Systems Manager Automation Runbook Reference

To help you get started quickly, AWS Systems Manager provides predefined runbooks. These runbooks are maintained by Amazon Web Services, AWS Support, and AWS Config. The Runbook Reference describes each of the predefined runbooks provided by Systems Manager, Support, and AWS Config.

Important

If you run an automation workflow that invokes other services by using an AWS Identity and Access Management (IAM) service role, be aware that the service role must be configured with permission to invoke those services. This requirement applies to all AWS Automation runbooks (AWS-* runbooks) such as the AWS-ConfigureS3BucketLogging, AWS-CreateDynamoDBBackup, and AWS-RestartEC2Instance runbooks, to name a few. This requirement also applies to any custom Automation runbooks you create that invoke other AWS services by using actions that call other services. For example, if you use the aws:executeAwsApi, aws:createStack, or aws:copyImage actions, then you must configure the service role with permission to invoke those services. You can enable permissions to other AWS services by adding an IAM inline policy to the role. For more information, see Add an Automation inline policy to invoke other AWS services.

This reference includes topics that describe each of the Systems Manager runbooks that are owned by AWS, AWS Support, and AWS Config. Runbooks are organized by the relevant AWS service. Each page provides an explanation of the required and optional parameters that you can specify when using the runbook. Each page also lists the steps in the runbook and the output of the automation, if any.

This reference does not include a separate page for runbooks that require approval such as the AWS-CreateManagedLinuxInstanceWithApproval or AWS-StopEC2InstanceWithApproval runbook. Any runbook name that includes WithApproval, means the runbook includes the aws:approve action. This action temporarily pauses an automation until designated principals either approve or reject the action. After the required number of approvals is reached, the automation resumes.

For information about running automations, see Running a simple automation. For information about running automations on multiple targets, see Running automations that use targets and rate controls.

Topics

• View runbook content

• API Gateway

• AWS Batch

• AWS CloudFormation

• CloudFront

• CloudTrail

• CloudWatch

• Amazon DocumentDB

• CodeBuild

• AWS CodeDeploy

• AWS Config

• Amazon Connect

• AWS Directory Service

• AWS AppSync

• Amazon Athena

• DynamoDB

• AWS Database Migration Service

• Amazon EBS

• Amazon EC2

• Amazon ECS

• Amazon EFS

• Amazon EKS

• Elastic Beanstalk

• Elastic Load Balancing

• Amazon EMR

• Amazon OpenSearch Service

• EventBridge

• AWS Glue

• Amazon FSx

• GuardDuty

• IAM

• Amazon Kinesis Data Streams

• AWS KMS

• Lambda

• Amazon Managed Workflows for Apache Airflow

• Neptune

• Amazon RDS

• Amazon Redshift

• Amazon S3

• Amazon SES

• SageMaker AI

• Secrets Manager

• Security Hub

• AWS Shield

• Amazon SNS

• Amazon SQS

• Step Functions

• Systems Manager

• Third-party

• Amazon VPC

• AWS WAF

• Amazon WorkSpaces

• X-Ray

View runbook content

You can view the content for runbooks in the Systems Manager console.

To view runbook content

1. Open the AWS Systems Manager console at https://console.aws.amazon.com/systems-manager/.

2. In the navigation pane, choose Documents.

   -or-

   If the AWS Systems Manager home page opens first, choose the menu icon ( ) to open the navigation pane, and then choose Documents in the navigation pane.

3. In the Categories section, choose Automation documents.

4. Choose a runbook, and then choose View details.

5. Choose the Content tab.