AWS Systems Manager Automation documents, commonly known as runbooks, are predefined or custom workflows that automate common maintenance and deployment tasks across AWS resources. These documents use JSON or YAML format to define a series of steps that execute sequentially or in parallel to accomp…AWS Systems Manager Automation documents, commonly known as runbooks, are predefined or custom workflows that automate common maintenance and deployment tasks across AWS resources. These documents use JSON or YAML format to define a series of steps that execute sequentially or in parallel to accomplish specific operational objectives.
Automation documents consist of several key components. The schemaVersion specifies the document format version. The description provides information about what the automation accomplishes. Parameters allow you to pass input values when executing the document. The mainSteps section contains the actual automation actions to perform.
AWS provides numerous pre-built automation documents for common tasks such as creating AMI backups, patching EC2 instances, managing snapshots, and remediating security findings. You can also create custom automation documents tailored to your specific requirements.
Each step in an automation document uses an action type. Common actions include aws:executeScript for running Python or PowerShell scripts, aws:runCommand for executing commands on managed instances, aws:createImage for AMI creation, aws:approve for manual approval gates, and aws:branch for conditional execution paths.
Automation documents support rate control, allowing you to specify concurrency limits and error thresholds when targeting multiple resources. This prevents overwhelming your infrastructure during large-scale operations. You can execute automations manually, on a schedule using maintenance windows, or trigger them through EventBridge rules based on specific events.
For the SysOps Administrator exam, understanding how to leverage automation documents for operational efficiency is essential. Key use cases include automated incident response, scheduled maintenance tasks, resource provisioning workflows, and compliance remediation. Documents can be shared across AWS accounts and regions, enabling standardized operations throughout your organization.
Integration with other AWS services like CloudWatch Events, AWS Config, and Security Hub makes automation documents a powerful tool for maintaining operational excellence and implementing infrastructure as code practices in your AWS environment.
AWS Systems Manager Automation Documents
What are Automation Documents?
Automation documents, also known as runbooks, are AWS Systems Manager documents that define the actions Systems Manager performs on your managed instances and AWS resources. They are written in YAML or JSON format and contain a series of steps that automate common maintenance, deployment, and remediation tasks.
Why are Automation Documents Important?
Automation documents are crucial for several reasons:
• Consistency: They ensure that operational tasks are performed the same way every time, reducing human error • Scalability: You can execute the same automation across hundreds or thousands of resources simultaneously • Compliance: They help maintain compliance by enforcing standardized procedures • Time Savings: Complex multi-step processes can be executed with a single action • Documentation: The runbook itself serves as documentation of the process
How Automation Documents Work
Automation documents work through a structured workflow:
1. Document Creation: You create or use pre-built AWS-managed documents defining steps and parameters
2. Step Definition: Each document contains steps with specific actions such as: - aws:runCommand - Execute commands on instances - aws:executeAwsApi - Call AWS API operations - aws:approve - Pause for manual approval - aws:branch - Conditional branching based on results - aws:sleep - Add delays between steps
3. Execution: Documents can be executed manually, on a schedule, or triggered by events
4. Rate Control: You can control execution speed using concurrency and error thresholds
Types of Automation Documents
• AWS-managed documents: Pre-built by AWS (prefixed with AWS-) • Custom documents: Created by your organization for specific needs • Shared documents: Documents shared across AWS accounts
Common Use Cases
• Creating or updating Amazon Machine Images (AMIs) • Patching instances in a controlled manner • Remediating non-compliant resources detected by AWS Config • Starting and stopping instances on schedules • Disaster recovery automation • Security incident response
Key Components of an Automation Document
• schemaVersion: Defines the document schema version • description: Explains what the document does • assumeRole: IAM role that Systems Manager assumes to execute actions • parameters: Input values that customize execution • mainSteps: The sequence of actions to perform • outputs: Values returned after execution
Exam Tips: Answering Questions on Automation Documents
1. Know the Document Types: Understand the difference between Automation documents (runbooks) and other SSM document types like Command documents and Policy documents.
2. Remember AWS-Managed Documents: Be familiar with common AWS-managed automation documents: - AWS-UpdateLinuxAmi - Updates Linux AMIs - AWS-UpdateWindowsAmi - Updates Windows AMIs - AWS-RestartEC2Instance - Restarts EC2 instances - AWS-StopEC2Instance - Stops EC2 instances
3. Understand Rate Controls: Know that you can specify concurrency (how many resources to target simultaneously) and error thresholds (when to stop execution).
4. Integration Points: Remember that Automation documents integrate with: - AWS Config for remediation - EventBridge for event-driven automation - Maintenance Windows for scheduled execution
5. IAM Considerations: Questions may test your knowledge of the assumeRole parameter and the permissions needed to execute automations.
6. Approval Actions: Understand that the aws:approve action enables manual approval gates in automation workflows.
7. Cross-Account Execution: Know that automation documents can be shared and executed across multiple AWS accounts using resource data sync and proper IAM permissions.
8. Look for Keywords: When exam questions mention runbooks, operational tasks automation, AMI creation pipelines, or remediation actions, think Automation documents.
9. Troubleshooting: Understand that execution history and step-by-step output are available in the Systems Manager console for debugging failed automations.