Menu
AWS Ops Automator
AWS Ops Automator

Automated Deployment

Before you launch the automated deployment, please review the architecture, configuration, security, and other considerations discussed in this guide. Follow the step-by-step instructions in this section to configure and deploy an AWS Ops Automator into your account.

Time to deploy: Approximately 30 minutes

What We'll Cover

The procedure for deploying this architecture on AWS consists of the following steps. For detailed instructions, follow the links for each step.

Step 1. Launch the AWS Ops Automator Stack in the Primary Account

  • Launch the AWS CloudFormation template into your primary AWS account.

  • Enter values for required parameters: Stack Name.

  • Review the other template parameters, and adjust if necessary.

Step 2. Launch the Role Template in the Secondary Account(s)

  • Launch the applicable role AWS CloudFormation template into the secondary account with applicable resources.

  • Enter values for required parameters: Stack Name.

Step 3. Launch a Task Template in the Primary Account

  • Launch the applicable task-configuration AWS CloudFormation template into the primary account.

  • Review the template parameters, and adjust if necessary.

Step 4. Tag Your Resources

  • Apply the custom tag to applicable resources.

Step 1. Launch the AWS Ops Automator Stack in the Primary Account

This automated AWS CloudFormation template deploys the AWS Ops Automator in your primary account. Launch this template using an AWS Identity and Access Management (IAM) role specifically created for this purpose. For more information, see the Security section.

Note

You are responsible for the cost of the AWS services used while running this solution. See the Cost section for more details. For full details, see the pricing webpage for each AWS service you will be using in this solution.

  1. Sign in to the AWS Management Console and click the button below to launch the ops-automator AWS CloudFormation template.

    
                                AWS Ops Automator launch button

    You can also download the template as a starting point for your own implementation.

  2. The template is launched in the US East (N. Virginia) Region by default. To launch this solution in a different AWS Region, use the region selector in the console navigation bar.

    Note

    This solution uses AWS Lambda, Amazon DynamoDB, and Amazon CloudWatch, which are currently available in specific AWS Regions only. Therefore, you must launch this solution an AWS Region where these services are available. For the most current AWS service availability by region, see AWS service offerings by region.

  3. On the Select Template page, keep the default setting for Choose a Template and select Next.

  4. Under Parameters, review the parameters for the template, and modify them as necessary.

    This solution uses the following default values.

    Parameter Default Description
    Ops Automator Tag Name OpsAutomatorTaskList The tag key (name) that identifies applicable resources. The tag value will contain the list of tasks to be performed on tagged resources. See Step 4 for detailed information.
    Clean up task tracking table? Yes Choose whether to clean the task tracking table.
    Keep failed tasks? Yes Choose whether to store failed tasks in the Amazon DynamoDB table.
    Schedule active? Yes Choose whether to activate the scheduling task feature.
    How long to keep tasks? 168 The number of hours to keep a task before it is automatically deleted
    Days to keep configuration backups 7 The number of days to keep a configuration backup file before it is automatically deleted
    Log Retention Days 30 The number of days to keep logs before they are automatically deleted
    Send Anonymous Usage Data Yes

    Send anonymous data to AWS to help us understand AWS Ops Automator usage across our customer base as a whole. To opt out of this feature, select No.

    For more information, see Appendix D.

  5. Choose Next.

  6. On the Options page, choose Next.

  7. On the Review page, review and confirm the settings. Be sure to check the box acknowledging that the template will create IAM resources.

  8. Choose Create to deploy the stack.

    You can view the status of the stack in the AWS CloudFormation console in the Status column. You should see a status of CREATE_COMPLETE in roughly 10 minutes.

Step 2. Launch the Role Template in the Secondary Account(s)

Use this procedure to create roles to perform tasks on resources in secondary accounts. Customers who want to perform tasks on resources in a large number of secondary accounts can save a text file that contains a list of the cross-account role Amazon Resource Names. For more information, see Appendix B.

  1. In the primary account’s Amazon S3 console, navigate to the bucket for the AWS Ops Automator solution stack.

    Note

    You can find the name of the Amazon S3 bucket in the AWS CloudFormation stack Outputs tab. The bucket name is value of the TemplateBucketName key.

  2. In the Roles folder, select the applicable template.

  3. Select Download and note the location of the downloaded template.

  4. In the secondary account’s AWS CloudFormation console, select Create Stack.

  5. Select Upload a template to Amazon S3.

  6. Select Choose File.

  7. Navigate to the downloaded template and select Choose. Then, select Next.

  8. Enter a Stack name and select Next.

  9. Select Next. Then, on the Review page, review and confirm the settings. Be sure to check the box acknowledging that the template will create IAM resources.

  10. Choose Create to deploy the stack.

  11. After the stack deploys, navigate to the stack Outputs tab and copy the Value of the CrossAccountRoleArn key.

Step 3. Launch a Task Template in the Primary Account

Before you configure a task, review the information in Appendix A for the applicable action.

  1. In the primary account’s Amazon S3 console, navigate to the bucket for the AWS Ops Automator solution stack.

    Note

    You can find the name of the S3 bucket in the AWS CloudFormation stack Outputs tab. The bucket name is value of the TemplateBucketName key.

  2. In the Configuration folder, select the applicable template.

  3. Copy the Link value.

  4. In the AWS CloudFormation console, select Create Stack.

  5. Select Specify an Amazon S3 template URL.

  6. Paste the template link into the text box and select Next.

  7. Enter a Stack name.

  8. Under Parameters, review the parameters for the template and modify them as necessary. For more information, see Appendix A.

  9. Select Next.

  10. Select Next. Then, on the Review page, review and confirm the settings. Be sure to check the box acknowledging that the template will create IAM resources.

  11. Choose Create to deploy the stack.

Note

If you delete the AWS Ops Automator stack, all task stacks and configurations will be deleted.

Step 4. Tag Your Resources

When you deployed the AWS CloudFormation template, you defined the tag key for the solution’s custom tag. For the AWS Ops Automator to recognize a resource, the tag key on that resource must match the custom tag name stored in the solution’s Amazon DynamoDB table. Therefore, it is important that you apply tags consistently and correctly to all applicable resources. You can continue to use existing tagging strategies for your resources while using this solution. For more information on resource tagging, see Tagging Your Amazon EC2 Resources, Tagging Resources in Amazon Redshift, and Tagging for DynamoDB.

On the AWS Management Console, use the Tag Editor to apply or modify tags for multiple resources at a time. You can also apply and modify tags manually in the console.

Setting the Tag Value

As you apply a tag to a resource, use the tag key you defined during initial configuration and set the tag value to the name of an AWS Ops Automator task stack to perform that task on the resource. For example, a user might define OpsAutomatorTaskList as the tag key. Then, the user creates a stack called CopyResource. To identify the resources to be copied, the user assigns the OpsAutomatorTaskList tag key with a value of CopyResource to each resource.

To perform multiple tasks on a single resource, use a comma-separated list of those tasks as the tag value. Continuing from the previous example, a user can assign the tag OpsAutomatorTaskList tag key with the value CopyResource,DeleteResource to identify resources to be copied, then deleted.