Lambda function to monitor EC2 snapshots

June 14, 2020

By Arjun R Dev, Devops Engineer

A snapshot is a point-in-time copy of data. The best thing about snapshot over a normal backup is it is an effortlessness to rollback.

Prerequisites

  • Ec2 instances
  • Snapshots with tags “eg – backup”
  • Creation of IAM role and policy that will allow Lamda to interact with EC2.

Check the below policy for reference
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: [
“logs:*”
],
“Resource”: “arn:aws:logs:*:*:*”
},
{
“Effect”: “Allow”,
“Action”: “ec2:Describe*”,
“Resource”: “*”
}
]
}

Steps to create IAM role and to attach policy is as below 

  • Go to Services, IAM, Create a new Role
  • Select the option Lambda and not any policy
  • Click Next and Create a Role
  • Enter the role name (Eg:ebs-lambda-worker)
  • Select the new role, and click attach policies
  • Click the option Create Policy
  • Select the option JSON and insert the content of the above snippet
  • Click the button “Review Policy button”
  • Provide a name for the policy and click the “button create policy”
  • Now select the policy that you have created and click the “button policy actions” and select the option to attach

Steps to create a Lambda function

  • Go to Services, Lambda, and click Create a Lambda Function
  • Write a name for it
  • Select Python 2.7 as a Runtime option
  • Select the previously created IAM role
  • Click Create Function
  • Paste the code below in the inline editor

import boto3
from botocore.exceptions import ClientError
from datetime import datetime,timedelta

def lambda_handler(event, context):
filters = [{‘Name’: ‘tag-key’, ‘Values’: [‘backup’]}]
#define retention period(in days)
retention_days = 10
now = datetime.now()
#create EC2 client
ec2 = boto3.client(‘ec2’)
#list of regions
regions = ec2.describe_regions().get(‘Regions’,[] )
numberofsnapshot = 0
old = 0
# search in regions for instances
for region in regions:
print “Checking region %s ” % region[‘RegionName’]
reg=region[‘RegionName’]
ec2 = boto3.client(‘ec2’, region_name=reg)
result = ec2.describe_volumes( Filters=[{‘Name’: ‘status’, ‘Values’: [‘in-use’]}])
for volume in result[‘Volumes’]:#get the volume ID of the instance
result1 = ec2.describe_snapshots(Filters=filters)
for snapshot in result1[‘Snapshots’]:#get the snapshot details and store it in to the variable snapshot
print “Checking snapshot %s which was created on %s” % (snapshot[‘SnapshotId’],snapshot[‘StartTime’])
numberofsnapshot = numberofsnapshot + 1
time = snapshot[‘StartTime’].replace(tzinfo=None)
if (now – time) > timedelta(retention_days):#check if the timedelta is greater than retention days
old = old + 1
print “for volume %s found %s snapshots number of snapshots older than the retention date is %s “% (volume[‘VolumeId’],numberofsnapshot,old)

 

  • Make sure that timeout value is more than 1 minute
  • Please be noted that this lambda function will check for the snapshots which are having a tag “backup”. Hence if you are using any other scripts to generate snapshots please do make sure that the snapshot is having the same tag
  • Now click on the Test to execute the function
  • Once the execution is completed you will be able to see the result just below the lambda function

 

Conclusion

Lambda functions currently support the following languages: Node.js, Java, C#, and Python

AWS offers the run-time platform for Lamda to execute the “serverless” code.  Hence it is extremely profitable in terms of server space and cost.

Categories