Run Book Actions and Automations

The following sections describe the Run Book Action and Automation policies that are included in the Amazon Web Services PowerPack and how to use them:

About the Run Book Actions and Automations

The Amazon Web Services PowerPack includes Run Book Action and Automation policies that can be used to:

• Automatically disable EC2 and EBS devices based on EC2 tags collected from AWS
• Automatically create and start a discovery session for the public or private IP address of an EC2 instance after a component and physical device are merged
• Automatically move an EC2 instance to a vanished state if the EC2 instance is in a terminating or terminated state
• Align AWS region device classes with the correct AWS Region

The following table describes the automation policies and what they do:

Policy Name	Result
AWS: Account Creation	SL1 creates a virtual device for an AWS account.
AWS: Disable EBS Instances by EC2 Tag	If a component device belongs to the AWS EBS Volumes device group and has an EC2 tag, SL1 disables the device.
AWS: Disable EC2 and EBS Instances by EC2 Tag	If a component device belongs to either the AWS EBS Volumes or AWS EC2 Instances device group and has an EC2 tag, SL1 disables the device.
AWS: Disable or Discover EC2 Instances	SL1 automatically discovers EC2 instances by public or private IP address. Additionally, if a component device belongs to the AWS EC2 Instances device group and has an EC2 tag, SL1 disables the device.
AWS: Discover EC2 Instances	SL1 automatically discovers EC2 instances by public or private IP address.
AWS: EKS Cluster Creation	SL1 automatically discovers EKS Clusters when an AWS EKS Cluster is configured.
AWS: Merge with EC2	If SL1 determines that the IP address of a physical device matches a custom attribute added to an EC2 Instance component device, SL1 merges the devices.
AWS: Organization Creation	SL1 creates a virtual device for an AWS organization.
AWS: RDS DB Instance Device Class Alignment	SL1 aligns the correct RDS device class the RDS Instance.
AWS: Region Device Class Alignment	If a Region is aligned to an incorrect Region device class, SL1 will align the Region to the correct device class.
AWS: Vanish Terminated EC2 Instances	If a device belongs to the AWS EC2 Instances device group and is in a terminated or terminating state, SL1 un-merges the EC2 Instance and physical device (if applicable), clears the device's associated events, and then moves the device to a vanished state.

The automation policies in the Amazon Web Services PowerPack are disabled by default. To use these automations, you must enable the automation policies and optionally modify the parameters in the automation actions.

To use the automation policies in the Amazon Web Services PowerPack, the AWS EBS Volumes and AWS EC2 Instances device groups must already be created and populated.

Disabling EC2 and EBS Instances by EC2 Tag

The automation described in this section disables EC2 and EBS devices based on EC2 tags. This can be set up in the "AWS: Disable Instance by Tag" Run Book Automation, so if an EBS or EC2 instance has the tag(s) you specify, SL1 will disable the device.

The automation for disabling EC2 and EBS instances includes two automation actions that are executed in the following order:

• AWS: Get EC2 Instance Configuration. This action requests information from the AWS API about the EC2 instance that triggered the automation action or the EC2 instance associated with the EBS instance that triggered the automation action. Information about the EC2 instance associated with an EBS instance is returned only if one EC2 instance is associated with the EBS instance.
• AWS: Disable Instance By Tag. This action compares the information collected by the AWS: Get EC2 Instance Configuration automation action with a pre-defined list of key/value pairs. If an AWS tag matches a key/value pair, the triggering device is disabled.

