Automatically stop and start an Amazon RDS DB instance using AWS Systems Manager Maintenance Windows - AWS Prescriptive Guidance

Automatically stop and start an Amazon RDS DB instance using AWS Systems Manager Maintenance Windows

Created by Ashita Dsilva (AWS)

Environment: Production

Technologies: Management & governance; Cost management; Databases; Cloud-native

AWS services: AWS Systems Manager; Amazon RDS

Summary

This pattern demonstrates how to automatically stop and start an Amazon Relational Database Service (Amazon RDS) DB instance on a specific schedule (for example, shutting down a DB instance outside of business hours to reduce costs) by using AWS Systems Manager Maintenance Windows.

AWS Systems Manager Automation provides the  AWS-StopRdsInstance and AWS-StartRdsInstance runbooks to stop and start Amazon RDS DB instances. This means that you don’t need to write custom logic with AWS Lambda functions or create an Amazon CloudWatch Events rule.

AWS Systems Manager provides two capabilities for scheduling tasks: State Manager and Maintenance Windows. State Manager sets and maintains the required state configuration for resources in your Amazon Web Services (AWS) account one time or on a specific schedule. Maintenance Windows runs tasks on the resources in your account during a specific time window. Although you can use this pattern’s approach with State Manager or Maintenance Windows, we recommend that you use Maintenance Windows because it can run one or more tasks based on assigned priority and can also run AWS Lambda functions and AWS Step Functions tasks. For more information about State Manager and Maintenance Windows, see Choosing between State Manager and Maintenance Windows in the AWS Systems Manager documentation.

This pattern provides detailed steps to configure two separate maintenance windows that use cron expressions to stop and then start an Amazon RDS DB instance. 

Prerequisites and limitations

Prerequisites

  • An active AWS account.

  • An existing Amazon RDS DB instance that you want to stop and start on a specific schedule.

  • Cron expressions for your required schedule. For example, the (0 9 * * 1-5) cron expression runs in the morning at 09:00 on Monday through Friday.

  • Familiarity with Systems Manager.

Limitations

  • An Amazon RDS DB instance can be stopped for up to seven days at one time. After seven days, the DB instance automatically restarts to ensure that it receives any required maintenance updates.

  • You can’t stop a DB instance that is a read replica or that has a read replica.

  • You can’t stop an Amazon RDS for SQL Server DB instance in a Multi-AZ configuration.

  • Service quotas apply to Maintenance Windows and Systems Manager Automation. For more information about service quotas, see AWS Systems Manager endpoints and quotas in the AWS General Reference documentation. 

Architecture

The following diagram shows the workflow to automatically stop and start an Amazon RDS DB instance.

The workflow has the following steps:

1. Create a maintenance window and use cron expressions to define the stop and start schedule for your Amazon RDS DB instances.

2. Register a Systems Manager Automation task to the maintenance window by using the AWS-StopRdsInstance or AWS-StartRdsInstance runbook.

3. Register a target with the maintenance window by using a tag-based resource group for your Amazon RDS DB instances.

Technology stack

  • AWS CloudFormation

  • AWS Identity and Access Management (IAM)

  • Amazon RDS

  • Systems Manager

Automation and scale

You can stop and start multiple Amazon RDS DB instances at the same time by tagging the required Amazon RDS DB instances, creating a resource group that includes all the tagged DB instances, and registering this resource group as a target for the maintenance window.

Tools

  • AWS CloudFormation – AWS CloudFormation is a service that helps you model and set up your AWS resources.

  • AWS Identity and Access Management (IAM) – IAM is a web service that helps you securely control access to AWS resources.

  • Amazon RDS – Amazon Relational Database Service (Amazon RDS) is a web service that makes it easier to set up, operate, and scale a relational database in the AWS Cloud.

  • AWS Resource Groups – Resource Groups helps you organize AWS resources into groups, tag resources, and manage, monitor, and automate tasks on grouped resources.

  • AWS Systems Manager – Systems Manager is an AWS service that you can use to view and control your infrastructure on AWS.

  • AWS Systems Manager Automation – Systems Manager Automation simplifies common maintenance and deployment tasks of Amazon Elastic Compute Cloud (Amazon EC2) instances and other AWS resources.

  • AWS Systems Manager Maintenance Windows – Maintenance Windows helps you define a schedule for when to perform potentially disruptive actions on your instances.

Epics

TaskDescriptionSkills required
Configure the IAM service role for Systems Manager Automation.

Sign in to the AWS Management Console and create a service role for Systems Manager Automation. You can use one of the following two methods to create this service role:

The Systems Manager Automation workflow invokes Amazon RDS by using a service role to perform start and stop actions on the Amazon RDS DB instance.

