Starting and Stopping EC2 Instances Using AWS Lambda and CloudWatch
In this article we are going to use AWS Lambda, IAM and CloudWatch to start and stop EC2 instances. We are going to automate this by using python lambda function and schedule it based on the working hours. By automatically stopping and starting EC2 instances at predetermined times, the intention is to optimize utilization and save money.
But first, let’s break down what these three services are.
Lambda function — A computational service that allows users to run programs without setting up or maintaining servers.
IAM — AWS resource access can be safely managed with the aid of this managed service.
CloudWatch Log group — It enables you to use the application, and custom log files for system and application monitoring and troubleshooting. You may monitor your logs using CloudWatch Logs in almost real-time for particular patterns.
CloudWatch Event Rules — A rule can contain both an event pattern and a schedule expression, in this instance, the rule triggers both on schedule and based on events that match the pattern.
Pre-requisites
- AWS Account (Create if you don’t have one)
- Basics of EC2 Service(Click here to learn EC2).
What we will do
- Login to AWS.
- Create a Lambda Function.
- Modify IAM Role
- Execute the lambda function
- Create EventBridge rules to run lambda function
You can either create a function on your own, use the existing blueprints or browse a repository where we can search for the required function to see if it exists. Here, we will create our own simple Lambda Function using Python.
Click on “Author from Scratch” to write our own Lambda Function.
Provide a name to the Function.
Select “Python 3.11” from the drop-down list of Runtime.
Lambda Function needs to have sufficient permissions for its execution. Select “Create a new role with basic Lambda Permissions”. This will create a new Role with the same name as that of Function name with some random key as a suffix.
The above default permissions are not enough. We will understand this better in the next step. For now, we shall just create a function and see what possible errors can arise.
Add the following code in the function and click on “Save” button to save the function. (Github)
import boto3
# change the region name below
region = 'us-west-2'
#change the Instance ID
instances = ['i-085c72a9d7e12f6b7',]
ec2 = boto3.client('ec2', region_name=region)
def lambda_handler(event, context):
ec2.start_instances(InstanceIds=instances)
print('started your instances: ' + str(instances)) 
On the Configuration tab, choose General configuration, and then choose Edit. Set Timeout to 10 seconds, and then choose Save.
For example, to stop and start multiple instances, you might use a different value for Timeout and Memory.
ec2-start function has been created
Repeat same steps to create another function. Complete the following steps differently so that this function stop your EC2 instances:
enter a different Function name than the one that you used previously. For example, “StopEC2Instances”.
paste the following code into the editor pane in the code editor on the lambda_function tab. (Github)
import boto3
# change the region name below
region = 'us-west-2'
#change the Instance ID
instances = ['i-085c72a9d7e12f6b7',]
ec2 = boto3.client('ec2', region_name=region)
def lambda_handler(event, context):
ec2.stop_instances(InstanceIds=instances)
print('stopped your instances: ' + str(instances))
On the Configuration tab, choose General configuration, and then choose Edit. Set timeout to 10 seconds, and then choose save.
Click on “Select a test Event” button available besides “Test” button and select on “Configure test event”. You will get the following screen. Do not make any changes and just give a name to the event, here it is “ec2-start-event” and click on “Save”. This event is just a sample event and does not have any relevance with our function. We can create a different event as per our requirement.
Repeat same steps to create another event, just give a name to the event, here it is “ec2-stop-event” and click on “Save”.
Note: We can create a Cloudwatch event using which we can trigger this Lambda Function based on the event that triggered in Cloudwatch. We won’t discuss about this now, as it would need clear understanding of Cloudwatch. So we will proceed with a simple event. You can explore this once you get familiar with Lambda and Cloudwatch.
Now click on “Test”. Notice carefully, the function has failed to execute because of insufficient permission. This is what I was talking about in the previous step. Don’t panic looking at the error. We will assign the required permissions to the role which was created upon creation of the Lambda function.
You can also see logs on cloudwatch
Modify IAM Role
Click on “Services” at the top-right of the screen and search for IAM.
