The latest articles on DEV Community by Prashant Gupta (@prashantgupta123). https://dev.to/prashantgupta123 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3646641%2F3b2245f5-b3aa-4c2a-b1a1-ed0b08026b08.jpg https://dev.to/prashantgupta123 en Prashant Gupta Fri, 02 Jan 2026 08:48:39 +0000 https://dev.to/prashantgupta123/automated-ec2-instance-scheduling-a-cost-optimized-approach-to-managing-non-production-workloads-3h1i https://dev.to/prashantgupta123/automated-ec2-instance-scheduling-a-cost-optimized-approach-to-managing-non-production-workloads-3h1i <h2> Automated EC2 Instance Scheduling: A Cost-Optimized Approach to Managing Non-Production Workloads </h2> <h2> Introduction &amp; Problem Statement </h2> <p>In cloud environments, cost optimization is a critical concern for engineering teams. One of the most straightforward yet impactful strategies is scheduling non-production EC2 instances to run only during business hours. Consider a typical scenario:</p> <ul> <li> <strong>Development/Any environments</strong> running 24/7 unnecessarily</li> <li> <strong>Monthly cost</strong>: ~$730 per instance (assuming $1/hour)</li> <li> <strong>Actual usage</strong>: Only 12 hours/day, 5 days/week (~60 hours/week)</li> <li> <strong>Potential savings</strong>: Up to 64% reduction in compute costs</li> </ul> <p>However, manually starting and stopping instances is error-prone, time-consuming, and doesn't scale. Teams need an automated, reliable, and auditable solution that:</p> <ol> <li> <strong>Schedules instances</strong> based on business hours</li> <li> <strong>Supports multiple modules</strong> (backend, frontend, databases)</li> <li> <strong>Provides notifications</strong> for visibility and troubleshooting</li> <li> <strong>Integrates with existing infrastructure</strong> (VPC, security groups, IAM)</li> <li> <strong>Maintains high availability</strong> during operational hours</li> </ol> <p>This article presents a production-ready solution using AWS Lambda, EventBridge, Terraform, and SNS to automate EC2 instance lifecycle management with enterprise-grade reliability.</p> <h2> Architecture &amp; Design Overview </h2> <h3> High-Level Architecture </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>┌─────────────────────────────────────────────────────────────────┐ │ EventBridge Scheduler │ │ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │ │ │ Start Event │ │ Stop Event │ │ Start Event │ │ │ │ (06:00 UTC) │ │ (18:00 UTC) │ │ (06:00 UTC) │ ... │ │ │ Backend │ │ Backend │ │ Frontend │ │ │ └──────┬───────┘ └──────┬───────┘ └──────┬───────┘ │ └─────────┼──────────────────┼──────────────────┼─────────────────┘ │ │ │ └──────────────────┼──────────────────┘ ▼ ┌──────────────────────┐ │ Lambda Function │ │ (VPC-enabled) │ │ - Validate Event │ │ - Start/Stop EC2 │ │ - Send Notification │ └──────────┬───────────┘ │ ┌────────────┼────────────┐ ▼ ▼ ▼ ┌──────────┐ ┌─────────┐ ┌─────────┐ │ EC2 │ │ SNS │ │ CloudW. │ │ Instances│ │ Topic │ │ Logs │ └──────────┘ └─────────┘ └─────────┘ </code></pre> </div> <h3> Key Components </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Component</th> <th>Purpose</th> <th>Technology</th> </tr> </thead> <tbody> <tr> <td><strong>EventBridge Rules</strong></td> <td>Schedule-based triggers for start/stop operations</td> <td>AWS EventBridge (Cron)</td> </tr> <tr> <td><strong>Lambda Function</strong></td> <td>Orchestrates EC2 operations and notifications</td> <td>Python 3.14 Runtime</td> </tr> <tr> <td><strong>SNS Topic</strong></td> <td>Delivers success/failure notifications</td> <td>AWS SNS</td> </tr> <tr> <td><strong>IAM Role</strong></td> <td>Grants Lambda permissions for EC2, SNS, VPC</td> <td>AWS IAM</td> </tr> <tr> <td><strong>Security Group</strong></td> <td>Controls Lambda network access</td> <td>AWS VPC</td> </tr> <tr> <td><strong>CloudWatch Logs</strong></td> <td>Centralized logging and monitoring</td> <td>AWS CloudWatch</td> </tr> <tr> <td><strong>CloudWatch Alarms</strong></td> <td>Alerts on Lambda errors</td> <td>AWS CloudWatch Alarms</td> </tr> <tr> <td><strong>Terraform</strong></td> <td>Infrastructure as Code for deployment</td> <td>Terraform 1.14+</td> </tr> </tbody> </table></div> <h3> Design Principles </h3> <ol> <li> <strong>Event-Driven Architecture</strong>: EventBridge triggers Lambda based on cron schedules</li> <li> <strong>Idempotency</strong>: Safe to retry; starting an already-running instance is a no-op</li> <li> <strong>Fail-Fast Validation</strong>: Input validation before AWS API calls</li> <li> <strong>Observability</strong>: Comprehensive logging and SNS notifications</li> <li> <strong>Security</strong>: VPC-enabled Lambda, least-privilege IAM, no hardcoded credentials</li> <li> <strong>Infrastructure as Code</strong>: Fully automated deployment via Terraform</li> </ol> <h2> Solution Approach </h2> <h3> Workflow </h3> <p>The solution follows a straightforward event-driven workflow:</p> <ol> <li> <strong>EventBridge Trigger</strong>: Cron expression fires at scheduled time (e.g., 06:00 UTC)</li> <li> <strong>Event Payload</strong>: Contains action (<code>start</code>/<code>stop</code>), module name, and instance details</li> <li> <strong>Lambda Invocation</strong>: Function receives event and validates parameters</li> <li> <strong>EC2 Operation</strong>: Calls <code>start_instances()</code> or <code>stop_instances()</code> API</li> <li> <strong>Notification</strong>: Publishes success/failure message to SNS topic</li> <li> <strong>Logging</strong>: All operations logged to CloudWatch for audit trail</li> </ol> <h3> Event Structure </h3> <p>Each EventBridge rule sends a structured JSON payload:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"action"</span><span class="p">:</span><span class="w"> </span><span class="s2">"start"</span><span class="p">,</span><span class="w"> </span><span class="nl">"module"</span><span class="p">:</span><span class="w"> </span><span class="s2">"backendserver"</span><span class="p">,</span><span class="w"> </span><span class="nl">"instance_details"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"i-11223344556677889"</span><span class="p">:</span><span class="w"> </span><span class="s2">"test-prod-backendserver"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>This design allows:</p> <ul> <li> <strong>Multiple instances</strong> per event (batch operations)</li> <li> <strong>Module-based grouping</strong> for logical separation</li> <li> <strong>Descriptive naming</strong> for better observability</li> </ul> <h3> Scheduling Strategy </h3> <p>The solution uses cron expressions for precise scheduling:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Start: cron(0 6 ? * MON-FRI *) # 06:00 AM UTC, weekdays only Stop: cron(0 18 ? * MON-FRI *) # 06:00 PM UTC, weekdays only </code></pre> </div> <p>This ensures:</p> <ul> <li> <strong>Cost savings</strong> during nights and weekends</li> <li> <strong>Availability</strong> during business hours</li> <li> <strong>Flexibility</strong> to customize per module</li> </ul> <h2> Code Walkthrough </h2> <h3> Lambda Function Architecture </h3> <p>The refactored Lambda function follows object-oriented principles with clear separation of concerns:</p> <h4> 1. EC2InstanceManager Class </h4> <p>Encapsulates EC2 operations with clean interfaces:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">EC2InstanceManager</span><span class="p">:</span> <span class="k">def</span> <span class="nf">start_instances</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">instance_ids</span><span class="p">:</span> <span class="n">List</span><span class="p">[</span><span class="nb">str</span><span class="p">])</span> <span class="o">-&gt;</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">]:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Starting instances: </span><span class="si">{</span><span class="n">instance_ids</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="n">ec2</span><span class="p">.