Automation rules
Automation rules automatically implement recommended actions based on your defined criteria and schedule. Automation rules are global resources that manage automated actions across all AWS Regions where Compute Optimizer Automation is available. You can create, update, and delete automation rules from any AWS Region where Compute Optimizer Automation is available.
Rule type
There are two types of rules:
Account rules: Rules that apply recommended actions only to your account.
Organization rules: Rules that centrally apply recommended actions across member accounts.
Note
Only the management account or delegated administrator can create organization rules. You can only select member accounts with Automation enabled and organization rules allowed can be selected for the rule to apply. Member accounts can view the details of organization rules that apply to their account but cannot edit them. Organization rules can be configured to apply before or after member account rules.
Rule criteria
When configuring a rule, choose the recommended action types you want your rule to implement, such as snapshot and delete unattached Amazon EBS volumes and upgrade Amazon EBS volume type. Refine your selection using criteria such as AWS Region and Resource Tags. Then preview the current matching recommended actions to validate your criteria.
Important
If you don't specify rule criteria, Compute Optimizer applies all the selected recommended actions types in the accounts you select in your rule scope, including recommended actions in all AWS Regions where Compute Optimizer Automation is available.
The following recommended action attributes and comparison operators are supported for automation rules:
| Attribute | Operator | Field type |
|---|---|---|
|
Current volume size (GiB) |
|
Integer |
|
Current volume type |
|
String |
|
Estimated savings ($) |
|
Double |
|
Lookback period (days) |
|
Integer |
|
AWS Region |
|
String |
|
Resource ARN |
|
String |
|
Resource tags |
|
Resource Tag |
|
Restart needed |
|
String |
You can specify up to 20 conditions per attribute and 20 values per condition. For more information, see Criteria in the AWS Compute Optimizer Automation API Reference.
Comparison operators
Use comparison operators in rule criteria to match recommended action attributes against the values you specify.
Important
If the attribute that you specify in your rule criteria is not present on the recommended action, the values do not match, the condition is false, and the recommended action is excluded from the rule. This logic applies to all comparison operators except the ...IfExists operators, which evaluate to true when the attribute is not present. The ...IfExists operators test whether the attribute is present (exists) on the recommended action.
String condition operators
String condition operators let you define rule criteria that compare a recommended action attribute to a string you specify.
| Condition operator | Description |
|---|---|
|
Exact matching, case sensitive. |
|
Negated exact matching, case sensitive. |
|
Exact matching, ignoring case. |
|
Negated matching, ignoring case. |
|
Case-sensitive matching. The values can include multi-character match wildcards ( |
|
Negated case-sensitive matching. The values can include multi-character match wildcards ( |
Note
Using * alone as a value with StringLike matches any value that is present. When combined with StringNotLike, a value of * means "does not match anything" — effectively excluding all recommended actions where the attribute is present. For example, using StringNotLike on a tag key Application with value * excludes any recommended action that has the Application tag, regardless of the tag's value.
Numeric condition operators
Numeric condition operators let you define rule criteria that compare a recommended action attribute to an integer or decimal number.
| Condition operator | Description |
|---|---|
|
Exact numeric matching. |
|
Negated numeric matching. |
|
"Less than" matching. |
|
"Less than or equals" matching. |
|
"Greater than" matching. |
|
"Greater than or equals" matching. |
For example, you can use NumericGreaterThanEquals with the Lookback period attribute to create a rule that only automates recommended actions where the lookback period used to generate the recommendation is at least 32 days.
IfExists operators
Append IfExists to any comparison operator (for example, StringLikeIfExists) to change how a condition is evaluated when the attribute you specify is absent from a recommended action:
With a base operator, an absent attribute evaluates to false, and the recommended action is excluded from the rule.
With the
...IfExistsvariant, an absent attribute evaluates to true, and the recommended action is included.
IfExists is helpful when you want to exclude a specific group of resources from a rule but still include the resources that don't carry the tag you're filtering on. For example, you might want to include everything except the resources owned by one team. A base StringNotEquals on team = TeamA excludes TeamA's resources, but it also excludes every resource that doesn't carry the team tag at all — leaving out resources you intended to include. Add IfExists to keep those untagged resources in scope:
StringNotEquals matches only resources that have the
teamtag set to a value other thanTeamA. Untagged resources are excluded.StringNotEqualsIfExists matches resources without the
teamtag and resources where it is set to any value other thanTeamA. Only resources taggedteam=TeamAare excluded.
IfExists is also helpful when you want to let resource owners exclude their own resources from automation. You can designate a dedicated opt-out tag, such as automation-opt-out, that an owner applies to any resource they want to leave out. In this case, the presence of the tag matters, not its value, so use StringNotLikeIfExists with the value * on the automation-opt-out tag key. The * wildcard matches any value, so Compute Optimizer excludes every resource that carries the tag. The IfExists variant keeps the resources that don't carry the tag in scope; without it, every untagged resource would be excluded as well.
Rule criteria examples
Example: Include only recommended actions in specific Regions
The following rule criteria uses StringEquals on the AWS Region attribute to match recommended actions for resources in us-east-1 or us-west-2. When you specify more than one value for a condition, the values have an OR relationship — a recommended action matches the condition if its attribute value matches any one of the values.
