Do you have any routine 'house keeping' requirements in your cloud environment? Sure you do.. and if you are on AWS cloud, AWS Systems Manager (SSM) Maintenance Windows allows automation of these tasks and ensure they run on a schedule without manual intervention.
AWS Systems Manager allows you to schedule administrative tasks on managed instances.
Some common use cases include:
- Running patch updates
- Cleaning up disk space
- Restarting services
- Rotating logs
- Running custom PowerShell or shell scripts
- Executing automation workflows
Before creating a maintenance window, make sure:
- Your EC2 instances are managed by AWS Systems Manager.
- The SSM Agent is installed and running.
- The instances have the required IAM permissions.
- You have permissions to create and manage Maintenance Windows.
Open the AWS Console and navigate to:
AWS Systems Manager → Maintenance Windows
Click Create maintenance window.
Choose a meaningful name that describes the task.
Add a short description explaining the purpose of the maintenance window.
AWS provides several scheduling options:
- Cron Schedule Builder
- Rate Schedule Builder
- Custom Cron Expression
For recurring maintenance tasks, the Cron Schedule Builder is usually the easiest option.
Specify how long AWS should allow the maintenance window to remain active.
Configure how long before the window closes AWS should stop starting new tasks.
This ensures new executions are not started when there isn't enough time remaining.
Rate control determines how aggressively AWS executes tasks across your targets.
Concurrency setting controls how many targets can execute the task simultaneously. AWS will run the task against up to 50% of the target instances at the same time.
Error Threshold defines how many failures are allowed before AWS stops the task. For critical workloads, setting a low error threshold can help prevent widespread issues.
Choose an appropriate Maintenance Window service role from the dropdown list.
AWS typically creates a role similar to:
AWSSystemsManagerEC2AccessRole\
Ensure the role has the permissions required for the task you plan to execute.
Review your settings and create the Maintenance Window. Once created, you'll be taken to the Maintenance Window dashboard where you can manage targets, tasks, history, and schedules.
Now that your maintenance window is created, you need to set a task for it to execute.
Open your newly created Maintenance Window and navigate to the Tasks tab.
Click Register Task → Register Run Command Task
This allows Systems Manager to execute a command document during the scheduled window.
Choose the SSM document that contains the commands you want AWS to execute.
Select the desired document version and configure any required parameters.
Finally choose the servers that should execute the task.
After registering the task, save the configuration and verify the task appears under the Maintenance Window.
You can monitor execution results through:
- Systems Manager Maintenance Window History
- Run Command History
- CloudWatch Logs
0 Comments