DEV Community: Ambar The latest articles on DEV Community by Ambar (@nonbeing). https://dev.to/nonbeing https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F29528%2Fcb1eb2c8-d524-422b-995f-8497a3eaaee6.jpg DEV Community: Ambar https://dev.to/nonbeing en Upload file to S3 -> Launch EC2 instance Ambar Thu, 12 Dec 2019 15:38:40 +0000 https://dev.to/nonbeing/upload-file-to-s3-launch-ec2-instance-7m9 https://dev.to/nonbeing/upload-file-to-s3-launch-ec2-instance-7m9 <h1> Problem Statement </h1> <h2> Scenario </h2> <p>A user wants to run a data-processing (e.g. ML) workload on an EC2 instance. The data to be processed in this workload is a CSV file stored in an S3 bucket. </p> <p>Currently the user has to manually spin up an EC2 instance (with a <code>user-data</code> script that installs the tools and starts the data processing), after uploading the data (a CSV file) to their S3 bucket. </p> <p>Wouldn't it be great if this could be automated? So that creation of a file in the S3 bucket (from any source) would automatically spin up an appropriate EC2 instance to process the file? And creation of an output file in the same bucket would likewise automatically terminate all relevant (e.g. tagged) EC2 instances?</p> <h2> Requirements </h2> <h3> Use Case 1 </h3> <p>When a CSV is uploaded to the <code>inputs</code> "directory" in a given S3 bucket, an EC2 "data-processing" instance (i.e. tagged with <code>{"Purpose": "data-processing"}</code>) should be launched, but only if a "data-processing" tagged instance isn't already running. One instance at a time is sufficient for processing workloads.</p> <h3> Use Case 2 </h3> <p>When a new file is created in the <code>outputs</code> "directory" in the same S3 bucket, it means the workload has finished processing, and all "data-processing"-tagged instances should now be identified and terminated.</p> <h1> Solution Using S3 Triggers and Lambda </h1> <p>As explained at <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html" rel="noopener noreferrer">Configuring Amazon S3 Event Notifications<br> </a>, S3 can send notifications upon:</p> <ul> <li>object creation</li> <li>object removal</li> <li>object restore</li> <li>replication events</li> <li>RRS failures</li> </ul> <p>S3 can publish these events to 3 possible destinations:</p> <ul> <li>SNS</li> <li>SQS</li> <li>Lambda</li> </ul> <p>We want S3 to push <code>object creation</code> notifications directly to a Lambda function, which will have the necessary logic to process these events and determine further actions.</p> <p>Here's how to do this using Python3 and <code>boto3</code> in a simple Lambda function.</p> <h2> AWS Console: Setup the S3 bucket </h2> <p>Go to the AWS S3 console. Go to the bucket you want to use (or create a new one with default settings) for triggering your Lambda function. </p> <p>Create three "folders" in this bucket ('folders/directories' in S3 are actually 'key-prefixes' or paths) like so:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Fl9otj8w2qcsqid6659p0.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Fl9otj8w2qcsqid6659p0.png" alt="S3 Bucket Dirs"></a></p> <p>What are these dirs for?</p> <ul> <li> <code>config</code> : to hold various settings for the Lambda function</li> <li> <code>inputs</code> : a CSV file uploaded here will trigger the ML workload on an EC2 instance</li> <li> <code>outputs</code> : any file here indicates completion of the ML workload and should cause any running data-processing (i.e. specially-tagged) EC2 instances to terminate</li> </ul> <h3> The <code>config</code> folder </h3> <p>We need to supply the EC2 launch information to the Lambda function. By "launch information" we mean, the instance-type, the AMI-Id, the security groups, tags, ssh keypair, user-data, etc.</p> <p>One way to do this is to hard-code all of this into the Lambda code itself, but this is never a good idea. It's always better to externalize the config, and one way to do this by storing it in the S3 bucket itself like so:</p> <p>Save this as <code>ec2-launch-config.json</code> in the <code>config</code> folder:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"ami"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ami-0123b531fc646552f"</span><span class="p">,</span><span class="w"> </span><span class="nl">"region"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ap-south-1"</span><span class="p">,</span><span class="w"> </span><span class="nl">"instance_type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"t2.nano"</span><span class="p">,</span><span class="w"> </span><span