should see the target has been terminated, you will also see the Autoscaling Group has launched a new one to take it’s place:
  The new instance launched by the ASG will be missing some of the functionality we added earlier in the lab. For example, it will not have the Cloudwatch agent installed, the alarms will not be setup, and it will not be included in the widgets on our Cloudwatch Dashboard. The steps below will demonstrate an example of how automation documents can help fill this gap.
Adding a Cloudwatch Alarm from an automation document.
- Return to the SSM Automation
- Click on the orange button for Execute Automation.
- Click the tab for “Owned by Me”, look for and click on the automation document named EnableCWAlarm. This document was created as part of the CloudFormation template for this lab.
- Click on the orange button for Execute Automation.
- Add the following values in the Input parameters section:
  - ResourceARNs: ARN of the newly launched EC2
    
    How to format ARN...
    
    The ARN should be formatted like arn:aws:ec2:<region>:<accountid>:instance/<instanceid>. Replace the region, accountid, and instanceid with those specific to your instance.
  - MetricName: CPUUtilization
  - AutomationAssumeRole: SSMAutomationRoleforOpsLab
  - Statistic: Average
  - Threshold: 50
  - ComparisonOperator: GreaterThanThreshold
  - Period: 300
- Click on the bottom right button to Execute
- Monitor the status on the next screen. Once it flips to success, browse back to Cloudwatch Alarms
- You should see a new alarm created named similar to the below screen shot:
  The Alarm may initially show up in a state of “Insufficient Data”. This is normal for a new alarm and should transition to OK once enough metric data is available.