I need to create AMI when a instance is terminated/shuts down to back it up. I setup a CloudWatch rule on EC2 Instance State Changed event to create AMI via SSM Run Command (Target document is AWS-RunShellScript(Linux)). It works fine, if I provide a hardcoded instance id to command parameter.
/home/ec2-user/createImage.sh i-123456
This rule needs to be applied to all instances. I need to get instance-id dynamically from source and send it to target. I tried Input Transformer but its not getting the data from source. Dynamic parameters like {{variable Name}} also not working. Any suggestions.
Thanks.
You can configure an Amazon CloudWatch Events rule:
You can have the rule trigger an AWS Lambda function that triggers the snapshot. When the Lambda function is triggered, the following information is passed to the function:
{
"version": "0",
"id": "01345791-08ce-baaf-78f5-437aca50f13c",
"detail-type": "EC2 Instance State-change Notification",
"source": "aws.ec2",
"account": "123456789012",
"time": "2017-09-12T00:28:55Z",
"region": "ap-southeast-2",
"resources": [
"arn:aws:ec2:ap-southeast-2:123456789012:instance/i-0cf605453b22f703e"
],
"detail": {
"instance-id": "i-0cf605453b22f703e",
"state": "stopped"
}
}
Note that the Instance ID is passed with the message, so you can use this in the CreateSnapshot command within the Lambda function.
Thanks John. I setup a Lambda function as a target in CloudWatch and successfully tested it. This link has the code to create AMI.
Related
Everytime an EC2 instance gets created, I want to run a script on that instance. I understand this could be done using the user_data parameter but some of these instances get created manually so people may forget to fill in that parameter sometimes. I want to rely on something automatic instead.
I figured to do it with EventBridge, catch an event that would indicate me that an instance has been created then trigger a lambda that would run the script. But when looking in the documentation I couldn't find any event that would relate to "EC2 created", see https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/monitoring-instance-state-changes.html.
Any idea how to get this done?
Create an EventBridge rule with the following pattern to catch the event:
{
"source": ["aws.ec2"],
"detail-type": ["AWS API Call via CloudTrail"],
"detail": {
"eventSource": ["ec2.amazonaws.com"],
"eventName": ["RunInstances"]
}
}
and configure the target of the rule to be an AWS lambda function. Configure the lambda to parse the event and invoke an SSM run command against the instance.
In my case I have an EventBridge Rule with the following detail:
{
"detail-type": ["EC2 Instance State-change Notification"],
"detail": {
"state": ["running"]
},
"source": ["aws.ec2"]
}
And my target is a lambda function that runs an SSM document on that instance.
I want to create a cloudwatch event to monitor the change in the state of all the EC2 instances in a specific region. This should work for both existing as well as for new instances.
If not via cloudwatch, can we create a cloudformation template or Boto3 script for the same?
You can use the below event pattern for state change off all resources
{
"source": [
"aws.ec2"
],
"detail-type": [
"EC2 Instance State-change Notification"
]
}
I'm doing large number of AMI copying to different regions, and calling describe image from image waiter at the end of copying to make sure successful copying, the large number of describe image calls are being heavily rate limited. I know there are EC2 instance state change events, I wonder if it is possible to generate AMI available/ready event, if yes I can use the event to trigger a message to my SQS, from which I can get notification and avoid making the describe image calls.
My search so far does not find any AMI events, in case I missed something, does anyone know if it is possible to generate AMI available/ready events? Thanks.
I'm answering my owner question.
AMi ready events can be generated in CloudWatch:
rules->create new rule
Service name: EC2
Event Type: EBS Snapshot Notification
Specific event(s): copySnapshot
Specific result(s): succeeded
Hope this helps someone with similar need.
{
"source": [
"aws.ec2"
],
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"ec2.amazonaws.com"
],
"eventName": [
"CreateImage"
]
}
}
this will capture ami create event if cloudtrail enabled
I am trying to set up a cloudwatch event that triggers a lambda when the permissions on the EBS snapshot are changed.
For now, the cloudwatch event is limited to the following:
createSnapshot
copySnapshot
shareSnapshot
But obviously, by using any of these, my Lambda is not triggered.
This is the event pattern I am currently using:
{
"source": [
"aws.ec2"
],
"detail-type": [
"EBS Snapshot Notification"
]
}
Does anyone have a suggestion on how the venet patten should look like to trigger my Lambda on a a change on the Permissions?
We have a lambda function we want to use to remove systems from our monitoring system when they are being terminated due to AutoScaling lifecycle events. The function works as expected when we run it manually but we do not see it being called when an instance is terminated. We've setup the following cloudwatch event with a target of the lambda function. We've been testing manually by scaling down an ASG and the instances terminate but the function is never called. Does anyone know what we're missing or where to look for logs of the issue.
{
"source": [
"aws.autoscaling"
],
"detail-type": [
"EC2 Instance-terminate Lifecycle Action"
],
"detail": {
"AutoScalingGroupName": [
"ASG_NAME"
]
}
}
Realized I didn't have a Lifecycle Hook on the ASG, after adding it it's working as expected.