The Amazon Web Services PowerPack includes three automation policies that trigger these actions:

• AWS: Disable EC2 and EBS Instances by EC2 Tag. If enabled, this automation policy can trigger for any device with which the "AWS: EC2 Instance Configuration" or the "AWS: EBS Instance Configuration" Dynamic Applications are aligned (the members of the AWS EC2 Instances and AWS EBS Volumes device groups). The automation policy triggers when the "Component Device Record Created" event is active on the matching devices, immediately after the devices are discovered in the system. Enable this automation policy if you want to disable EC2 and EBS instances by EC2 tag, but do not want to enable automated discovery of EC2 instances by public or private IP address.
• AWS: Disable or Discover EC2 Instances. If enabled, this automation policy can trigger for any device with which the "AWS: EC2 Instance Configuration" Dynamic Application is aligned (the members of the AWS EC2 Instances). The automation policy triggers when the "Component Device Record Created" event is active on the matching devices, immediately after the devices are discovered in the system. Enable this automation policy if you want to disable EC2 instances by EC2 tag and want to enable automated discovery of EC2 instances by public or private IP address. This automation policy is configured to run both processes in the correct order for EC2 instances. If you enable this automation policy and want to automatically disable associated EBS instances, you must also enable the AWS: Disable EBS Instances by EC2 Tag automation policy.
• AWS: Disable EBS Instances by EC2 Tag. If enabled, this automation policy can trigger for any device with which the "AWS: EC2 Instance Configuration" Dynamic Application is aligned (the members of the AWS EC2 Instances). The automation policy triggers when the "Component Device Record Created" event is active on the matching devices, immediately after the devices are discovered in the system. Enable this automation policy if you want to disable EC2 instances by EC2 tag, want to enable automated discovery of EC2 instances by public or private IP address, and want to disable EBS instances by EC2 tag.

To use this automation, you must:

• Modify the parameters of the automation actions (optional)
• Enable the Component Device Record Created event policy
• Enable the automation policies
• Configure your system to preserve these changes

Modifying the Parameters of the Automation Actions

The snippet for the AWS: Disable Instance by Tag automation action includes the pre-defined list of key/value pairs with which the tags collected from the AWS API are compared. You must modify this list to include the key/value pairs that you want to use to disable EC2 instances.

To modify the parameters for the AWS: Disable Instance by Tag automation action:

1. Go to the Action Policy Manager page (Registry > Run Book > Actions).
2. Click the wrench icon () for the AWS: Disable Instance By Tag automation action.
3. In the Snippet Code field, locate and edit the following line:

DISABLE_TAGS = [('ExampleKey','ExampleValue')]

The line must be in the following format, with each key and each value inside single-quotes and each key/value pair comma-separated inside parentheses, with commas separating each key/value pair.

DISABLE_TAGS = [('Key','Value'),('Key','Value'),...,('Key','Value')]

For example, suppose you want to disable an EC2 instance where the "Environment" key is either "dev" or "test" or the "Owner" key is "Sales". You would update the line so it looks like this:

DISABLE_TAGS = [('Environment','dev'),('Environment','test'),('Owner','Sales')]

4. Click the Save button.

Enabling the Component Device Record Created Event Policy

To enable the "Component Device Record Created" event policy:

1. Go to the Event Policies page (Events > Event Policies, or Registry > Events > Event Manager in the classic SL1 user interface).
2. Click the Actions menu () for the "Component Device Record Created" event policy and select Edit.
3. In the Event Policy Editor page, click on the Enable Event Policy toggle to enable the event policy.
4. Click Save.

To enable the "Component Device Record Created" event policy in the SL1 classic user interface:

1. Go to the Event Policy Manager page (Registry > Events > Event Manager).
2. Click the wrench icon () for the "Component Device Record Created" event policy.
3. In the Operational State field, select Enabled.
4. Click Save.

To prevent this change from being overwritten when the PowerPacks installed on the system are updated, you can enable the Selective PowerPack Field Protection option. To enable this option:

1. Go to the Behavior Settings page (System > Settings > Behavior).
2. Check the Enable Selective PowerPack Field Protection checkbox.
3. Click Save.

Enabling the Automation Policies

To enable one or more automation policies in the Amazon Web Services PowerPack:

1. Go to the Automation Policy Manager page (Registry > Run Book > Automation).

2. Click the wrench icon () for the automation policy you want to enable.
3. In the Policy State field, select Enabled.
4. Click Save.

Preserving Automation Changes

If you have modified automation actions and policies that are included in the Amazon Web Services PowerPack, those changes will be overwritten when the PowerPack is updated in your system. If you have modified automation actions and policies that are included in the PowerPack, you can:

• Re-implement those changes after each update of the Amazon Web Services PowerPack.
• Remove the content from the PowerPack on your system before you update it. When the Amazon Web Services PowerPack is updated in your system, updated versions of this content will not be installed on your system and your local changes will be preserved.

To remove automation actions or automation policies content from the Amazon Web Services PowerPack on your system:

1. Go to the PowerPack Manager page (System > Manage > PowerPacks).
2. Click the wrench icon () for the Amazon Web Services PowerPack. The Editing PowerPack page appears.
3. In the left NavBar of the Editing PowerPack page, select the type of content you want to remove:
• To remove an automation action, click Run Book Actions. The Embedded Run Book Actions and Available Run Book Actions panes appear.
• To remove an automation policy, click Run Book Policies. The Embedded Run Book Policies and Available Run Book Policies panes appear.
4. In the upper pane, click the bomb icon () for each automation action or automation policy that you want to remove from the Amazon Web Services PowerPack on your system.

Discovering EC2 Instances by Public or Private IP Address

The automation in this section automatically creates and starts a discovery session for the public or private IP address of an EC2 instance after a component and physical device are merged. If SL1 determines that the IP address of a physical device matches a custom attribute added to an EC2 instance component device, SL1 merges the devices.

The automation for discovering EC2 instances by public or private IP addresses includes three automation actions that are executed in the following order:

• AWS: Get EC2 Instance Configuration. This action requests information from the AWS API about the EC2 instance that triggered the automation action.
• AWS: Discover from EC2 IP. This action uses the IP address and port information in the response from the AWS API to create and run a discovery session. This action also adds a custom attribute to the EC2 component device record that can be used to match a newly discovered device to the EC2 instance.
• AWS: Merge Physical with Component. This action matches the IP address of a physical device with the custom attribute added to EC2 component devices by the AWS: Discover from EC2 IP automation action. If a match is found, the matching EC2 component device is merged with the physical device.

The Amazon Web Services PowerPack includes three automation policies that trigger these actions:

• AWS: Discover EC2 Instances. If enabled, this automation policy can trigger for any device with which the "AWS: EC2 Instance Configuration" Dynamic Application is aligned (the members of the AWS EC2 Instances). The automation policy triggers when the "Component Device Record Created" event is active on the matching devices, immediately after the devices are discovered in the system. Enable this automation policy if you want to enable automated discovery of EC2 instances by public or private IP address but do not want disable EC2 and EBS instances by EC2 tag.
• AWS: Disable or Discover EC2 Instances. If enabled, this automation policy can trigger for any device with which the "AWS: EC2 Instance Configuration" Dynamic Application is aligned (the members of the AWS EC2 Instances). The automation policy triggers when the "Component Device Record Created" event is active on the matching devices, immediately after the devices are discovered in the system. Enable this automation policy if you want to disable EC2 instances by EC2 tag and want to enable automated discovery of EC2 instances by public or private IP address. This automation policy is configured to run both in the correct order for EC2 instances.
• AWS: Merge with EC2. If enabled, this automation policy can trigger for any device. The automation policy triggers when the "Device Record Created" event is active on the matching devices, immediately after the devices are discovered in the system. Enable this automation policy if you want to enable automated discovery of EC2 instances by public or private IP address.

To use this automation, you must:

• Modify the parameters of the automation actions (optional)
• Enable the Component Device Record Created event policy
• Enable the Device Record Created event policy
• Enable the automation policies
• Configure your system to preserve these changes

Modifying the Parameters of the Automation Actions

The snippet for the AWS: Discover from EC2 IP automation action includes parameters that define how the automation action creates discovery sessions. You can edit the following lines in the Snippet Code field of the AWS: Discover from EC2 IP automation action to change these parameters:

• EC2_IP_ATTRIBUTE = 'PrivateIpAddress'

The attribute returned by the AWS API for EC2 instances that contains the IP address to use in the discovery session. By default, the private IP address is used. To use the public IP address of the EC2 instance, change this line to:

