> For the complete documentation index, see [llms.txt](https://docs.onelens.cloud/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.onelens.cloud/automate/schedulers/install-schedulers.md).
# Install Schedulers
## Overview
Installation involves setting up the core Scheduler infrastructure in one AWS account and optionally onboarding other accounts for centralized scheduling.
Scheduler installation is currently supported for AWS accounts. Schedulers deploy infrastructure within your AWS account using CloudFormation. *Support for Azure, GCP, and OCI schedulers is planned for future releases*
## **How the Installation Happens**
The OneLens Scheduler follows a simple two-step setup process:
1. **Core Account Setup**
* You designate one AWS account (any account in your organization) as the **core scheduler account**.
* The core account hosts the scheduler infrastructure that manages all schedules and actions.
2. **Connecting Other Accounts**
* All other AWS accounts connect to the core account through a **cross-account IAM role**.
* This allows the Scheduler to securely execute actions (e.g., start/stop/scale) across multiple accounts without duplicating infrastructure.
This design keeps the setup lightweight, centralized, and easy to maintain while supporting multi-account environments.
## Accessing the Scheduler
{% stepper %}
{% step %}
Log in to your **OneLens** account.
{% endstep %}
{% step %}
Navigate to the **Scheduler** section from the left sidebar.
{% endstep %}
{% step %}
Click **Getting Started with Scheduler Setup**.
{% endstep %}
{% step %}
Following steps to be followed in order to perform deployment:
1. [**Set up Core Infrastructure**](#set-up-the-core-infrastructure)
2. [**Connect Other Accounts**](#connect-the-other-accounts)
3. [**Provide Account Details**](#provide-account-details-and-finalize)
{% endstep %}
{% endstepper %}
{% hint style="warning" %}
## **OneLens Permission Requirement**
OneLens requires permission to:
* **Assume Customer SQS Message Role** – Used to process and deliver scheduled execution messages.
After setup, OneLens only interacts with the **CustomerQueue (SQS)** in your core account. These messages carry scheduling instructions (e.g., start/stop resources) that are executed in connected accounts.
{% endhint %}
## Set Up the Core Infrastructure
You can deploy the OneLens core infrastructure in **any AWS account**—it does not need to be limited to a master or delegated account.
### **Role of Core Account**
This is the AWS account where the OneLens Scheduler service will be deployed.\
It serves as the **central hub** that:
* Creates and manages all schedules for your organization
* Assumes roles in child accounts to perform scheduled actions (start/stop instances, etc.)
* Coordinates cross-account operations through secure IAM role assumptions
* Maintains centralized security policies and access controls
Before you proceed, verify the CloudFormation Template (CFT) using the following link:
{% code overflow="wrap" %}
```url
https://prod-onyx-backend.s3.ap-south-1.amazonaws.com/assets/scheduler/cft/main/onelens_scheduler_onboard_main_account.json
```
{% endcode %}
### Deploy the CFT as a Stack
1. **Sign in** to the AWS Management Console for the account where you want the core infrastructure.
Account Permission Required
Before deploying the stack, ensure that the AWS account running the setup has the following permissions:
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iam:*",
"lambda:*",
"sqs:*",
"scheduler:*",
"s3:GetObject",
"sts:AssumeRole"
],
"Resource": "*"
}
]
}
```
These permissions are strictly used for setting up and operating the OneLens Scheduler. They enable it to create and manage required AWS resources and communicate with your SQS queues to run schedules.
2. Navigate to CloudFormation and click **Create Stack**.
3. Choose **Use an existing template**.
4. Use this URL to paste in template section.
3. Under the **Parameters** section, enter your **Tenant ID**.
* You can find this on the **Onboarding Setup** page in OneLens, under *Core Infrastructure setup*.
For `DeployMainScheduler`:
* Select **Yes** if this is your first-time deployment of the Scheduler.
* Select **No** if the Scheduler has already been deployed previously (for example, when adding additional services).
4. Acknowledge the role creation.
5. Review the details and click **Submit.**
6. Wait for deployment to complete.
### **Resources Created**
When you deploy the core scheduler infrastructure in your chosen account, the following resources are created:
List of Resources
| Resource Name | Description |
| -------------------------------------------------------------- | ------------------------------------------------------------------- |
| SQS Queue – `CustomerQueue` | Handles incoming schedule messages. |
| SQS Queue Policy – `CustomerQueuePolicy` | Grants required access permissions to the SQS Queue. |
| EventBridge Schedule Group – `SchedulerGroup` | Groups and manages all schedule rules. |
| Scheduler Execution Role – `SchedulerExecutionRole` | Provides permissions for executing schedules. |
| SQS Message Role – `SQSMessageRole` | Allows sending messages to the queue. |
| Orchestrator Execution Role – `OrchestratorExecutionRole` | Enables the orchestrator to coordinate schedule executions. |
| EC2 Scheduler Execution Role – `EC2SchedulerExecutionRole` | Grants permissions to start/stop EC2 instances. |
| Distributor Execution Role – `DistributorExecutionRole` | Allows the distributor to send tasks to execution Lambdas. |
| Orchestrator Lambda – `OrchestratorLambda` | Main scheduling orchestrator function. |
| Orchestrator SQS Event Mapping – `OrchestratorSQSEventMapping` | Connects the Orchestrator Lambda to the SQS Queue. |
| EC2 Scheduler Lambda – `EC2SchedulerLambda` | Performs EC2 start/stop actions. |
| Distributor Lambda – `DistributorLambda` | Distributes execution requests to the appropriate Lambda functions. |
## Connect the Other Accounts
To enable the core Scheduler infrastructure to manage resources in other AWS accounts, deploy the provided CFT template in each account (or centrally using **StackSets**).
This template:
* Creates an **IAM role** with the required permissions (e.g., EC2 start/stop).
* Configures a **trust policy** that allows the core account to assume this role.
* Applies **resource-based policies** to ensure secure cross-account acces
### **Deploy Child CFT as a StackSet**
1. Sign in to the **AWS Management Console** in your **management/organization root account**.
2. Navigate to CloudFormation, select StackSets and click **Create Stack**.
3. Select **Service-managed permissions** as the Permission Model.
4. Use this URL to paste in template section.
5. Select a Preferred Stack Name.
6. In the **Parameters** section, enter your **Core Account ID where infrastructure is installed** under `DelegateAccountID` section.
7. Add any desired tags and click **Next**.
12. Select a region where you want to deploy the child stack.
13. Define the maximum concurrent accounts linked in your organization. Select **Parallel** for region concurrency and click **Next**.
14. Acknowledge IAM role creation and click **Submit**.
15. Allow deployment to complete.
{% hint style="warning" %}
## Note
If you prefer connecting accounts individually instead of using a StackSet, you can deploy the **Child Onboarding CFT** as a CloudFormation stack in each account one by one.
{% endhint %}
## Provide Account Details
Once you have deployed the **Core Infrastructure** and connected any **Child Accounts**, head back to the **OneLens Scheduler Setup** page.
Under **Step 3 – Provide Account Details**:
{% stepper %}
{% step %}
Click **Enter**.
{% endstep %}
{% step %}
Fill out the **Account ID** and **Region** for the account where you deployed the core infrastructure and Click on **Save**.
{% endstep %}
{% step %}
Click **Finish** to complete the setup.
{% endstep %}
{% endstepper %}
After clicking **Finish**, your Scheduler will be fully operational. Next up, you learn about [creating schedules](/automate/schedulers/create-schedules.md) in your OneLens account.
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:
```
GET https://docs.onelens.cloud/automate/schedulers/install-schedulers.md?ask=&goal=
```
`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
