Which tool is used to automate action for AWS services and applications through scripts?

Develop applications on AWS faster and easier

Host code, build, test, and deploy your applications quickly and effectively with AWS developer tools. Leverage core tools like software development kits (SDKs), code editors, and continuous integration and delivery (CI/CD) services for DevOps software development. Use machine learning (ML) -guided best practices and abstractions to improve agility, security, velocity, and code quality.

Release software faster

Implement continuous integration and continuous delivery with the AWS developer tools to accelerate your software development and release cycle.

Easily integrate with AWS

AWS developer tools are built to work with AWS, making it easier for your team to get set up and be productive.

Simplify the development process

Define application infrastructure in familiar, easy-to-use programming languages.

Apply machine learning

Use ML and big data to identify issues and suggest solutions based on Amazon best practices.

Services

SDKs

Work with AWS services natively through code in your editor.

CLI

Work with and manage AWS services from your command-line interface (CLI).

IDEs and IDE Toolkits

Write code for AWS applications in your browser or favorite integrated development environment (IDE).

Use cases

Minimize downtime
Build highly available applications on a resilient cloud infrastructure and enable your teams to respond, adapt, and recover quickly from unexpected events.

Automate CI/CD pipelines
Remove error-prone manual processes and eliminate the need to babysit software releases. Use software release pipelines that encompass build, test, and deployment.

Increase developer productivity
Manage services, provision resources, and automate development tasks without switching context or leaving your editor.

Monitor operations
Build an observability dashboard to gain instant and continuous insight into your system’s operations.

Test and automate infrastructure
Combine infrastructure as code (IaC) with version control and automated, continuous integration to bring scalability and consistency to provisioning and management.

Customers

Atlassian used Amazon CodeGuru to help developers better understand complex applications and more easily investigate and diagnose performance issues—without the need to inject custom instrumentation code.

View customer story 

Stedi built its business with a fully serverless AWS architecture and adopted AWS-native developer tooling—such as AWS Cloud Development Kit (CDK) and AWS Amplify—to help iterate quickly, deploy frequently, and offload as many menial operational tasks as possible.

View customer story 

Instacart uses AWS CodeDeploy to manage hundreds of deployments a day, quickly and reliably ship code to customers, and enable internal teams to focus on core product development instead of infrastructure maintenance.

View customer story 

Related content

AWS support for Internet Explorer ends on 07/31/2022. Supported browsers are Chrome, Firefox, Edge, and Safari. Learn more »

When you run an automation, by default, the automation runs in the context of the AWS Identity and Access Management (IAM) user who initiated the automation. This means, for example, if your IAM user account has administrator permissions, then the automation runs with administrator permissions and full access to the resources being configured by the automation. As a security best practice, we recommend that you run automation by using an IAM service role that is known in this case as an assume role that is configured with the AmazonSSMAutomationRole managed policy. You might need to add additional IAM policies to your assume role to use various runbooks. Using an IAM service role to run automation is called delegated administration.

When you use a service role, the automation is allowed to run against the AWS resources, but the user who ran the automation has restricted access (or no access) to those resources. For example, you can configure a service role and use it with Automation to restart one or more Amazon Elastic Compute Cloud (Amazon EC2) instances. Automation is a capability of AWS Systems Manager. The automation restarts the instances, but the service role doesn't give the user permission to access those instances.

You can specify a service role at runtime when you run an automation, or you can create custom runbooks and specify the service role directly in the runbook. If you specify a service role, either at runtime or in a runbook, then the service runs in the context of the specified service role. If you don't specify a service role, then the system creates a temporary session in the context of the user and runs the automation.

You must specify a service role for automation that you expect to run longer than 12 hours. If you start a long-running automation in the context of a user, the user's temporary session expires after 12 hours.

Delegated administration ensures elevated security and control of your AWS resources. It also allows an enhanced auditing experience because actions are being performed against your resources by a central service role instead of multiple IAM accounts.

Before you begin

Before you complete the following procedures, you must create the IAM service role and configure a trust relationship for Automation, a capability of AWS Systems Manager. For more information, see Task 1: Create a service role for Automation.

The following procedures describe how to use the Systems Manager console or your preferred command line tool to run a simple automation.

Running a simple automation (console)

The following procedure describes how to use the Systems Manager console to run a simple automation.

To run a simple automation

1. Open the AWS Systems Manager console at https://console.aws.amazon.com/systems-manager/.

2. In the navigation pane, choose Automation, and then choose Execute automation.

3. In the Automation document list, choose a runbook. Choose one or more options in the Document categories pane to filter SSM documents according to their purpose. To view a runbook that you own, choose the Owned by me tab. To view a runbook that is shared with your account, choose the Shared with me tab. To view all runbooks, choose the All documents tab.

   You can view information about a runbook by choosing the runbook name.

4. In the Document details section, verify that Document version is set to the version that you want to run. The system includes the following version options:

   • Default version at runtime: Choose this option if the Automation runbook is updated periodically and a new default version is assigned.

   • Latest version at runtime: Choose this option if the Automation runbook is updated periodically, and you want to run the version that was most recently updated.

   • 1 (Default): Choose this option to run the first version of the document, which is the default.

5. Choose Next.

6. In the Execution Mode section, choose Simple execution.

7. In the Input parameters section, specify the required inputs. Optionally, you can choose an IAM service role from the AutomationAssumeRole list.

8. (Optional) Choose a CloudWatch alarm to apply to your automation for monitoring. To attach a CloudWatch alarm to your automation, the IAM principal that starts the automation must have permission for the iam:createServiceLinkedRole action. For more information about CloudWatch alarms, see Using Amazon CloudWatch alarms. Note that if your alarm activates, the automation is stopped. If you use AWS CloudTrail, you will see the API call in your trail.

9. Choose Execute.

The console displays the status of the automation. If the automation fails to run, see Troubleshooting Systems Manager Automation.

Running a simple automation (command line)

The following procedure describes how to use the AWS CLI (on Linux or Windows) or AWS Tools for PowerShell to run a simple automation.

To run a simple automation

1. Install and configure the AWS CLI or the AWS Tools for PowerShell, if you haven't already.

   For information, see Install or upgrade AWS command line tools.

2. Run the following command to start a simple automation. Replace each example resource placeholder with your own information.

   Here is an example using the runbook AWS-RestartEC2Instance to restart the specified EC2 instance.

   The system returns information like the following.

3. Run the following command to retrieve the status of the automation.

   The system returns information like the following.

What is scripting tool for AWS?

How do I automate AWS application?

Which AWS service allows you to script?

Which AWS service can be used to automate the deployment and scaling of your application?