class="nl">"ssh_key_name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ssh-connect"</span><span class="p">,</span><span class="w"> </span><span class="nl">"security_group_ids"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"sg-08b6b31110601e924"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"filter_tag_key"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Purpose"</span><span class="p">,</span><span class="w"> </span><span class="nl">"filter_tag_value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"data-processing"</span><span class="p">,</span><span class="w"> </span><span class="nl">"set_new_instance_tags"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Key"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Purpose"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"data-processing"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Key"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Name"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ML-runner"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>The params are quite self-explanatory, and you can tweak them as you need to.</p> <p><code>"filter_tag_key": "Purpose"</code> : <code>"filter_tag_value": "data-processing"</code> --&gt; this is the tag that will be used to identify (i.e. filter) already-running <code>data-processing</code> EC2 instances.</p> <p>You'll notice that <code>user-data</code> isn't part of the above JSON config. It's read in from a separate file called <code>user-data</code>, just so that it's easier to write and maintain:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> apt-get update <span class="nt">-y</span> apt-get <span class="nb">install</span> <span class="nt">-y</span> apache2 systemctl start apache2 systemctl <span class="nb">enable </span>apache2.service <span class="nb">echo</span> <span class="s2">"Congrats, your setup is a success!"</span> <span class="o">&gt;</span> /var/www/html/index.html </code></pre> </div> <p>The above <code>user-data</code> script will install the Apache2 webserver, and writes a congratulatory message that will be served on the instance's public IP address.</p> <h2> Lambda function logic </h2> <p>The Lambda function needs to:</p> <ul> <li>receive an incoming S3 object creation notification JSON object</li> <li>parse out the S3 bucket name and S3 object key name from the JSON</li> <li>pull in a JSON-based EC2 launch configuration previously stored in S3</li> <li>if the S3 object key (i.e. "directory") matches <code>^inputs/</code>, check if we need to launch a new EC2 instance and if so, launch one</li> <li>if the S3 object key (i.e. "directory") matches <code>^outputs/</code>, terminate any running tagged instances</li> </ul> <h2> AWS Console: New Lambda function setup </h2> <p>Go to the AWS Lambda console and click the <code>Create function</code> button.</p> <p>Select <code>Author from scratch</code>, enter a function name, and select <code>Python 3.8</code> as the Runtime.</p> <p>Select <code>Create a new role with basic Lambda permissions</code> in the <code>Choose or create an execution role</code> dropdown.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Fg9nlbmikpnv5rmn0gjfk.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Fg9nlbmikpnv5rmn0gjfk.png" alt="Create New Lambda Function"></a></p> <p>Click the <code>Create function</code> button.</p> <p>This will take you to the Configuration tab. </p> <p>Click the <code>Add Trigger</code> button:<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2F0hd63j039vhg3yz5squ9.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2F0hd63j039vhg3yz5squ9.png" alt="Click The Add Trigger Button"></a></p> <p>Setup an S3 trigger from the bucket in question, like so:<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Fcy6so265m31cmyi8ex3p.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Fcy6so265m31cmyi8ex3p.png" alt="Setup S3 Trigger"></a></p> <ul> <li>Select your bucket</li> <li>Select the events you're interested in (<code>All object create events</code> in this case)</li> <li>Leave <code>Prefix</code> and <code>Suffix</code> empty, as we will take care of prefixes (<code>inputs</code> and <code>outputs</code> bucket paths) in our function</li> <li>Select <code>Enable trigger</code> </li> </ul> <p>As it says near the bottom of the screenshot:</p> <blockquote> <p>Lambda will add the necessary permissions for Amazon S3 to invoke your Lambda function from this trigger.<br> So we don't need to go into S3 to configure notifications separately.</p> </blockquote> <ul> <li>Click the <code>Add</code> button to save this trigger configuration.