</span><span class="nf">start_instances</span><span class="p">(</span><span class="n">InstanceIds</span><span class="o">=</span><span class="n">instance_ids</span><span class="p">)</span> <span class="k">def</span> <span class="nf">stop_instances</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">instance_ids</span><span class="p">:</span> <span class="n">List</span><span class="p">[</span><span class="nb">str</span><span class="p">])</span> <span class="o">-&gt;</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">]:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Stopping instances: </span><span class="si">{</span><span class="n">instance_ids</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="n">ec2</span><span class="p">.</span><span class="nf">stop_instances</span><span class="p">(</span><span class="n">InstanceIds</span><span class="o">=</span><span class="n">instance_ids</span><span class="p">)</span> </code></pre> </div> <p><strong>Benefits</strong>:</p> <ul> <li>Single responsibility (EC2 operations only)</li> <li>Easy to mock for unit testing</li> <li>Reusable across different contexts</li> </ul> <h4> 2. NotificationService Class </h4> <p>Handles SNS publishing with intelligent message formatting:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">NotificationService</span><span class="p">:</span> <span class="k">def</span> <span class="nf">send_notification</span><span class="p">(</span> <span class="n">self</span><span class="p">,</span> <span class="n">action</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">module</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">instance_details</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="nb">str</span><span class="p">],</span> <span class="n">status</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="sh">"</span><span class="s">INFO</span><span class="sh">"</span><span class="p">,</span> <span class="n">error_message</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="bp">None</span> <span class="p">)</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> <span class="n">subject</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">subject_prefix</span><span class="si">}</span><span class="s"> | </span><span class="si">{</span><span class="n">status</span><span class="si">}</span><span class="s"> | </span><span class="si">{</span><span class="n">action</span><span class="p">.</span><span class="nf">upper</span><span class="p">()</span><span class="si">}</span><span class="s"> - </span><span class="si">{</span><span class="n">module</span><span class="si">}</span><span class="sh">"</span> <span class="c1"># Format message based on success/failure </span> <span class="n">self</span><span class="p">.</span><span class="n">sns</span><span class="p">.</span><span class="nf">publish</span><span class="p">(</span><span class="n">TopicArn</span><span class="o">=</span><span class="n">self</span><span class="p">.</span><span class="n">topic_arn</span><span class="p">,</span> <span class="n">Subject</span><span class="o">=</span><span class="n">subject</span><span class="p">,</span> <span class="n">Message</span><span class="o">=</span><span class="n">message</span><span class="p">)</span> </code></pre> </div> <p><strong>Benefits</strong>:</p> <ul> <li>Consistent notification format</li> <li>Graceful handling of missing SNS configuration</li> <li>Error notifications for troubleshooting</li> </ul> <h4> 3. Event Validation </h4> <p>Fail-fast validation prevents unnecessary AWS API calls:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">validate_event</span><span class="p">(</span><span class="n">event</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">])</span> <span class="o">-&gt;</span> <span class="nb">tuple</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="nb">str</span><span class="p">,</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="nb">str</span><span class="p">]]:</span> <span class="k">if</span> <span class="n">action</span> <span class="ow">not</span> <span class="ow">in</span> <span class="p">[</span><span class="sh">'</span><span class="s">start</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">stop</span><span class="sh">'</span><span class="p">]:</span> <span class="k">raise</span> <span class="nc">ValueError</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Invalid action: </span><span class="sh">'</span><span class="si">{</span><span class="n">action</span><span class="si">}</span><span class="sh">'"</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">instance_details</span> <span class="ow">or</span> <span class="ow">not</span> <span class="nf">isinstance</span><span class="p">(</span><span class="n">instance_details</span><span class="p">,</span> <span class="nb">dict</span><span class="p">):</span> <span class="k">raise</span> <span class="nc">ValueError</span><span class="p">(</span><span class="sh">"</span><span class="s">Missing or invalid </span><span class="sh">'</span><span class="s">instance_details</span><span class="sh">'"</span><span class="p">)</span> <span class="k">return</span> <span class="n">action</span><span class="p">,</span> <span class="n">module</span><span class="p">,</span> <span class="n">instance_details</span> </code></pre> </div> <p><strong>Benefits</strong>:</p> <ul> <li>Clear error messages for debugging</li> <li>Prevents partial operations</li> <li>Returns 400 status for client errors</li> </ul> <h4> 4. Lambda Handler </h4> <p>Orchestrates the entire workflow with comprehensive error handling:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">lambda_handler</span><span class="p">(</span><span class="n">event</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">],</span> <span class="n">context</span><span class="p">:</span> <span class="n">Any</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">]:</span> <span class="k">try</span><span class="p">:</span> <span class="n">action</span><span class="p">,</span> <span class="n">module</span><span class="p">,</span> <span class="n">instance_details</span> <span class="o">=</span> <span class="nf">validate_event</span><span class="p">(</span><span class="n">event</span><span class="p">)</span> <span class="k">if</span> <span class="n">action</span> <span class="o">==</span> <span class="sh">'</span><span class="s">start</span><span class="sh">'</span><span class="p">:</span> <span class="n">response</span> <span class="o">=</span> <span class="n">instance_manager</span><span class="p">.</span><span class="nf">start_instances</span><span class="p">(</span><span class="n">instance_ids</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="n">response</span> <span class="o">=</span> <span class="n">instance_manager</span><span class="p">.</span><span class="nf">stop_instances</span><span class="p">(</span><span class="n">instance_ids</span><span class="p">)</span> <span class="n">notification_service</span><span class="p">.</span><span class="nf">send_notification</span><span class="p">(...)