Leave a Comment / AWS, Tech

Starting and Stopping EC2 Instances with AWS Lambda

Overview:

Automation of EC2 instance management can save time and optimize costs. AWS Lambda, the serverless compute service, allows us to schedule the starting and stopping of EC2 instances automatically, based either on time or based on an event. This blog will take you through setting up an AWS Lambda function for starting and stopping EC2 instances using Python, together with AWS CloudWatch for scheduling triggers.

Step 1: Setting Up IAM Roles and Policies

To allow Lambda to control your EC2 instances, create an IAM role with the appropriate permissions.

1. Navigate to IAM Roles:

  • In the AWS Management Console, go to the IAM service.
  • Select Roles and click on Create Role.

2. Define Role Permissions:

  • Choose Lambda as the trusted entity.
  • Attach the following policies to the role:
    • AmazonEC2FullAccess (or a more restrictive policy with EC2 start/stop permissions)
    • CloudWatchEventsFullAccess (for setting up CloudWatch event triggers)

3. Finish Role Creation:

  • Name the role (e.g., LambdaEC2StartStopRole), and save it.

Step 2: Writing the AWS Lambda Function

Using Python, create a Lambda function that can start or stop EC2 instances.

1. Go to Lambda in AWS Console:

  • Open the Lambda service and choose Create function.
  • Select Author from scratch and enter the function name (e.g., StartStopEC2).
  • Choose Python as the runtime (Python 3.8+), and select the IAM role you created earlier.

2. Add the Lambda Code:

In the Function code section, paste the following Python code:

import boto3
import os
ec2 = boto3.client('ec2')

def lambda_handler(event, context):
    action = event['action']  # expects 'start' or 'stop'
    instance_ids = os.environ['INSTANCE_IDS'].split(',')
    
    if action == 'start':
        ec2.start_instances(InstanceIds=instance_ids)
        return f'Started instances: {instance_ids}'
    elif action == 'stop':
        ec2.stop_instances(InstanceIds=instance_ids)
        return f'Stopped instances: {instance_ids}'
    else:
        return 'Invalid action. Use "start" or "stop".'

3. Configure Environment Variables:

  • In the Lambda console, go to Configuration > Environment variables.
  • Add a new environment variable:
    • Key: INSTANCE_IDS
    • Value: Comma-separated EC2 instance IDs to control (e.g., i-1234567890abcdef,i-0987654321fedcba)

4. Save and Test the Function:

  • Click Deploy to save the function.
  • You can manually test it by triggering the function and passing a sample event like:
{
  "action": "start"
}

Step 3: Setting Up CloudWatch Events for Scheduled Triggers

To automate the start and stop actions at specific times, set up CloudWatch Events as triggers.

1. Open CloudWatch Events:

  • Go to CloudWatch in AWS, select Rules, and click Create rule.

2. Define the Schedule:

  • For a start rule, choose Event Source as Schedule.
  • Specify a cron expression for the time you want the instances to start (e.g., cron(0 8 * * ? *) for 8 AM UTC daily).

3. Add the Lambda Target:

  • Under Targets, select Lambda function and choose your Lambda function.
  • In Configure input, select Constant (JSON text) and enter:
{ "action": "start" }

4. Create Stop Rule:

  • Repeat the process to create a separate CloudWatch rule for stopping the instance.
  • Set the cron schedule for stopping (e.g., cron(0 18 * * ? *) for 6 PM UTC).
  • Set the JSON input to { “action”: “stop” }.

5. Save Both Rules:

After setting both start and stop rules, your instances will now automatically start and stop based on the defined schedule.

Step 4: Testing and Monitoring

After configuring everything, it’s time to test and monitor.

1. Manual Lambda Testing:

  • To ensure the Lambda function works correctly, manually trigger it from the Lambda console with start and stop actions.

2. Monitoring in CloudWatch Logs:

  • Each time the Lambda function executes, it logs events in CloudWatch Logs. Check here if you encounter any issues or need to debug.

3. EC2 Console Verification:

  • Go to the EC2 console and verify that the instances start and stop according to your CloudWatch Events schedule.

Best Practices and Tips

  • Use Least Privilege IAM Policies: While this example uses AmazonEC2FullAccess, it’s a good practice to create a custom policy granting only start and stop permissions.
  • Time Zone Awareness: Cron expressions in CloudWatch are UTC-based, so adjust the schedule accordingly.
  • Cost Management: Review the setup regularly to ensure it’s working as expected, saving costs during off-hours.

From setting up the necessary IAM roles to writing a Python-based Lambda function and configuring scheduled triggers in CloudWatch, this process is straightforward and highly customizable. By adhering to best practices, such as using least-privilege IAM policies and being mindful of time zones, we can make your automation robust and secure. With this setup, we not only save time on manual interventions but also gain better control over your cloud infrastructure. Start leveraging AWS automation today to optimize your resources and simplify your workflows!

By – Dheeraj Sain

Leave a Comment

Your email address will not be published.