Criteria configuration:
| Attribute | Operator | Values |
|---|---|---|
AWS Region |
|
|
Evaluation:
| Attribute value | Result |
|---|---|
|
Match |
|
Match |
|
No match |
Example: Include only recommended actions generated with a minimum lookback period
The following rule criteria uses NumericGreaterThanEquals on the Lookback period (days) attribute to only automate recommended actions where the lookback period used to generate the recommendation is at least 32 days. This lets you require a longer observation window before a recommended action is automated.
Criteria configuration:
| Attribute | Operator | Values |
|---|---|---|
Lookback period (days) |
|
|
Evaluation:
| Attribute value | Result |
|---|---|
|
Match |
|
No match |
Example: Include recommended actions unless the resource belongs to a specific team
Consider a platform team that enables Compute Optimizer Automation across many accounts but wants to leave one team's resources out of the rule. The team already tags resources with a team tag for other purposes, but not every resource carries it. They want automation applied broadly while excluding any resource tagged team = TeamA.
The following rule criteria uses StringNotEqualsIfExists on the Resource tags attribute, with the tag key team and the value TeamA. A recommended action is included when the resource doesn't have the team tag at all, or when the tag is set to any value other than TeamA. Because many resources won't carry the tag, IfExists is what keeps them in scope — without it, every untagged resource would be excluded.
Criteria configuration:
| Attribute | Operator | Tag key | Values |
|---|---|---|---|
Resource tags |
|
|
|
Evaluation:
| Recommended action state | Result | Explanation |
|---|---|---|
The resource does not have the |
Match |
The attribute is absent, and |
The resource has tag |
Match |
The tag is present and the value does not match |
The resource has tag |
No match |
The tag is present and the value matches |
Example: Include recommended actions unless the resource has an opt-out tag
You can let resource owners exclude individual resources from automation by applying a dedicated opt-out tag. In this example, an owner adds the automation-opt-out tag to any resource they want to leave out.
The following rule criteria uses StringNotLikeIfExists on the Resource tags attribute, with the tag key automation-opt-out and the value *. The * wildcard matches any value, so any resource that carries the tag is excluded. A recommended action is included when the resource doesn't have the automation-opt-out tag.
Criteria configuration:
| Attribute | Operator | Tag key | Values |
|---|---|---|---|
Resource tags |
|
|
|
Evaluation:
| Recommended action state | Result | Explanation |
|---|---|---|
The resource does not have the |
Match |
The attribute is absent, and |
The resource has tag |
No match |
The tag is present, and |
The resource has tag |
No match |
The tag is present, and |
Example: Combine multiple criteria
You can combine multiple criteria to narrow the scope of your rule. All criteria must match for a recommended action to be included in the rule (AND logic).
The following configuration automates EBS volume recommended actions that:
Are in us-east-1 and us-west-2
Were generated with a lookback period of at least 32 days; and
Are not opted out of automation (no
automation-opt-outtag).
This rule includes a recommended action only when all three conditions are met simultaneously.
Criteria configuration:
| Attribute | Operator | Values |
|---|---|---|
AWS Region |
|
|
Lookback period (days) |
|
|
Resource tags (key: |
|
|
Schedule
Set a schedule for when your rule runs by specifying the frequency (daily, weekly, or monthly), start time, end time, and timezone. During this window, Compute Optimizer will start implementing recommended actions that match your specified criteria. The number of actions that get initiated depends on the duration of your scheduled time window, Compute Optimizer Automation's concurrency limit, and the time required to complete each action. Automated actions will show as "In-Progress" until all steps in the automation workflow are fully completed. Up to 100 actions can be in-progress concurrently per account per AWS Region.
Rule order
By default, rules are created with rule order 1 (highest priority) within their rule group. For example, when a management account creates an organization rule configured to apply after member account rules, it receives a rule order of 1, the highest priority among all rules in that group. Rule group and rule order determine which rule applies when a recommended action in an account matches multiple rules. Compute Optimizer assigns the action to the active rule with the lowest rule order value (highest priority), regardless of when that rule is scheduled to run.
For example, if a recommended action matches all of the rules in the following table, Compute Optimizer assigns it to Rule-C and implements it according to Rule-C's schedule.
| Rule group | Rule order | Rule name | Status | Schedule |
|---|---|---|---|---|
|
Organization rules evaluated before member account rules |
1 |
Rule-A |
Inactive |
Weekly on Mondays from 12:00 to 13:00 UTC |
|
2 |
Rule-B |
Inactive |
Daily from 12:00 to 13:00 UTC |
|
|
Member account rules |
1 |
Rule-C |
Active |
Monthly on 15th from 12:00 to 13:00 UTC |
|
2 |
Rule-D |
Inactive |
Monthly on 15th from 12:00 to 13:00 UTC |
|
|
Organization rules after before member account rules |
1 |
Rule-E |
Inactive |
Weekly on Mondays from 12:00 to 13:00 UTC |
|
2 |
Rule-F |
Active |
Daily from 12:00 to 13:00 UTC |
