Reducing AWS Costs by Automating EC2 Start and Stop Schedules

Overview

Keeping cloud expenses under control is a primary concern for businesses that use AWS for workloads. There is a greater chance of overspending when cloud usage increases, particularly when resources like Amazon EC2 instances are left available after hours. In development, testing, and production environments, teams who oversee dozens or even hundreds of instances may incur considerable and needless costs due to these idle hours.

Automating your Amazon EC2 fleet’s start and stop schedules is a straightforward yet effective method of maximizing AWS expenses. Operational control, availability, and performance are all maintained while ensuring that resources are only used when required.

We will explore implementing such automation using AWS-native tools without relying on AWS Lambda functions.

Pioneers in Cloud Consulting & Migration Services

Reduced infrastructural costs
Accelerated application deployment

Get Started

Introduction

In this guide, you will learn how to automate the daily start and stop of your Amazon EC2 instances using Amazon EventBridge and AWS Systems Manager (SSM) without requiring Lambda functions. This approach leverages instance tagging for flexible targeting, follows AWS best practices for security and least privilege, and is scalable for environments of any size.

We will cover:

How to tag your Amazon EC2 instances for automated scheduling
Ensuring SSM manages your instances
Configuring Amazon EventBridge rules to start and stop Amazon EC2 instances at predetermined intervals
Configuring AWS IAM permissions for secure automation
Estimating potential cost savings

You will have a reliable, serverless Amazon EC2 solution by the end of this lesson.

Implementation

Running hundreds of Amazon EC2 instances, particularly if only required during business hours, makes controlling AWS expenses crucial. This solution lowers complexity and costs by automating instance scheduling with AWS Systems Manager (SSM) and Amazon EventBridge without requiring AWS Lambda functions. Here’s how we can implement it:

Core Benefits

No Lambda required
Tag-based targeting (no hardcoded instance IDs)
Least-privilege IAM permissions
40–60% Amazon EC2 cost reduction (depending on uptime)

Implementation Steps

Step 1: Tag Amazon EC2 Instances

Tag all target instances with:

textKey: AutoSchedule  Value: true

1	textKey: AutoSchedule Value: true

This enables dynamic targeting without listing instance IDs.

Step 2: SSM Prerequisites

Ensure each instance:

Runs the SSM Agent (pre-installed on Amazon Linux/Ubuntu/Windows).
Has an AmazonSSMManagedInstanceCore policy AWS IAM role.
It should Appear as “Managed” in Systems Manager > AWS Fleet Manager.

Step 3: Create EventBridge Start Rule

In EventBridge > Rules, create a rule with a schedule expression:
Set the target:
- Service: AWS Systems Manager
- API: SendCommand
- Input:

Step 4: Create EventBridge Stop Rule

Repeat Step 3 with:

Schedule: cron(0 14 * * ? *) (14:00 UTC = 6:00 PM GST)
DocumentName: AWS-StopEC2Instance

Step 5: AWS IAM Permissions

Attach this policy to EventBridge’s execution role:

json{  "Effect": "Allow",  "Action": "ssm:SendCommand",  "Resource": "*"}

1	json{ "Effect": "Allow", "Action": "ssm:SendCommand", "Resource": "*"}

For production, restrict resources to specific SSM documents or, for instance, ARNs.

Cost-Saving Analysis

ec2

Example: Stopping 200 t3.medium instances overnight saves ~$3,600/month.

Conclusion

This EventBridge+SSM approach:

Scales effortlessly to 500+ instances via tags.
Reduces operational overhead by eliminating Lambda maintenance.
Enforces strict schedules with zero manual intervention.

Implement this to cut Amazon EC2 costs significantly while maintaining reliability. For dynamic scheduling adjustments, extend the process with AWS Tag Editor or Resource Groups.

json{  "DocumentName": "AWS-StartEC2Instance",  "Targets": [{    "Key": "tag:AutoSchedule",    "Values": ["true"]  }]}

textcron(0 3 * * ? *)  # 3:00 AM UTC = 7:00 AM GST

json{ "DocumentName": "AWS-StartEC2Instance", "Targets": [{ "Key": "tag:AutoSchedule", "Values": ["true"] }]}

textcron(0 3 * * ? *) # 3:00 AM UTC = 7:00 AM GST

Drop a query if you have any questions regarding Amazon EC2 and we will get back to you quickly.

Empowering organizations to become ‘data driven’ enterprises with our Cloud experts.

Reduced infrastructure costs
Timely data-driven decisions

Get Started

About CloudThat

CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.

FAQs

1. What happens if my Amazon EC2 instances are not showing as "Managed" in Systems Manager?

ANS: – Using the AmazonSSMManagedInstanceCore policy, an AWS IAM role must be associated with instances where the SSM Agent is installed and running. Ensure the instance has access to a VPC endpoint for SSM or the internet.

2. Can I use different tags or multiple tag values to target different schedules?

ANS: – Yes. You can utilize any custom tag value or key. Use extra tag keys (ScheduleGroup=Dev) and set up distinct EventBridge rules for each schedule (development versus production).

WRITTEN BY Shakti Singh Chouhan

Shakti Singh is a Research Associate (Infra, Migration, and Security) at CloudThat. He is a passionate learner committed to learning new things every day. Shakti enjoys sharing his knowledge with others. He likes singing and listening to music in his leisure time.