</span> <span class="k">return</span> <span class="p">{</span><span class="sh">'</span><span class="s">statusCode</span><span class="sh">'</span><span class="p">:</span> <span class="mi">200</span><span class="p">,</span> <span class="sh">'</span><span class="s">body</span><span class="sh">'</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({...})}</span> <span class="k">except</span> <span class="nb">ValueError</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="k">return</span> <span class="p">{</span><span class="sh">'</span><span class="s">statusCode</span><span class="sh">'</span><span class="p">:</span> <span class="mi">400</span><span class="p">,</span> <span class="sh">'</span><span class="s">body</span><span class="sh">'</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">'</span><span class="s">error</span><span class="sh">'</span><span class="p">:</span> <span class="nf">str</span><span class="p">(</span><span class="n">e</span><span class="p">)})}</span> <span class="nf">except </span><span class="p">(</span><span class="n">ClientError</span><span class="p">,</span> <span class="n">BotoCoreError</span><span class="p">)</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">notification_service</span><span class="p">.</span><span class="nf">send_notification</span><span class="p">(...,</span> <span class="n">status</span><span class="o">=</span><span class="sh">"</span><span class="s">ERROR</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="p">{</span><span class="sh">'</span><span class="s">statusCode</span><span class="sh">'</span><span class="p">:</span> <span class="mi">500</span><span class="p">,</span> <span class="sh">'</span><span class="s">body</span><span class="sh">'</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">'</span><span class="s">error</span><span class="sh">'</span><span class="p">:</span> <span class="nf">str</span><span class="p">(</span><span class="n">e</span><span class="p">)})}</span> </code></pre> </div> <p><strong>Benefits</strong>:</p> <ul> <li>Structured error handling (400 vs 500)</li> <li>Automatic failure notifications</li> <li>Detailed logging for troubleshooting</li> </ul> <h3> Terraform Infrastructure </h3> <p>The Terraform configuration provisions all required AWS resources:</p> <h4> Key Resources </h4> <ol> <li> <strong>Lambda Function</strong> with VPC configuration</li> <li> <strong>IAM Role</strong> with EC2, SNS, and VPC permissions</li> <li> <strong>Security Group</strong> for Lambda network access</li> <li> <strong>EventBridge Rules</strong> for each start/stop schedule</li> <li> <strong>SNS Topic</strong> for notifications</li> <li> <strong>CloudWatch Log Group</strong> with retention policy</li> <li> <strong>CloudWatch Alarms</strong> for error monitoring</li> </ol> <h4> Workspace-Based Configuration </h4> <p>The solution uses Terraform workspaces for environment separation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>workspace_prod_ap-south-1.yml # Production configuration workspace.yml # Common configuration </code></pre> </div> <p>This enables:</p> <ul> <li> <strong>Multi-environment support</strong> (dev, staging, prod)</li> <li><strong>Region-specific settings</strong></li> <li><strong>Environment-specific schedules</strong></li> </ul> <h2> Configuration &amp; Setup Instructions </h2> <h3> Prerequisites </h3> <ul> <li> <strong>AWS Account</strong> with appropriate permissions</li> <li> <strong>Terraform</strong> 1.14.3 or higher</li> <li> <strong>AWS CLI</strong> configured with credentials</li> <li> <strong>S3 Bucket</strong> for Terraform state (e.g., <code>test-infra-terraform</code>)</li> <li> <strong>VPC</strong> with private subnets</li> <li> <strong>SNS Topic</strong> (optional, created automatically)</li> </ul> <h3> Step 1: Clone Repository </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git clone &lt;repository-url&gt; <span class="nb">cd </span>devops-automation/aws-start-stop-services </code></pre> </div> <h3> Step 2: Configure Workspace </h3> <p>Edit <code>workspace_prod_ap-south-1.yml</code> with your environment details:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">workspace</span><span class="pi">:</span> <span class="na">aws</span><span class="pi">:</span> <span class="na">account_id</span><span class="pi">:</span> <span class="s2">"</span><span class="s">123456789012"</span> <span class="c1"># Your AWS account ID</span> <span class="na">region</span><span class="pi">:</span> <span class="s2">"</span><span class="s">ap-south-1"</span> <span class="c1"># Target region</span> <span class="na">vpc</span><span class="pi">:</span> <span class="na">id</span><span class="pi">:</span> <span class="s2">"</span><span class="s">vpc-xxxxx"</span> <span class="c1"># VPC ID</span> <span class="na">subnet_ids</span><span class="pi">:</span> <span class="na">private</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">subnet-xxx"</span><span class="pi">,</span> <span class="nv">...</span><span class="pi">]</span> <span class="c1"># Private subnet IDs</span> <span class="na">event</span><span class="pi">:</span> <span class="na">start-backendserver</span><span class="pi">:</span> <span class="na">schedule_expression</span><span class="pi">:</span> <span class="s2">"</span><span class="s">cron(0</span><span class="nv"> </span><span class="s">6</span><span class="nv"> </span><span class="s">?</span><span class="nv"> </span><span class="s">*</span><span class="nv"> </span><span class="s">MON-FRI</span><span class="nv"> </span><span class="s">*)"</span> <span class="na">event_input</span><span class="pi">:</span> <span class="na">action</span><span class="pi">:</span> <span class="s2">"</span><span class="s">start"</span> <span class="na">module</span><span class="pi">:</span> <span class="s2">"</span><span class="s">backendserver"</span> <span class="na">instance_details</span><span class="pi">:</span> <span class="s2">"</span><span class="s">i-xxxxx"</span><span class="err">:</span> <span class="s2">"</span><span class="s">instance-name"</span> <span class="c1"># Your instance ID and name</span> </code></pre> </div> <h3> Step 3: Update Backend Configuration </h3> <p>Edit <code>aws.tf</code> to match your S3 bucket:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">terraform</span> <span class="p">{</span> <span class="nx">backend</span> <span class="s2">"s3"</span> <span class="p">{</span> <span class="nx">bucket</span> <span class="p">=</span> <span class="s2">"your-terraform-state-bucket"</span> <span class="nx">key</span> <span class="p">=</span> <span class="s2">"project/app/lambda/start-stop-services/main.tfstate"</span> <span class="nx">region</span> <span class="p">=</span> <span class="s2">"ap-south-1"</span> <span class="nx">encrypt</span> <span class="p">=</span> <span class="kc">true</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Step 4: Deploy Infrastructure </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Initialize Terraform</span> terraform init <span class="c"># Select workspace</span> terraform workspace <span class="k">select </span>prod_ap-south-1 <span class="o">||</span> terraform workspace new prod_ap-south-1 <span class="c"># Review plan</span> terraform plan <span class="c"># Apply configuration</span> terraform apply </code></pre> </div> <p>Or use the provided script:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">chmod</span> +x launch.sh ./launch.sh <span class="c"># Enter: prod_ap-south-1</span> </code></pre> </div> <h3> Step 5: Verify Deployment </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Check