Click on “Roles” from the left panel and click on the Role which starts with the same name as that of Lambda Function name and having some random string as suffix to it .
OR on the Configuration tab, choose permissions, and then click on role name.
You will see a screen as follows. This is the main screen of IAM. We won’t go in detail of IAM in this article.
Click on “Attach policies”
Search for “ec2” in the search box and select “AmazonEC2FullAccess” from the list and click on “Attach Policy” button. Now we are all set to execute the Lambda function with the required permissions.
Execute the Lambda Function
Go back to our Lambda function and now click on “Test” Button. This time you can see in the logs that the function has been executed successfully. This means the Lambda function has triggered a request to stop the instance.
In the above image instance is running, now as soon as we click on test instance will stop.
In the previous steps we saw a Lambda function to stop EC2 instance. Now we will see how EC2 instance can be started using Lambda. To do so, you can either edit the same function or write a new function following the same previous steps.
We have already created new function for start EC2 instance
Click on “Test” to execute the function.
See the details of the execution and you can clearly see that the function was successfully executed. This means the Lambda function has triggered a request to start the instance.
Here, you can see that the Instance State is “Initializing” which means the Lambda function has successfully processed our request to start the required instance.
AWS CloudTrail
You can use CloudTrail to check for events to confirm that the Lambda function stopped or started the EC2 instance.
- Open the CloudTrail console.
- In the navigation pane, choose Event history.
- Choose the Lookup attributes dropdown list, and then choose Event name.
- In the search bar, enter StopInstances to review the results. Then, enter StartInstances in the search bar to review the results.
If there are no results, then the Lambda function didn’t stop or start the EC2 instances.
Create EventBridge rules that run your Lambda functions
Open the EventBridge console and select Create rule.
Enter a Name for your rule, such as “rule-start-ec2”. (Optional) Enter a description for the rule in description “StartEC2Instances”.
For Rule type, choose Schedule, and then choose Continue in EventBridge Scheduler.
For Schedule pattern, choose Recurring schedule. Under Schedule pattern, for Occurrence, choose Recurring schedule.
For Schedule type, choose the type that’s right for your need and complete the following steps:
When Schedule type is Rate-based schedule, for Rate expression, enter a rate value and choose an interval of time in minutes, hours, or days.
-or-
When Schedule type is Cron-based schedule, for Cron expression, enter an expression that tells Lambda when to stop your instance.
Note: Cron expressions are evaluated in UTC. Make sure that you adjust the expression for your preferred time zone.
Run at 08:00 am (UTC+0) every day
In Select targets, choose Lambda function from the Target dropdown list.
For Function, choose the function that start your EC2 instances.
Choose Skip to review and create, and then choose Create.
Repeat same steps to create a rule to stop your EC2 instances. Complete the following steps differently:
Enter a name for your rule, such as “rule-stop-ec2”. In Description, enter a description for your rule “StopEC2Instances”.
For Cron expression, enter an expression that tells Lambda when to stop your instances. Run at 6:00 pm (UTC+0) every Monday to Friday.
For Function, choose the function that stop your EC2 instances.
Event rule created for start and stop EC2 instance.
I have scheduled instance stop run time at 6pm, lets see it will stop or not.
Here, you can see that the Instance State is “stopped” which means the Lambda function has successfully processed our request to stop the required instance.
Conclusion:
In this article, we saw how to create a simple Lambda function to stop ec2 instance, assign required policies to the roles being used by the Lambda Function. We also saw how to start an EC2 instance using the Lambda function. We created the different function to perform stop/start EC2 instance, you can create same functions for this.
AWS Lambda functions are a very useful tool to perform all kinds of tasks in your AWS account. You can basically get notifications of any changes in the AWS resources through CloudWatch events. So you can perform all kinds of maintenance tasks and automated tasks over your infrastructure.
Cleaning up your AWS account
After completing this demo I recommend you that you turn off (or remove the instance you created to test) and remove the Lambda functions you just created.
“Thank you for taking the time to read my blog; your support means a lot!!!”
Links:
