Scheduling maintenance on RDS instances

Use the following steps below to create a scheduled maintenance on groups of RDS instances.

1. Create and configure the IAM service role for system manager automation

• a. Task 1:Create a service role for Automation
• b. Task 2: Attach the iam:PassRole policy to your Automation role
• c. Task 3: Configure user access to Automation

• • Select users, then the user account you want to configure, from the IAM navigation pane.
• • Make sure that either the AmazonSSMFullAccess policy is mentioned on the permissions tab’s policies list or that there is a comparable policy that grants the account access to the System Manager.
• • the Add Inline Policy option
• • Select the visual editor tab and then select Choose a service on the create policy page.
• • Enter IAM in the search box or scroll down to find IAM further down the page and select IAM.
• • Enter PassRole in the search box for Actions and select Pass Role.
• • Copy the ARN for the automation service role and paste it at the end of task1 before expanding the Resources area, choosing Add ARN, and finally selecting Add.
• • Choose Review policy and provide a name for the policy and then choose Create Policy.

2. Create a Resource Group

• Tag the Amazon RDS DB instances: Open the Amazon RDS console and tag the Amazon RDS DB instances that you want to add to the resource group. A tag is metadata assigned to an AWS resource and consists of a key-value pair. We recommend that you use Action as the Tag key and StartStop as the Value. For more information about this, see Adding, listing, and removing tags in the Amazon RDS documentation
• Create a resource group for your tagged Amazon RDS DB instances: Open the AWS Resource Groups console and create a resource group based on the tag that you created for your Amazon RDS DB instances. Under Grouping Criteria, make sure that you choose AWS::RDS::DBInstance for the resource type and then provide the tag's key-value pair (for example, "Action-StartStop"). This ensures that the service only checks for Amazon RDS DB instances and not other resources that have this tag. Make sure that you record the resource group’s name.

3. Configure a maintenance window to stop the Amazon RDS DB instances

• • On the AWS Systems Manager console, choose Maintenance Windows, choose Actions, and then choose Register targets.
• • In the Targets area, specify Choose a resource group and then choose the name of an existing resource group in your account.
• • For Resource types, choose AWS::RDS::DBInstance and then choose Register target.

For more information and detailed steps, see Assign targets to a maintenance window (console) in the AWS Systems Manager documentation.

4. Assign a target to the maintenance window

• • On the AWS Systems Manager console, choose Maintenance Windows, choose Actions, and then choose Register targets.
• • In the Targets area, specify Choose a resource group and then choose the name of an existing resource group in your account.
• • For Resource types, choose AWS::RDS::DBInstance and then choose Register target.

For more information and detailed steps, see Assign targets to a maintenance window (console) in the AWS Systems Manager documentation.

5. Assign a task to the maintenance window

• • On the AWS Systems Manager console, choose Maintenance Windows and then choose your maintenance window. Choose **Actions **and then choose Register Automation task.
• • For Document, choose AWS-StopRdsInstance.
• • In the Targets section, choose Selecting registered target groups and then choose the maintenance window target that you registered with the current maintenance window.
• • For Rate control, specify 100 percent for Concurrency and Error threshold. You can change the Rate control values according to your requirements for task concurrency and error threshold. For more information about this, see About concurrency and error thresholds in the AWS Systems Manager documentation.
• • In the IAM service role area, you can choose Create and use a service-linked role for Systems Manager or choose Use a custom service role.
• • In the Input Parameters section, specify the following parameters for the runbook:
• • • i. InstanceId: {{RESOURCE_ID}}
• • • ii. AutomationAssumeRole: Provide the ARN of the service role that you created for Systems Manager Automation.
• • • iii. Note: For InstanceId, a pseudo parameter is used to extract the Amazon RDS DB resource ID from the ARN. To learn more about pseudo parameters, see About pseudo parameters in the AWS Systems Manager documentation.
• • Choose Register Automation task.

6. Configure a maintenance window to start the Amazon RDS DB instances.

• • Repeat the steps from the Configure a maintenance window to stop the Amazon RDS DB instances to configure another maintenance window to start the Amazon RDS DB instances at a scheduled time.
• • Important: You must make the following changes when you configure the maintenance window to start the DB instances:
• • • i. Use a new name for the maintenance window (for example, "StartRdsInstance").
• • • ii. Replace the cron expression with the cron expression that you want to use to start the DB instances.
• • • iii. Replace the AWS-StopRdsInstance runbook with AWS-StartRdsInstance in Task.