How does it work? And what are the prerequisites?
We have Python codes to create and remove AMI and snapshots, which execute using Lambda function with the help of CloudWatch event. I got this code from Git hub community and the original script creates AMIs of instances with the specific TAG name.
These are modified scripts which create AMIs of all EC2 instances from any region.
Prerequisites
- IAM user.
- Lambda functions.
- CloudWatch Events.
What is AWS Lambda function?
AWS Lambda is an event-driven, serverless computing platform provided by Amazon Web Services. Introduced in 2014 by AWS, Lambda simplifies the process of building smaller, on-demand applications that are responsive to events and new information.
It runs code in response to events and automatically manages to compute resources required by the code. You can start a Lambda instance within milliseconds! To top it all, it supports Node.js, Python, and Java, as of 2016.
Please do follow the steps below for setting up the functions correctly:
I. Setup IAM user role and attach a policy to this role.
What is the need for IAM role?
IAM user role is required to give proper permissions for our AWS Lambda functions for creating and removing instance backups.
You need to create a policy and attach that policy to IAM role. Please see the following steps:
Step 1: Log into the AWS console.
Step 2: Click on roles, create a role.
Step 3: Select AWS Lambda as the Role Type and then proceed to create a role.
Step 4: Click on create policy.
Step 5: Go to Json editor format and paste the following rule:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:*"
],
"Resource": "arn:aws:logs:*:*:*"
},
{
"Effect": "Allow",
"Action": "ec2:*",
"Resource": "*"
}
]
}
We have just created a role which gives permissions to EC2 instances and view logs in Cloudwatch.
Attach the above policy to the role we created earlier.
II. Lambda function to create a backup.
We can create the Lambda function in Python. This is a modified code. The original one, which I got from Git creates backups of instances with a particular TAG value. In this code, it creates AMIs of all instances from all region.
You can check the original code from this link.
To create all instances of backup, you can use the following code:
AWS AMI creation Python code
How does it work?
The Python script searches instances from all region and as soon as it has the instances list, it loops through each instance and then creates an AMI of it. After creating the backup, it creates a TAG for those AMIs. This TAG is based on the retention value we have given in the code.
It creates a TAG “DeleteOn” with value based on those retention days we have given.
Create the Lambda function.
Login to your AWS Management console, Go to Services and click on Lambda under Compute.
> Click on Functions Menu on the left, and click on Create a Lambda Function
> Select Blank Function and proceed with lambda
> Give a name for it – AMIBackups
> Select Python 2.7 as a Runtime option * You’ll have to write a code next. You can use the above code.
> Select the previously created IAM role
> Click Next and Create Function
III. Lambda function to delete the backup.
You can follow the same procedure to create this lambda function. Here I am sharing the modified code. This code filter today’s date and list out all AMIs for deletion.
The original code (from here) does not have this option and that removes all AMIs with Deletion TAG is equal to today’s date and all previous AMIs with DeleteOn TAG.
You can use the following code:
AWS AMI deletion Python code
> This script filter all the AMIs with DeleteOn TAG is equal to today’s date.
> It checks that the latest daily backup succeeded then it stores every image that’s reached its DeleteOn tag’s date for deletion.
> It then loops through the AMIs, de-registers them and removes all the snapshots associated with that AMI.
That’s it!