Adding custom actions withAWS DRS
AWS Elastic Disaster Recovery (AWS DRS) allows you to run any SSM document that you like – public SSM documents, SSM documents that you created and uploaded to your account or SSM documents that are shared with you. You can configure a custom action to run any SSM document that is available in your account. To be able to create, edit or delete a custom action, make sure the post-launch actions are activated for this source server. Custom actions added to the default settings are automatically added to newly added source servers.
Create a custom action
Adding a custom action through source server’s Post-launch settings, adds it to this source server. To add a custom action to all newly added source servers, do so using the Settings → Default post-launch actions page. To add a new custom action to the source server, go to Source server details → Post-launch settings tab. If the Post-launch actions post-launch actions settings is Active, you can create new custom actions by clicking on the Add action button.
The Add action page includes the following parameters:
Action name – The name of the action in AWS DRS, which should be intuitive, meaningful and unique in this AWS account and region.
Activate this action – Use this checkbox to activate or deactivate the custom action for this source server. Only active actions will run after the launch of a recovery instance.
Mark launch as successful only if this action finishes running successfully – This checkbox will dictate whether or not the launch will be marked as successful, based on the successful run of this action. Instance launches will still progress normally regardless of the success of the action.
System Manager document name – Select any Systems Manager document that is available to be used in this account.
View in Systems Manager – Click to open System Managers and view additional information about the document.
Description – Add a description or keep the default.
Document version – Select which SSM document version to run. AWS DRS can run a default version, the latest version, or a specific version, according to your preferences.
Category – Select from various available categories including monitoring, validation, security and more.
Order – Specify the order in which the actions will be executed. The lower the number, the earlier the action will be executed. Values allowed are between 2 and 10,000. The numbers must be unique but don’t need to be consecutive.
Platform – Taken from the SSM document and reports which Operating System platform (Windows/Linux) is supported by the action.
Creator – Who created the action. For custom actions, the default is always This account.
The Action parameters change according to the specific SSM document that is selected. Note that for the instance ID parameter, you can choose to use the launch instance ID, in which case, AWS DRS will dynamically populate the value.
Note
AWS Elastic Disaster Recovery (AWS DRS) places AWSElasticDisasterRecoveryRecoveryInstanceWithLaunchActionsRole instance profile on the launch instance if post-launch actions is active for the source server. If you add an SSM command action that requires additional permissions in the launch instance, you must ensure that the instance profile has the right policies or the right permissions. In order to do so, create a role that has the required permissions as per the policies above or has a policy or policies with those permissions attached to it. Go to Launch settings > EC2 launch template > Modify > Advance > IAM instance profile. Use an existing profile or create a new one using the Create new IAM profile link.
Note
Only trusted, authorized users should have access to the parameter store. For enhanced security, ensure that users who do not have permissions to execute SSM documents / commands, do not have access to parameter store. Learn more about restricting access to Systems Manager parameters. Action parameters are stored in the SSM parameter store as regular strings. Changing parameters in the SSM Parameter store may impact the post launch action run on target instances. We recommend to consider security implications, when choosing to use parameters that contain scripts or sensitive information, such as API keys and database passwords.