“ I have checked the documents of AWS to resolve the issue of not being able to start the ec2 server from the lambda function. So I checked for various solutions and found out that it's happening because of volume encryption. Adding a lambda role as a key user in CMK resolved my problem. Pricing of Amazon EC2 depends on usage of instance and KMS custom key costs $1 per key.”
AWS Lambda is a serverless compute service that lets you run code without provisioning or managing servers, creating workload-aware cluster scaling logic, maintaining event integrations, or managing runtimes. With Lambda, you can run code for virtually any type of application or backend service - all with zero administration. Just upload your code as a ZIP file or container image, and Lambda automatically and precisely allocates compute execution power and runs your code based on the incoming request or event, for any scale of traffic. You can set up your code to automatically trigger from 140 AWS services or call it directly from any web or mobile app. You can write Lambda functions in your favorite language (Node.js, Python, Go, Java, and more) and use both serverless and container tools, such as AWS SAM or Docker CLI, to build, test, and deploy your functions. To learn more, read the AWS Lambda.
In this post, you will get to know how the kms handles the ec2 server for start and stop using lambda. Here I have used an ec2 server with encrypted volume and a custom managed key which is able to add a key user as a lambda role to start and stop ec2 server using lambda run.
Prerequisites
You’ll need an Amazon EC2 Server for this post. Getting started with amazon EC2 provides instructions on how to launch an EC2 Server.
You’ll need an AWS Key Management Service for this post. Getting started with AWS KMS provides instructions on how to create a custom key. For this blog, I assume that I have an ec2 server with encrypted volume and a custom key created.
Architecture Overview
The architecture diagram shows the overall deployment architecture with data flow, amazon ec2, amazon elastic block store volume, aws kms and aws lambda.
Solution overview
The blog post consists of the following phases:
- Create IAM Policy and Role for Lambda Execution
- Create of Lambda Function for Start and Stop of EC2 Server
- Testing of EC2 Server Start and Stop with Cloudwatch Logs
I have a custom key and a ec2 server as below →
Phase 1: Create IAM Policy and Role for Lambda Execution
- Open the IAM console and create an IAM policy for cloudwatch logs and ec2. Also create an IAM role for lambda function of ec2 server execution.
Phase 2: Create of Lambda Function for Start and Stop of EC2 Server
- Open the lambda console and create a function for start and stop of the ec2 server with required parameters of set timeout.
Phase 3: Testing of EC2 Server Start and Stop with Cloudwatch Logs
Clean-up
Delete EC2 Instance, EC2 Volume, KMS Custom Key, IAM Role, IAM Policy, Lambda.
Pricing
I review the pricing and estimated cost of this example.
Cost of EC2 Instance = $0.01
Cost of Key Management Service = $1.0
Cost of Data Transfer = $0.0
Cost of Lambda = $0.0
Cost of Cloudwatch = $0.0
Total Cost = $(0.01 + 1.0 + 0.0 + 0.0 + 0.0) = $1.01
Summary
In this post, I showed “how KMS handles the EC2 server for start and stop using lambda”.
For more details on AWS Lambda, Checkout Get started AWS Lambda, open the AWS Lambda console. To learn more, read the AWS Lambda documentation.
Thanks for reading!
Connect with me: Linkedin
Latest comments (0)