What's this article about?
It's about AWS Systems Manager Automation. This product can be seen as a poor man's Step Function which includes a basic and easy-to-use web frontend that makes it trivial to execute operational tasks that could otherwise be tedious.
The need for simple web forms
Many of our IT-related processes need to interact with various internal web services. The logic to speak with these services is implemented using Lambda functions.
Each of these Lambda functions expect a curated JSON payload with multiple keys. Building the payloads and invoking the functions from the web console or the CLI is not only time-consuming, but complex.Since these tasks are repetitive and not completely automatable, we would like to be able to offload them to Level 1 support personnel, while limiting training and reducing data entry errors.
Doing so requires us to provide to IT support staff a web-based interface that is more user-friendly than AWS's built-in Lambda web console. A simple web form that can validate input data upfront, provide user feedback, and format JSON payloads automatically would fit the bill, right?
The question arises, how can one make such a web form quickly, and, if possible, define it with IaC?
SSM Automation to the rescue!
The most obvious answer has been to use SSM Automation for this purpose.
Simply put, an SSM Automation can be seen as a much simpler Step Function geared towards low volume and interactive use.
From what I can tell, this Systems Manager feature was originally designed to automate tasks related to EC2 instance management. But I found that it can invoke Lambda and Step Functions too and it can also call arbitrary AWS API functions if you require.
Key points
An SSM Automation is defined in a standard SSM document. The schema is currently at revision 0.3.
When the automation is executed, a basic web form is automatically generated based on parameters you've set in the document. Note that this form is not extremely customisable.
This web form contains input parameters that support input validation which are similar to CloudFormation parameters (i.e. AllowValues, AllowedPattern, etc). These parameters can then be formatted in a structured payload when invoking your function.
 |
| The web form is generated based on your parameter settings. |
Logs from your Lambda functions are much easier to consume in the web interface compared to going directly in Cloudwatch. Each step is logged as if it was invoked with the "tail" output option as the command-line, and saved in the execution log.
 |
| The automation log lets you check the output of your lambda functions quickly, no need to search into countless log streams in Cloudwatch! |
Oh, and everything can be defined using CloudFormation or the CDK.
There are many examples that AWS have already done themselves, and that you can see for yourself, such as this one.
Some caveats
The automation language is not as complete or as feature-rich as the one used with Step Functions and, I can assume, is not intended to be.
There is throttling in place. Don't use this for high-volume transactions.
Wrap-up
Using the SSM Automation web interface, there is no longer a need to prepare and curate JSON payloads manually and invoking Lambda or Step Functions becomes very easy to support staff.
I hope this quick article helped you get an idea of how SSM Automation can be of help with this use case.
