Solution Components - Operations Conductor

Solution Components

Actions

The Operations Conductor solution deploys a set of pre-defined actions that can be performed on AWS resources. The business logic for performing actions on resources is stored in an AWS Systems Manager automation document that the solution creates when it launches.

When the template is deployed, a custom resource AWS Lambda function creates documents with the tag name and value provided in the Document Tag Key and Document Tag Value AWS CloudFormation template parameters. For a complete list of pre-installed actions, see Appendix B. You can add additional actions by creating your own documents using the same tag name and value. For more information about customizing actions, see Appendix C.

Tasks

A task represents configuring an action to be performed on a set of resources. When creating a task, you supply a tag key that is used to identify the group of resources on which this action will be performed. Tasks are executed on a fixed schedule, in response to an event on an individual resource, or manually triggered in the solution's web console. Each task can only have one action enabled. For more information on task configuration, see Appendix A.

Scheduled Tasks

When defining your schedule, you can supply a cron or rate expression. For more information, see Schedule Expressions for Rules in the Amazon CloudWatch Events User Guide.

Event-Based Tasks

Operations Conductor will perform the action on the resource that triggered an Amazon CloudWatch Events rule. For more information about acceptable event patterns, see Event Patterns in CloudWatch Events in the Amazon CloudWatch Events User Guide.

API Microservices

User Microservice

The user microservice manages users in the Amazon Cognito user pool. Only users who belong to the admin group can access the microservice, add users, edit user groups, and delete users.

Action Microservice

The action microservice tags AWS Systems Manager documents with values provided in the Document Tag Key and Document Tag Value template parameters. The microservice also identifies documents by the Document Tag Key and Document Tag Value, which enables users to add documents and extend the solution’s functionality.

Task Microservice

The task microservice creates tasks, shows created tasks, edits tasks, deletes tasks, and manually executes tasks. When a task is created, an AWS CloudFormation template andAmazon CloudWatch Events rule are automatically created for secondary accounts and regions.

Resource Selector

The resource selector AWS Lambda function identifies resources and queues them until the actions are performed on the resources. Queueing individual resources enables actions to be performed at a large scale. The solution also employs automatic retry logic to retry failed executions due to service limits.

The Lambda function is triggered when a task is executed manually using the solution’s web console, or automatically in response to the event or schedule-based trigger configured for the task. When the function is triggered, it uses the Resource Groups Tagging API to find resources tagged with the Target Tag that was supplied when the task was created. Resources are then filtered by the resource type defined in the AWS Systems Manager automation document. A message is placed in the solution’s resource queue for each resource that was identified.

Queue Consumer

The queue consumer AWS Lambda function is triggered by an Amazon CloudWatch Events rule and reads batches of messages in the resource queue on a fixed schedule (every 60 seconds by default). The function then executes the correct Systems Manager automation document for the action and sets the required input parameters for each message in the queue.

The queue consumer calls the DescribeAutomationExecutions AWS Systems Manager API to identify how many automation executions are currently running. Messages will be read in batches only when the Systems Manager concurrent running automations are not full. See AWS Service Quotas in the AWS General Reference guide.

AWS Systems Manager

Operations Conductor uses an AWS Systems Manager automation document to store the business logic for performing each action on a resource. For more information on creating automation documents, see Appendix C.

Amazon DynamoDB

Task Table

When you deploy the AWS CloudFormation template, the solution creates an Amazon DynamoDB tasks table. The following table shows the descriptions and item attributes in the task table.

Attribute Type Description
taskId (Partition Key) String The UUID of the task
actionName String The action name of the task
name String The task name
description String The task description
enabled Boolean Flag indicating whether the automated task executions are enabled
Target Tag String Target tag which will select the task resource(s) to execute the automation
Task Parameters List Parameters which will be used by AWS Systems Manager document
Trigger Type String The task trigger type: Schedule or Event
Template URL String The location of the secondary template that contains a role and policy allowing the solution to perform the action.
Scheduled Type String The scheduled type: CronExepression or FixedRate
Scheduled Cron Expression String The cron expression of the task. This attribute is available if you selected schedule for Trigger Type, and scheduledType for Cron Expression.
Scheduled Fixed Rate Interval Number The scheduled fixed rate interval. This attribute is available if you selected schedule for Trigger Type, and scheduledType for Fixed Rate.
Scheduled Fixed Rate Type String The scheduled fixed rate type. This attribute is available if you selected schedule for Trigger Type, and scheduledType for Fixed Rate.
Event Pattern String The event pattern of the task execution. This attribute is available if you selected triggerType for Event Pattern
accounts List <String> The accounts where tasks will be executed
regions List <String> The regions where tasks will be executed

Task Executions Table

The items task executions table contain the following attributes.

Attribute Type Description
taskId (Partition Key) String The UUID of the task
parentExecutionId (Sort Key) String The task execution ID
status String The task status
totalResourceCount Number The total resource count of the task
completedResourceCount Number The completed resource count of the task
startTime String The task start time

Task Executions Table Index

The task execution IDs table contains an index which enables users to sort task executions by start time.

Attribute Type Description
taskId (Partition Key) String The UUID of the task
startTime (Sort Key) String The task start time
parentExecutionId String The task execution ID
status Number The task status
totalResourceCount Number The total resource count of the task
completedResourceCount Number The tcompleted resource count of the task

Automation Executions Table

The task execution IDs are mapped to the task IDs in theAmazon DynamoDB automation executions table.

Attribute Type Description
parentExecutionId (Partition Key) String The task execution ID
automationExecutionId (Sort Key) String The automation execution ID