1、lambda脚本获取EC2 AMI相关信息
① lambda脚本
脚本获取到EC2 的所有AMI相关信息,根据时间筛选3个月前创建的写入到CSV文件,并保存到特定的S3存储桶下,因为AMI有很多标签,在写入到CSV之前要判断一下标签的KEY值,以便将value写入到csv相应位置
# v1版本全部已注释
# import boto3
# import csv
# import io
#
#
# def getEc2AMI():
# ec2_client = boto3.client('ec2')
# images_list = ec2_client.describe_images(
# Owners=[
# '936669166135'
# ]
# )
# return images_list['Images']
#
#
# def writeCsvS3():
# s3_client = boto3.client('s3')
# csvio = io.StringIO()
# writer = csv.writer(csvio)
# writer.writerow([
# 'ImageId',
# 'Description',
# 'CreationDate',
# 'Name',
# 'appenv',
# 'bgrp',
# 'cmdbid',
# 'sapnum',
# 'sched'
# ])
# images_list = getEc2AMI()
# for n in range(len(images_list)):
# ImageId = images_list[n]['ImageId']
# Description = images_list[n]['Description']
# CreationDate = images_list[n]['CreationDate']
# Name = ''
# appenv = ''
# bgrp = ''
# cmdbid = ''
# sapnum = ''
# sched = ''
# # print(images_list[n])
#
# # if images_list[n].get('Tags'):
# # print('yes')
#
# if images_list[n].get('Tags'):
# for tagList in images_list[n]['Tags']:
# if tagList['Key'] == 'Name':
# Name = tagList['Value']
# elif tagList['Key'] == 'appenv':
# appenv = tagList['Value']
# elif tagList['Key'] == 'bgrp':
# bgrp = tagList['Value']
# elif tagList['Key'] == 'cmdbid':
# cmdbid = tagList['Value']
# elif tagList['Key'] == 'sapnum':
# sapnum = tagList['Value']
# elif tagList['Key'] == 'sched':
# sched = tagList['Value']
# writer.writerow([
# ImageId,
# Description,
# CreationDate,
# Name,
# appenv,
# bgrp,
# cmdbid,
# sapnum,
# sched
# ])
# s3_client.put_object(Body=csvio.getvalue(), ContentType='application/vnd.ms-excel', Bucket='zhijiabinfcchinatest',
# Key='GetEc2AmiInfo/ec2_ami_info.csv')
#
#
# def lambda_handler(event, context):
# writeCsvS3()
# v2版本新增时间筛选
# 引入时间模块,根据response字段与datetime的3个月前的时间进行对比,3个月之前的就写入csv
import boto3
import csv
import io
import datetime
from datetime import datetime as dt
def get_date():
before_days = 90
past_date = (datetime.datetime.today() - datetime.timedelta(days=int(before_days))).strftime("%Y-%m-%d")
now_time = datetime.datetime.today().strftime("%Y-%m-%d")
return past_date
def getEc2AMI():
ec2_client = boto3.client('ec2')
images_list = ec2_client.describe_images(
Owners=[
'AWS账号ID'
]
)
return images_list['Images']
def writeCsvS3():
s3_client = boto3.client('s3')
csvio = io.StringIO()
writer = csv.writer(csvio)
writer.writerow([
'ImageId',
'Description',
'CreationDate',
'Name',
'appenv',
'bgrp',
'cmdbid',
'sapnum',
'sched'
])
images_list = getEc2AMI()
past_date = dt.strptime(get_date(), "%Y-%m-%d")
for n in range(len(images_list)):
# 这里使用dt模块的strptime()方法将时间格式化,这样可以把字符串格式的时间进行比较,dt.strptime(时间,format),其中%Y表示四位的年份
CreationDate = dt.strptime(str(images_list[n]['CreationDate']).split('T')[0], "%Y-%m-%d")
if CreationDate < past_date:
ImageId = images_list[n]['ImageId']
