Voiced by Amazon Polly |
Overview
Keeping cloud expenses under control is a primary concern for businesses that use AWS for workloads. There is a greater chance of overspending when cloud usage increases, particularly when resources like Amazon EC2 instances are left available after hours. In development, testing, and production environments, teams who oversee dozens or even hundreds of instances may incur considerable and needless costs due to these idle hours.
We will explore implementing such automation using AWS-native tools without relying on AWS Lambda functions.
Pioneers in Cloud Consulting & Migration Services
- Reduced infrastructural costs
- Accelerated application deployment
Introduction
In this guide, you will learn how to automate the daily start and stop of your Amazon EC2 instances using Amazon EventBridge and AWS Systems Manager (SSM) without requiring Lambda functions. This approach leverages instance tagging for flexible targeting, follows AWS best practices for security and least privilege, and is scalable for environments of any size.
We will cover:
- How to tag your Amazon EC2 instances for automated scheduling
- Ensuring SSM manages your instances
- Configuring Amazon EventBridge rules to start and stop Amazon EC2 instances at predetermined intervals
- Configuring AWS IAM permissions for secure automation
- Estimating potential cost savings
You will have a reliable, serverless Amazon EC2 solution by the end of this lesson.
Implementation
Running hundreds of Amazon EC2 instances, particularly if only required during business hours, makes controlling AWS expenses crucial. This solution lowers complexity and costs by automating instance scheduling with AWS Systems Manager (SSM) and Amazon EventBridge without requiring AWS Lambda functions. Here’s how we can implement it:
Core Benefits
- No Lambda required
- Tag-based targeting (no hardcoded instance IDs)
- Least-privilege IAM permissions
- 40–60% Amazon EC2 cost reduction (depending on uptime)
Implementation Steps
Step 1: Tag Amazon EC2 Instances
Tag all target instances with:
1 |
textKey: AutoSchedule Value: true |
This enables dynamic targeting without listing instance IDs.
Step 2: SSM Prerequisites
Ensure each instance:
- Runs the SSM Agent (pre-installed on Amazon Linux/Ubuntu/Windows).
- Has an AmazonSSMManagedInstanceCore policy AWS IAM role.
- It should Appear as “Managed” in Systems Manager > AWS Fleet Manager.
Step 3: Create EventBridge Start Rule
- In EventBridge > Rules, create a rule with a schedule expression:
- Set the target:
- Service: AWS Systems Manager
- API: SendCommand
- Input:
Step 4: Create EventBridge Stop Rule
Repeat Step 3 with:
- Schedule: cron(0 14 * * ? *) (14:00 UTC = 6:00 PM GST)
- DocumentName: AWS-StopEC2Instance
Step 5: AWS IAM Permissions
Attach this policy to EventBridge’s execution role:
1 |
json{ "Effect": "Allow", "Action": "ssm:SendCommand", "Resource": "*"} |
For production, restrict resources to specific SSM documents or, for instance, ARNs.
Cost-Saving Analysis
Example: Stopping 200 t3.medium instances overnight saves ~$3,600/month.
Conclusion
This EventBridge+SSM approach:
- Scales effortlessly to 500+ instances via tags.
- Reduces operational overhead by eliminating Lambda maintenance.
- Enforces strict schedules with zero manual intervention.
Implement this to cut Amazon EC2 costs significantly while maintaining reliability. For dynamic scheduling adjustments, extend the process with AWS Tag Editor or Resource Groups.
1 2 3 |
json{ "DocumentName": "AWS-StartEC2Instance", "Targets": [{ "Key": "tag:AutoSchedule", "Values": ["true"] }]} textcron(0 3 * * ? *) # 3:00 AM UTC = 7:00 AM GST |
Drop a query if you have any questions regarding Amazon EC2 and we will get back to you quickly.
Empowering organizations to become ‘data driven’ enterprises with our Cloud experts.
- Reduced infrastructure costs
- Timely data-driven decisions
About CloudThat
CloudThat is an award-winning company and the first in India to offer cloud training and consulting services worldwide. As a Microsoft Solutions Partner, AWS Advanced Tier Training Partner, and Google Cloud Platform Partner, CloudThat has empowered over 850,000 professionals through 600+ cloud certifications winning global recognition for its training excellence including 20 MCT Trainers in Microsoft’s Global Top 100 and an impressive 12 awards in the last 8 years. CloudThat specializes in Cloud Migration, Data Platforms, DevOps, IoT, and cutting-edge technologies like Gen AI & AI/ML. It has delivered over 500 consulting projects for 250+ organizations in 30+ countries as it continues to empower professionals and enterprises to thrive in the digital-first world.
FAQs
1. What happens if my Amazon EC2 instances are not showing as "Managed" in Systems Manager?
ANS: – Using the AmazonSSMManagedInstanceCore policy, an AWS IAM role must be associated with instances where the SSM Agent is installed and running. Ensure the instance has access to a VPC endpoint for SSM or the internet.
2. Can I use different tags or multiple tag values to target different schedules?
ANS: – Yes. You can utilize any custom tag value or key. Use extra tag keys (ScheduleGroup=Dev) and set up distinct EventBridge rules for each schedule (development versus production).

WRITTEN BY Shakti Singh Chouhan
Shakti Singh is a Research Associate (Infra, Migration, and Security) at CloudThat. He is a passionate learner committed to learning new things every day. Shakti enjoys sharing his knowledge with others. He likes singing and listening to music in his leisure time.
Comments