The service role must be configured with the following inline policy that has permissions to start and stop the Amazon RDS DB instance:

{     "Version": "2012-10-17",     "Statement": [         {             "Sid": "RdsStartStop",             "Effect": "Allow",             "Action": [                 "rds:StopDBInstance",                 "rds:StartDBInstance"             ],             "Resource": "<RDS_Instance_ARN>"                        },         {             "Sid": "RdsDescribe",             "Effect": "Allow",             "Action": "rds:DescribeDBInstances",             "Resource": "*"         }     ] }

Make sure that you replace <RDS_Instance_ARN> with your Amazon RDS DB instance's Amazon Resource Name (ARN).

Important: Make sure that you record the service role’s ARN.

AWS administrator
TaskDescriptionSkills required
Tag the Amazon RDS DB instances.

Open the Amazon RDS console and tag the Amazon RDS DB instances that you want to add to the resource group. A tag is metadata assigned to an AWS resource and consists of a key-value pair. We recommend that you use Action as the Tag key and StartStop as the Value.

For more information about this, see Adding, listing, and removing tags in the Amazon RDS documentation.

AWS administrator
Create a resource group for your tagged Amazon RDS DB instances.

Open the AWS Resource Groups console and create a resource group based on the tag that you created for your Amazon RDS DB instances.

Under Grouping Criteria, make sure that you choose AWS::RDS::DBInstance for the resource type and then provide the tag's key-value pair (for example, "Action-StartStop"). This ensures that the service only checks for Amazon RDS DB instances and not other resources that have this tag. Make sure that you record the resource group’s name.

For more information and detailed steps, see Build a tag-based query and create a group in the AWS Resource Groups documentation. 

AWS administrator
TaskDescriptionSkills required
Create a maintenance window.
  1. Open the AWS Systems Manager console, choose Maintenance Windows, and then choose Create a maintenance window. Provide a name for your maintenance window (for example, "StopRdsInstance"), enter a description, and then uncheck Allow unregistered targets.

  2. Choose CRON/Rate expression and provide the schedule expression to define when the Amazon RDS DB instances should be stopped. Enter for the Duration and for Stop initiating tasks. By default, the Time zone shows UTC. You can change the time zone to initiate the maintenance window based on the timestamp defined in your cron expression.

  3. Choose Create maintenance window. The system returns you to the maintenance window page and the state of your maintenance window is Enabled.

Important: The task to stop the DB instance runs almost instantly when initiated and doesn't span the entire duration of the maintenance window. This pattern provides the minimum values for Duration and Stop initiating tasks because they are the required parameters for a maintenance window.

For more information and detailed steps, see Create a maintenance window (console) in the AWS Systems Manager documentation.

AWS administrator
Assign a target to the maintenance window.
  1. On the AWS Systems Manager console, choose Maintenance Windows, choose Actions, and then choose Register targets.

  2. In the Targets area, specify Choose a resource group and then choose the name of an existing resource group in your account.

  3. For Resource types, choose AWS::RDS::DBInstance and then choose Register target.

For more information and detailed steps, see Assign targets to a maintenance window (console) in the AWS Systems Manager documentation.

AWS administrator
Assign a task to the maintenance window.
  1. On the AWS Systems Manager console, choose Maintenance Windows and then choose your maintenance window. Choose Actions and then choose Register Automation task. 

  2. For Document, choose AWS-StopRdsInstance. 

  3. In the Targets section, choose Selecting registered target groups and then choose the maintenance window target that you registered with the current maintenance window.

  4. For Rate control, specify 100 percent for Concurrency and Error threshold. You can change the Rate control values according to your requirements for task concurrency and error threshold. For more information about this, see About concurrency and error thresholds in the AWS Systems Manager documentation.

  5. In the IAM service role area, you can choose Create and use a service-linked role for Systems Manager or choose Use a custom service role.

  6. In the Input Parameters section, specify the following parameters for the runbook:

    • InstanceId: {{RESOURCE_ID}}

    • AutomationAssumeRole: Provide the ARN of the service role that you created for Systems Manager Automation.

    • Note: For InstanceId, a pseudo parameter is used to extract the Amazon RDS DB resource ID from the ARN. To learn more about pseudo parameters, see About pseudo parameters in the AWS Systems Manager documentation.

  7. Choose Register Automation task. 

Important: The Service role option defines the service role required for the maintenance window to run tasks. However, this role is not identical to the service role that you created earlier for Systems Manager Automation.

For more information and detailed steps, see Assign tasks to a maintenance window (console) in the AWS Systems Manager documentation.

AWS administrator
TaskDescriptionSkills required
Configure a maintenance window to start the Amazon RDS DB instances.

Repeat the steps from the Configure a maintenance window to stop the Amazon RDS DB instances epic to configure another maintenance window to start the Amazon RDS DB instances at a scheduled time.

Important: You must make the following changes when you configure the maintenance window to start the DB instances:

  • Use a new name for the maintenance window (for example, "StartRdsInstance").

  • Replace the cron expression with the cron expression that you want to use to start the DB instances.

  • Replace the AWS-StopRdsInstance runbook  with AWS-StartRdsInstance in Task.

AWS administrator

Related resources