</li> </ul> <p>Back on the main Lambda designer tab, you'll notice that S3 is now linked up to the our newly-created Lambda function:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Ft3ewuqkg78jzuleemvd1.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Ft3ewuqkg78jzuleemvd1.png" alt="S3 Linked to Lambda"></a></p> <p>Click the name of the Lambda function to open up the <code>Function code</code> editor underneath the Designer pane.</p> <h2> Lambda function code </h2> <p>Copy the following Lambda function code into the <code>Function code</code> editor, then click the <code>Save</code> button on the top-right.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">boto3</span> <span class="kn">import</span> <span class="n">json</span> <span class="kn">import</span> <span class="n">base64</span> <span class="kn">from</span> <span class="n">urllib.parse</span> <span class="kn">import</span> <span class="n">unquote_plus</span> <span class="n">BUCKET_NAME</span> <span class="o">=</span> <span class="sh">"</span><span class="s">YOUR_S3_BUCKET_NAME</span><span class="sh">"</span> <span class="n">CONFIG_FILE_KEY</span> <span class="o">=</span> <span class="sh">"</span><span class="s">config/ec2-launch-config.json</span><span class="sh">"</span> <span class="n">USER_DATA_FILE_KEY</span> <span class="o">=</span> <span class="sh">"</span><span class="s">config/user-data</span><span class="sh">"</span> <span class="n">BUCKET_INPUT_DIR</span> <span class="o">=</span> <span class="sh">"</span><span class="s">inputs</span><span class="sh">"</span> <span class="n">BUCKET_OUTPUT_DIR</span> <span class="o">=</span> <span class="sh">"</span><span class="s">outputs</span><span class="sh">"</span> <span class="k">def</span> <span class="nf">launch_instance</span><span class="p">(</span><span class="n">EC2</span><span class="p">,</span> <span class="n">config</span><span class="p">,</span> <span class="n">user_data</span><span class="p">):</span> <span class="n">tag_specs</span> <span class="o">=</span> <span class="p">[{}]</span> <span class="n">tag_specs</span><span class="p">[</span><span class="mi">0</span><span class="p">][</span><span class="sh">'</span><span class="s">ResourceType</span><span class="sh">'</span><span class="p">]</span> <span class="o">=</span> <span class="sh">'</span><span class="s">instance</span><span class="sh">'</span> <span class="n">tag_specs</span><span class="p">[</span><span class="mi">0</span><span class="p">][</span><span class="sh">'</span><span class="s">Tags</span><span class="sh">'</span><span class="p">]</span> <span class="o">=</span> <span class="n">config</span><span class="p">[</span><span class="sh">'</span><span class="s">set_new_instance_tags</span><span class="sh">'</span><span class="p">]</span> <span class="n">ec2_response</span> <span class="o">=</span> <span class="n">EC2</span><span class="p">.</span><span class="nf">run_instances</span><span class="p">(</span> <span class="n">ImageId</span><span class="o">=</span><span class="n">config</span><span class="p">[</span><span class="sh">'</span><span class="s">ami</span><span class="sh">'</span><span class="p">],</span> <span class="c1"># ami-0123b531fc646552f </span> <span class="n">InstanceType</span><span class="o">=</span><span class="n">config</span><span class="p">[</span><span class="sh">'</span><span class="s">instance_type</span><span class="sh">'</span><span class="p">],</span> <span class="c1"># t2.nano </span> <span class="n">KeyName</span><span class="o">=</span><span class="n">config</span><span class="p">[</span><span class="sh">'</span><span class="s">ssh_key_name</span><span class="sh">'</span><span class="p">],</span> <span class="c1"># ambar-default </span> <span class="n">MinCount</span><span class="o">=</span><span class="mi">1</span><span class="p">,</span> <span class="n">MaxCount</span><span class="o">=</span><span class="mi">1</span><span class="p">,</span> <span class="n">SecurityGroupIds</span><span class="o">=</span><span class="n">config</span><span class="p">[</span><span class="sh">'</span><span class="s">security_group_ids</span><span class="sh">'</span><span class="p">],</span> <span class="c1"># sg-08b6b31110601e924 </span> <span class="n">TagSpecifications</span><span class="o">=</span><span class="n">tag_specs</span><span class="p">,</span> <span class="c1"># UserData=base64.b64encode(user_data).decode("ascii") </span> <span class="n">UserData</span><span class="o">=</span><span class="n">user_data</span> <span class="p">)</span> <span class="n">new_instance_resp</span> <span class="o">=</span> <span class="n">ec2_response</span><span class="p">[</span><span class="sh">'</span><span class="s">Instances</span><span class="sh">'</span><span class="p">][</span><span class="mi">0</span><span class="p">]</span> <span class="n">instance_id</span> <span class="o">=</span> <span class="n">new_instance_resp</span><span class="p">[</span><span class="sh">'</span><span class="s">InstanceId</span><span class="sh">'</span><span class="p">]</span> <span class="c1"># print(f"[DEBUG] Full ec2 instance response data for '{instance_id}': {new_instance_resp}") </span> <span class="nf">return </span><span class="p">(</span><span class="n">instance_id</span><span class="p">,</span> <span class="n">new_instance_resp</span><span class="p">)</span> <span class="k">def</span> <span class="nf">lambda_handler</span><span class="p">(</span><span class="n">raw_event</span><span class="p">,</span> <span class="n">context</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Received raw event: </span><span class="si">{</span><span class="n">raw_event</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># event = raw_event['Records'] </span> <span class="k">for</span> <span class="n">record</span> <span class="ow">in</span> <span class="n">raw_event</span><span class="p">[</span><span class="sh">'</span><span class="s">Records</span><span class="sh">'</span><span class="p">]:</span> <span class="n">bucket</span> <span class="o">=</span> <span class="n">record</span><span class="p">[</span><span class="sh">'</span><span class="s">s3</span><span class="sh">'</span><span class="p">][</span><span class="sh">'</span><span class="s">bucket</span><span class="sh">'</span><span class="p">][</span><span class="sh">'</span><span class="s">name</span><span class="sh">'</span><span class="p">]</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Triggering S3 Bucket: </span><span class="si">{</span><span class="n">bucket</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">key</span> <span class="o">=</span> <span class="nf">unquote_plus</span><span class="p">(</span><span class="n">record</span><span class="p">[</span><span class="sh">'</span><span class="s">s3</span><span class="sh">'</span><span class="p">][</span><span class="sh">'</span><span class="s">object</span><span class="sh">'</span><span class="p">][</span><span class="sh">'</span><span class="s">key</span><span class="sh">'</span><span class="p">])</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Triggering key in S3: </span><span class="si">{</span><span class="n">key</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># get config from config file stored in S3 </span> <span class="n">S3</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="nf">client</span><span class="p">(</span><span class="sh">'</span><span class="s">s3</span><span class="sh">'</span><span class="p">)</span> <span class="n">result</span> <span class="o">=</span> <span class="n">S3</span><span class="p">.</span><span class="nf">get_object</span><span class="p">(</span><span class="n">Bucket</span><span class="o">=</span><span class="n">BUCKET_NAME</span><span class="p">,</span> <span class="n">Key</span><span class="o">=</span><span class="n">CONFIG_FILE_KEY</span><span class="p">)</span> <span class="n">ec2_config</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="nf">loads</span><span class="p">(</span><span class="n">result</span><span class="p">[</span><span class="sh">"</span><span class="s">Body</span><span class="sh">"</span><span class="p">].</span><span class="nf">read</span><span class="p">().</span><span class="nf">decode</span><span class="p">())</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Config from S3: </span><span class="si">{</span><span class="n">ec2_config</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">ec2_filters</span> <span class="o">=</span> <span class="p">[</span> <span class="p">{</span> <span class="sh">'</span><span class="s">Name</span><span class="sh">'</span><span class="p">:</span> <span class="sa">f</span><span class="sh">"</span><span class="s">tag:</span><span class="si">{</span><span class="n">ec2_config</span><span class="p">[</span><span class="sh">'</span><span class="s">filter_tag_key</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="sh">'</span><span class="s">Values</span><span class="sh">'</span><span class="p">:[</span> <span class="n">ec2_config</span><span class="p">[</span><span class="sh">'</span><span class="s">filter_tag_value</span><span class="sh">'</span><span class="p">]</span> <span class="p">]</span> <span class="p">}</span> <span class="p">]</span> <span class="n">EC2</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="nf">client</span><span class="p">(</span><span class="sh">'</span><span class="s">ec2</span><span class="sh">'</span><span class="p">,</span> <span class="n">region_name</span><span class="o">=</span><span class="n">ec2_config</span><span class="p">[</span><span class="sh">'</span><span class="s">region</span><span class="sh">'</span><span class="p">])</span> <span class="c1"># launch new EC2 instance if necessary </span> <span class="k">if</span> <span class="n">bucket</span> <span class="o">==</span> <span class="n">BUCKET_NAME</span> <span class="ow">and</span> <span class="n">key</span><span class="p">.</span><span class="nf">startswith</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">BUCKET_INPUT_DIR</span><span class="si">}</span><span class="s">/</span><span class="sh">"</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">[INFO] Describing EC2 instances with target tags...</span><span class="sh">"</span><span class="p">)</span> <span class="n">resp</span> <span class="o">=</span> <span class="n">EC2</span><span class="p">.</span><span class="nf">describe_instances</span><span class="p">(</span><span class="n">Filters</span><span class="o">=</span><span class="n">ec2_filters</span><span class="p">)</span> <span class="c1"># print(f"[DEBUG] describe_instances response: {resp}") </span> <span class="k">if</span> <span class="n">resp</span><span class="p">[</span><span class="sh">"</span><span class="s">Reservations</span><span class="sh">"</span><span class="p">]</span> <span class="ow">is</span> <span class="ow">not</span> <span class="p">[]:</span> <span class="c1"># at least one instance with target tags was found </span> <span class="k">for</span> <span class="n">reservation</span> <span class="ow">in</span> <span class="n">resp</span><span class="p">[</span><span class="sh">"</span><span class="s">Reservations</span><span class="sh">"</span><span class="p">]</span> <span class="p">:</span> <span class="k">for</span> <span class="n">instance</span> <span class="ow">in</span> <span class="n">reservation</span><span class="p">[</span><span class="sh">"</span><span class="s">Instances</span><span class="sh">"</span><span class="p">]:</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">[INFO] Found </span><span class="sh">'</span><span class="si">{</span><span class="n">instance</span><span class="p">[</span><span class="sh">'</span><span class="s">State</span><span class="sh">'</span><span class="p">][</span><span class="sh">'</span><span class="s">Name</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">'</span><span class="s"> instance </span><span class="sh">'</span><span class="si">{</span> <span class="n">instance</span><span class="p">[</span><span class="sh">'</span><span class="s">InstanceId</span><span class="sh">'</span><span class="p">]</span> <span class="si">}</span><span class="sh">'"</span> <span class="sa">f</span><span class="sh">"</span><span class="s"> having target tags: </span><span class="si">{</span><span class="n">instance</span><span class="p">[</span><span class="sh">'</span><span class="s">Tags</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s"> </span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="n">instance</span><span class="p">[</span><span class="sh">'</span><span class="s">State</span><span class="sh">'</span><span class="p">][</span><span class="sh">'</span><span class="s">Code</span><span class="sh">'</span><span class="p">]</span> <span class="o">==</span> <span class="mi">16</span><span class="p">:</span> <span class="c1"># instance has target tags AND also is in running state </span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">[INFO] instance </span><span class="sh">'</span><span class="si">{</span> <span class="n">instance</span><span class="p">[</span><span class="sh">'</span><span class="s">InstanceId</span><span class="sh">'</span><span class="p">]</span> <span class="si">}</span><span class="sh">'</span><span class="s"> is already running: so not launching any more instances</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">"</span><span class="s">newInstanceLaunched</span><span class="sh">"</span><span class="p">:</span> <span class="bp">False</span><span class="p">,</span> <span class="sh">"</span><span class="s">old-instanceId</span><span class="sh">"</span><span class="p">:</span> <span class="n">instance</span><span class="p">[</span><span class="sh">'</span><span class="s">InstanceId</span><span class="sh">'</span><span class="p">],</span> <span class="sh">"</span><span class="s">new-instanceId</span><span class="sh">"</span><span class="p">:</span> <span class="sh">""</span> <span class="p">}</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">[INFO] Could not find even a single running instance matching the desired tag, launching a new one</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># retrieve EC2 user-data for launch </span> <span class="n">result</span> <span class="o">=</span> <span class="n">S3</span><span class="p">.</span><span class="nf">get_object</span><span class="p">(</span><span class="n">Bucket</span><span class="o">=</span><span class="n">BUCKET_NAME</span><span class="p">,</span> <span class="n">Key</span><span class="o">=</span><span class="n">USER_DATA_FILE_KEY</span><span class="p">)</span> <span class="n">user_data</span> <span class="o">=</span> <span class="n">result</span><span class="p">[</span><span class="sh">"</span><span class="s">Body</span><span class="sh">"</span><span class="p">].</span><span class="nf">read</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">UserData from S3: </span><span class="si">{</span><span class="n">user_data</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">result</span> <span class="o">=</span> <span class="nf">launch_instance</span><span class="p">(</span><span class="n">EC2</span><span class="p">,</span> <span class="n">ec2_config</span><span class="p">,</span> <span class="n">user_data</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">[INFO] LAUNCHED EC2 instance-id </span><span class="sh">'</span><span class="si">{</span><span class="n">result</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span><span class="si">}</span><span class="sh">'"</span><span class="p">)</span> <span class="c1"># print(f"[DEBUG] EC2 launch_resp:\n {result[1]}") </span> <span class="k">return</span> <span class="p">{</span> <span class="sh">"</span><span class="s">newInstanceLaunched</span><span class="sh">"</span><span class="p">:</span> <span class="bp">True</span><span class="p">,</span> <span class="sh">"</span><span class="s">old-instanceId</span><span class="sh">"</span><span class="p">:</span> <span class="sh">""</span><span class="p">,</span> <span class="sh">"</span><span class="s">new-instanceId</span><span class="sh">"</span><span class="p">:</span> <span class="n">result</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="p">}</span> <span class="c1"># terminate all tagged EC2 instances </span> <span class="k">if</span> <span class="n">bucket</span> <span class="o">==</span> <span class="n">BUCKET_NAME</span> <span class="ow">and</span> <span class="n">key</span><span class="p">.</span><span class="nf">startswith</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">BUCKET_OUTPUT_DIR</span><span class="si">}</span><span class="s">/</span><span class="sh">"</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">[INFO] Describing EC2 instances with target tags...</span><span class="sh">"</span><span class="p">)</span> <span class="n">resp</span> <span class="o">=</span> <span class="n">EC2</span><span class="p">.</span><span class="nf">describe_instances</span><span class="p">(</span><span class="n">Filters</span><span class="o">=</span><span class="n">ec2_filters</span><span class="p">)</span> <span class="c1"># print(f"[DEBUG] describe_instances response: {resp}") </span> <span class="n">terminated_instance_ids</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">if</span> <span class="n">resp</span><span class="p">[</span><span class="sh">"</span><span class="s">Reservations</span><span class="sh">"</span><span class="p">]</span> <span class="ow">is</span> <span class="ow">not</span> <span class="p">[]:</span> <span class="c1"># at least one instance with target tags was found </span> <span class="k">for</span> <span class="n">reservation</span> <span class="ow">in</span> <span class="n">resp</span><span class="p">[</span><span class="sh">"</span><span class="s">Reservations</span><span class="sh">"</span><span class="p">]</span> <span class="p">:</span> <span class="k">for</span> <span class="n">instance</span> <span class="ow">in</span> <span class="n">reservation</span><span class="p">[</span><span class="sh">"</span><span class="s">Instances</span><span class="sh">"</span><span class="p">]:</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">[INFO] Found </span><span class="sh">'</span><span class="si">{</span><span class="n">instance</span><span class="p">[</span><span class="sh">'</span><span class="s">State</span><span class="sh">'</span><span class="p">][</span><span class="sh">'</span><span class="s">Name</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">'</span><span class="s"> instance </span><span class="sh">'</span><span class="si">{</span> <span class="n">instance</span><span class="p">[</span><span class="sh">'</span><span class="s">InstanceId</span><span class="sh">'</span><span class="p">]</span> <span class="si">}</span><span class="sh">'"</span> <span class="sa">f</span><span class="sh">"</span><span class="s"> having target tags: </span><span class="si">{</span><span class="n">instance</span><span class="p">[</span><span class="sh">'</span><span class="s">Tags</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s"> </span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="n">instance</span><span class="p">[</span><span class="sh">'</span><span class="s">State</span><span class="sh">'</span><span class="p">][</span><span class="sh">'</span><span class="s">Code</span><span class="sh">'</span><span class="p">]</span> <span class="o">==</span> <span class="mi">16</span><span class="p">:</span> <span class="c1"># instance has target tags AND also is in running state </span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">[INFO] instance </span><span class="sh">'</span><span class="si">{</span> <span class="n">instance</span><span class="p">[</span><span class="sh">'</span><span class="s">InstanceId</span><span class="sh">'</span><span class="p">]</span> <span class="si">}</span><span class="sh">'</span><span class="s"> is running: terminating it</span><span class="sh">"</span><span class="p">)</span> <span class="n">terminated_instance_ids</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">instance</span><span class="p">[</span><span class="sh">'</span><span class="s">InstanceId</span><span class="sh">'</span><span class="p">])</span> <span class="n">boto3</span><span class="p">.</span><span class="nf">resource</span><span class="p">(</span><span class="sh">'</span><span class="s">ec2</span><span class="sh">'</span><span class="p">).</span><span class="nc">Instance</span><span class="p">(</span><span class="n">instance</span><span class="p">[</span><span class="sh">'</span><span class="s">InstanceId</span><span class="sh">'</span><span class="p">]).</span><span class="nf">terminate</span><span class="p">()</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">"</span><span class="s">terminated-instance-ids:</span><span class="sh">"</span><span class="p">:</span> <span class="n">terminated_instance_ids</span> <span class="p">}</span> </code></pre> </div> <h2> Lambda Execution IAM Role </h2> <p>Our lambda function won't work just yet. It needs S3 access to read in the config and it needs permissions to describe, launch, and terminate EC2 instances.</p> <p>Scroll down on the Lambda configuration page to the <code>Execution role</code> and click the <code>View role</code> link:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Fncbyycy0fx1c4pb10wcz.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Fncbyycy0fx1c4pb10wcz.png" alt="Edit Lambda Execution Role"></a></p> <p>Click on the <code>AWSLambdaBasic...</code> link to edit the lambda function's policy:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Fuz6hb5j1k429m6kmykqw.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Fuz6hb5j1k429m6kmykqw.png" alt="Edit Policy"></a></p> <p>Click <code>{} JSON</code>, <code>Edit Policy</code> and then <code>JSON</code>. </p> <p>Now add the following JSON to the existing <code>Statement</code> Section<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"s3:*"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="p">}</span><span class="err">,</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"ec2:RunInstances"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:CreateTags"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:ReportInstanceStatus"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:DescribeInstanceStatus"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:DescribeInstances"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:TerminateInstances"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Click <code>Review Policy</code> and <code>Save changes</code>.</p> <h1> Go! </h1> <p>Our setup's finally complete. We're ready to test it out!</p> <h2> Test Case 1: new instance launch </h2> <p>Upload a file from the S3 console into the <code>inputs</code> folder. If you used the exact same config as above, this would have triggered the Lambda function, which in turn would have launched a new <code>t2.nano</code> instance with the <code>Purpose: data-processing</code> tag on it.