Enhancing EC2 Operations Management Using AWS Systems Manager AIPL

About AIPL (Atomberg Innovation Pvt Ltd):

Atomberg Innovation Private Limited is a Non-govt company, incorporated on 17 Apr, 2012. Atomberg is in the business of revolutionizing India's home appliances, by solving one problem at a time. The secret weapon? Asking the right questions. Pointed questions about how Atomberg can make the customers' daily lives easier. Questions that require granular answers and thoughtful product design.

Specialized in consumer electronics, BLDC technology, Internet of things, and Smart and energy efficient products.

Overview:

Our organization (Sapphire Technocrats Pvt Ltd) manages a fleet of Amazon EC2 instances supporting customer’s applications, web servers, and databases (non-SAP workloads). To improve security, automate maintenance tasks, and minimize downtime, we implemented AWS Systems Manager services: Maintenance Windows, Automation, and Session Manager.

This helped us simplify operational workflows, enforce security best practices, and ensure consistent infrastructure management across environments.

Business Challenge:

• Manual Server Maintenance: OS patching, log cleanup, and backup processes required significant manual effort, often causing inconsistent results.
• Security and Compliance Gaps: Direct SSH/RDP access to instances was hard to audit and increased security risk.
• Operational Inefficiencies: Server lifecycle operations (start/stop/reboot) were manual, leading to longer downtime during maintenance or incidents.
  
  

Solution:
We leveraged AWS Systems Manager to fully automate and secure the management of our EC2 infrastructure:

1. AWS Systems Manager Maintenance Windows

• Automated Patching: Configured Maintenance Windows to apply critical and security patches to Linux and Windows servers during off-peak hours.
•Scheduled Maintenance Tasks: Set up automatic disk cleanup and service health checks via Maintenance Window tasks.

•Dynamic Targeting: Used EC2 tags (e.g., Environment=Production) to automatically enroll new instances in scheduled maintenance activities.

2. AWS Systems Manager Automation
•Server Lifecycle Automation: Built custom runbooks for:

.Start/stop instances based on business hours (cost savings).

.Backup EBS volumes before patching.

.Restart applications (like Apache, Tomcat, SQL Server) after updates.
•Approval Mechanisms: Introduced approval steps for sensitive production operations using Automation execution workflows.

3. AWS Systems Manager Session Manager
• Secure Access to EC2: Replaced SSH/RDP with Session Manager for all remote administration.
• Audit Trails: Configured S3 and CloudTrail logging of all session activity for compliance tracking.
• Port Forwarding: Used Session Manager for secure access to internal applications (like Admin portals and internal DB consoles) without exposing public IPs.

Benefits:
• Security Hardening: Eliminated direct server access vulnerabilities.

• Operational Consistency: Automated and standardized patching, backup, and server management tasks.

• Cost Optimization: Saved 30% on monthly compute costs by automatically stopping non production servers after hours. • Audit Readiness: Full traceability of who accessed which server, when, and for what purpose.

Next Steps:

We are planning to extend our usage by:
• Implementing AWS Systems Manager Change Manager for full change control processes.
• Integrating Systems Manager with AWS Security Hub for real-time security posture monitoring.