Lambda function</span> aws lambda get-function <span class="nt">--function-name</span> prod-project-start-stop-lambda <span class="c"># Check EventBridge rules</span> aws events list-rules <span class="nt">--name-prefix</span> prod-project <span class="c"># Check SNS topic</span> aws sns list-topics | <span class="nb">grep </span>start-stop-lambda </code></pre> </div> <h2> Usage Examples </h2> <h3> Manual Lambda Invocation </h3> <p>Test the Lambda function manually:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Start instances</span> aws lambda invoke <span class="se">\</span> <span class="nt">--function-name</span> prod-project-start-stop-lambda <span class="se">\</span> <span class="nt">--payload</span> <span class="s1">'{ "action": "start", "module": "backendserver", "instance_details": { "i-11223344556677889": "test-prod-backendserver" } }'</span> <span class="se">\</span> response.json <span class="c"># Check response</span> <span class="nb">cat </span>response.json </code></pre> </div> <h3> Scheduled Execution </h3> <p>EventBridge automatically triggers the Lambda function based on cron schedules:</p> <ul> <li> <strong>06:00 AM UTC (Mon-Fri)</strong>: Start backend and frontend servers</li> <li> <strong>06:00 PM UTC (Mon-Fri)</strong>: Stop backend and frontend servers</li> </ul> <h3> SNS Notifications </h3> <p>Subscribers receive email notifications:</p> <p><strong>Success Notification:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Subject: MyProject | [LAMBDA Notification] | INFO | START - backendserver Hi, Successfully started instances for module 'backendserver' Instance Details: { "i-11223344556677889": "test-prod-backendserver" } </code></pre> </div> <p><strong>Failure Notification:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Subject: MyProject | [LAMBDA Notification] | ERROR | START FAILED - backendserver Error: An error occurred (InvalidInstanceID.NotFound) when calling the StartInstances operation Module: backendserver Action: start Instances: ['i-11223344556677889'] </code></pre> </div> <h3> CloudWatch Logs </h3> <p>View execution logs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws logs <span class="nb">tail</span> /aws/lambda/prod-project-start-stop-lambda <span class="nt">--follow</span> </code></pre> </div> <h2> Best Practices Followed </h2> <h3> 1. Infrastructure as Code </h3> <ul> <li> <strong>Terraform</strong> for reproducible deployments</li> <li> <strong>Version control</strong> for all configuration</li> <li> <strong>Workspace isolation</strong> for environments</li> </ul> <h3> 2. Security </h3> <ul> <li> <strong>VPC-enabled Lambda</strong> for network isolation</li> <li> <strong>Least-privilege IAM</strong> with specific resource permissions</li> <li> <strong>No hardcoded credentials</strong> (environment variables only)</li> <li> <strong>Encrypted S3 backend</strong> for Terraform state</li> </ul> <h3> 3. Observability </h3> <ul> <li> <strong>Structured logging</strong> with log levels</li> <li> <strong>SNS notifications</strong> for all operations</li> <li> <strong>CloudWatch alarms</strong> for error detection</li> <li> <strong>30-day log retention</strong> for compliance</li> </ul> <h3> 4. Code Quality </h3> <ul> <li> <strong>PEP 8 compliance</strong> for Python code</li> <li> <strong>Type hints</strong> for better IDE support</li> <li> <strong>Docstrings</strong> for all functions and classes</li> <li> <strong>Error handling</strong> with specific exception types</li> <li> <strong>Modular design</strong> with single-responsibility classes</li> </ul> <h3> 5. Reliability </h3> <ul> <li> <strong>Event invoke config</strong> with 0 retries (idempotent operations)</li> <li> <strong>Input validation</strong> before AWS API calls</li> <li> <strong>Graceful error handling</strong> with appropriate status codes</li> <li> <strong>Timeout configuration</strong> (300 seconds)</li> </ul> <h3> 6. Cost Optimization </h3> <ul> <li> <strong>Right-sized Lambda</strong> (512 MB memory)</li> <li> <strong>VPC endpoints</strong> for S3 access (no NAT gateway charges)</li> <li> <strong>Log retention policy</strong> (30 days)</li> <li> <strong>Scheduled execution</strong> only during business hours</li> </ul> <h2> Security &amp; Performance Considerations </h2> <h3> Security </h3> <h4> IAM Permissions </h4> <p>The Lambda function uses least-privilege permissions:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"ec2:StartInstances"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:StopInstances"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:DescribeInstances"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><strong>Recommendation</strong>: Restrict to specific instance IDs using resource-based policies:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"arn:aws:ec2:ap-south-1:123456789012:instance/i-*"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h4> Network Security </h4> <ul> <li> <strong>VPC-enabled Lambda</strong> prevents public internet access</li> <li> <strong>Security group</strong> allows only HTTPS egress</li> <li> <strong>VPC endpoints</strong> for S3 and SSM (no internet gateway required)</li> </ul> <h4> Secrets Management </h4> <ul> <li> <strong>SNS topic ARN</strong> passed via environment variables</li> <li> <strong>No credentials</strong> in code or configuration files</li> <li> <strong>AWS SDK</strong> uses IAM role credentials automatically</li> </ul> <h3> Performance </h3> <h4> Lambda Configuration </h4> <ul> <li> <strong>Memory</strong>: 512 MB (sufficient for boto3 operations)</li> <li> <strong>Timeout</strong>: 300 seconds (handles multiple instances)</li> <li> <strong>Runtime</strong>: Python 3.14 (latest stable version)</li> </ul> <h4> Optimization Strategies </h4> <ol> <li> <strong>Reuse boto3 clients</strong> (initialized outside handler)</li> <li> <strong>Batch operations</strong> (multiple instances per invocation)</li> <li> <strong>Async notifications</strong> (don't block on SNS publish)</li> <li> <strong>VPC endpoints</strong> (reduce latency for AWS API calls)</li> </ol> <h4> Scaling Considerations </h4> <ul> <li> <strong>Concurrent executions</strong>: Default limit (1000)</li> <li> <strong>EventBridge rules</strong>: No limit on number of schedules</li> <li> <strong>Instance limit</strong>: Tested with up to 50 instances per event</li> </ul> <h2> Common Pitfalls &amp; Troubleshooting </h2> <h3> Issue 1: Lambda Timeout </h3> <p><strong>Symptom</strong>: Function times out after 300 seconds</p> <p><strong>Cause</strong>: Too many instances in a single event</p> <p><strong>Solution</strong>: Split into multiple EventBridge rules or increase timeout<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">lambda</span><span class="pi">:</span> <span class="na">timeout</span><span class="pi">:</span> <span class="m">600</span> <span class="c1"># Increase to 10 minutes</span> </code></pre> </div> <h3> Issue 2: VPC Connectivity </h3> <p><strong>Symptom</strong>: <code>Unable to connect to endpoint</code> errors</p> <p><strong>Cause</strong>: Missing VPC endpoints or incorrect security group</p> <p><strong>Solution</strong>: Verify VPC endpoints and security group rules<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Check VPC endpoints</span> aws ec2 describe-vpc-endpoints <span class="nt">--filters</span> <span class="s2">"Name=vpc-id,Values=vpc-xxxxx"</span> <span class="c"># Verify security group allows HTTPS egress</span> aws ec2 describe-security-groups <span class="nt">--group-ids</span> sg-xxxxx </code></pre> </div> <h3> Issue 3: Permission Denied </h3> <p><strong>Symptom</strong>: <code>AccessDeniedException</code> or <code>UnauthorizedOperation</code></p> <p><strong>Cause</strong>: Insufficient IAM permissions</p> <p><strong>Solution</strong>: Verify IAM role has required permissions<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Test IAM permissions</span> aws iam simulate-principal-policy <span class="se">\</span> <span class="nt">--policy-source-arn</span> arn:aws:iam::123456789012:role/lambda-role <span class="se">\</span> <span class="nt">--action-names</span> ec2:StartInstances ec2:StopInstances </code></pre> </div> <h3> Issue 4: Instance Not Found </h3> <p><strong>Symptom</strong>: <code>InvalidInstanceID.NotFound</code> error</p> <p><strong>Cause</strong>: Incorrect instance ID in configuration</p> <p><strong>Solution</strong>: Verify instance IDs exist in the target region<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># List instances</span> aws ec2 describe-instances <span class="nt">--instance-ids</span> i-xxxxx </code></pre> </div> <h3> Issue 5: SNS Notifications Not Received </h3> <p><strong>Symptom</strong>: No email notifications</p> <p><strong>Cause</strong>: SNS subscription not confirmed or topic ARN incorrect</p> <p><strong>Solution</strong>: Confirm SNS subscription and verify topic ARN<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># List subscriptions</span> aws sns list-subscriptions-by-topic <span class="nt">--topic-arn</span> arn:aws:sns:... <span class="c"># Verify environment variable</span> aws lambda get-function-configuration <span class="se">\</span> <span class="nt">--function-name</span> prod-project-start-stop-lambda <span class="se">\</span> <span class="nt">--query</span> <span class="s1">'Environment.Variables.SNS_TOPIC_ARN'</span> </code></pre> </div> <h2> Enhancements &amp; Future Improvements </h2> <h3> Short-Term Enhancements </h3> <ol> <li> <p><strong>Dynamic Scheduling</strong></p> <ul> <li>Store schedules in DynamoDB</li> <li>Update schedules without redeployment</li> <li>Per-instance custom schedules</li> </ul> </li> <li> <p><strong>Cost Reporting</strong></p> <ul> <li>Calculate actual savings</li> <li>Send weekly cost reports</li> <li>Compare with 24/7 baseline</li> </ul> </li> <li> <p><strong>Health Checks</strong></p> <ul> <li>Verify instance state after start/stop</li> <li>Retry failed operations</li> <li>Alert on persistent failures</li> </ul> </li> <li> <p><strong>Multi-Region Support</strong></p> <ul> <li>Replicate across regions</li> <li>Centralized configuration</li> <li>Cross-region reporting</li> </ul> </li> </ol> <h3> Long-Term Improvements </h3> <ol> <li> <p><strong>Auto Scaling Integration</strong></p> <ul> <li>Coordinate with Auto Scaling groups</li> <li>Suspend/resume scaling policies</li> <li>Maintain desired capacity</li> </ul> </li> <li> <p><strong>RDS Support</strong></p> <ul> <li>Start/stop RDS instances</li> <li>Snapshot before stop</li> <li>Multi-AZ considerations</li> </ul> </li> <li> <p><strong>ECS/EKS Support</strong></p> <ul> <li>Scale ECS services to 0</li> <li>Stop EKS node groups</li> <li>Preserve task definitions</li> </ul> </li> <li> <p><strong>Self-Service Portal</strong></p> <ul> <li>Web UI for schedule management</li> <li>Role-based access control</li> <li>Audit trail and approval workflow</li> </ul> </li> <li> <p><strong>Machine Learning</strong></p> <ul> <li>Predict optimal schedules based on usage</li> <li>Anomaly detection for unexpected usage</li> <li>Automatic schedule adjustments</li> </ul> </li> </ol> <h3> Code Improvements </h3> <ol> <li> <p><strong>Unit Tests</strong></p> <ul> <li>Mock boto3 clients</li> <li>Test error scenarios</li> <li>Validate event parsing</li> </ul> </li> <li> <p><strong>Integration Tests</strong></p> <ul> <li>End-to-end workflow testing</li> <li>SNS notification verification</li> <li>CloudWatch log validation</li> </ul> </li> <li> <p><strong>CI/CD Pipeline</strong></p> <ul> <li>Automated testing</li> <li>Terraform plan on PR</li> <li>Automated deployment</li> </ul> </li> </ol> <h2> Conclusion </h2> <p>Automated EC2 instance scheduling is a simple yet powerful cost optimization strategy that can reduce non-production compute costs by up to 64%. This solution provides:</p> <p>✅ <strong>Production-ready code</strong> with comprehensive error handling<br><br> ✅ <strong>Infrastructure as Code</strong> for reproducible deployments<br><br> ✅ <strong>Enterprise-grade security</strong> with VPC and IAM best practices<br><br> ✅ <strong>Full observability</strong> with logging and notifications<br><br> ✅ <strong>Flexible scheduling</strong> with EventBridge cron expressions<br><br> ✅ <strong>Scalable architecture</strong> supporting multiple modules and instances </p> <h3> Key Takeaways </h3> <ol> <li> <strong>Event-driven architecture</strong> simplifies scheduling logic</li> <li> <strong>Terraform workspaces</strong> enable multi-environment management</li> <li> <strong>SNS notifications</strong> provide visibility without manual monitoring</li> <li> <strong>VPC-enabled Lambda</strong> maintains security without sacrificing functionality</li> <li> <strong>Modular Python code</strong> improves maintainability and testability</li> </ol> <h3> Getting Started </h3> <ol> <li>Clone the repository</li> <li>Configure your environment in <code>workspace_prod_ap-south-1.yml</code> </li> <li>Run <code>./launch.sh</code> to deploy</li> <li>Monitor CloudWatch logs and SNS notifications</li> <li>Iterate on schedules based on actual usage patterns</li> </ol> <h3> Cost Impact </h3> <p>For a typical setup with 10 EC2 instances:</p> <ul> <li> <strong>Before</strong>: 10 instances × 24 hours × 30 days × $1/hour = <strong>$7,200/month</strong> </li> <li> <strong>After</strong>: 10 instances × 12 hours × 22 days × $1/hour = <strong>$2,640/month</strong> </li> <li> <strong>Savings</strong>: <strong>$4,560/month (63% reduction)</strong> </li> </ul> <p>The Lambda function costs are negligible (~$0.20/month for 1,000 invocations).</p> <h3> Resources </h3> <ul> <li> <strong>AWS Lambda</strong>: <a href="https://aws.amazon.com/lambda/" rel="noopener noreferrer">https://aws.amazon.com/lambda/</a> </li> <li> <strong>EventBridge</strong>: <a href="https://aws.amazon.com/eventbridge/" rel="noopener noreferrer">https://aws.amazon.com/eventbridge/</a> </li> <li> <strong>Terraform</strong>: <a href="https://www.terraform.io/" rel="noopener noreferrer">https://www.terraform.io/</a> </li> <li> <strong>Boto3 Documentation</strong>: <a href="https://boto3.amazonaws.com/v1/documentation/api/latest/index.html" rel="noopener noreferrer">https://boto3.amazonaws.com/v1/documentation/api/latest/index.html</a> </li> </ul> <p><strong>Author</strong>: Prashant Gupta | Cloud Platform Lead<br><br> <strong>Repository</strong>: <a href="https://github.com/prashantgupta123/devops-automation" rel="noopener noreferrer">devops-automation</a><br><br> <strong>License</strong>: MIT </p> <p><strong>Questions or feedback?</strong> Open an issue or submit a pull request!</p> aws Prashant Gupta Fri, 02 Jan 2026 08:13:30 +0000 https://dev.to/prashantgupta123/aws-ecs-service-task-recycle-517j https://dev.to/prashantgupta123/aws-ecs-service-task-recycle-517j <h2> AWS ECS Service Task Recycle </h2> <p>Automated Lambda function for recycling AWS ECS service tasks one by one, maintaining service availability during the process. Unlike ECS force deployment which replaces all tasks in parallel, this solution stops and replaces tasks sequentially with configurable wait times.</p> <h2> Overview </h2> <p>This solution provides controlled task recycling for ECS services by:</p> <ul> <li>Stopping tasks one at a time instead of parallel replacement</li> <li>Waiting for service stability between each task replacement</li> <li>Optionally maintaining service state by temporarily increasing capacity</li> <li>Configurable wait time between task replacements</li> </ul> <h2> Features </h2> <ul> <li> <strong>Sequential Task Recycling</strong>: Stops and replaces tasks one by one</li> <li> <strong>Service Stability</strong>: Waits for stable state after each task replacement</li> <li> <strong>Capacity Management</strong>: Optional temporary capacity increase to maintain availability</li> <li> <strong>Autoscaling Support</strong>: Handles services with Application Auto Scaling</li> <li> <strong>Flexible Authentication</strong>: Multiple AWS credential methods via AWSSession module</li> <li> <strong>Email Notifications</strong>: Optional SMTP notifications on completion</li> <li> <strong>CloudFormation Deployment</strong>: Infrastructure as code with automated deployment</li> <li> <strong>Zero Retries</strong>: EventInvokeConfig set to 0 retry attempts</li> <li> <strong>Comprehensive Logging</strong>: Detailed CloudWatch logs for monitoring</li> </ul> <h2> Architecture </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Lambda Function (Python 3.13) ├── Event-driven execution ├── AWSSession.py (AWS authentication) ├── Notification.py (Email notifications) └── input.json (Configuration) </code></pre> </div> <h2> Prerequisites </h2> <ul> <li>Python 3.13+</li> <li>AWS CLI configured</li> <li>IAM permissions for ECS and Application Auto Scaling</li> <li>SMTP server (optional, for notifications)</li> </ul> <h2> Installation </h2> <h3> 1. Clone Repository </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cd </span>aws-ecs-service-task-recycle </code></pre> </div> <h3> 2. Configure Settings </h3> <p>Edit <code>input.json</code> with your configuration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"awsCredentials"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"region_name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"us-east-1"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"smtpCredentials"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"host"</span><span class="p">:</span><span class="w"> </span><span class="s2">"smtp.example.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"port"</span><span class="p">:</span><span class="w"> </span><span class="s2">"587"</span><span class="p">,</span><span class="w"> </span><span class="nl">"username"</span><span class="p">:</span><span class="w"> </span><span class="s2">"user@example.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"password"</span><span class="p">:</span><span class="w"> </span><span class="s2">"password"</span><span class="p">,</span><span class="w"> </span><span class="nl">"from_email"</span><span class="p">:</span><span class="w"> </span><span class="s2">"noreply@example.com"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"emailNotification"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"email_subject"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ECS Service Task Recycle Completed"</span><span class="p">,</span><span class="w"> </span><span class="nl">"subject_prefix"</span><span class="p">:</span><span class="w"> </span><span class="s2">"AWS ECS"</span><span class="p">,</span><span class="w"> </span><span class="nl">"to"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"admin@example.com"</span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> 3. Deploy CloudFormation Stack </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">chmod</span> +x cloudformation_deploy.sh lambda_build.sh ./cloudformation_deploy.sh </code></pre> </div> <h2> Usage </h2> <h3> Lambda Event Parameters </h3> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"cluster_name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"my-ecs-cluster"</span><span class="p">,</span><span class="w"> </span><span class="nl">"service_name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"my-service"</span><span class="p">,</span><span class="w"> </span><span class="nl">"maintain_service_state"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"wait_time"</span><span class="p">:</span><span class="w"> </span><span class="mi">30</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><strong>Parameters:</strong></p> <ul> <li> <code>cluster_name</code> (required): ECS cluster name</li> <li> <code>service_name</code> (required): ECS service name</li> <li> <code>maintain_service_state</code> (optional, default: true): Temporarily increase capacity by 1</li> <li> <code>wait_time</code> (optional, default: 30): Seconds to wait between task replacements</li> </ul> <h3> Invoke Lambda Function </h3> <p><strong>AWS CLI:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws lambda invoke <span class="se">\</span> <span class="nt">--function-name</span> ecs-task-recycle-function <span class="se">\</span> <span class="nt">--payload</span> <span class="s1">'{"cluster_name":"my-cluster","service_name":"my-service","maintain_service_state":true,"wait_time":30}'</span> <span class="se">\</span> response.json </code></pre> </div> <p><strong>AWS Console:</strong></p> <ol> <li>Navigate to Lambda → Functions → ecs-task-recycle-function</li> <li>Test tab → Create test event</li> <li>Add event JSON and invoke</li> </ol> <h2> How It Works </h2> <h3> Process Flow </h3> <ol> <li> <strong>Get Current State</strong>: Retrieve service configuration and running tasks</li> <li> <strong>Increase Capacity</strong> (if maintain_service_state=true): Add +1 to desired count</li> <li> <strong>Wait for Stability</strong>: Ensure new task is running</li> <li> <strong>Recycle Tasks</strong>: For each old task: <ul> <li>Stop the task</li> <li>Wait for replacement task to start</li> <li>Wait for service stability</li> <li>Sleep for configured wait_time</li> </ul> </li> <li> <strong>Restore Capacity</strong>: Return to original desired count</li> <li> <strong>Send Notification</strong>: Email report (if configured)</li> </ol> <h3> Example Scenario </h3> <p><strong>Service with 3 tasks:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Initial State: 3 tasks running ↓ Increase to 4 tasks (maintain availability) ↓ Stop task 1 → Wait stable → Sleep 30s ↓ Stop task 2 → Wait stable → Sleep 30s ↓ Stop task 3 → Wait stable → Sleep 30s ↓ Restore to 3 tasks ↓ Complete </code></pre> </div> <h2> Configuration </h2> <h3> AWS Credentials (input.json) </h3> <p>Multiple authentication methods supported:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"awsCredentials"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"region_name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"us-east-1"</span><span class="p">,</span><span class="w"> </span><span class="nl">"profile_name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"my-profile"</span><span class="p">,</span><span class="w"> </span><span class="nl">"role_arn"</span><span class="p">:</span><span class="w"> </span><span class="s2">"arn:aws:iam::123456789012:role/MyRole"</span><span class="p">,</span><span class="w"> </span><span class="nl">"access_key"</span><span class="p">:</span><span class="w"> </span><span class="s2">"AKIAIOSFODNN7EXAMPLE"</span><span class="p">,</span><span class="w"> </span><span class="nl">"secret_key"</span><span class="p">:</span><span class="w"> </span><span class="s2">"wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"</span><span class="p">,</span><span class="w"> </span><span class="nl">"session_token"</span><span class="p">:</span><span class="w"> </span><span class="s2">"token"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> SMTP Configuration (Optional) </h3> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"smtpCredentials"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"host"</span><span class="p">:</span><span class="w"> </span><span class="s2">"smtp.gmail.