Runbooks

Runbooks let you take quick, automated actions to optimize resources in your AWS accounts based on cost-saving opportunity tickets. These scripts are triggered from the OneLens UI and help you resolve issues flagged by policy violations with minimal manual effort.

How Runbooks Work

Each runbook is a script designed to fix a specific issue in your AWS environment. Once you install a runbook in your account, you can trigger it whenever needed.

Here’s what happens when you run one:

  1. You trigger the runbook—usually from a ticket in OneLens.

  2. OneLens sends the request to the change manager in your account.

  3. The change manager runs the script step by step and applies the fix.

Access Scope

OneLens itself does not have permissions to perform actions defined in runbooks. All execution is handled within your account by the Change Manager.

Change Manager, a tool in AWS Systems Manager, is an enterprise change management framework for requesting, approving, implementing, and reporting on operational changes to your application configuration and infrastructure.

With Change Manager, you can use pre-approved change templates to help automate change processes for your resources and help avoid unintentional results when making operational changes.

Runbooks are battle tested and use only the minimal permissions required to make the intended changes and remain confined to your environment.

Finding the Right Runbook

To access the Runbook page:

  1. Log in to the OneLens UI.

  2. Open the Runbook section from the left sidebar.

You’ll see a page like the one below, with key controls highlighted:

Number References

  1. Search Box

  2. Filter By Risk

  3. Filter By Operation

  4. Filter By Service

Search

Use the search bar to quickly find Runbooks by name or keyword.

Filters

Use filters to quickly find the right runbook based on what you're trying to resolvez;

Risk

Select the runbooks based on the severity of the issue they address:

  1. Low: For low-impact fixes

  2. Medium: For moderately actions

  3. High: For critical remediations

Operation

Filter runbooks by the kind of change they make:

  1. Creation

  2. Updation

  3. Deletion

Service

Select the runbooks based on the service. Following are the services available:

  • CloudWatch, EBS, EC2, ElastiCache, Elastic Load Balancing, IAM, RDS, VPC

For a complete list of available Runbooks along with their details, visit the Runbook Catalogs page.

Installing a Runbook

To install a runbook in one of your accounts, follow the steps in the runbook Installation guide.

Executing a Runbook

You trigger a runbook directly from a ticket.

Prerequisite

Make sure the runbook is already installed in the account tied to the ticket.

1

Go to the Tickets page.

2

Click the three-dot menu on the right side of the ticket.

3

Choose Execute Runbook.

4

Pick the runbook you want to run.

5

Click Run to start the runbook execution.

Bulk Runbook Execution

You can also bulk-execute runbooks on multiple tickets at once. For example, if you want to delete unused EBS volumes in a production account:

  • In the Tickets section, apply filters like Account ID = Production Account Name, Service = EBS, and Change Type = Decommissioning

  • Select all the matching ticket rows.

  • Click on Bulk Action.

  • Choose Execute Runbook.

  • Pick the desired runbook and execute it across all selected tickets.

The execution will take some time to complete. You can track the execution status and view logs in the Execution log page.

PreviousRemediationsNextInstall Runbooks

Last updated