(SO0030) instance-scheduler-on-aws v3.0.7 failed

1

Dear community member Would you please assist in setting up the cloudformation (instance-scheduler) stack? Please find below the error encountered.

Status reason The following resource(s) failed to delete: [SchedulingOrchestratorRoleAD0FF7B1, MetricsGeneratorRole83735CC4, MainLambdaRole500DC55A, SpokeDeregistrationRunbookRole0A1D0232, ASGRole21C54AF6, ASGSchedulerASGOrchRole5B79F32B, ASGSchedulerScheduleUpdateHandlerRole25C919AA, schedulingRequestHandlerRoleD87803EB, SchedulerLogGroup, SpokeRegistrationRole0E2E4D3E].

IAM role arn:aws:iam::014430281164:role/AWS-QuickSetup-StackSet-Local-AdministrationRole

Thanks in advance, and Best regards ITF

1 Answer
1
Accepted Answer

Greeting

Hi ITF!

Thank you for reaching out to the AWS community! It sounds like you're trying to set up the Instance Scheduler on AWS using CloudFormation, but you're encountering a deletion failure related to specific IAM roles and resources. Let's dig into this issue together and get you on track. 😊

Clarifying the Issue

From your description, the failure occurred during the deletion of multiple resources, including IAM roles (e.g., SchedulingOrchestratorRoleAD0FF7B1) and log groups (e.g., SchedulerLogGroup). These errors are common when IAM roles or other dependent resources are tied to policies or configurations still in use. Since this involves roles created by the Instance Scheduler CloudFormation stack, we’ll focus on ensuring a clean setup, resolving dependencies, and re-deploying correctly.

It’s worth noting the specific IAM role (AWS-QuickSetup-StackSet-Local-AdministrationRole) mentioned, as it may indicate a permissions-related challenge or a leftover resource that needs attention.

Why This Matters

The Instance Scheduler simplifies managing EC2 and RDS instance schedules, saving costs by automating instance start/stop times. Ensuring the deployment runs smoothly avoids resource mismanagement, security vulnerabilities (e.g., dangling IAM roles), and delays in implementation.

Key Terms

  • CloudFormation Stack: A collection of AWS resources managed as a single unit, defined via a template.
  • IAM Role: A permission set that AWS services assume to perform tasks on behalf of a user or application.
  • Log Group: A CloudWatch Logs grouping for monitoring and troubleshooting.
  • Dependencies: Relationships between resources that can block deletion if not handled properly.

The Solution (Our Recipe)

Steps at a Glance:

  1. Identify and resolve dependency errors in failed deletions.
  2. Verify IAM permissions and policies for clean re-deployment.
  3. Re-deploy the Instance Scheduler stack.

Step-by-Step Guide:

  1. Identify and Resolve Dependency Errors:
    • Use the AWS Management Console or CLI to inspect the failed resources.
      Example: Check for policies attached to roles:

      aws iam list-attached-role-policies --role-name SchedulingOrchestratorRoleAD0FF7B1

      Replace SchedulingOrchestratorRoleAD0FF7B1 with your actual IAM role name. If the command returns any attached policies, detach them:

      aws iam detach-role-policy --role-name SchedulingOrchestratorRoleAD0FF7B1 --policy-arn arn:aws:iam::aws:policy/ExamplePolicy

      Ensure you replace ExamplePolicy with the specific policy ARN provided in the command output.

    • Check log groups to ensure they aren't being used by any ongoing processes (like CloudWatch Alarms). Use:

      aws logs delete-log-group --log-group-name /aws/lambda/InstanceSchedulerLogGroup

      Replace /aws/lambda/InstanceSchedulerLogGroup with your log group name if different.

      Tip for Console Users:
      If you prefer the AWS Management Console, navigate to IAM Roles to inspect and detach policies manually, or to CloudWatch Logs to delete unused log groups.


  1. Verify IAM Permissions and Policies:
    • Ensure the AWS-QuickSetup-StackSet-Local-AdministrationRole has permissions to create and delete resources. If in doubt, attach a temporary AdministratorAccess policy to this role.

    • Test the role's permissions using the following command:

      aws sts assume-role --role-arn arn:aws:iam::014430281164:role/AWS-QuickSetup-StackSet-Local-AdministrationRole --role-session-name TestSession

      Replace 014430281164 with your AWS account ID. This tests whether the role can be assumed successfully.

      For Console Users:
      Check the role in the IAM console to ensure it has necessary permissions.


  1. Re-deploy the Instance Scheduler Stack:
    • After resolving dependency issues, delete the existing stack if it still exists:

      aws cloudformation delete-stack --stack-name InstanceSchedulerStack
    • Re-deploy using the CloudFormation template. Ensure you correctly set any required parameters.
      Example CLI command:

      aws cloudformation create-stack --stack-name InstanceSchedulerStack --template-url https://s3.amazonaws.com/solutions-reference/instance-scheduler-on-aws/latest/instance-scheduler.template

      For Console Users:
      Upload the CloudFormation template directly in the CloudFormation Console and follow the wizard to deploy.

    • Monitor the stack creation process in the CloudFormation Console or with the following CLI command:

      aws cloudformation describe-stack-events --stack-name InstanceSchedulerStack

Closing Thoughts

Ensuring a clean deletion and re-deployment of the Instance Scheduler stack will resolve your current issue. It’s essential to check dependencies and verify IAM permissions to avoid recurring problems. For further guidance, here are some AWS documentation links:

Farewell

I hope this helps you resolve the issue and get the Instance Scheduler running smoothly! Let us know if you need further assistance—happy to dive deeper if needed. Best of luck! 🚀😊


Cheers,

Aaron 😊

profile picture
answered 4 days ago
profile picture
EXPERT
reviewed 3 days ago
  • Many thanks 😊 Aaron the for your clear and helpful explanations: The issue was IAM-related. However? while running successfully the scheduler-cli command that returns { "Period": { "Type": "period", "Name": "mon-fri-7-9", "Begintime": "7:00", "Endtime": "20:59", "Weekdays": [ "mon-fri" ] } }
    I wonder why my ec2 instance is still running, noting we're on Saturday (my timezone). Thanks in advance for your support Best ITF

  • ITF, I'm trying to post some guidance for you on the mon-fri-7-9 issue, but the system won't let me paste it into this comment box (too long) or the "Add your answer area" (maybe i'm limited to one accepted answer). Could you post a new question on the mon-fri-7-9 issue and i'll respond with the guidance. Thank you!

  • Troubleshooting EC2 Schedule Issue

    1. Verify the time zone in the Instance Scheduler configuration:
      scheduler-cli describe-configuration  
      scheduler-cli update-configuration --timezone "Your_Timezone"
    2. Ensure the EC2 instance has the correct Schedule tag (mon-fri-7-9):
      aws ec2 describe-tags --filters "Name=resource-id,Values=INSTANCE_ID"  
      aws ec2 create-tags --resources INSTANCE_ID --tags Key=Schedule,Value=mon-fri-7-9
    3. Check CloudWatch Logs for the scheduler Lambda to confirm stop actions.
    4. Force a scheduler sync:
      scheduler-cli sync-schedules  
      aws ec2 stop-instances --instance-ids INSTANCE_ID

    Time zone misalignment and missing tags are the most common culprits. For details, see the Instance Scheduler on AWS Documentation. 😊

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions