By automatically stopping and starting tagged EC2 instances at predetermined times, the intention is to optimize utilization and save money.
Two Lambda functions as well as two CloudWatch event rules must be created. The lambda functions with the appropriate IAM roles, according to the event rules. It is necessary to alter the CloudWatch event schedule cron expression and add the tags “key= Instance Schedule” and “value= Yes/True” for EC2 in order to support automatic scheduling.
AWS components involved
Lambda function — A computational service that allows users to run programs without setting up or maintaining servers.
IAM — AWS resource access can be safely managed with the aid of this managed service.
CloudWatch Log group — It enables you to use the application, and custom log files for system and application monitoring and troubleshooting. You may monitor your logs using CloudWatch Logs in almost real-time for particular patterns.
CloudWatch Event Rules — A rule can contain both an event pattern and a schedule expression, in this instance, the rule triggers both on schedule and based on events that match the pattern.
1. You need an Amazon Web Services account.
2. A running EC2 instance with tags.
Note: Tag every instance that needs to be started/stopped automatically, as seen in the image below.
Steps to auto start/stop AWS EC2 instances using AWS Lambda
1. Create an IAM Role and Policy that allows the Lambda function to stop and start EC2 instances.
2. Create Lambda functions that stop/start EC2 instances.
3. Testing Lambda functions.
4. Create cloud watch event rules that trigger Lambda functions.
Create IAM role for Lambda
The first step is to create an IAM role for the Lambda function, which will be responsible for managing the EC2 instance’s lifecycles, such as starting/stopping. The actions listed below must be followed to create an IAM role:
- Click IAM under Services in the AWS dashboard.
2. In the left-side navigation panel, select Roles, and select Create role.
3. From the list of AWS Services, choose Lambda.
4. Click Next: Permission
5. At this point, you must select Create policy. A new window will open as a result. (We’ll establish a brand-new, unique policy for our Lambda function here.)
6. Choose the JSON tab. Remove the default code and add paste below JSON data.
7. Select Review Policy. After adding the policy’s description with the name ec2_start_stop_policy, click create policy.
8. Return to the previous tab where we are creating the Role.
9. You may search for and choose the newly formed policy, ec2_start_stop_policy, here.
10. Press Next: tags, followed by Next: review. Enter the role name ec2_start_stop_policy and a brief description of the role on the review page.
11. Next, select Create role. A new role with EC2 start/stop permissions has been created.
Create Lambda functions that start/stop EC2 instances
· Develop a Lambda function to stop instances. Following steps need to follow.
- Select Services and then Lambda
2. Click Author from scratch after selecting Create new function.
3. Choose Python 3.7 as the runtime and put the function name stop_instances under the basic Information tab.
4. Click on Choose or create an execution role to expand.
5. Click Create function after selecting Use an Existing Role under the Execution role and the role we built in the previous step, ec2_start_stop_scheduler.
6. After Lambda Designer is opened, scroll down to find Function Code.
7. You will discover an inline editor with lambda_function.py under the function code. Remove the file’s content, then paste the code below.
8. Enter 30 Seconds in Time out under Basic options by scrolling down.
9. Leave the other settings as they are and click Save in the top right corner.
· Testing stop_instances Lambda function
- It will prompt you to configure a test event the first time. Select Hello World as the event template or provide any other name for the event in the Event Name field.
2. Next, choose the test event, and then click Test. The output will read “Execution result: succeeded(logs),” which indicates that your lambda function is executed. Now that the tagged instance has stopped, you can see it on the EC2 console.
· Create Lambda function to Start Instance
1. Here follow the same steps as mentioned above for creating lambda function for stop instance and select the function name= start_instances
2. The following lambda code needs to be used.
· Testing start_instances Lambda function
Follow the same steps as mentioned in stop_instances lambda function testing.
Add an Amazon EventBridge scheduled rule to trigger the Lambda function
· Scheduling auto-stop Ec2 using CloudWatch events
- Open the Eventbridge console. Select Create rule.
2. Enter a name for the rule, such as “ stop_instances_event_rule”.
3. In the Define pattern, in the rule type select Schedule.
4. Cron expressions are evaluated in UTC, so enter an expression that instructs Lambda when to stop your instances. Make sure that you adjust the expression for your preferred time zone. Enter a cron expression; the purpose is to schedule an event every day at 7 p.m.
5. In Select targets, choose the Lambda function from the Target drop-down menu.
6. For Function, choose the function “stop_instances” that stop EC2 instances.
7. After you scroll down, click Create.
· Scheduling auto start using CloudWatch events
To establish a rule to start your EC2 instances, repeat steps 1 through 8 from above. Make the following adjustments:
– Give your rule a name, e.g., “start instances event rule”.
– In step 5, for Cron expression, enter an expression that tells Lambda when to start your instances.
-In step 7, for Function, choose the function that starts your EC2 instances as “start_instances”.
Create CloudWatch Log Group for both Lambda functions.
- Open the CloudWatch console. Select Log groups from the navigation pane.
2. Choose Actions, and then choose to Create log group.
3. Enter a name for the log group, and then choose to Create log group.
4. Repeat these steps to create a log group for the start lambada function, and a log group for both lambda functions created.
To view log data
1. Open the CloudWatch console. Select Log groups from the navigation pane.
2. For Log Groups, choose the log group to view the streams.
3. In the list of log groups, choose the name of the log group that you want to view.
4. In the list of log streams, choose the name of the log stream that you want to view.
Delete EC2 Instance, IAM Role, IAM Policy, Lambda functions, CloudWatch event rule, and CloudWatch log group.
Written by – Manish Juneja