AWS Ops Automator
AWS Ops Automator

Architecture Overview

Deploying this solution with the default parameters builds the following environment in the AWS Cloud.

        AWS Ops Automator solution architectural overview

Figure 1: AWS Ops Automator architecture

This solution includes an AWS CloudFormation template that you deploy in the primary account. For guidance on choosing a primary account, see the Security section. This template launches all solution components, including a set of microservices (AWS Lambda functions) that manage triggering events, resource selection, task execution, concurrency control, and completion; Amazon DynamoDB tables that store task-related data; Amazon CloudWatch for logging; and Amazon Simple Notification Service (Amazon SNS) for push notifications.

The primary template also automatically generates additional AWS CloudFormation templates in an Amazon Simple Storage Service (Amazon S3) bucket. These templates allow you to create cross-account AWS Identity and Access Management (IAM) roles to perform actions in secondary accounts, and to configure tasks. You can modify and build upon these templates to create custom actions that extend the solution’s functionality.

During initial configuration of the primary AWS CloudFormation template, you define a tag key you will use to identify resources that will receive automated actions. When you deploy a task-configuration template, the stack name you specify is used as the tag value that identifies the task you want the solution to perform on the tagged resource. For example, a user might assign the custom tag name (tag key) OpsAutomatorTaskList and create a task stack called Delete7 that deletes a resource after seven days. To identify the resource for deletion, the user adds the OpsAutomatorTaskList tag key with a value of Delete7.

The automated process begins when either a time-based or event-based trigger invokes an instance of the main AWS Ops Automator Lambda function. This event handler function identifies applicable resources, retrieves the specific task configuration from Amazon DynamoDB, and passes this data to task execution handler Lambda functions. The task execution handlers run the specified action code on the appropriate resources, and also manage concurrency control and completion for long tasks. Amazon CloudWatch logs information on the microservices. This solution also tracks all steps of the task execution process, the selected resources, and the results of the actions, including possible errors, in a DynamoDB table.

        AWS Ops Automator solution process overview

Figure 2: AWS Ops Automator task execution process