Implementing Stop-and-start policies on Amazon RDS during non-working hours.
Why Use an AWS Lambda Function?
In managing your cloud resources, it’s crucial to use them wisely and keep costs down. One smart way to do this is by setting up automated schedules for your Amazon RDS instances using AWS Lambda. Let’s break down why this is important and how it can benefit your organization in simple terms.
1. Saving Money by Turning Things Off (Cost Optimization and Resource Efficiency) — Imagine leaving your house lights on while you’re away — it wastes electricity and inflates your bills. Likewise, running your Amazon RDS instances continuously, even when idle, can drive up costs. By applying policies automatically to power down these instances during downtimes or when not in use can lead to major savings on your cloud bills.
2. Automating the Boring Stuff (Automation and Flexibility) — Nobody likes doing repetitive tasks manually. With AWS Lambda, you can automate the process of starting and stopping your RDS instances. This means you don’t have to remember to turn them off at night or over the weekend — Lambda does it for you automatically.
3. Scalability — AWS Lambda adjusts itself automatically to handle workload changes and resource needs. This means your stop-and-start plans can work well with RDS instances in different situations and workload sizes without you having to worry about it.
4. Being Smart About Security (Security and Compliance) — When you stop RDS instances when you don’t need them, you lower the chances of cyber-attacks and other security risks. Also, setting up schedules for stopping and starting helps you follow rules and laws about when your resources are active, making sure they’re only accessible when they should be.
The following is the workflow architecture:
...
Prerequisites — you need the following resources to perform this task.
1. An AWS account with administrator access to Amazon RDS.
2. An RDS instance that you want to shut down and start on a schedule.
I have already created a database in Amazon RDS by the name “testdb-1”
Step 1 — Assign tags to the DB instance.
1. Go to the Amazon RDS console, and choose a database and the DB instance within that database that you want to add tags to.
2. Go to the Tags section and click on Add tags.
3. For the Tag key, enter AutoStart & AutoStop and For Value, enter True and click on Add.
We can see tags which are added in the previous step.
Step 2 — Create an IAM policy and role for Lambda
We now create an IAM policy and role for Lambda to start and stop the instances.
1. Go to the IAM console, under Access Management in the navigation pane, choose Policies and Click on Create Policy.
2. On the JSON tab, enter the following policy code:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1",
"Effect": "Allow",
"Action": [
"rds:DescribeDBClusterParameters",
"rds:StartDBCluster",
"rds:StopDBCluster",
"rds:StopDBInstance",
"rds:StartDBInstance",
"rds:ListTagsForResource",
"rds:DescribeDBInstances",
"rds:DescribeSourceRegions",
"rds:DescribeDBClusterEndpoints",
"rds:DescribeDBClusters"
],
"Resource": "*"
}
]
}
3. Choose Review policy, For Name, enter rdsstopstart and click on Create policy.
4. Now, you need to create an IAM role and attach this policy to it. This role will be assumed by the Lambda function. Go to the IAM console:
· Click on “Roles” in the left-hand menu.
· Click on “Create role”.
5. Choose “Lambda” as the service that will use this role, then click “Next: Permissions”.
6. In the “Filter policies” search box, type in the name of the policy you created earlier (rdsstopstart), then select it. Click on Next.
7. Provide a name for your role (e.g., LambdaRDSStartStopRole) and an optional description and Click on “Create role”.
8. Now, you have an IAM role with the necessary permissions for your Lambda function to start and stop Amazon RDS instances. Make sure to attach this role to your Lambda function during its creation or update process in the AWS Lambda console.
Step 3.1 — Create your Lambda function to stop the database
We’ll create two Lambda functions for stopping and starting the databases. Initially, we guide you through the creation of the stop function.
