New Systems Manager Automation documents (10) authored since repo was made… (#19)

* New Systems Manager Automation documents authored since repo was made public

* Updating AMI Ids in defaults.cfg

Author: nanalakshmanan

Documents/Automation/ASGChangeStandbyStateWithApproval/Design/Design.md

@@ -0,0 +1,36 @@
+# Change Standby state of instances within an autoscaling group with approval
+
+## Document Design
+
+Refer to schema.json
+
+### Steps
+
+1. Require approval for further execution
+   * Once execution is approved, the next steps will occur
+2. Create CloudFormation Template
+   * CloudFormation template will create a lambda function that can change the standby state of an instance in an ASG
+3. Execute lambda
+   * Lambda function take parameters instance ID and the state to put the instance into (either EitherStandby or ExitStandby)
+4. Delete CloudFormation Template
+   * Deleting the CF template will destroy any created IAM roles as well as the deployed Lambda
+
+## Tests
+
+### tests.py
+
+The tests for both Enter and Exit standby are defined in this file, with separate test functions for each action.
+
+### Building Document and Test
+
+1. Change directory to /Automation/ASGChangeStandbyState/
+2. Run ```make```
+3. In the AWS console, navigate to the EC2 screen and select "Documents" under "SYSTEMS MANAGER SHARED RESOURCES" on the left-hand menu.
+4. Click Create Document
+5. Enter the name awstest-ASGEnterStandby
+6. Select "Automation" as the document type
+7. Copy and paste the contents of /Automation/ASGChangeStandbyState/Output/aws-ASGEnterStandby.json into the Content text area.
+8. Click "Create Document" 
+9. Do the same for the exit standby document, substituting "awstest-ASGExitStandby" for the document name, and copy the contents of 
+   /Automation/ASGChangeStandbyState/Output/aws-ASGExitStandby.json into the document.
+10. Change directory to /Automation/ASGChangeStandbyStateWithApproval/ and run ```python tests.py```

Documents/Automation/ASGChangeStandbyStateWithApproval/Design/schema.json

@@ -0,0 +1,32 @@
+{
+  "schemaVersion": "0.3",
+  "assumeRole": "{{AutomationAssumeRole}}",
+  "description": "Systems Manager Automation - Change the standby state of an EC2 instance in an auto-scaling group with approval",
+  "parameters": {
+    "InstanceId": {
+      "type": "String",
+      "description": "ID of the EC2 Instance to change standby state for within ASG"
+    },
+    "LambdaRoleArn": {
+      "default": "",
+      "type": "String",
+      "description": "The ARN of the role that allows Lambda created by Automation to perform the actions on your behalf"
+    },
+    "StackName": {
+      "default": "asg-state-change-lambda-cfn-stack",
+      "type": "String",
+      "description": "Name for the CloudFormation stack which creates the necessary lambda function to change ASG state"
+    },
+    "LambdaFunctionName": {
+      "default": "asg-state-change-lambda-function",
+      "type": "String",
+      "description": "Name for the lambda function which can change the ASG state"
+    },
+    "AutomationAssumeRole": {
+      "default": "",
+      "type": "String",
+      "description": "The ARN of the role that allows Automation to perform the actions on your behalf."
+    }
+  },
+  "mainSteps": []
+}

Documents/Automation/ASGChangeStandbyStateWithApproval/Documents/aws-ASGEnterStandbyWithApproval.json

@@ -0,0 +1,58 @@
+{
+  "description": "Systems Manager Automation - Put an EC2 instance in an auto-scaling group in Standby mode, with approval",
+  "schemaVersion": "0.3",
+  "assumeRole": "{{AutomationAssumeRole}}",
+  "parameters": {
+    "AutomationAssumeRole": {
+      "type": "String",
+      "description": "The ARN of the role that allows Automation to perform the actions on your behalf.",
+      "default": ""
+    },
+    "LambdaRoleArn": {
+      "type": "String",
+      "description": "The ARN of the role that allows Lambda created by Automation to perform the actions on your behalf",
+      "default": ""
+    },
+    "InstanceId": {
+      "type": "String",
+      "description": "ID of the EC2 Instance to change standby state for within ASG"
+    },
+    "Approvers": {
+      "type": "StringList",
+      "description": "IAM user or user arn of approvers for the automation action"
+    },
+    "SNSTopicArn": {
+      "type": "String",
+      "description": "The SNS topic ARN that you are using to get notifications on about EC2 retirement notifications. The SNS topic name must start with Automation."
+    }
+  },
+  "mainSteps": [
+    {
+      "name": "approveStateChange",
+      "action": "aws:approve",
+      "maxAttempts": 1,
+      "onFailure": "Abort",
+      "inputs": {
+        "NotificationArn": "{{SNSTopicArn}}",
+        "Message": "Approval required to change ASG instance state",
+        "MinRequiredApprovals": 1,
+        "Approvers": "{{Approvers}}"
+      }
+    },
+    {
+      "name":"changeASGInstanceStateAutomation",
+      "action":"aws:executeAutomation",
+      "maxAttempts":1,
+      "timeoutSeconds":120,
+      "onFailure":"Abort",
+      "inputs":{
+        "DocumentName":"AWS-ASGEnterStandby",
+        "RuntimeParameters":{
+          "AutomationAssumeRole": ["{{AutomationAssumeRole}}"],
+          "LambdaRoleArn": ["{{LambdaRoleArn}}"],
+          "InstanceId": ["{{InstanceId}}"]
+        }
+      }
+    }
+  ]
+}

