I am trying to set up an cloud watch alarm witch ansible ec2_metric_alarm module and I do not know how to set it to send an email on alarm
The code is
- name: add alarm
ec2_metric_alarm:
state: present
region: eu-west-1
name: "LoadAverage"
metric: "LoadAverage"
statistic: Average
comparison: ">"
threshold: 3.0
evaluation_periods: 3
period: 60
unit: "None"
description: "Load Average"
dimensions: {'Role':{{itme[0]}}, Node:{{item[1]}} }
alarm_actions: ["action1","action2"]
What is the syntax or what do I do to express that I want it to send emails on in alarm_actions?
The documentation is crappy for this one:
http://docs.ansible.com/ec2_metric_alarm_module.html
Here is what I would try based on boto:
http://docs.pythonboto.org/en/latest/ref/cloudwatch.html#module-boto.ec2.cloudwatch.alarm
alarm_actions (list of strs) – A list of the ARNs of the actions to take in ALARM state
The current supported ARNS are SNS topics or autoscalling policies.
In your case:
You need to create an SNS topic and subscribe your email address to that topic (also confirm the subscription) and after that put the SNS topic ARN as a string in the alarm_actions param that you pass to the ansible ec2_metric_alarm_module.
Hope this helps.
I agree with #Mircea's answer regarding the documentation and its quality. I personally found the solution to the same/similar problem by creating the alarm through the UI with the desired alert action and then using the AWS CLI to extract the alarm string for use with ansible
aws cloudwatch describe-alarms
In the result you can then find the action string:
ALARMACTIONS arn:aws:sns:us-east-1:**Cust Account ID Here**:NotifyMe
ALARMACTIONS arn:aws:swf:us-east-1:**Cust Account ID Here**:action/actions/AWS_EC2.InstanceId.Stop/1.0
In my case I had two actions, one to email me and the other to Stop the EC2 instance
These values can then be used in your ansible task:
alarm_actions: ["arn:aws:swf:{{ aws_region }}:{{ aws_cust_account_id }}:action/actions/AWS_EC2.InstanceId.Stop/1.0", "arn:aws:sns:{{ aws_region }}:{{ aws_cust_account_id }}:NotifyMe"]
Related
I have setup aws cloud watch
Here is below detail set in our cloud watch
Metric name: CPUUtilization
Statistic: average
Period: 5 min
Threshold Type: Static
Whenever CPUUtilization is Lower/Equal then 10
Datapoints to alarm: 1 out of 1
Missing data treatment: Treat missing data as missing
EC2 action:
Alarm state trigger: In Alarm
Take the following action: stop this instance
After 5 min our server still does not stop with the cloud watch in aws.
At Feb 2022 you have these options:
You can use Alarms to automate shutdown and terminate instances:
https://aws.amazon.com/blogs/aws-cloud-financial-management/launch-resource-optimization-recommendations/
You can view idle instances in CUR recommendations : https://aws.amazon.com/about-aws/whats-new/2013/01/08/use-amazon-cloudwatch-to-detect-and-shut-down-unused-amazon-ec2-instances/
You can use CloudWatch Events to trigger a Lambda that will perform the stop instance call on the ec2 instance.
You can create an SQS queue whose target is a Python Lambda function. The python lambda function can use boto to turn off the ec2 instance.
Then you can set this SQS as an alarm action for your Cloudwatch Alarm. You can find more details here:
https://medium.com/geekculture/automatically-turn-off-ec2-instances-upon-inactivity-31fedd363cad
Terraform setup:
https://medium.com/geekculture/terraform-setup-for-automatically-turning-off-ec2-instances-upon-inactivity-d7f414390800
I am faced with the following situation:
There is an EC2 instance on say eu-west-1.
When selecting Snapshots on the EC2 service, I see that periodically, every 7 days on the exact same time, a snapshot is taken from the particular image.
The problem is I cannot find:
any related policy on Lifecycle Manager service
any relevant Lambda function that could carry out such a task.