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"port"</span><span class="p">:</span><span class="w"> </span><span class="s2">"587"</span><span class="p">,</span><span class="w"> </span><span class="nl">"username"</span><span class="p">:</span><span class="w"> </span><span class="s2">"user@gmail.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"password"</span><span class="p">:</span><span class="w"> </span><span class="s2">"app-password"</span><span class="p">,</span><span class="w"> </span><span class="nl">"from_email"</span><span class="p">:</span><span class="w"> </span><span class="s2">"noreply@example.com"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> IAM Permissions </h2> <p>Required permissions (included in CloudFormation):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"ecs:DescribeServices"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ecs:UpdateService"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ecs:ListTasks"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ecs:StopTask"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ecs:DescribeTasks"</span><span class="p">,</span><span class="w"> </span><span class="s2">"application-autoscaling:DescribeScalableTargets"</span><span class="p">,</span><span class="w"> </span><span class="s2">"application-autoscaling:RegisterScalableTarget"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> CloudFormation Resources </h2> <ul> <li> <strong>Lambda Function</strong>: Python 3.13 runtime, 900s timeout, 256MB memory</li> <li> <strong>IAM Role</strong>: Execution role with ECS and Auto Scaling permissions</li> <li> <strong>EventInvokeConfig</strong>: MaximumRetryAttempts set to 0</li> <li> <strong>CloudWatch Logs</strong>: 7-day retention</li> </ul> <h2> Monitoring </h2> <h3> CloudWatch Logs </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws logs <span class="nb">tail</span> /aws/lambda/ecs-task-recycle-function <span class="nt">--follow</span> </code></pre> </div> <h3> Key Log Messages </h3> <ul> <li><code>Starting task recycle for {cluster}/{service}</code></li> <li><code>Original desired count: X, tasks: Y</code></li> <li><code>Recycling task N/M: {task_arn}</code></li> <li><code>Task N recycled, waiting Xs</code></li> <li><code>Task recycle completed successfully</code></li> </ul> <h2> Troubleshooting </h2> <h3> Service Not Stabilizing </h3> <ul> <li>Increase waiter MaxAttempts in code (default: 40)</li> <li>Check ECS service health and task definitions</li> <li>Verify target group health checks</li> </ul> <h3> Timeout Errors </h3> <ul> <li>Increase Lambda timeout (default: 900s)</li> <li>Reduce number of tasks or increase wait_time</li> </ul> <h3> Authentication Failures </h3> <ul> <li>Verify IAM role permissions</li> <li>Check AWS credentials in input.json</li> <li>Ensure Lambda execution role is correct</li> </ul> <h2> Best Practices </h2> <ol> <li> <strong>Test in Non-Production</strong>: Always test with non-critical services first</li> <li> <strong>Monitor CloudWatch</strong>: Watch logs during first execution</li> <li> <strong>Adjust Wait Time</strong>: Tune based on application startup time</li> <li> <strong>Use Maintain State</strong>: Enable for production services</li> <li> <strong>Schedule Wisely</strong>: Run during low-traffic periods</li> </ol> <h2> Comparison with Force Deployment </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Feature</th> <th>Force Deployment</th> <th>Task Recycle</th> </tr> </thead> <tbody> <tr> <td>Task Replacement</td> <td>Parallel</td> <td>Sequential</td> </tr> <tr> <td>Service Disruption</td> <td>Higher</td> <td>Lower</td> </tr> <tr> <td>Completion Time</td> <td>Faster</td> <td>Slower</td> </tr> <tr> <td>Control</td> <td>Limited</td> <td>Configurable</td> </tr> <tr> <td>Wait Between Tasks</td> <td>No</td> <td>Yes</td> </tr> </tbody> </table></div> <h2> Security Considerations </h2> <ul> <li>Lambda execution role follows least privilege</li> <li>No hardcoded credentials in code</li> <li>SMTP credentials stored in input.json (use Secrets Manager in production)</li> <li>CloudWatch logs for audit trail</li> <li>EventInvokeConfig prevents retry storms</li> </ul> <h2> Cost Optimization </h2> <ul> <li>Lambda execution time: ~(number_of_tasks × wait_time) seconds</li> <li>CloudWatch Logs: 7-day retention</li> <li>No additional AWS service costs</li> <li>Consider scheduling during off-peak hours</li> </ul> <h2> Limitations </h2> <ul> <li>Maximum Lambda execution time: 15 minutes</li> <li>Suitable for services with &lt; 20 tasks (with 30s wait time)</li> <li>Requires stable service for waiter to succeed</li> <li>No rollback mechanism on failure</li> </ul> <h2> Contributing </h2> <p>Contributions welcome! Please follow the repository structure:</p> <ol> <li>Test changes thoroughly</li> <li>Update documentation</li> <li>Follow existing code style</li> <li>Add error handling</li> </ol> aws ecs monitoring Prashant Gupta Fri, 02 Jan 2026 08:07:20 +0000 https://dev.to/prashantgupta123/automating-cloudwatch-orphan-alarm-detection-a-production-ready-solution-5egn https://dev.to/prashantgupta123/automating-cloudwatch-orphan-alarm-detection-a-production-ready-solution-5egn <h2> Automating CloudWatch Orphan Alarm Detection: A Production-Ready Solution </h2> <h2> Introduction &amp; Problem Statement </h2> <p>In large-scale AWS environments, CloudWatch alarms are essential for monitoring infrastructure health and triggering alerts when issues arise. However, as infrastructure evolves—EC2 instances are terminated, RDS databases are deleted, load balancers are removed—the alarms monitoring these resources often remain active, creating "orphan alarms."</p> <p>These orphan alarms present several challenges:</p> <ul> <li> <strong>Cost Inefficiency</strong>: Each CloudWatch alarm costs money, and orphaned alarms provide no value</li> <li> <strong>Alert Fatigue</strong>: Orphan alarms can trigger false alerts, reducing team responsiveness to real issues</li> <li> <strong>Operational Overhead</strong>: Manual identification and cleanup is time-consuming and error-prone</li> <li> <strong>Compliance Risks</strong>: Outdated monitoring configurations can fail audit requirements</li> </ul> <p>This solution automates the detection and optional deletion of orphan CloudWatch alarms across multiple AWS services, generating comprehensive Excel reports for review and providing flexible authentication options for multi-account environments.