EC2_IP_ATTRIBUTE = 'PublicIpAddress'

• EXTRA_SCAN_PORTS = ["21","22","23","25","80","443","5985","5986"]

The list of TCP ports used in the discovery session includes any TCP ports that are specified explicitly in the security group associated with the EC2 instance, plus any TCP ports included in the EXTRA_SCAN_PORTS parameter. You can add or remove ports from this default list. For example, if you wanted to remove TCP port 21 from this list and add TCP port 53, you would change this line to:

EXTRA_SCAN_PORTS = ["22","23","25","53","80","443","5985","5986"]

The EXTRA_SCAN_PORTS parameter must be populated if there are no rules for specific ports in the security group associated with the EC2 instance.

• AUTO_INCLUDE_CREDS = True

If the AUTO_INCLUDE_CREDS parameter is "True", the automation will automatically add credentials to the discovery session. A credential will be added automatically if it meets one of the following requirements:

• The credential is an SNMP credential, the Security Group associated with the EC2 instance includes a rule that allows access to UDP port 161, and the credential is explicitly aligned within the organization of the EC2 instance.
• The credential is an SNMP credential, the Security Group associated with the EC2 instance includes a rule that allows access to UDP port 161, the credential is associated with all organizations in the system, and the INCLUDE_ALL_ORG_CREDS parameter is "True".
• The credential is not an SNMP credential or an LDAP/AD credential, the TCP port used by the credential is included in the list of TCP ports for the discovery session (the credential is specified explicitly in the security group associated with the EC2 instance or is included in the EXTRA_SCAN_PORTS parameter), and the credential is explicitly aligned with in the organization of the EC2 instance.
• The credential is not an SNMP credential or an LDAP/AD credential, the TCP port used by the credential is included in the list of TCP ports for the discovery session (the credential is specified explicitly in the security group associated with the EC2 instance or is included in the EXTRA_SCAN_PORTS parameter), and the INCLUDE_ALL_ORG_CREDS parameter is "True".

To disable the automatic alignment of credentials to the discovery session, change this line to:

AUTO_INCLUDE_CREDS = False

• INCLUDE_ALL_ORG_CREDS = True

If INCLUDE_ALL_ORG_CREDS is "True" and the AUTO_INCLUDE_CREDS parameter is "True", credentials that are aligned with all organizations (credentials that do not have an explicit organization alignment) are automatically included in the discovery session when that credential meets the other requirements for being automatically included in the discovery session.

• EXTRA_CREDS = ""

In addition to the credentials that are automatically included in the discovery sessions based on open ports, you can optionally specify a string of comma-separated credential IDs for credentials that will be included in every discovery session created by this automation. For example, if you wanted to include credentials with IDs 10 and 13 in every discovery session created by this automation, you would change this line to:

EXTRA_CREDS = "10,13"

• DISCOVER_NON_SNMP = "1"

If DISCOVER_NON_SNMP is set to "1", discovery sessions created by this automation will be configured to discover non-SNMP devices. If you want the discovery sessions created by this automation to discover only SNMP devices, change this line to:

DISCOVER_NON_SNMP = "0"

• TEMPLATE_NAME = ""

If you specify a device template name in the TEMPLATE_NAME parameter, that device template will be automatically aligned with all discovery sessions created by this automation. For example, if you wanted to align a device template called "Standard Device Template" to every discovery session created by this automation, you would change this line to:

TEMPLATE_NAME = "Standard Device Template"

To modify the parameters for the AWS: Discover from EC2 IP automation action, perform the following steps:

1. Go to the Action Policy Manager page (Registry > Run Book > Actions).
2. Click the wrench icon () for the AWS: Discover from EC2 IP automation action.
3. In the Snippet Code field, locate and edit the line(s) for the parameter(s) you want to change:
4. Click the Save button.