Via what other (managed) means could such a process be carried out periodically with such an accuracy on time?
edit: The corresponding CloudTrail log entry is:
(actual values regarding user, event and request id have been scrambled of course)
AWS access key:
AWS region: eu-west-1
Error code:
Event ID: 454g0236-x4e6-43c1-3565-4xb6d541c2h1
Event name: CreateSnapshot
Event source: ec2.amazonaws.com
Event time: 2019-11-23, 05:00:44 AM
Read only: false
Request ID: zedfbc42-2513-459e-3241-ffcb8442ba44
Source IP address: events.amazonaws.com
User name: g45tg34m3l53mmm53333421knbb43
There are multiple other options,
Check Cloudwatch events, if there is any event triggering. Most probably this one is in your case.
Cronjob on an EC2 instance.
If i understood you question you are looking for a way to know if Lifecycle Manager is available for EC2 snapshots.
Below given links should be able to help you on the same.
For enabling a custom Snapshot Lifecycle policy manually refer Snapshot Lifecycle
For automating a solution for the same please referautomation of snapshot lifecycle
When I am subscribing a lambda function to an SNS topic through either the aws console or aws cli there is a column shown in the subscription information called "subscriber". It does contain my account id.
I don't seem to be able to control this field through the cli or console however I can through ansible:
---
- name: set up topic and subscribe lambda
sns_topic:
name: "topic_name"
state: present
display_name: "Display Name"
subscriptions:
- endpoint: "arn:aws:lambda:ap-southeast-2:123456789:function:functionName"
protocol: "lambda"
subscriber: 123456789
The subscriber field is optional, however SNS messages do not seem to reach lambda without it.
What is this field for?
Can I subscribe Lambdas in other accounts to my SNS topic?
How can I effect change in this field with AWS CLI?
Why is it optional in Ansible 2.4
Couldn't find reference to ghost field i.e. subscriber.
Maybe it was supported in older sdk/api and now has been dropped.
Reseach:
I don't see subscriber field in the console when subscribing lambda. Image below
Even through CLI, there is no such field
Link for SNS Subscribe command through CLI documentation.
[Extra Research]: Even the java sdk asks for only three parameters in order to subscribe
subscribe(String topicArn, String protocol, String endpoint)
Java doc link
I'm using Ansible to configure AWS Auto Scaling Groups (ASG). Looking at the ec2_asg_module options, there's none for enabling Monitoring in cloudWatch. However, that option can be enabled either form the AWS CLI or the AWS Console.
In the Console, it is labeled as "Group Metric Collection".
Keep in mind that I do not want to monitor the EC2 instances, but the Auto Scaling Group itself.
Thank you.
I submitted a PR last year to add 2 AWS modules : boto3 and boto3_wait.
These 2 modules allow you to interact with AWS API using boto3.
For instance, you could enable group metrics on the ASG by calling enable_metrics_collection method on AutoScaling service :
- name: Enable group metrics
boto3:
service: autoscaling
region: us-east-1
operation: enable_metrics_collection
parameters:
AutoScalingGroupName: my-auto-scaling-group
Granularity: 1Minute
Feel free to give the PR a thumbs-up if you like it! ;)
There's an AWS CloudFormation stack which defines an SNS topic and an SNS subscription. In another Ansible task, I want to update another subscription, but this isn't possible as SNS subscriptions can't be updated.
Using Ansible to perform CloudFormation. What are the alternatives?
Club AWS CLI with Ansible and then execute plays which contain AWS CLI content?
Create a custom module in Ansible using boto? But this would be difficult as I should store SNS ARN's and give those to the custom module.
Ansible v2.0 added support of an sns_topic module. You can provide a name or ARN of an existing SNS topic to converge. You also probably want to set purge_subscriptions to False so any existing subscriptions are not removed.
- name: Update SNS topic subscriptions
sns_topic:
name: "my-topic"
purge_subscriptions: False
subscriptions:
- endpoint: "some-email#example.com"
protocol: "email"
http://docs.ansible.com/ansible/sns_topic_module.html