-
Notifications
You must be signed in to change notification settings - Fork 924
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New serverless pattern - Lambda Recycle Bin #2463
base: main
Are you sure you want to change the base?
New serverless pattern - Lambda Recycle Bin #2463
Conversation
Thank you for submitting this request. Your PR does not adhere to our publishing guidelines. It is missing the |
Thank you for the review. |
ami-recycle-bin/example-pattern.json
Outdated
@@ -0,0 +1,55 @@ | |||
{ | |||
"title": "Deregister expired AMIs and its snapshot with AWS Lambda and retain them in Amazon EC2 Recycle Bin", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The title can have at most 75 characters, please reword
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The title can have at most 75 characters, please reword
Updated title to 75 characters AMI de-registration with AWS Lambda and retention in Amazon EC2 Recycle Bin
ami-recycle-bin/example-pattern.json
Outdated
{ | ||
"title": "Deregister expired AMIs and its snapshot with AWS Lambda and retain them in Amazon EC2 Recycle Bin", | ||
"description": "This project demonstrates a pattern to deregister and retain expired AMI and its snapshot with AWS Lambda and Amazon EC2 Recycle Bin", | ||
"language": "YAML", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can leave this property empty for Terraform
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can leave this property empty for Terraform
Updated the language
property value to be an empty string
ami-recycle-bin/README.md
Outdated
@@ -0,0 +1,85 @@ | |||
## Description | |||
|
|||
In this pattern an Amazon EventBridge trigger AWS Lambda function to deregister AMI, delete the associated snapshot and move them to Recycle Bin for retention. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In this pattern an Amazon EventBridge trigger AWS Lambda function to deregister AMI, delete the associated snapshot and move them to Recycle Bin for retention. | |
In this pattern an Amazon EventBridge rule triggers an AWS Lambda function which deregisters an Amazon Machine Image (AMI), deletes the associated snapshot and moves them to the Recycle Bin for retention. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated as per the suggested changes
ami-recycle-bin/README.md
Outdated
|
||
The template creates all the necessary resources including an Amazon EventBridge Rule that triggers the AWS Lambda function once every day. Additionally, Recycle Bin rules for AMI and EBS Snapshots are created to retain deleted resources matching the resources for a retention period. | ||
|
||
AWS Lambda function automates the expiration of Amazon Machine Images (AMIs) moving the AMIs and its associated snapshot to Recycle Bin af. The Recycle Bin is a feature in Amazon Elastic Compute Cloud (EC2) that allows you to retain AMIs that you have deregistered for a specified retention period, providing an opportunity to recover them if needed. To recover the deleted AMI, its associated snapshot should be recovered first. The lambda function also adds corresponding tags to both, the AMI and the EBS Snapshot before moving them to Recyle Bin for recovery. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AWS Lambda function automates the expiration of Amazon Machine Images (AMIs) moving the AMIs and its associated snapshot to Recycle Bin af. The Recycle Bin is a feature in Amazon Elastic Compute Cloud (EC2) that allows you to retain AMIs that you have deregistered for a specified retention period, providing an opportunity to recover them if needed. To recover the deleted AMI, its associated snapshot should be recovered first. The lambda function also adds corresponding tags to both, the AMI and the EBS Snapshot before moving them to Recyle Bin for recovery. | |
The AWS Lambda function automates the expiration of Amazon Machine Images (AMIs) by moving the AMIs and their associated snapshots to Recycle Bin. Recycle Bin is a feature of Amazon Elastic Compute Cloud (EC2) that allows you to retain AMIs that you have de-registered for a specified retention period, providing an opportunity to recover them if needed. To recover the deleted AMI, its associated snapshot should be recovered first. The Lambda function also adds corresponding tags to both, the AMI and the EBS snapshot, before moving them to Recycle Bin. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated as per the suggested changes
ami-recycle-bin/main.tf
Outdated
|
||
resource "aws_cloudwatch_event_rule" "event_rule" { | ||
name = "invoke-lambda-daily" | ||
description = "Invoke a Lambda function every day" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
description = "Invoke a Lambda function every day" | |
description = "Invoke a Lambda function once per day" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated description
to Invoke a Lambda function once per day
ami-recycle-bin/main.tf
Outdated
function_name = "ami-recycle-lambda" | ||
role = aws_iam_role.lambda_role.arn | ||
handler = "ami-recycle-lambda.lambda_handler" | ||
runtime = "python3.9" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please use the most recent Python version
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please use the most recent Python version
Used the most recent supported version python3.12
ami-recycle-bin/main.tf
Outdated
"RBIN_RETENTION_PERIOD_UNIT" = var.rbin_retention_period_unit | ||
} | ||
} | ||
timeout = 300 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is such a long timeout really necessary?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is such a long timeout really necessary?
If the list of expired AMIs is long, the maximum timeout will be helpful to ensure function does not timeout before the expired AMIs and its snapshot is moved to Recycle Bin. However since this is a test pattern, updated the timeout
parameter as a configurable variable and set the default timeout to 15 seconds
ami-recycle-bin/main.tf
Outdated
"logs:PutLogEvents", | ||
"logs:CreateLogGroup" | ||
] | ||
Resource = "arn:aws:logs:*:*:*" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please scope the policy down to the current account and region
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please scope the policy down to the current account and region
Added data.tf
file to add data source and scoped down the policy to
- region and account for
CreateLogGroup
- region, account and function name for
CreateLogStream
andPutLogEvents
ami-recycle-bin/main.tf
Outdated
"ec2:DeleteSnapshot", | ||
"rbin:ListRules" | ||
] | ||
Resource = "*" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please scope the policy down to the current account and region
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please scope the policy down to the current account and region
- Scoped down policy for the actions that can be restricted to resources like
DeregisterImage
andDeleteSnapshot
- Updated policy statement to separate actions that only support wildcard -
DescribeImages
andListRules
Hi team - Updated the content as per the feedback. Can you please review this. Thank you! |
Hi, thanks for the updates. Could please check in the Lambda function code in an unzipped format to allow a review |
Thank you - Added the source code. |
Looks good, thanks for your contribution. Your pattern will be merged to Serverlessland.com soon |
Issue #2464:
Description of changes:
In this pattern an Amazon EventBridge trigger AWS Lambda function to deregister AMI, delete the associated snapshot and move them to Recycle Bin for retention. The infrastructure is in terraform
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.