100 Days of DevOps — Day 37- Automate the Process of AMI Creation Using System Manager Maintenance Windows
Welcome to Day 37 of 100 Days of DevOps, Focus for today is Automate the Process of AMI Creation Using System Manager Maintenance Windows
On Day 36 I discussed System Manager and its other components, let extend that concept further and see how we can automate the process of AMI creation using Maintenance Window
What is AWS Systems Manager Maintenance Windows?
AWS Systems Manager Maintenance Windows
AWS Systems Manager Maintenance Windows let you define a schedule for when to perform potentially disruptive actions on your instances such as patching an operating system, updating drivers, or installing software or patches. Each Maintenance Window has a schedule, a maximum duration, a set of registered targets (the instances that are acted upon), and a set of registered tasks. You can add tags to your Maintenance Windows when you create or update them.
Configuring access to Maintenance Window
This can be done with the help of IAM role so that System Manager can act on our behalf in creating and performing maintenance window
Go to IAM Role https://console.aws.amazon.com/iam/ → Create role → EC2 → Choose AmazonSSMMaintenanceWindowRole
- Give your role name and create it
- Now click on the role you have just created and click on Trust relationship
* Add this entry("Service": "ssm.amazonaws.com")
* Please don't forget to add comma(,) after "Service": "ec2.amazonaws.com",- Add an inline policy to the user, also make sure that particular user also have AWSSSMFullAccess Policy attach to it
Next step is to create the Maintenance Window
Go to https://us-west-2.console.aws.amazon.com/systems-manager → Action → Maintenance Windows
Once the maintenance window create, choose Target → Register target
Click on the Tasks Tab and Choose AWS-Createimage as automation Document
- Keep everything default, except
* Give the instance id from where you want to create the image
* NoReboot: set it to true else it will reboot the instance,during image creation
* AutomationAssumeRole: Paste the arn of role we create in earlier step
- Once the schedule hit, you will see something like this
Looking forward from you guys to join this journey and spend a minimum an hour every day for the next 100 days on DevOps work and post your progress using any of the below medium.
- Twitter: @100daysofdevops OR @lakhera2015
- Facebook: https://www.facebook.com/groups/795382630808645/
- Medium: https://medium.com/@devopslearning
- Slack: https://devops-myworld.slack.com/messages/CF41EFG49/
- GitHub Link:https://github.com/100daysofdevops
Reference
