Automating EC2 Tasks with AWS Lambda

You’d be forgiven for missing the handful of AWS Lambda additions announced at this year’s Re:Invent keynote among the flurry of exciting headline features. The addition of Python as an accepted language and the ability to schedule the triggering of functions might not seem all that revolutionary when compared to QuckSight or Amazon’s Internet of Things offering. The new features of Lambda do empower administrators in new and unique ways though, and ensure being an engineer in Amazon’s cloud is as rewarding as ever.

Lambda is a service in Amazon Web Services that runs code on demand, either as the result of an action (HTTP request, SNS notification, etc.) or on a static schedule. The snippet of code can access other AWS services via the IAM role assigned to it. This enables Lambda functions to perform mundane maintenance tasks on a regular schedule, or as the result of a CloudWatch alarm notification.

The Demo

LambdaPythonExample

In this post, I’m going to walk you through the process of creating a Lambda code snippet that has the ability to shut down tagged EC2 Instances on a schedule, something every system administrator I know has created in the scripting language of their choice at some point in their cloud computing experience. While shutting down systems automatically each night is a great cost saving measure, the real story resides in the power that this type of interaction gives those who maintain these environments.

  1. To begin, navigate to the Lambda console in the region where you’d like to perform the automated shutdowns. The Python script in this example utilized Amazon’s boto3 library, enabling the script to communicate with any region the associated IAM role can access.
  2. If this is your first time in Lambda, you’ll see an introductory landing page with a “Get Started Now” button in the center. Go ahead and click it. If you’ve played with Lambda in the past, you’ll have the option to “Create a Lambda function” in the upper left.
  3. The next screen presents you with a series of blueprints and quick start configurations, I would recommend skipping this section.
  4. Choose a name for your automated shutdown function, and give it a short description. It’s here that you can select the language of your choice and being scripting.
  5. You can see the script I used below. Feel free to modify the script to meet your needs. Keep in mind that my script is looking for the tag “AutoOff” with a value of “True”.
  6. You’ll have to assign the script with a IAM role to grant it access to your EC2 instances. You’ll want to ensure the policy you create is strict enough to limit liability (make sure the role cannot terminate instance) while still having the ability to shut down and start up servers.LambdaRoleSelection
  7. The default memory selection will work for this purpose. You may need to increase the timeout setting. If the timeout setting is greater than one minute, you may not be able to capture your output to the CloudWatch Logs. We’ll create an alarm to keep an eye on this later in the tutorial.
  8. You can now proceed to the next section.
  9. Navigate to the “Event sources” tab to enable the Lambda function trigger. For this script, we’ll be creating a trigger that will shut down the servers every night at 7PM CST. For this, we’ll be using the Schedule Event source type with the “cron” schedule expression (i.e. cron(0 12 ? * MON-FRI *)).
    1. You’ll notice a number of option in the event source type drop down. Among them the ability to run a Lambda function as the result of an SNS notification. This type of activities can be triggered as the result of a CloudWatch alarm for proactive maintenance (such as scaling out when resources become constrained).LambdaEventSourceCron
  10. That’s it! If you’ve tagged your instances already, you can go ahead and give the script a whirl to see how it performs. Pretty snappy, huh?

If you’re interested in taking this a step further and putting alarms in place to ensure the Lambda function is healthy, the place to start is the “Monitoring” tab. By selecting the “Invocation duration” chart, you have the ability to create a CloudWatch alarm that can notify you if the Lambda function begins to approach the selected timeout duration.

LambdaMonitoring

Looking Forward

The above example is a demonstration of how code running on a schedule, or on demand, can begin to make the job of System Administrators a bit easier. Couple this with the ability to react to degraded services, monitor network activity and perform routine maintenance tasks such as snapshotting and you begin to see the true power of Lambda for System Administrators.

At Equinix Professional Services for Cloud (EPS Cloud), we’ve already begun to work with our clients in training and implementing these types of Lambda solutions. We believe it’s important to keep our customers up to date on the latest product announcements, and working with them to apply this cutting edge tech to real world problems is one of the many things that makes being a Cloud Architect so exciting.