X
Lab complete!
Now that you have completed this lab, make sure to update your Well-Architected review if you have implemented these changes in your workload.
Click here to access the Well-Architected Tool
Create Systems Manager Change Template
The Change Manager is a capability of AWS Systems Manager. It is an enterprise change management framework for requesting, approving, implementing, and reporting on operational changes to your application configuration and infrastructure.
In this section of the lab, you will use the Change Manager to define the change process with the AWS Health Awareness. More specifically, In the Change Manager you will create a change template, upon which you can raise the change request to execute the Automation runbook that’s been created by the CloudFormation stack.
The following diagram shows the workflow defined by the Change Template.
Workflow Walkthrough
- 1 - The first step is to kickoff the change opeartion pipeline.
- 2 - The change request got approved, as we’ve configured the auto approve in the Automation runbook created by the CloudFormation template.
- 3 - Systems Manager runbook starts the execution.
- 4 - Automation runbook calls AWS Health API to retrieve service health status.
- 5a - If there’s no active AWS service events, the Automation runbook will execute the planned action (In this lab it’ll stop the EC2 instance created by the CloudFormation stack, which with the SSMFleetEnv tag value to be test).
- 5b - If there’s active AWS service events, the Automation runbook will send email notification with a list of services that’re impacted.
2.1 Configure the Change Template
Click this link to go to Systems Manager Change Manager. If the right hand side of the page shows Get started with Change Manager, then follow the instructions in 2.1.1 Set up Change Manager. Otherwise, you may skip 2.1.1, and jump straight to 2.1.2 to Create the Change Template.
(Follow instructions in 2.1.1 to set up Change Manager if you haven’t done so as shown below):
2.1.1 Set up Change Manager (Optional - Depending on whether you’ve already set up Change Manager)
- Click this link
to go to Systems Manager Change Manager. Then click the Set up Change Manager button.
2.1.2 Configure the Change Template
Sign in to the AWS Systems Manager Change Manager console via this link
Choose the Template tab, and click the Create template button.
In the “Create change template” page - Give it a name to the change template, e.g. wa-ssm-health-aware-lab-template, alongside the Description, e.g. Test SSM change template for AWS health aware operation process.
Scroll down in the “Create change template” page, keep the “Change template type” as default, and select Define a set of runbooks that can be used in the Runbook options.
Then under the Runbook dropdown box, input AWS_health_aware_normal_operation_runbook and click the pop-up runbook with this name, and click Add button.
Likewise, input AWS_health_aware_event_simulated_runbook in the Runbook dropdown box and click the pop-up runbook with this name, then click Add button.
Leave the Timeout and Template information as default.
Click the Enable auto-approval check box under the Approval workflow options. This will allow the Change Request be automatically approved, while the Change Template will still need approval.
Click the Add approval level button.
In the First-level approvals section, click the Add approver dropdown box and select Template specified approvers.
In the Roles tab of the pop-up window, search role name SSMChangeTemplateApprovalRole, then check the box left to the role, and click the Add approvers button.
In the **Amazon SNS topic for approval notifications, keep the default option Select an existing Amazon SNS topic, and search the SNS Topic created by the CloudFormation with Topic name as ssms-change-process-interruption-notification-sns-topic, then click Add notification button.
Leave the Mornitoring as default.
In the Notifications, select the Select an existing Amazon SNS topic, and search the SNS Topic created by the CloudFormation with Topic name as ssms-change-process-interruption-notification-sns-topic, then click Add notification button.
Leave the Tags as default, and click the Save and preview button.
In the Template details page, review all the settings, and then click the Submit for review button.
After the Change Template has been submitted, please click this link to go to Change Manager Settings, and click the Edit button.
Scroll down to the Template reviewers, and click the Add button.
In the pop-up window, search role name SSMChangeTemplateApprovalRole, then check the box left to the role, and click the Add approvers button.
You will find the SSMChangeTemplateApprovalRole has been added as a Template reviewer as below.
Scroll to the bottom of the Change Manager Settings page and click the Save button. Once you’ve seen the green banner with Successfully updated service settings message, you can proceed to the next step - Approve the Change Template.
2.2 Approve the Change Template
To approve the Change Template, you have to switch to the SSMChangeTemplateApprovalRole to complete it, because we need to use an IAM role or user different from the user who created the change template to approve it.
Click the user name dropdown box at the top right corner, copy your Account ID, and then click the Switch role button.
In the Switch Role page, paste your Account ID into the Account, and type in SSMChangeTemplateApprovalRole in the Role and Display Name accordingly, then click Switch Role button.
You will be redirected back to the AWS console page. Then you can see you have assumed the SSMChangeTemplateApprovalRole. You can skip the warning, as it won’t impact the lab process.
Click this link to go to System Manager Change Manager Templates page, and then click the wa-ssm-health-aware-lab-template Change Template to view it.
Click the Approve button in the Change Template detail page.
Click the Approve button in the pop-up window.
Type in a comment in the Approve change template pop-up window, then click the Approve button to complete the change template approval.
Click the user name dropdown box at the top right corner, and click the Switch back button to switch back to your original role for the rest part of the lab.
You have now completed the second section of the lab.
You have created the Change Template in the Change Manager, and have it approved with an IAM role SSMChangeTemplateApprovalRole.
This concludes Section 2 of this lab. Click ‘Next step’ to continue to the next section of the lab where we will create a Change Request to execute the AWS Health Aware change process.