Description = images_list[n]['Description']
CreationDate = images_list[n]['CreationDate']
Name = ''
appenv = ''
bgrp = ''
cmdbid = ''
sapnum = ''
sched = ''
if images_list[n].get('Tags'):
for tagList in images_list[n]['Tags']:
if tagList['Key'] == 'Name':
Name = tagList['Value']
elif tagList['Key'] == 'appenv':
appenv = tagList['Value']
elif tagList['Key'] == 'bgrp':
bgrp = tagList['Value']
elif tagList['Key'] == 'cmdbid':
cmdbid = tagList['Value']
elif tagList['Key'] == 'sapnum':
sapnum = tagList['Value']
elif tagList['Key'] == 'sched':
sched = tagList['Value']
writer.writerow([
ImageId,
Description,
CreationDate,
Name,
appenv,
bgrp,
cmdbid,
sapnum,
sched
])
s3_key = 'lambda/List_ami/' + str(datetime.datetime.today()).split('-')[0] + '-' + \
str(datetime.datetime.today()).split('-')[1] + '-' + 'fcchina_amilist.csv'
s3_client.put_object(Body=csvio.getvalue(), ContentType='application/vnd.ms-excel', Bucket='fcchinajms',
Key=s3_key)
def lambda_handler(event, context):
writeCsvS3()
AMI脚本部分测试用例可见:
② 角色权限
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"logs:CreateLogStream",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"ec2:DescribeImages",
"logs:CreateLogGroup",
"logs:PutLogEvents"
],
"Resource": "*"
}
]
}
2、lambda脚本获取EC2 Snapshot相关信息
脚本获取到EC2 的所有Snapshot相关信息,根据时间筛选3个月前创建的写入到CSV文件,并保存到特定的S3存储桶下
import boto3
import csv
import io
import datetime
from datetime import datetime as dt
def get_date():
before_days = 90
past_date = (datetime.datetime.today() - datetime.timedelta(days=int(before_days))).strftime("%Y-%m-%d")
now_time = datetime.datetime.today().strftime("%Y-%m-%d")
return past_date
def getEc2InstanceSnapshot():
ec2_client = boto3.client('ec2')
snapshots_list = ec2_client.describe_snapshots(
OwnerIds=[
'AWS账号ID'
]
)
return snapshots_list['Snapshots']
def writeCsvS3():
s3_client = boto3.client('s3')
csvio = io.StringIO()
writer = csv.writer(csvio)
writer.writerow([
'snapshot_id',
'VolumeSize',
'StartTime',
'Description'
])
snapshots_list = getEc2InstanceSnapshot()
past_date = dt.strptime(get_date(), "%Y-%m-%d")
for n in range(len(snapshots_list)):
CreationDate = dt.strptime(str(snapshots_list[n]['StartTime']).split(' ')[0],"%Y-%m-%d")
if CreationDate < past_date:
snapshot_id = snapshots_list[n]['SnapshotId']
VolumeSize = snapshots_list[n]['VolumeSize']
StartTime = snapshots_list[n]['StartTime']
Description = snapshots_list[n]['Description']
writer.writerow([
snapshot_id,
VolumeSize,
StartTime,
Description
])
s3_key = 'lambda/List_snapshot/' + str(datetime.datetime.today()).split('-')[0] + '-' + \
str(datetime.datetime.today()).split('-')[1] + '-' + 'fcchina_snapshotlist.csv'
s3_client.put_object(Body=csvio.getvalue(),ContentType='application/vnd.ms-excel',Bucket='fcchinajms',
Key=s3_key)
def lambda_handler(event, context):
writeCsvS3()
Snapshot脚本部分测试用例可见:
② 角色权限