If you modified the EC2_IP_ATTRIBUTE parameter in the AWS: Discover from EC2 IP automation action, you must perform the following steps to update the AWS: Merge Physical with Component automation action:

To modify the parameters for the AWS: Discover from EC2 IP automation action, perform the following steps:

1. Go to the Action Policy Manager page (Registry > Run Book > Actions).
2. Click the wrench icon () for the AWS: Discover from EC2 IP automation action.
3. In the Snippet Code field, locate and edit the following line:

IP_ATTRIBUTE = 'c-EC2_PrivateIpAddress'

If you changed the EC2_IP_ATTRIBUTE parameter in the AWS: Discover from EC2 IP automation action to 'PublicIpAddress', change this line to:

IP_ATTRIBUTE = 'c-EC2_PublicIpAddress'

4. Click the Save button.

Enabling the Component Device Record Created Event Policy

To enable the "Component Device Record Created" event policy:

1. Go to the Event Policies page (Events > Event Policies, or Registry > Events > Event Manager in the classic SL1 user interface).
2. Click the Actions menu () for the "Component Device Record Created" event policy and select Edit.
3. In the Event Policy Editor page, click on the Enable Event Policy toggle to enable the event policy.
4. Click Save.

To enable the "Component Device Record Created" event policy in the SL1 classic user interface:

1. Go to the Event Policy Manager page (Registry > Events > Event Manager).
2. Click the wrench icon () for the "Component Device Record Created" event policy.
3. In the Operational State field, select Enabled.
4. Click Save.

To prevent this change from being overwritten when the PowerPacks installed on the system are updated, you can enable the Selective PowerPack Field Protection option. To enable this option:

1. Go to the Behavior Settings page (System > Settings > Behavior).
2. Check the Enable Selective PowerPack Field Protection checkbox.
3. Click Save.

Enabling the Device Record Created Event Policy

To enable the "Device Record Created" event policy:

1. Go to the Event Policies page (Events > Event Policies, or Registry > Events > Event Manager in the classic SL1 user interface).
2. Click the Actions menu () for the "Device Record Created" event policy and select Edit.
3. In the Event Policy Editor page, click on the Enable Event Policy toggle to enable the event policy.
4. Click Save.

To enable the "Device Record Created" event policy in the SL1 classic user interface:

1. Go to the Event Policy Manager page (Registry > Events > Event Manager).
2. Click the wrench icon () for the "Device Record Created" event policy.
3. In the Operational State field, select Enabled.
4. Click Save.

To prevent this change from being overwritten when the PowerPacks installed on the system are updated, you can enable the Selective PowerPack Field Protection option. To enable this option:

1. Go to the Behavior Settings page (System > Settings > Behavior).
2. Check the Enable Selective PowerPack Field Protection checkbox.
3. Click Save.

Enabling the Automation Policies

To enable one or more automation policies in the Amazon Web Services PowerPack:

1. Go to the Automation Policy Manager page (Registry > Run Book > Automation).

2. Click the wrench icon () for the automation policy you want to enable.
3. In the Policy State field, select Enabled.
4. Click Save.

Preserving Automation Changes

If you have modified automation actions and policies that are included in the Amazon Web Services PowerPack, those changes will be overwritten when the PowerPack is updated in your system. If you have modified automation actions and policies that are included in the PowerPack, you can:

• Re-implement those changes after each update of the Amazon Web Services PowerPack.
• Remove the content from the PowerPack on your system before you update it. When the Amazon Web Services PowerPack is updated in your system, updated versions of this content will not be installed on your system and your local changes will be preserved.

To remove automation actions or automation policies content from the Amazon Web Services PowerPack on your system:

1. Go to the PowerPack Manager page (System > Manage > PowerPacks).
2. Click the wrench icon () for the Amazon Web Services PowerPack. The Editing PowerPack page appears.
3. In the left NavBar of the Editing PowerPack page, select the type of content you want to remove:
• To remove an automation action, click Run Book Actions. The Embedded Run Book Actions and Available Run Book Actions panes appear.
• To remove an automation policy, click Run Book Policies. The Embedded Run Book Policies and Available Run Book Policies panes appear.
4. In the upper pane, click the bomb icon () for each automation action or automation policy that you want to remove from the Amazon Web Services PowerPack on your system.

