You are currently viewing How To Create AWS SSM Automation Workflow

How To Create AWS SSM Automation Workflow

  • Post author:
  • Post category:AWS / SSM

How To Create AWS SSM Automation Workflow

Hello Everyone

Welcome to CloudAffaire and this is Debjeet.

In the last blog post, we have discussed how to execute a command using AWS SSM Run Command.

In this blog post, we will discuss how to create AWS SSM Automation.

What Is AWS System Manager (SSM) Automation:

Systems Manager Automation simplifies common maintenance and deployment tasks of EC2 instances and other AWS resources. Using SSM Automation, you can automate common maintenance and deployment tasks. You can use Automation to create and update Amazon Machine Images, apply driver and agent updates, reset passwords on Windows Server instance, reset SSH keys on Linux instances, and apply OS patches or application updates.

Systems Manager Automation Features:

  • Target: Automation supports the target parameter which enables you to quickly define which resources in your fleet can run an automation. For example, if you want to run an automation that restarts your managed instances, then instead of manually selecting dozens of instance IDs in the console or typing them in a command, you can target instances by specifying EC2 tags with the Targets parameter.
  • Rate Control: You can control the deployment of an automation across a fleet of AWS resources by specifying a concurrency value and an error threshold. Concurrency and error threshold are collectively called rate controls.
  • Triggers: Automations can be initiated by several different triggers, such as Amazon EventBridge, State Manager associations, or maintenance windows. By using triggers, you can run automations as a result of a specific event or on a scheduled basis.
  • Security: Automations can be run using the current authenticated user or an IAM service role or by using delegated administration.
  • Multiple AWS Region And Accounts: You can run AWS Systems Manager automations across multiple AWS Regions and AWS accounts or AWS Organizational Units (OUs) from an Automation management account.
  • Automation Documents: A Systems Manager Automation document defines the actions that Systems Manager performs on your managed instances and other AWS resources when an automation execution runs. A document contains one or more steps that run in sequential order. Each step is built around a single action. Output from one step can be used as input in a later step.

Systems Manager Automation Actions:

Systems Manager Automation runs steps defined in Automation documents. Each step is associated with a particular action. The action determines the inputs, behavior, and outputs of the step. Steps are defined in the mainSteps section of your Automation document. Below is the list of all actions possible through SSM Automation Document.

  • aws:approve – Pause an execution for manual approval
  • aws:assertAwsResourceProperty – Assert an AWS resource state or event state
  • aws:branch – Run conditional automation steps
  • aws:changeInstanceState – Change or assert instance state
  • aws:copyImage – Copy or encrypt an Amazon Machine Image
  • aws:createImage – Create an Amazon Machine Image
  • aws:createStack – Create an AWS CloudFormation stack
  • aws:createTags – Create tags for AWS resources
  • aws:deleteImage – Delete an Amazon Machine Image
  • aws:deleteStack – Delete an AWS CloudFormation stack
  • aws:executeAutomation – Run another automation execution
  • aws:executeAwsApi – Call and run AWS API actions
  • aws:executeScript – Run a script
  • aws:executeStateMachine – Run an AWS Step Functions state machine
  • aws:invokeLambdaFunction – Invoke an AWS Lambda function
  • aws:pause – Pause an automation execution
  • aws:runCommand – Run a command on a managed instance
  • aws:runInstances – Launch an EC2 instance
  • aws:sleep – Delay an automation execution
  • aws:waitForAwsResourceProperty – Wait on an AWS resource property

How To Create AWS SSM Automation Workflow:


AWS CLI installed and configured. You can follow the below blog post to install and configure AWS CLI.

Step 1: Create an EC2 SSM Managed Instance.

Step 2: Create a new SSM document of type “Automation” to create an AMI from an EC2 Instance.

Step 3: Execute the Automation to create an AMI.

Step 4: Get details for the AWS SSM Automation.

Step 5: Cleanup.

Hope you have enjoyed this blog post, to get more details on AWS SSM, please refer below AWS documentation