Executing CloudFix Fixers - no approval needed

Overview

CloudFix fixers automatically implement best practice recommendations to reduce your AWS costs. The process is straightforward - you select recommendations and execute them directly from the CloudFix dashboard.

How Fixers Work

When you execute a fixer, CloudFix follows these steps:

1. SSM Runbook Activation - CloudFix triggers an AWS Systems Manager (SSM) Automation Runbook specifically designed for the type of fix
2. Parameter Passing - CloudFix passes the necessary parameters to the runbook, including resource IDs and target configuration
3. Secure Execution - The runbook executes with temporary permissions in your AWS account via the CloudFix IAM role
4. Resource Modification - The runbook makes the necessary changes to your AWS resources following AWS best practices
5. Verification - CloudFix verifies the changes were applied correctly
6. Reporting - The execution results are recorded and displayed in your CloudFix dashboard

Prerequisites

Before executing fixers, ensure:

• You have the appropriate permissions in CloudFix (Resource Manager or above)
• Maintenance windows are configured if you want executions to run during specific times

Executing Fixers

From the Recommendations Dashboard

1. Log in to your CloudFix account
2. Navigate to the Recommendations tab
3. Use the filters to find your account(s) and browse the available recommendations
4. Select one or more recommendations you want to implement
5. Click Execute
6. Review the execution details and confirm

Bulk Execution

To execute multiple fixers at once:

1. Use the checkboxes to select multiple recommendations
2. Click Execute at the top of the table
3. Review the summary showing all selected fixers
4. Click Confirm to proceed with execution

Understanding Execution Status

After initiating execution, each fixer will show one of the following statuses:

• Scheduled/Queued: The fixer is in line to be executed
• In Progress: The fixer is currently running
• Completed: The fixer has successfully completed
• Failed: The fixer encountered an issue during execution

Viewing Execution Reports

To access completed execution reports:

1. Navigate to the Finished tab
2. Find the execution you want to review
3. Click on the execution name to view details

Maintenance Windows

If you've configured maintenance windows, fixers will automatically execute during these periods:

1. Select recommendations you want to implement
2. Click Execute
3. The system will schedule these executions for your next available maintenance window
4. You'll receive confirmation that the fixers have been scheduled

Technical Execution Details

Each CloudFix fixer uses a specialized AWS Systems Manager (SSM) Automation Runbook that follows these principles:

Runbook Design

• Resource-Specific - Each fixer type has a dedicated runbook designed for specific AWS resources
• Idempotent - Runbooks are designed to be safely re-runnable without causing duplicate changes
• Validated - Changes are validated before and after execution to ensure successful application
• Logged - Each step of the execution is logged for troubleshooting and audit purposes

Simplified Execution Process Example

For an EC2 instance type change fixer:

1. The runbook first validates the instance is in a valid state for modification
2. It checks if the target instance type is compatible with the instance configuration
3. The instance is stopped (if running)
4. A snapshot is made
5. The fixer wait for the snapshot to complete
6. Instance type is modified using AWS API calls
7. The instance is restarted (if it was running originally)
8. The runbook verifies the instance is running with the new configuration

AWS Permissions

CloudFix executes these runbooks using IAM roles granted during onboarding. This role:

• Has the minimum permissions required to perform the specific fixes
• Operates only on the resources you explicitly select for fixing
• Creates detailed CloudTrail logs for all actions performed

Handling Failed Executions

If an execution fails:

1. Click on the failed execution in the Finished tab
2. Review the error details and recommended actions
3. Address any issues identified in the error message
4. Check the SSM Execution logs for detailed information
5. Re-execute the fixer once the issues are resolved

Best Practices

For successful fixer execution:

• Review recommendation details before executing
• Execute one fixer at a time when getting started
• Review execution history regularly
• Optionally review the SSM runbook logs for each execution for verification
• Schedule complex changes requiring downtime during maintenance windows to minimize impact
• Coordinate with application owners before modifying production resources

Frequently Asked Questions

Q: How long does fixer execution take?
A: Most fixers complete within a few minutes, but some may take longer depending on the resource type and complexity.

Q: Can I undo a fixer execution?
A: CloudFix does not provide an automatic rollback feature for most fixers. The recommended approach is to re-configure resources manually if needed.

Q: Will fixers affect my application performance?
A: Fixers are designed to optimize costs without impacting performance. Each recommendation includes details about any potential performance considerations.

Q: How can I track savings from executed fixers?
A: Navigate to the Savings tab to view the actual savings realized from implemented recommendations.

Q: Are the SSM runbooks used by CloudFix customizable?
A: No, CloudFix uses pre-configured SSM runbooks that have been thoroughly tested to ensure safe and effective changes. Custom runbooks are not supported.