Aligning AWS Regions to the AWS Region Device Class

The automation for aligning an AWS Region to the correct AWS Region device class includes one automation action:

• AWS: Region Device Class Alignment. This action updates the AWS device class to the correct AWS Region.

NOTE: Device classes for AWS Regions are updated in the second cycle of the "AWS: Region Device Class Discovery" Dynamic Application. Regions will be updated after 24 hours.

The Amazon Web Services PowerPack includes an automation policy that triggers this action:

• AWS: Region Device Class Alignment. If enabled, this automation policy can trigger for any device with which the "AWS: Region Device Class Discovery" Dynamic Application is aligned. The automation policy triggers when the "AWS: Device Class Change" event is active on the matching devices, and the automation policy will repeat every 10 minutes until that event is no longer active.

Vanishing Terminated or Terminating EC2 Instances

The automation in this section automatically moves an EC2 instance to a vanished state if the EC2 instance is in a terminating or terminated state. SL1 unmerges the EC2 instance and physical device, clearing the associated events, and moves the devices to a vanished state.

The automation for vanishing terminated EC2 instances includes one automation action:

• AWS: Vanish Terminated EC2 Instances. If an EC2 instance has been terminated in Amazon, its corresponding device in SL1 becomes unavailable. This action then requests information from the AWS API about the EC2 instance that triggered the automation action. If the response from the AWS API indicates that the EC2 instance that triggered the automation action is in a terminated or terminating state, the action performs the following steps:
• If the automation triggers for a physical device that is merged with an EC2 instance, the devices are un-merged.

• If the automation triggers for a physical device that is merged with an EC2 instance, after being un-merged the physical device is moved to a virtual collector group.
• If the automation triggers for a physical device that is merged with an EC2 instance, after being unmerged, all events associated with the physical device are cleared.
• All events associated with the component device are cleared.
• The component device is vanished.

NOTE: If an EC2 instance is stopped in AWS rather than terminated, then the "AWS Vanish Terminated EC2 Instances" action is not triggered.

The Amazon Web Services PowerPack includes an automation policy that triggers this action:

• AWS: Vanish Terminated EC2 Instances. If enabled, this automation policy can trigger for any device with which the "AWS: EC2 Instance Configuration" Dynamic Application is aligned (the members of the AWS EC2 Instances). The automation policy triggers when the "Availability Check Failed" event is active on the matching devices, and the automation policy will repeat every 10 minutes until that event is no longer active.

To use this automation, you must:

• Enable the AWS: Vanish Terminated EC2 Instances automation policy
• Configure your system to preserve this change

Enabling the Automation Policies

To enable one or more automation policies in the Amazon Web Services PowerPack:

1. Go to the Automation Policy Manager page (Registry > Run Book > Automation).

2. Click the wrench icon () for the automation policy you want to enable.
3. In the Policy State field, select Enabled.
4. Click Save.

Preserving Automation Changes

If you have modified automation actions and policies that are included in the Amazon Web Services PowerPack, those changes will be overwritten when the PowerPack is updated in your system. If you have modified automation actions and policies that are included in the PowerPack, you can:

• Re-implement those changes after each update of the Amazon Web Services PowerPack.
• Remove the content from the PowerPack on your system before you update it. When the Amazon Web Services PowerPack is updated in your system, updated versions of this content will not be installed on your system and your local changes will be preserved.

To remove automation actions or automation policies content from the Amazon Web Services PowerPack on your system:

1. Go to the PowerPack Manager page (System > Manage > PowerPacks).
2. Click the wrench icon () for the Amazon Web Services PowerPack. The Editing PowerPack page appears.
3. In the left NavBar of the Editing PowerPack page, select the type of content you want to remove:
• To remove an automation action, click Run Book Actions. The Embedded Run Book Actions and Available Run Book Actions panes appear.
• To remove an automation policy, click Run Book Policies. The Embedded Run Book Policies and Available Run Book Policies panes appear.
4. In the upper pane, click the bomb icon () for each automation action or automation policy that you want to remove from the Amazon Web Services PowerPack on your system.