Introduction Last updated: 2023-05-30

Welcome to the cloudnap.io documentation pages.

With cloudnap.io, you can automate the scheduling of off hours for your AWS resources, so that you can save on your AWS charges. You can turn off and/or scale down unused resources during off hours, fully automatically, and bring them back up when needed again.

cloudnap.io integrates with your teams and development workflows using ChatOps (via Slack and Teams) as well as through our API.

Work in progress

The documentation is currently work-in-progress, and represents the state of the service in the current phase of development.

Getting Started

Subscribing to our service

Use the AWS Marketplace to subscribe to our service. Through AWS Marketplace, our service is invoiced from you as part of your AWS monthly bill, and requires no separate contracts and/or payment methods to be established.

Note

If you have multiple AWS accounts, we recommend that you subscribe to our service only once from one account. You can use our service against multiple accounts with a single subscription.

Provisioning our access

In order for cloudnap.io to be able to schedule your resources, we need an access role provisioned in each of your AWS accounts that you want to use our service with.

This access role provides us with limited access to your AWS resources. We access this role using cross-account role assume, which is an AWS security best practice. We further utilize an external ID to further enhance the security when assuming the role.

Note

The access policies in our role are designed with a least privilege principal. The permissions you will grant us allow us to only perform the functions required by our service, and nothing more.

Specifically, the policies grant us no access to your instances, your data or databases, or access into your networks.

You have multiple options to choose from on how to provision our access role:

You can install the provided CloudFormation template on the account(s)
You can use CDK to deploy the provided CDK stack on your account(s)
Or you can use any of the tools you already use, such as Terraform, to deploy the required role

Supported AWS services

We support the following AWS services:

Services	Capabilities
EC2	Stop/Start Instances. Scale down/up auto scaling groups.
ECS	Stop/Start Services. Scale down/up auto scaling.
EBS	Scale down/up EBS volume IOPS and throughput
VPC	Delete/Recreate NAT gateways
Lambda	Scale down/up Lambda function provisioned concurrent capacity
RDS	Stop/Start RDS instances and clusters
OpenSearch	Scale down/up instances size(s) for cluster nodes
Redshift	Stop/Start Redshift clusters
SageMaker	Stop/Start SageMaker notebook instances
MSK	Scale down/up MSK node instance size(s)

For the following AWS services, support is planned but not yet committed:

Services	Capabilities
DynamoDB	Scale down/up provisioned read and write capacity units.
Kinesis	Scale down/up provisioned Kinesis streams
ElastiCache	Backup & Terminate + Restore & Restart instances
Neptune	Stop/Start Neptune clusters
AppRunner	Pause & Resume AppRunner service
AppStream	Stop/Start AppStream Fleet
WorkSpaces	Stop/Start WorkSpace
Glue	Disable/Enable crawler schedules and triggers

Amazon EC2

Off hour method	Running EC2 instance(s) are stopped. Auto-scaling groups are scaled down by updating the ASG configuration with MinSize, MaxSize and DesiredCapacity = 0
On hour method	Stopped EC2 instance(s) are re-started. Auto-scaling groups are re-started by setting back the MinSize, MaxSize and DesiredCapacity to their original values.
Charge dimension	The instance's on-demand cost per hour. For auto-scaling groups, the number of instances for charge purposes is determined based on the number of instances running at the time the off hours begin.
Required IAM permissions	ec2:DescribeInstances ec2:StartInstances ec2:StopInstances autoscaling:DescribeAutoScalingGroups autoscalign:UpdateAutoScalingGroup
Limitations	Instances with instance store backed storage, and spot instances cannot be stopped, and are automatically excluded.
Notes	Instances that are configured for hibernation will be hibernated instead of stopped.

Amazon ECS

Off hour method	Running ECS services are stopped. Services that have an auto-scaling configuration will have that configuration disabled.
On hour method	Stopped ECS services are re-started. Services that had an auto-scaling configuration will have the configuration re-enabled.
Charge dimension	Fargate services: The on-demand hourly charge for memory and CPU. For EC2-backed services, no separate charge.
Required IAM permissions	ecs:DescribeClusters ecs:DescribeServices ecs:UpdateService ecs:ListTagsForResource application-autoscaling:DescribeScalingPolicies application-autoscaling:ListTagsForResource application-autoscaling:PutScalingPolicy
Notes	Old ECS resources created prior that have not yet opted-in to the new ARN format have limited tagging capabilities, and should be upgraded to the new format.

Amazon EBS

Off hour method	gp3, io1 and io2 volumes: Scale down provisioned IOPS (if any). gp3 only: Scale down provisioned throughput (if any)
On hour method	gp3, io1 and io2 volumes: Scale up provisioned IOPS. gp3 only: Scale up provisioned throughput.
Charge dimension	IOPS: the delta between the hourly charge for the hourly charge for provisioned IOPS. Throughput: the delta between the provisioned hourly charge for throughput.
Required IAM permissions	ec2:DescribeVolumes ec2:ModifyVolume
Limitations	A cooldown period of 6 hours is enforced by the EBS service between changes to the same volume.