Documents/Automation/ASGChangeStandbyStateWithApproval/Documents/aws-ASGExitStandbyWithApproval.json

@@ -0,0 +1,58 @@
+{
+  "description": "Systems Manager Automation - Take an EC2 instance in an auto-scaling group out of Standby mode, with approval",
+  "schemaVersion": "0.3",
+  "assumeRole": "{{AutomationAssumeRole}}",
+  "parameters": {
+    "AutomationAssumeRole": {
+      "type": "String",
+      "description": "The ARN of the role that allows Automation to perform the actions on your behalf.",
+      "default": ""
+    },
+    "LambdaRoleArn": {
+      "type": "String",
+      "description": "The ARN of the role that allows Lambda created by Automation to perform the actions on your behalf",
+      "default": ""
+    },
+    "InstanceId": {
+      "type": "String",
+      "description": "ID of the EC2 Instance to change standby state for within ASG"
+    },
+    "Approvers": {
+      "type": "StringList",
+      "description": "IAM user or user arn of approvers for the automation action"
+    },
+    "SNSTopicArn": {
+      "type": "String",
+      "description": "The SNS topic ARN that you are using to get notifications on about EC2 retirement notifications. The SNS topic name must start with Automation."
+    }
+  },
+  "mainSteps": [
+    {
+      "name": "approveStateChange",
+      "action": "aws:approve",
+      "maxAttempts": 1,
+      "onFailure": "Abort",
+      "inputs": {
+        "NotificationArn": "{{SNSTopicArn}}",
+        "Message": "Approval required to change ASG instance state",
+        "MinRequiredApprovals": 1,
+        "Approvers": "{{Approvers}}"
+      }
+    },
+    {
+      "name":"changeASGInstanceStateAutomation",
+      "action":"aws:executeAutomation",
+      "maxAttempts":1,
+      "timeoutSeconds":120,
+      "onFailure":"Abort",
+      "inputs":{
+        "DocumentName":"AWS-ASGExitStandby",
+        "RuntimeParameters":{
+          "AutomationAssumeRole": ["{{AutomationAssumeRole}}"],
+          "LambdaRoleArn": ["{{LambdaRoleArn}}"],
+          "InstanceId": ["{{InstanceId}}"]
+        }
+      }
+    }
+  ]
+}

Documents/Automation/ASGChangeStandbyStateWithApproval/Tests/CloudFormationTemplates/ASG.yml

@@ -0,0 +1,77 @@
+---
+AWSTemplateFormatVersion: '2010-09-09'
+Conditions:
+  SSHKeySpecified:
+    !And
+      - !Not [!Equals [!Ref KeyName, '']]
+      - !Not [!Equals [!Ref KeyName, 'undefined']]
+Description: Test stack for SSM Automation - ASG
+Outputs:
+  ASGName:
+    Description: Name of autoscaling group
+    Value: !Ref ASG
+  SNSTopicArn:
+    Description: ARN for the created SNS topic
+    Value:
+      Ref: SNSTopic
+Parameters:
+  AMI:
+    Description: AMI ID for instances.
+    Type: String
+  AssociatePublicIpAddress:
+    Default: 'false'
+    Description: Should a public IP be automatically associated with launched instances?
+    Type: String
+  InstanceType:
+    Default: m3.medium
+    Description: Type of instances to launch
+    Type: String
+  KeyName:
+    Default: ''
+    Description: Name of an existing EC2-VPC KeyPair
+    Type: String
+  Subnets:
+    Description: Subnets in which the servers will be deployed
+    Type: List<AWS::EC2::Subnet::Id>
+Resources:
+  InstanceProfile:
+    Properties:
+      Path: "/"
+      Roles: [!Ref ServerRole]
+    Type: AWS::IAM::InstanceProfile
+  SNSTopic:
+      Type: AWS::SNS::Topic
+      Properties:
+        DisplayName: Automation Approval Topic for putting instances in ASG into Standby mode
+        TopicName: Automation_ASG_Standby_Approval
+  ASG:
+    Properties:
+      DesiredCapacity: 2
+      LaunchConfigurationName: !Ref LaunchConfig
+      MaxSize: 2
+      MinSize: 1
+      VPCZoneIdentifier: !Ref Subnets
+    Type: AWS::AutoScaling::AutoScalingGroup
+  LaunchConfig:
+    Properties:
+      IamInstanceProfile: !Ref InstanceProfile
+      ImageId: !Ref AMI
+      InstanceType: !Ref InstanceType
+      KeyName: !If [SSHKeySpecified, !Ref KeyName, !Ref "AWS::NoValue"]
+    Type: AWS::AutoScaling::LaunchConfiguration
+  ServerRole:
+    Properties:
+      AssumeRolePolicyDocument:
+        Statement:
+        - Action:
+          - sts:AssumeRole
+          Effect: Allow
+          Principal:
+            Service: [ec2.amazonaws.com]
+        Version: '2012-10-17'
+      ManagedPolicyArns:
+        - arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM
+        - arn:aws:iam::aws:policy/AutoScalingFullAccess
+        - arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess
+      Path: "/"
+    Type: AWS::IAM::Role