The EC2 Right-Sizing Report is a feature that will automate the task of resizing any EC2 instances that are over- or under-utilized. The report will give you a selection of instances — each with a utilization rating — and you have the option to fix individual instances.
For security purposes, you will want to control A) which of your users can request changes and B) which of your users can approve/deny these requested changes. This is done so that you have authority over who can make changes to your actual AWS deployment through the Right-Sizing report.
These change requests are controlled by Workflows, which are then assigned to specific users via the User Groups management section. There are two types of Workflow permissions:
- Open Workflows: This is the permission to request a change, i.e. to “open a workflow”. This is the lower level of the two permissions — it gives the user only the ability to request that a right-sizing change is made.
- Admin Workflows: This is the permission to approve/execute the change or to deny the change.
In practice, once a right-sizing request is made, a user with Admin Workflow permissions will need to look at the request and decide whether to approve (and execute) the change, or to deny the request.
Creating User Groups and Workflows
Create a new user group or modify an existing user group by accessing the Groups menu, located at the top right of your screen under Settings > Partner/Account.
You can see full instructions for working with User Groups here — for now, you can click on New Group to continue.
Within the New Group screen, you will need to take the following steps:
- Name your group
- Add any users to the group
- Most importantly, add an Account ACL (Access Control List), which is where you can specify the Workflow to add to the group.
Within the Account ACL screen, select the AWS account that you want to give access to, and then click on the Automation tab. In this tab you will select one of the two Workflow options: Open Workflow or Admin Workflow. You can select one of the following two workflow options:
- Open Workflow: With this option, the user can open, and only open a workflow (i.e. open a right-sizing request), or…
- Admin Workflow: With this option, the user can approve and subsequently execute a request (all in one action), or deny a request.
- Note: When performing one of these actions within the right-sizing report, both the approve/execute and deny actions provide a comment field in order to give relevant feedback to the requestor.
Once you are complete, click OK to save your new Account ACL. You have now configured your account to have the proper workflow configuration for the Right-Sizing report.
The next step is to perform the Right Sizing actions.