Build Your Own AWS Cost Controls

As mentioned in my earlier blog on Tips to reduce your AWS Cloud Cost, often people start the instance and forget to turn it off. You can write a simple python code and wrap it inside AWS Lambda and schedule it to run at specific time every day. This script sends an email with list of running EC2 instances across all AWS regions. If user sees his/her instance running, he/she should go and stop it if it’s not required to run overnight.

AWS EC2 instances

High Level Steps

  1. Create a Lambda function and schedule it to run every day say at 7 PM.
  2. Configure AWS SES to send email to verified email ids or alias.

How it works?

  • Lambda code fetches Information of running EC2 instances across all AWS regions. This includes: Region, Instance Id, Instance Name, Instance Type, Publicly open ports, Instance Launch Date.
  • Prints the above information in a tabular format.
  • Sends out an Email using SES service in HTML format.

How to do this?

  1. Configure SES:
  • 1. The “from” and “to” email addresses for sending email need to be verified. Repeat the below steps for all the email address(es) to which you intend to send the report
    • 1.1. Navigate to “Email Addresses” in SES
    • 1.2. Click on “Verify a New Email Address”
    • 1.3. Enter the email address to be verified and click on “Verify this email address”
    • 1.4. A verification mail be sent to the respective email id . Verify the email address by clicking the link in the verification email

2. Create and Configure Lambda Function:

  • 1. Create an IAM Role for Lambda
    • 1.1. Create an IAM policy with below permissions:

AWS EC2 instances

  • 2.2 Create an IAM role for Lambda Service and attach above policy. Give your role some relevant name e.g Lambda_EC2_Read
  • 2.3 Create Lambda function:
    • 2.3.1 Create a lambda function with template “Author from scratch”
      • 2.3.1.1. Name: Assign it a meaningful name,
      • 2.3.1.2. Runtime: Python 2.7
      • 2.3.1.3. Role: Choose an existing role
      • 2.3.1.4. Existing role: Choose the Iam role created in step 2.2 from dropdown
    • 2.3.2. Click on Create Function
    • 2.3.3. In Function Code area paste the below code:

AWS EC2 Instance

AWS EC2 Instance

AWS EC2 Instance

  • 2.4 In the last section of code, “Send email notification”, change the email addresses for Source and Destination
  • 2.5 If Cron needs to be set for execution of this lambda function:
    • 2.5.1. From add triggers section, select “Cloudwatch Events”
    • 2.5.2. In Rule, select “create a new rule” from dropdown
    • 2.5.3. Rule Name: Assign a meaningful name
    • 2.5.4. Rule Description: Write a suitable description for the rule
    • 2.5.5. Rule Type: Schedule Expression
    • 2.5.6. Schedule Expression: Assign your cron expression
    • 2.5.7. Check the “enable trigger” box
    • 2.5.8. Click on “ADD”
  • 2.6 Set the Lambda function timeout value to 1 minute. Typically it takes ~20 sec to run in medium size environment for all AWS regions.
  • 2.7. Click on “Save”
  • 2.8 Click on “Test”
    • 2.8.1. Select “New test event”
    • 2.8.2. Event Template: Hello World
    • 2.8.3. Event Name: Assign a meaningful name
    • 2.8.4 Click on “Create”
  • 2.9 Click on “Test” and verify if the function is working as expected.

Hope this helps.

You can further modify this function to:

  1. Highlight the EC2 instances which are larger in size
  2. Highlight the EC2 instances which are running from more than some period (say 1 month or so)
  3. If instances are tagged properly with say Owner tag, then also print the name of the owner.
  4. If owner name is in the form of Email, then you can send email to individual users instead of sending it to common email alias/list.

For implementing #3 above, you can follow below approach:

  1. Every user must tag the instance with “Owner” key and value as his/her email.
  2. Have automated way to tag instances.

In our experience the manual tagging of instances (or other AWS resources) fails apart as people tend to forget to tag or they are lazy. Hence, you need to have an automated way of tagging your AWS Resources.

I encourage you to share your experiences with us by commenting below & keep a lookout for my blog on ‘ How to tag EC2 instances automatically ‘ – next in the series.