New serverless pattern - Lambda Recycle Bin #2463
Conversation
|
Thank you for submitting this request. Your PR does not adhere to our publishing guidelines. It is missing the |
Thank you for the review. |
ami-recycle-bin/example-pattern.json
Outdated
| @@ -0,0 +1,55 @@ | |||
| { | |||
| "title": "Deregister expired AMIs and its snapshot with AWS Lambda and retain them in Amazon EC2 Recycle Bin", | |||
There was a problem hiding this comment.
The title can have at most 75 characters, please reword
There was a problem hiding this comment.
The title can have at most 75 characters, please reword
Updated title to 75 characters AMI de-registration with AWS Lambda and retention in Amazon EC2 Recycle Bin
ami-recycle-bin/example-pattern.json
Outdated
| { | ||
| "title": "Deregister expired AMIs and its snapshot with AWS Lambda and retain them in Amazon EC2 Recycle Bin", | ||
| "description": "This project demonstrates a pattern to deregister and retain expired AMI and its snapshot with AWS Lambda and Amazon EC2 Recycle Bin", | ||
| "language": "YAML", |
There was a problem hiding this comment.
You can leave this property empty for Terraform
There was a problem hiding this comment.
You can leave this property empty for Terraform
Updated the language property value to be an empty string
ami-recycle-bin/README.md
Outdated
| @@ -0,0 +1,85 @@ | |||
| ## Description | |||
|
|
|||
| In this pattern an Amazon EventBridge trigger AWS Lambda function to deregister AMI, delete the associated snapshot and move them to Recycle Bin for retention. | |||
There was a problem hiding this comment.
| In this pattern an Amazon EventBridge trigger AWS Lambda function to deregister AMI, delete the associated snapshot and move them to Recycle Bin for retention. | |
| In this pattern an Amazon EventBridge rule triggers an AWS Lambda function which deregisters an Amazon Machine Image (AMI), deletes the associated snapshot and moves them to the Recycle Bin for retention. |
There was a problem hiding this comment.
Updated as per the suggested changes
ami-recycle-bin/README.md
Outdated
|
|
||
| The template creates all the necessary resources including an Amazon EventBridge Rule that triggers the AWS Lambda function once every day. Additionally, Recycle Bin rules for AMI and EBS Snapshots are created to retain deleted resources matching the resources for a retention period. | ||
|
|
||
| AWS Lambda function automates the expiration of Amazon Machine Images (AMIs) moving the AMIs and its associated snapshot to Recycle Bin af. The Recycle Bin is a feature in Amazon Elastic Compute Cloud (EC2) that allows you to retain AMIs that you have deregistered for a specified retention period, providing an opportunity to recover them if needed. To recover the deleted AMI, its associated snapshot should be recovered first. The lambda function also adds corresponding tags to both, the AMI and the EBS Snapshot before moving them to Recyle Bin for recovery. |
There was a problem hiding this comment.
| AWS Lambda function automates the expiration of Amazon Machine Images (AMIs) moving the AMIs and its associated snapshot to Recycle Bin af. The Recycle Bin is a feature in Amazon Elastic Compute Cloud (EC2) that allows you to retain AMIs that you have deregistered for a specified retention period, providing an opportunity to recover them if needed. To recover the deleted AMI, its associated snapshot should be recovered first. The lambda function also adds corresponding tags to both, the AMI and the EBS Snapshot before moving them to Recyle Bin for recovery. | |
| The AWS Lambda function automates the expiration of Amazon Machine Images (AMIs) by moving the AMIs and their associated snapshots to Recycle Bin. Recycle Bin is a feature of Amazon Elastic Compute Cloud (EC2) that allows you to retain AMIs that you have de-registered for a specified retention period, providing an opportunity to recover them if needed. To recover the deleted AMI, its associated snapshot should be recovered first. The Lambda function also adds corresponding tags to both, the AMI and the EBS snapshot, before moving them to Recycle Bin. |
There was a problem hiding this comment.
Updated as per the suggested changes
ami-recycle-bin/main.tf
Outdated
|
|
||
| resource "aws_cloudwatch_event_rule" "event_rule" { | ||
| name = "invoke-lambda-daily" | ||
| description = "Invoke a Lambda function every day" |
There was a problem hiding this comment.
| description = "Invoke a Lambda function every day" | |
| description = "Invoke a Lambda function once per day" |
There was a problem hiding this comment.
Updated description to Invoke a Lambda function once per day
ami-recycle-bin/main.tf
Outdated
| function_name = "ami-recycle-lambda" | ||
| role = aws_iam_role.lambda_role.arn | ||
| handler = "ami-recycle-lambda.lambda_handler" | ||
| runtime = "python3.9" |
There was a problem hiding this comment.
Please use the most recent Python version
There was a problem hiding this comment.
Please use the most recent Python version
Used the most recent supported version python3.12
ami-recycle-bin/main.tf
Outdated
| "RBIN_RETENTION_PERIOD_UNIT" = var.rbin_retention_period_unit | ||
| } | ||
| } | ||
| timeout = 300 |
There was a problem hiding this comment.
Is such a long timeout really necessary?
There was a problem hiding this comment.
Is such a long timeout really necessary?
If the list of expired AMIs is long, the maximum timeout will be helpful to ensure function does not timeout before the expired AMIs and its snapshot is moved to Recycle Bin. However since this is a test pattern, updated the timeout parameter as a configurable variable and set the default timeout to 15 seconds
ami-recycle-bin/main.tf
Outdated
| "logs:PutLogEvents", | ||
| "logs:CreateLogGroup" | ||
| ] | ||
| Resource = "arn:aws:logs:*:*:*" |
There was a problem hiding this comment.
Please scope the policy down to the current account and region
There was a problem hiding this comment.
Please scope the policy down to the current account and region
Added data.tf file to add data source and scoped down the policy to
- region and account for
CreateLogGroup - region, account and function name for
CreateLogStreamandPutLogEvents
ami-recycle-bin/main.tf
Outdated
| "ec2:DeleteSnapshot", | ||
| "rbin:ListRules" | ||
| ] | ||
| Resource = "*" |
There was a problem hiding this comment.
Please scope the policy down to the current account and region
There was a problem hiding this comment.
Please scope the policy down to the current account and region
- Scoped down policy for the actions that can be restricted to resources like
DeregisterImageandDeleteSnapshot - Updated policy statement to separate actions that only support wildcard -
DescribeImagesandListRules
|
Hi team - Updated the content as per the feedback. Can you please review this. Thank you! |
|
Hi, thanks for the updates. Could please check in the Lambda function code in an unzipped format to allow a review |
Thank you - Added the source code. |
|
Looks good, thanks for your contribution. Your pattern will be merged to Serverlessland.com soon |
Issue #2464:
Description of changes:
In this pattern an Amazon EventBridge trigger AWS Lambda function to deregister AMI, delete the associated snapshot and move them to Recycle Bin for retention. The infrastructure is in terraform
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.