Problem Statement

Instance retirement notifications are sent via email and only to the email address associated with the account. Email can be lost or ignored and does not make for readably actionable events.

Instance Retirement

An instance is scheduled to be retired when AWS detects irreparable failure of the underlying hardware hosting the instance. When an instance reaches its scheduled retirement date, it is stopped or terminated by AWS. If your instance root device is an Amazon EBS volume, the instance is stopped, and you can start it again at any time. Starting the stopped instance migrates it to new hardware. If your instance root device is an instance store volume, the instance is terminated, and cannot be used again.


By default AWS will send an email to the account owner prior to the event with the instance ID and retirement date. In order to have a more easily expandable process, and broaden the scope of notification, a CloudWatch event can be created and multiple targets can be defined.

The CloudWatch event is account specific. If you have multiple accounts, you will need to define a CloudWatch event in each account.

CloudWatch Event

From the CloudWatch dashboard you will need to create a new event and its corresponding rule. This rule builds off of an event pattern :

  • Service Name : Health
  • Event Type : Specific Health Events
  • Specific service : EC2
  • Specific event type category : scheduledChange

At least one target will need to be defined for the event. The target could be a Lambda function, SNS topic, SQS queue, Kinesis stream, Built-in target, Step Function, or SSM Run Command.

After defining the target you will configure the rule details which include rule name, description, and state.

The JSON code below is what the final CloudWatch event looks like.

  "source": [
  "detail-type": [
    "AWS Health Event"
  "detail": {
    "service": [
    "eventTypeCategory": [
    "eventTypeCode": [



  • No labels