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"logs:CreateLogStream",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"ec2:DescribeSnapshotAttribute",
"ec2:DescribeSnapshots",
"logs:CreateLogGroup",
"logs:PutLogEvents"
],
"Resource": "*"
}
]
}
3、CFN参考
CFN中角色Role是现有的,相关角色权限已添加,Layer层也是已添加的。
AWSTemplateFormatVersion: 2010-09-09
Description: fcchina ops list_ebs
Resources:
listebslambdaLayerVersion:
Type: AWS::Lambda::LayerVersion
Properties:
CompatibleRuntimes:
- python3.7
Content:
S3Bucket: fcchinajms
S3Key: lambda/List_ebs/fcchina_python3
Description: fcchina-python3
LayerName: fcchina-python3
listebslambdafunction:
Type: AWS::Lambda::Function
Properties:
Code:
S3Bucket: fcchinajms
S3Key: lambda/List_ebs/list_ebs_V1_04.zip
Description: fcchina_list_ebs_V1_04
FunctionName: fcchina_list_ebs_V1_04
Handler: list_ebs_V1_04.lambda_handler
Layers:
- !Ref listebslambdaLayerVersion
MemorySize: 128
Role: arn:aws-cn:iam::515743265704:role/l2c-rsrc-inspprdrol
Runtime: python3.7
Tags:
- Key: Name
Value: fcchina_list_ebs
- Key: appenv
Value: fcchina-prd
- Key: bgrp
Value: fcchina
- Key: vendor
Value: Ben
- Key: application
Value: fcchina
Timeout: 900
listebslambdaScheduledRule:
Type: AWS::Events::Rule
Properties:
Name: fcchinaebslist
Description: AWS Cloudwatch Events Schedule Rule
ScheduleExpression: "cron(0 05 25 * ? *)"
State: "ENABLED"
Targets:
- Arn:
Fn::GetAtt:
- listebslambdafunction
- Arn
Id: RI_monitor
listebsPermissionForEventsToInvokeLambda:
Type: AWS::Lambda::Permission
Properties:
FunctionName: !GetAtt
- listebslambdafunction
- Arn
Action: lambda:InvokeFunction
Principal: events.amazonaws.com
SourceArn: !GetAtt
- listebslambdaScheduledRule
- Arn
deleteebslambdafunction:
Type: AWS::Lambda::Function
Properties:
Code:
S3Bucket: fcchinajms
S3Key: lambda/List_ebs/del_ebs_V1_03.zip
Description: fcchina_delete_ebs_V1_03
FunctionName: fcchina_delete_ebs_V1_03
Handler: del_ebs_V1_03.lambda_handler
Layers:
- !Ref listebslambdaLayerVersion
MemorySize: 128
Role: arn:aws-cn:iam::515743265704:role/l2cmgnt01prdrol
Runtime: python3.7
Tags:
- Key: Name
Value: fcchina_delete_ebs
- Key: appenv
Value: fcchina-prd
- Key: bgrp
Value: fcchina
- Key: vendor
Value: Ben
- Key: application
Value: fcchina
Timeout: 900
listamilambdafunctio:
Type: AWS::Lambda::Function
Properties:
Code:
S3Bucket: fcchinajms
S3Key: lambda/List_ami/describe_ec2_ami_V2.zip
Description: fcchina_describe_ec2_ami_V2
FunctionName: fcchina_describe_ec2_ami_V2
Handler: describe_ec2_ami_V2.lambda_handler
Layers:
- !Ref listebslambdaLayerVersion
MemorySize: 128
Role: arn:aws-cn:iam::515743265704:role/l2c-rsrc-inspprdrol
Runtime: python3.7
Tags:
- Key: Name
Value: fcchina_describe_ec2_ami
- Key: appenv
Value: fcchina-prd
- Key: bgrp
Value: fcchina
- Key: vendor
Value: Ben
- Key: application
Value: fcchina
Timeout: 900
listamilambdaScheduledRule:
Type: AWS::Events::Rule
