could any one please help me the lambda code , whenever AWS Ec2 instances get stopped, we need to get the email notifications with sns. In the email we need instance name. I could able to get instance id but not the instance name.
AWS CloudTrail allows you to identify and track EC2 instance lifecycle API calls (launch, start, stop, terminate). See How do I use AWS CloudTrail to track API calls to my Amazon EC2 instances?
And you can trigger a Lambda function to run arbitrary code when CloudTrail logs certain events. See Triggering a Lambda function with AWS CloudTrail events.
You can also create an Amazon CloudWatch alarm that monitors an Amazon EC2 instance and triggers a Lambda via CloudWatch Events.
You can create a rule in Amazon CloudWatch Events that:
Triggers when an instance enters the Stopped state
Sends a message to an Amazon SNS Topic
Like this:
If you want to modify the message that is being sent, then configure the Rule to trigger an AWS Lambda function instead. Your function should:
Extract the instance information (eg InstanceId) from the event parameter
Call describe-instances to obtain the Name of the instance (presumably the Tag with a Key of Name)
Publish a message to the Amazon SNS Topic
Related
I have been trying to create cloudwatch alarm when instance gets stopped but couldn't find direct way. From event subscriptions i can send notification when instance gets stopped. Is there any way cloud watch alarm can be triggered for the same.
Amazon EventBridge can be configured to trigger an event when a state change occurs on an EC2 instance. Use:
Event source: EC2
Event type: EC2 Instance State-change Notification
You can setup a target for the event to be a Lambda
The Lambda can API_PutMetricData for a metric you create. You can setup a CloudWatch Alarm on this metric
This tutorial shows you how to setup the EventBridge rule and the Lambda.
I would like to send out alerts and create logs any time an instance is created within an aws account. The instances in the account are mostly static and are rarely changed, so an alert should go off when an unauthorized change is made.
How can I create a cloudwatch alarm that can do this?
I can think of 2 options:
Option 1 - You write code
Enable CloudTrail
Have S3 trigger a Lambda function for PutObject (gets triggered whenever CloudTrail delivers events)
Write a Lambda function that reads the passed S3 object, looks for RunInstances event and sends a mail including instance name, instance id, who launched the instance etc., using AWS SES
You pay for CloudTrail+S3 only (SES cost is negligible)
Option 2 - Let AWS do everything
Enable CloudTrail
Have CloudTrail logs delivered to CloudWatch
Add an alarm in CloudWatch to send you an alert using SNS when CloudWatch detects RunInstances
You pay for CloudTrail+S3+CloudWatch
More info: Sending Events to CloudWatch Logs
I want to run an AWS lambda function that is triggered by an SNS topic that publishes when an EC2 instance state is changed to running or terminated.
All that I can find online is relating to Autoscaling group events. Are there events that can publish to SNS when an instance is terminated or created?
You can create a Cloudwatch event rule for that particular case.
Is it possible to create a CloudWatch alarm that triggers when my EC2 instance is accessed from a remote location (using SSH login with key pairs, for example)?
There is no in-built capability to perform an action when users login to an Amazon EC2 instance. You would have to write a script that activates when users login, checks the situation and then triggers a notification.
Amazon CloudWatch alarms trigger when a metric exceeds a pre-determined value. Therefore, you would need to do the following:
Have your custom script detect the situation and then publish a custom metric to CloudWatch
Create an Alarm in CloudWatch that triggers when the metric exceeds your desired value (for example, when it is greater than zero)
Configure your alarm to respond as desired (eg send a notification via SNS)
If you just wish to receive a notification when the user logs-in, you could bypass CloudWatch and just have your script publish a message to the SNS (Simple Notification Service) topic directly. It would have the same result.
I need to receive notifications whenver my instance in terminated. I know it can be done by cloudtrail and then using sns and sqs to get email for it, if you receive event of termination.
Is there a simpler way to do that ?
Any solution will is appreciated, but I prefer is doing using boto.
While it is not possible to receive a notification directly from Amazon EC2 when an instance is terminated, there are a couple of ways this could be accomplished:
Auto Scaling can send a notification when an instance managed by Auto Scaling is terminated. See: Configure Your Auto Scaling Group to Send Notifications
AWS Config can also be configured to send a Simple Notification Service (SNS) notification when resources change. This would send many notifications, so you would need to inspect and filter the notifications to find the one(s) indicating an instance termination. See the SNS reference in: Set Up AWS Config Using the Console and Example Amazon SNS Notification and Email from AWS Config.
Amazon Simple Notification Service (SNS) can also push a message to Amazon Queueing Service (SQS), which can be easily polled with the boto python SDK.
Receiving notifications via CloudTrail and CloudWatch Logs is somewhat messier, so I'd recommend the AWS Config method.
Now AWS introduced "rules" Under "Events" in AWS CloudWatch. In your case, you can select EC2 as Event Selector and SNS or SQS as Targets.
https://aws.amazon.com/blogs/aws/new-cloudwatch-events-track-and-respond-to-changes-to-your-aws-resources/
According to the AWS doc: Spot Instance Interruptions, it is possible to pool the instance-metadata in order to get an approximation of the termination time. You can build any custom monitoring solution around that.
> curl http://169.254.169.254/latest/meta-data/spot/instance-action
{"action": "stop", "time": "2017-09-18T08:22:00Z"}
If the instance is not scheduled for termination a http:400 will be returned.