Amazon EventBridge Scheduler is a serverless scheduler that allows you to create, run, and manage tasks from one central, managed service. Highly scalable, EventBridge Scheduler allows you to schedule millions of tasks that can invoke more than 270 AWS services and over 6,000 API operations. Without the need to provision and manage infrastructure, or integrate with multiple services, EventBridge Scheduler provides you with the ability to deliver schedules at scale and reduce maintenance costs.
EventBridge Scheduler delivers your tasks reliably, with built-in mechanisms that adjust your schedules based on the availability of downstream targets. With EventBridge Scheduler, you can create schedules using cron and rate expressions for recurring patterns, or configure one-time invocations. You can set up flexible time windows for delivery, define retry limits, and set the maximum retention time for failed triggers.
In this tutorial, we will cover a method that allows us to use a serverless compute service Amazon EventBridge Scheduler in conjunction with AWS SSM to start and stop various AWS RDS instances by tag on a schedule to reduce costs.
Create an IAM policy and role for Amazon EventBridge Scheduler
1. On the IAM console, under Access management in the navigation pane, choose Policies.
2. Choose Create policy.
3. On the JSON tab, enter the following policy code:
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "rds:Describe*", "rds:StartDBInstance", "rds:StopDBInstance", "ssm:StartAutomationExecution", "tag:GetResources", "resource-groups:ListGroupResources" ], "Effect": "Allow", "Resource": "*" } ] }
4. Choose Review policy.
5. For Name, enter rdsstopstart
.
6. Choose Create policy.
7. In the navigation pane, choose Roles.
8. For Select type of trusted entity, choose Custom trust policy
9. Enter the following trust policy code:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "scheduler.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }
10. Choose Next.
11. Search for and select the policy you created (rdsstopstart
).
12. Choose Next.
13. For Role name, enter rdsstopstartEventbridge
.
14. Review the attached policies and choose Create role.
Create a schedule using the EventBridge Scheduler
1. Open the EventBridge Scheduler section of the EventBridge
2. On the Schedules page, choose Create schedule.
3. On the Specify schedule detail page, in the Schedule name and description section, do the following:
- a. For Schedule name, enter a name for your schedule,
StopRDSInstances
- b. For Description – optional, enter a description for your schedule,
Schedule to stop rds instances
. - c. For Schedule group, choose a schedule group from the drop down options. If you have not yet made any schedule groups, you can choose the default group for your schedule.
4. In the Schedule pattern section, do the following:
- a. For Occurrence, choose Recurring schedule pattern options with the Cron-based schedule, enter
00 18 ? * MON-FRI *
. - b. For Flexible time window, choose Off to disable the option.
5. In the Timeframe section, choose a timezone from the drop down options For Timezone(optional) like Europe/Rome
6. Choose Next.
7. On the Select target page, in the Target detail section, do the following:
- a. Choose All APIs. We need to choose Systems Manager service.
- b. Search and select StartAutomationExecution
- c. in the Input section, enter the below json code and make sure to change the Targets Key/Values by your tag key/value pair
{ "DocumentName": "AWS-StopRdsInstance", "TargetParameterName": "InstanceId", "MaxConcurrency": "100%", "Targets": [ { "Key": "tag:RDSAutoStopStart", "Values": [ "true" ] } ] }
8. Choose Next.
9. On the Settings page, do the following:
- a. In the Schedule state section, By default, the EventBridge Scheduler enables your schedule.
- b. In the Retry policy and dead-letter queue (DLQ) section, disable the Retry policy
- c. In the Encryption section, By default, EventBridge Scheduler encrypts event metadata and message data that it stores under an AWS owned key (encryption at rest). EventBridge Scheduler also encrypts data that passes between EventBridge Scheduler and other services using Transport layer Security (TLS) (encryption in transit).
- d. For Permissions, choose Use existing role, then select the role you created during the set up procedure from the drop down list.
10. Choose Next.
11. On the Review and create schedule page, review the details of your schedule.
12. Choose Create schedule to finish creating your new schedule
13. Repeat all the above steps to create another EventBridge Scheduler. Complete the following steps differently so that this scheduler starts your RDS instances:
- In step 3, enter a different schedule name than the one that you used before.
StartRDSInstances
. - In step 4, for Cron-based schedule, enter
00 08 ? * MON-FRI *
- In step 7, copy and paste the following code into the editor pane in the code editor:
{ "DocumentName": "AWS-StartRdsInstance", "TargetParameterName": "InstanceId", "MaxConcurrency": "100%", "Targets": [ { "Key": "tag:RDSAutoStopStart", "Values": [ "true" ] } ] }
Summary
Overall, we created 2 EventBridge Scheduler to trigger an SSM StartAutomationExecution in a scheduled fashion that start/stop RDS instances, an IAM policy and role that allow these schedulers to manage AWS resources on our behalf. If you want to implement this solution via terraform, you may take a look at this link
In my case, our staging and development environments are not required all the time, so we switched on the resources during regular business hours instead of leaving them running 24/7. Using this strategy could save you as much as 70% of your cloud environment costs.
1 comment
Hi, thanks for putting this together. It’s not currently working for me, but as I read through the article again I don’t actually know which part is telling the RDS instance to stop or start. Can you help clarify that part?