Properties:
Name: fcchinaec2amidescribe
Description: AWS Cloudwatch Events Schedule Rule
ScheduleExpression: "cron(0 05 25 * ? *)"
State: "ENABLED"
Targets:
- Arn:
Fn::GetAtt:
- listamilambdafunctio
- Arn
Id: RI_monitor
listamiPermissionForEventsToInvokeLambda:
Type: AWS::Lambda::Permission
Properties:
FunctionName: !GetAtt
- listamilambdafunctio
- Arn
Action: lambda:InvokeFunction
Principal: events.amazonaws.com
SourceArn: !GetAtt
- listamilambdaScheduledRule
- Arn
listsnapshotlambdafunction:
Type: AWS::Lambda::Function
Properties:
Code:
S3Bucket: fcchinajms
S3Key: lambda/List_snapshot/describe_ec2_snapshot_V2.zip
Description: fcchina_describe_ec2_snapshot_V2
FunctionName: fcchina_describe_ec2_snapshot_V2
Handler: describe_ec2_snapshot_V2.lambda_handler
Layers:
- !Ref listebslambdaLayerVersion
MemorySize: 128
Role: arn:aws-cn:iam::515743265704:role/l2c-rsrc-inspprdrol
Runtime: python3.7
Tags:
- Key: Name
Value: fcchina_describe_ec2_snapshot
- Key: appenv
Value: fcchina-prd
- Key: bgrp
Value: fcchina
- Key: vendor
Value: Ben
- Key: application
Value: fcchina
Timeout: 900
listsnapshotlambdaScheduledRule:
Type: AWS::Events::Rule
Properties:
Name: fcchinaec2snapshotdescribe
Description: AWS Cloudwatch Events Schedule Rule
ScheduleExpression: "cron(0 05 25 * ? *)"
State: "ENABLED"
Targets:
- Arn:
Fn::GetAtt:
- listsnapshotlambdafunction
- Arn
Id: RI_monitor
listsnapshotPermissionForEventsToInvokeLambda:
Type: AWS::Lambda::Permission
Properties:
FunctionName: !GetAtt
- listsnapshotlambdafunction
- Arn
Action: lambda:InvokeFunction
Principal: events.amazonaws.com
SourceArn: !GetAtt
- listsnapshotlambdaScheduledRule
- Arn
describerdssnapshotlambdafunction:
Type: AWS::Lambda::Function
Properties:
Code:
S3Bucket: fcchinajms
S3Key: lambda/List_snapshot-RDS/describe_db_snapshots_V1.zip
Description: describe_db_snapshots_V1
FunctionName: describe_db_snapshots_V1
Handler: describe_db_snapshots_V1.lambda_handler
Layers:
- !Ref listebslambdaLayerVersion
MemorySize: 128
Role: arn:aws-cn:iam::515743265704:role/l2c-rsrc-inspprdrol
Runtime: python3.6
Tags:
- Key: Name
Value: fcchina_describe_db_snapshots_V1
- Key: appenv
Value: fcchina-prd
- Key: bgrp
Value: fcchina
- Key: vendor
Value: Ben
- Key: application
Value: fcchina
describerdssnapshotlambdaScheduleRule:
Type: AWS::Events::Rule
Properties:
Name: fcchinardssnapshotdescribe
Description: AWS Cloudwatch Events Schedule Rule
ScheduleExpression: "cron(0 05 25 * ? *)"
State: "ENABLED"
Targets:
- Arn:
Fn::GetAtt:
- describerdssnapshotlambdafunction
- Arn
Id: RI_monitor
describerdssnapshotPermissionForEventsToInvokeLambda:
Type: AWS::Lambda::Permission
Properties:
FunctionName: !GetAtt
- describerdssnapshotlambdafunction
- Arn
Action: lambda:InvokeFunction
Principal: events.amazonaws.com
SourceArn: !GetAtt
- describerdssnapshotlambdafunction
- Arn
