This guide offers a step-by-step walkthrough on how to use AWS Lambda and EventBridge to automate the stopping and starting of EC2 instances at specified times on AWS.
Short description
Use AWS Lambda and Amazon EventBridge to automatically stop and start Amazon EC2 instances.
To use Lambda to stop and start EC2 instances at regular intervals, complete the following steps:
- Create a custom AWS Identity and Access Management (IAM) policy and IAM role for your Lambda function.
- Create Lambda functions that stop and start your EC2 instances.
- Test your Lambda functions.
- Create EventBridge schedules that run your function on a schedule.
AWS Services Involved:
EC2
Lambda
Event Bridge
IAM
Note: You can also create rules that react to events in your AWS account.
Resolution
Note: After you complete the following steps, you might receive a Client error on launch error. For more information, see When I start my instance with encrypted volumes attached, the instance immediately stops with the error "client error on launch."
Get the IDs of the EC2 instances that you want to stop and start. Then, complete the following steps.
- Create an IAM policy and IAM role for your Lambda function
Use the JSON policy editor to create an IAM policy. Paste the following JSON policy document into the policy editor:
{ "Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:*"
},
{
"Effect": "Allow",
"Action": [
"ec2:Start*",
"ec2:Stop*"
],
"Resource": "*"
}
]
}
1a. Create an IAM role for Lambda.
Important: When you attach a permissions policy to Lambda, make sure that you choose the IAM policy created above.
Note: If you use an Amazon Elastic Block Store (Amazon EBS) volume that's encrypted by a customer-managed AWS Key Management Service (AWS KMS) key, then add kms:CreateGrant
to the IAM policy.
- Create Lambda functions that stop and start your instances Open the Lambda console, and then choose Create function.
Choose Author from scratch.
Under Basic information, enter the following information:
For Function name, enter a name that describes the function, such as "StopEC2Instances".
For Runtime, choose Python 3.9.
Under Permissions, expand Change default execution role.
Under Execution role, choose Use an existing role.
Under Existing role, choose the IAM role.
Choose Create function.
On the Code tab, under Code source, paste the following code into the editor pane of the code editor on the lambda_function tab. This code stops the instances that you identify:
import boto3
region = 'us-east-1'
instances = ['i-12345cb6de4f78g9h', 'i-08ce9b2d7eccf6d26']
ec2 = boto3.client('ec2', region_name=region)
def lambda_handler(event, context):
ec2.stop_instances(InstanceIds=instances)
print('stopped your instances: ' + str(instances))
Replace us-east-1 with the AWS Region that your instances are in. Replace InstanceIds with the IDs of the instances that you want to stop and start.
Choose Deploy.
On the Configuration tab, choose General configuration, and then choose Edit.
Set Timeout to 10 seconds, and then choose Save.
Note: (Optional) You can adjust the Lambda function settings. For example, to stop and start multiple instances, you might use a different value for Timeout and Memory.
Repeat steps 1-7 to create another function. Complete the following steps so that this function starts your instances:
In step 3, enter a different Function name. For example, "StartEC2Instances".
In step 5, paste the following code into the editor pane of the code editor on the lambda_function tab:
import boto3
region = 'us-west-1'
instances = ['i-12345cb6de4f78g9h', 'i-08ce9b2d7eccf6d26']
ec2 = boto3.client('ec2', region_name=region)
def lambda_handler(event, context):
ec2.start_instances(InstanceIds=instances)
print('started your instances: ' + str(instances))
Use your Region and the same instances IDs.
Test your Lambda functions
Open the Lambda console, and then choose Functions.
Choose one of the functions.
Choose the Code tab.
In the Code source section, choose Test.
In the Configure test event dialog box, choose Create new test event.
Enter an Event name. Then, choose Create.
Note: Don't change the JSON code for the test event.
Choose Test to run the function.
Repeat steps 1-7 for the other function.
Check the status of your instances
AWS Management Console
Before and after you test, check the status of your instances to confirm that your functions work.
CloudTrail
To confirm that the Lambda function stopped or started the instance, use AWS CloudTrail to check for events.
Open the CloudTrail console.
In the navigation pane, choose Event history.
Choose the Lookup attributes dropdown list, and then choose Event name.
In the search bar, enter StopInstances to review the results. Then, enter StartInstances.
If there are no results, then the Lambda function didn't stop or start the instances.
- Create EventBridge rules that run your Lambda functions.
Open the EventBridge console.
Select Rules under Buses
Select Create rule.
Enter a name for your rule, such as "StopEC2Instances". (Optional) In Description, enter a description for the rule.
For Rule type, choose Schedule, and then choose Continue in EventBridge Scheduler.
For Schedule pattern, choose Recurring schedule.
Under Schedule pattern, for Occurrence, choose Recurring schedule.
For Schedule type, choose a schedule type, and then complete the following steps:
For Rate-based schedule, enter a rate value, and then choose an interval of time in minutes, hours, or days.
-or-
For Cron-based schedule, enter an expression that tells Lambda when to stop your instance. For information on expression syntax, see Creating an Amazon EventBridge rule that runs on a schedule. then click on Next
Note: Cron expressions are evaluated in UTC. Make sure that you adjust the expression for your time zone.
Select Target
In Select targets, choose Lambda function from the Target dropdown list.
For Function, choose the function that stops your instances.
Choose Skip to review and create, and then choose Create Schedule.
Repeat steps 1-10 to create a rule to start your instances. Complete the following steps:
Enter a name for your rule, such as "StartEC2Instances".
(Optional) In Description, enter a description for your rule, such as "Starts EC2 instances every morning at 7 AM."
In step 7, for Cron expression, enter an expression that tells Lambda when to start your instances.
In step 9, for Function, choose the function that starts your instances.
Note: Sometimes, a Lambda function stops an instance and can't start it again. This occurs when an Amazon Elastic Block Store (Amazon EBS) volume is encrypted, and the Lambda role isn't authorized to use the encryption key. For more information, see Required AWS KMS key policy for use with encrypted volumes and Key policies in AWS KMS.
Reference: AWS RePost
Top comments (0)