1. Go to the Lambda console, choose Functions in the navigation pane and Choose Create function.
2. Choose “Author from scratch”.
3. Enter a name for your function, select Python as the runtime, and For the Existing role, choose the role you created (LambdaRDSStartStopRole)
4. Click on the Create function.
5. On the function details page, navigate to the function code.
6. Delete the sample code and enter the following
7. Copy and paste the code for stopping RDS instances into the code editor.
import boto3
rds = boto3.client('rds')
def lambda_handler(event, context):
#Stop DB instances
dbs = rds.describe_db_instances()
for db in dbs['DBInstances']:
#Check if DB instance is not already stopped
if (db['DBInstanceStatus'] == 'available'):
try:
GetTags=rds.list_tags_for_resource(ResourceName=db['DBInstanceArn'])['TagList']
for tags in GetTags:
#if tag "autostop=yes" is set for instance, stop it
if(tags['Key'] == 'AutoStop' and tags['Value'] == 'True'):
result = rds.stop_db_instance(DBInstanceIdentifier=db['DBInstanceIdentifier'])
print ("Stopping instance: {0}.".format(db['DBInstanceIdentifier']))
except Exception as e:
print ("Cannot stop instance {0}.".format(db['DBInstanceIdentifier']))
print(e)
if __name__ == "__main__":
lambda_handler(None, None)
8. Click on “Deploy” to create your Lambda function.
9. Navigate to the ‘Configuration’ tab and choose ‘Environment Variables’. Click on the EDIT and add the Environment Variables as shown below AutoStop.
10. You can test your Lambda functions directly in the Lambda console by clicking on “Test”.
Step 3.2 — Create your Lambda function to start the database
1. Follow the same steps as above, but this time create a new Lambda function to start RDS instances.
2. Copy and paste the code for starting RDS instances into the code editor.
import boto3
rds = boto3.client('rds')
def lambda_handler(event, context):
#Start DB Instances
dbs = rds.describe_db_instances()
for db in dbs['DBInstances']:
#Check if DB instance stopped. Start it if eligible.
if (db['DBInstanceStatus'] == 'stopped'):
try:
GetTags=rds.list_tags_for_resource(ResourceName=db['DBInstanceArn'])['TagList']
for tags in GetTags:
#if tag "autostart=yes" is set for instance, start it
if(tags['Key'] == 'AutoStart' and tags['Value'] == 'True'):
result = rds.start_db_instance(DBInstanceIdentifier=db['DBInstanceIdentifier'])
print ("Starting instance: {0}.".format(db['DBInstanceIdentifier']))
except Exception as e:
print ("Cannot start instance {0}.".format(db['DBInstanceIdentifier']))
print(e)
if __name__ == "__main__":
lambda_handler(None, None)
3. Click on “Deploy” to create your Lambda function.
4. Navigate to the ‘Configuration’ tab and choose ‘Environment Variables’. Click on the EDIT and add the Environment Variables as shown below AutoStart.
5. You can test your Lambda functions directly in the Lambda console by clicking on “Test”.
Step 4.1 — Create your Amazon EventBridge Rule to Stop RDS.
Amazon EventBridge rules trigger the functions we created to either stop or start the tagged database. Specifically, we configure these rules to trigger on a predetermined schedule.
1. Go to the EventBridge console and click on the Rules on the left pane. Under the Create rule section click on Create a rule.
2. Define Rule details like name and description, select rule type as schedule and click on continue Name: Autordsstop Description: This rule is for Auto stop rds
3. Next, In the schedule pattern, select Recurring schedule & schedule type as Cron-based schedule.
4. Give Cron expression like ( 0. 22. * . *. ? . * ), this schedule hits on Every day at 10:00 PM and click on Next
6. In the Select Targets section, choose Aws Lambda Invoke.
7. For Function, choose the stop function you created (rdsstop).
8. Click on next, Review and create a schedule.
Step 4.2 — Create your Amazon EventBridge Rule to Start RDS.
1. Repeat the above steps to create a rule to trigger the rdsstart Lambda function at the preferred scheduled time 8.00 AM.
Name: Autordsstart Description: This rule is for Auto start rds
Summary
Implementing automated stop-and-start policies for Amazon RDS instances using AWS Lambda and Amazon EventBridge helps organizations optimize costs, enhance resource efficiency, and improve security. By scheduling RDS instances to shut down during non-working hours, organizations can minimize unnecessary expenses and reduce the risk of security threats. This automation streamlines operations maximizes flexibility, and ensures compliance with security policies, ultimately leading to more effective resource management in the cloud.
No comments:
Post a Comment