Amazon VPC

Off hour method	Terminate NAT gateway(s)
On hour method	Create new NAT gateways, to previous subnet, with previous Elastic IP(s) if any, and add routes back to route tables.
Charge dimension	The hourly charge for NAT gateway
Required IAM permissions	ec2:DescribeNatGateways ec2:DescribeRouteTables ec2:AssignPrivateNatGatewayAddress ec2:UnassignPrivateNatGatewayAddress ec2:AssociateNatGatewayAddress ec2:DisassociateNatGatewayAddress ec2:CreateNatGateway ec2:DeleteNatGateway ec2:CreateRoute

AWS Lambda

Off hour method	Set provisioned concurrent capacity for functions to zero.
On hour method	Reset provisioend concurrent capacity for functions back to original value.
Charge dimension	The Lambda Provisioned Concurrency charge per GB and amount of concurrency provisioned
Required IAM permissions	lambda:ListFunctions lambda:ListProvisionedConcurrencyConfigs lambda:PutProvisionedConcurrencyConfig

Amazon RDS

Off hour method	Stop RDS instances and clusters
On hour method	Start RDS instances and clusters
Charge dimension	The hourly charge for the RDS instances
Required IAM permissions	rds:DescribeDBInstances rds:DescribeDBClusters rds:StopDBInstance rds:StopDBCluster rds:StartDBInstance rds:StartDBCluster
Limitations	An Amazon RDS for SQL Server DB instance in a Multi-AZ configuration cannot be stopped. Any stopped RDS instances are automatically restarted by RDS service if they remain stopped for more than 7 days.

Amazon OpenSearch/ElasticSearch

Off hour method	Scale down to smallest possible instance type
On hour method	Scale back up to the previous instance type.
Charge dimension	The delta between the hourly charge of the instance types.
Required IAM permissions	es:ListDomainNames es:ListTags es:ListVersions es:DescribeDomain es:DescribeDomainConfig es:DescribeDomainNodes es:UpdateDomainConfig
Limitations	AWS limitations for instance types as documented.

Amazon Redshift

Off hour method	Pause the Redshift cluster
On hour method	Resume the Redshift cluster
Charge dimension	The hourly charge for the Redshift cluster instances.
Required IAM permissions	redshift:DescribeClusters redshift:PauseCluster redshift:ResumeCluster

Amazon Sagemaker

Off hour method	Stop running Sagemaker notebook instances
On hour method	Start Sagemaker notebook instances
Charge dimension	The hourly charge for the Sagemaker notebook instances.
Required IAM permissions	sagemaker:ListNotebookInstances sagemaker:DescribeNotebookInstance sagemaker:StartNotebookInstance sagemaker:StopNotebookInstance

Amazon Managed Streaming for Apache Kafka

Off hour method	Scale down MSK cluster instance size
On hour method	Scale up MSK cluster instance size
Charge dimension	The delta of the hourly charge for the MSK instance types.
Required IAM permissions	kafka:ListClustersV2 kafka:ListTagsForResource kafka:DescribeClusterV2 kafka:UpdateBrokerType
Limitations	MSK limits the broker size based on the number of partitions per broker.

Configuration

All aspects of cloudnap.io configuration can be managed either via our management console, or via our API.

The folowing concepts, and the relationships between them, define how cloudnap.io managed the scheduling of offhours for your resources:

Concept	Explanation
Deployment	The highest level concept.
AWS Account and Region	One or more AWS accounts and Regions must be mapped to a given Deployment.
Filters	Zero or more filters can be added to a Deployment.
Schedule	A single schedule must be attached to a Deployment.

Deployment

A deployment is the highest level concept defining a collection of resources across one or more AWS accounts in one or more AWS regions.

A deployment can be in Enabled or Disabled state. When Disabled, no off hours activities are performed.

Accounts and regions are independent

Resources in each AWS account and region are brough down and back up independent of each other.

AWS Account and Region

For simplicity, resources in a single AWS Account and Region are recommended to be attached to a single deployment only.

Take care if attaching to multiple deployment

If resources in an Account and Region are connected to multiple deployments, take care in crafting the related Filters in such a way that no single resource is connected to multiple deployments.

Filter

Filters can optionally be connected to a deployment. Filters operate either on an opt-in or opt-out bases (configurable per filter). If multiple filters are applied, the resulting collection of AWS resources is a combination (AND logic) of all the filters. If no filters are provided, then all resources in all the AWS accounts and Regions connected to the Deployment are in scope.

Two filters are supported at this time:

Service -filter
Tag -filter

Both filters can be used to either opt-in or opt-out of either AWS service categories, or individual resources based on tag key values.

A filter can be connected to multiple Deployments. In such case, an update to the filter is applied to all the connected Deployments.

Schedule

Schedules define when off hours begin and end. A single Schedule can be attached to a Deployment at any time. If no schedule is attached, the Deployment is effectively in a disabled state.

A schedule can be connected to multiple Deployments. In such case, an update to the Schedule is applied to all the connected Deployments.

Work in progress

Detailed documentation for the format of the schedule is not available yet

Integrations

cloudnap.io is built with a developer-first mindset. Our intent is to provide a service that integrates seamlessly to the daily life of a developer, and provides the integration options to commonly used tools.

ChatOps

In order to be easily accessible, cloudnap.io integrates to both Slack and Teams based chat tools.

You can invite the cloudnap bot into your chat channels. The bot will broadcast messages when environments are about to be brought down for off hours, as well when resumed, such as below:

From these messages, channel members can directely postpone or cancel the off hours action if their work is not yet complete for the day.

Work in progress

Detailed documentation for the Chat integrations is not available yet

API

All aspects of the configuration of cloudnap.io can be managed using our REST API.

Work in progress

Detailed documentation for the API is not available yet