</p> <p>If you put the instance's public IP address into a browser (after giving it a minute or so to boot and warm up), you should also see the test message served to you: which indicates that the <code>user-data</code> did indeed execute successfully upon boot.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2F4ryqzq10hy6dwjb7419q.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2F4ryqzq10hy6dwjb7419q.png" alt="Test Message"></a></p> <h2> Test Case 2: another instance should not launch </h2> <p>As long as there is at least one <code>Purpose: data-processing</code> tagged instance running, another one should not spawn. Let's upload another file to the <code>inputs</code> folder. And indeed the actual behavior matches the expectation.</p> <p>If we kill the already-running instance, and <strong>then</strong> upload another file to the <code>inputs</code> folder, it will launch a new instance.</p> <h2> Test Case 3: instance termination condition </h2> <p>Upload a file into the <code>outputs</code> folder. This will trigger the Lambda function into terminating any already-running instances that are tagged with <code>Purpose: data-processing</code>.</p> <h3> Bonus: S3 event object to test your lambda function </h3> <p>S3-object-creation-notification (to test Lambda function)<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Records"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"eventVersion"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2.1"</span><span class="p">,</span><span class="w"> </span><span class="nl">"eventSource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"aws:s3"</span><span class="p">,</span><span class="w"> </span><span class="nl">"awsRegion"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ap-south-1"</span><span class="p">,</span><span class="w"> </span><span class="nl">"eventTime"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2019-09-03T19:37:27.192Z"</span><span class="p">,</span><span class="w"> </span><span class="nl">"eventName"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ObjectCreated:Put"</span><span class="p">,</span><span class="w"> </span><span class="nl">"userIdentity"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"principalId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"AWS:AIDAINPONIXQXHT3IKHL2"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"requestParameters"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"sourceIPAddress"</span><span class="p">:</span><span class="w"> </span><span class="s2">"205.255.255.255"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"responseElements"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"x-amz-request-id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"D82B88E5F771F645"</span><span class="p">,</span><span class="w"> </span><span class="nl">"x-amz-id-2"</span><span class="p">:</span><span class="w"> </span><span class="s2">"vlR7PnpV2Ce81l0PRw6jlUpck7Jo5ZsQjryTjKlc5aLWGVHPZLj5NeC6qMa0emYBDXOo6QBU0Wo="</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"s3"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"s3SchemaVersion"</span><span class="p">:</span><span class="w"> </span><span class="s2">"1.0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"configurationId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"828aa6fc-f7b5-4305-8584-487c791949c1"</span><span class="p">,</span><span class="w"> </span><span class="nl">"bucket"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"YOUR_S3_BUCKET_NAME"</span><span class="p">,</span><span class="w"> </span><span class="nl">"ownerIdentity"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"principalId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"A3I5XTEXAMAI3E"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"arn"</span><span class="p">:</span><span class="w"> </span><span class="s2">"arn:aws:s3:::lambda-artifacts-deafc19498e3f2df"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"object"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"key"</span><span class="p">:</span><span class="w"> </span><span class="s2">"b21b84d653bb07b05b1e6b33684dc11b"</span><span class="p">,</span><span class="w"> </span><span class="nl">"size"</span><span class="p">:</span><span class="w"> </span><span class="mi">1305107</span><span class="p">,</span><span class="w"> </span><span class="nl">"eTag"</span><span class="p">:</span><span class="w"> </span><span class="s2">"b21b84d653bb07b05b1e6b33684dc11b"</span><span class="p">,</span><span class="w"> </span><span class="nl">"sequencer"</span><span class="p">:</span><span class="w"> </span><span class="s2">"0C0F6F405D6ED209E1"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>That's all, folks!</p> aws python devops serverless