Osirium Logo

Stop Tagged EC2 Instances

Stop Tagged EC2 Instances Playbook IconStop Tagged EC2 Instances Playbook Icon

This task stops any running EC2 instances in a chosen region that contain all the supplied tags.

You can run this task interactively or from a PPA schedule.

It requires an AWS API key that has permissions to read & stop instances in EC2.

Playbook Files

Running this Playbook

  • Click download playbook
  • Import the downloaded file via the Playbooks page on PPA
  • Build the playbook from the Edit & Build tab
  • Run the playbook from the Preview & Deploy tab
* Requires PPA v2.9.x or newer


EC2 Region & Instance Tags

The region & instance tags are supplied either:

  • By the user if the task is started interactively
  • In a schedule payload (see API/Schedule Payload below)

Required PPA Configuration

As this task emails a report, you must have SMTP configured in PPA.

Required Vault Details


  • Access key ID
  • Secret access key

The key must have permissions to read instance details from EC2.

Vault Configuration Wizard

The first time you run a task built from this playbook, PPA will check the required Vault details exist.

If they don't exist, PPA will ask you to supply the details at the start of the task.

Below you can see a user providing details the first time they run an Active Directory task.


Once the details are added to Vault, the task won't ask for them again.

If you don't know the required details, ask an administrator to run the task or configure Vault manually.

API/Schedule Payload

To run this task from a schedule or API call, you'll need to supply the following in the payload:

  • The EC2 region
  • Instance tags
  • Reporting email address

The payload should be in this format:

  "region_name": "ec2-region-name",
  "email_address": "example@domain.com",
  "tags": {
    "environment": "development",
    "team": "engineering"

You can use the example payload above as a template.

What the Task Does


When run interactively this task will:

  • Ask the user to select an EC2 region, & supply any number of tag names & values
  • Find running EC2 instances in the selected region with all the supplied tags
  • Display them in a table & wait for the user to confirm
  • Stop the running instances
  • Ask the user whether to send an email report


When started from a schedule or API call, this task will:

  • Find running EC2 instances using both the region_name & tags defined in the task payload
  • Stop the running instances
  • Send an email report

Audit Failure Messages (optional)

This task can supply a message to the Activity page if sending the report email fails.

To test this do the following in PPA after you've built & tested the task:

  • Navigate to the Playbook Editor
  • Click the burger menu for your Playbook
  • Select Edit Metadata
  • Expand the Advanced section
  • Paste the JSON below into the Exit Codes section
  • Click Save
  "2": "Failed to send email report. SMTP is not configured in PPA.",
  "3": "Failed to send email report. Please view the logs for more information."

You can see how this is done below:


Product Boot Screen

Get PPA for free!

Start automating your estate with a free 30 day trial today. No signup required!

Get PPA Express


Theale Court
11-13 High Street, Theale
Reading, Berkshire, RG7 5AH
United Kingdom
+44 (0) 118 324 2444

Osirium Logo

Copyright 2020 Osirium Ltd.