</p> <h3> What This Solution Does </h3> <ul> <li>Scans CloudWatch alarms across your AWS account</li> <li>Identifies alarms monitoring deleted or non-existent resources</li> <li>Generates detailed Excel reports with orphan alarm information</li> <li>Optionally deletes orphan alarms automatically</li> <li>Supports multiple AWS services: EC2, RDS, ECS, Lambda, ALB, Target Groups, and SQS</li> <li>Provides flexible authentication methods for various deployment scenarios</li> <li>Integrates seamlessly with CI/CD pipelines (Jenkins example included)</li> </ul> <h2> Architecture / Design Overview </h2> <p>The solution follows a modular architecture with clear separation of concerns:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>┌─────────────────────────────────────────────────────────────┐ │ Jenkins Pipeline │ │ (Scheduled Execution) │ └──────────────────────┬──────────────────────────────────────┘ │ ▼ ┌─────────────────────────────────────────────────────────────┐ │ Python Application │ │ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │ │ │ AWS Session │ │ Resource │ │ Alarm │ │ │ │ Manager │──│ Discovery │──│ Analyzer │ │ │ └──────────────┘ └──────────────┘ └──────────────┘ │ │ │ │ │ │ │ └──────────────────┴──────────────────┘ │ │ │ │ │ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │ │ │ Report │ │ Notification │ │ Cleanup │ │ │ │ Generator │ │ Service │ │ Service │ │ │ └──────────────┘ └──────────────┘ └──────────────┘ │ └─────────────────────────────────────────────────────────────┘ │ ▼ ┌─────────────────────────────────────────────────────────────┐ │ AWS Services │ │ EC2 │ RDS │ ECS │ Lambda │ ALB │ Target Groups │ SQS │ └─────────────────────────────────────────────────────────────┘ </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbg0pffw5ktp6ktndpxlr.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbg0pffw5ktp6ktndpxlr.png" alt="AWS Architecture for CW Orphan alarms" width="800" height="551"></a></p> <h3> Component Responsibilities </h3> <ol> <li> <strong>AWS Session Manager</strong>: Handles multiple authentication methods (profiles, roles, access keys, STS tokens)</li> <li> <strong>Resource Discovery</strong>: Queries AWS APIs to retrieve current active resources</li> <li> <strong>Alarm Analyzer</strong>: Compares CloudWatch alarms against active resources to identify orphans</li> <li> <strong>Report Generator</strong>: Creates Excel reports with detailed orphan alarm information</li> <li> <strong>Notification Service</strong>: Sends email alerts with attached reports</li> <li> <strong>Cleanup Service</strong>: Optionally deletes identified orphan alarms</li> </ol> <h2> Solution Approach </h2> <h3> Detection Strategy </h3> <p>The solution uses a dimension-matching algorithm to identify orphan alarms:</p> <ol> <li> <strong>Resource Enumeration</strong>: Query all active resources for each supported service</li> <li> <strong>Alarm Collection</strong>: Retrieve all CloudWatch alarms with their dimensions</li> <li> <strong>Dimension Mapping</strong>: Match alarm dimensions to resource identifiers</li> <li> <strong>Orphan Identification</strong>: Flag alarms whose dimensions don't match any active resource</li> <li> <strong>Report Generation</strong>: Compile results into actionable reports</li> </ol> <h3> Supported Services </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Service</th> <th>Dimension Keys</th> <th>Example</th> </tr> </thead> <tbody> <tr> <td>EC2 Instances</td> <td><code>InstanceId</code></td> <td><code>i-0123456789abcdef0</code></td> </tr> <tr> <td>RDS Clusters</td> <td><code>DBClusterIdentifier</code></td> <td><code>production-aurora-cluster</code></td> </tr> <tr> <td>RDS Instances</td> <td><code>DBInstanceIdentifier</code></td> <td><code>production-mysql-01</code></td> </tr> <tr> <td>ALB</td> <td><code>LoadBalancer</code></td> <td><code>app/prod-alb/1234567890</code></td> </tr> <tr> <td>Target Groups</td> <td><code>TargetGroup</code></td> <td><code>targetgroup/prod-tg/abcdef</code></td> </tr> <tr> <td>ECS Clusters</td> <td><code>ClusterName</code></td> <td><code>production-cluster</code></td> </tr> <tr> <td>ECS Services</td> <td> <code>ClusterName</code>, <code>ServiceName</code> </td> <td> <code>prod-cluster</code>, <code>api-service</code> </td> </tr> <tr> <td>Lambda Functions</td> <td><code>FunctionName</code></td> <td><code>data-processor</code></td> </tr> <tr> <td>Lambda Versions</td> <td> <code>FunctionName</code>, <code>Resource</code> </td> <td> <code>processor</code>, <code>processor:1</code> </td> </tr> <tr> <td>SQS Queues</td> <td><code>QueueName</code></td> <td><code>order-processing-queue</code></td> </tr> </tbody> </table></div> <h2> Code Walkthrough </h2> <h3> Core Logic: Orphan Detection Algorithm </h3> <p>The heart of the solution is the dimension-matching algorithm in <code>check_alarm_aws_resources_with_resource_list()</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">check_alarm_aws_resources_with_resource_list</span><span class="p">(</span> <span class="n">resource_details</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">List</span><span class="p">[</span><span class="nb">str</span><span class="p">]],</span> <span class="n">namespace</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">alarms</span><span class="p">:</span> <span class="n">List</span><span class="p">[</span><span class="n">Dict</span><span class="p">],</span> <span class="n">service_data</span><span class="p">:</span> <span class="n">List</span><span class="p">[</span><span class="n">Dict</span><span class="p">]</span> <span class="p">)</span> <span class="o">-&gt;</span> <span class="n">List</span><span class="p">[</span><span class="n">Dict</span><span class="p">]:</span> <span class="sh">"""</span><span class="s"> Identifies orphan alarms by comparing alarm dimensions with active resources. Algorithm: 1. Filter alarms by namespace 2. Check if alarm has required dimensions 3. Verify dimension values match an active resource 4. Flag as orphan if no match found </span><span class="sh">"""</span> </code></pre> </div> <h3> AWS Session Management </h3> <p>The <code>AWSSession</code> module provides flexible authentication:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Priority order: # 1. AWS Profile (for local development) # 2. IAM Role (for cross-account access) # 3. Access Keys + Session Token (for temporary credentials) # 4. Access Keys (for programmatic access) # 5. Default credentials (for EC2/Lambda IAM roles) </span></code></pre> </div> <h3> Resource Discovery Pattern </h3> <p>Each service follows a consistent pagination pattern:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">get_service_details</span><span class="p">(</span><span class="n">client</span><span class="p">,</span> <span class="n">max_results</span><span class="p">:</span> <span class="nb">int</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">List</span><span class="p">[</span><span class="n">Dict</span><span class="p">]:</span> <span class="sh">"""</span><span class="s">Generic pattern for AWS API pagination</span><span class="sh">"""</span> <span class="n">resources</span> <span class="o">=</span> <span class="p">[]</span> <span class="n">next_token</span> <span class="o">=</span> <span class="bp">None</span> <span class="k">while</span> <span class="bp">True</span><span class="p">:</span> <span class="c1"># Fetch page of results </span> <span class="n">response</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="nf">describe_resources</span><span class="p">(</span> <span class="n">MaxResults</span><span class="o">=</span><span class="n">max_results</span><span class="p">,</span> <span class="n">NextToken</span><span class="o">=</span><span class="n">next_token</span> <span class="k">if</span> <span class="n">next_token</span> <span class="k">else</span> <span class="bp">None</span> <span class="p">)</span> <span class="c1"># Process results </span> <span class="n">resources</span><span class="p">.</span><span class="nf">extend</span><span class="p">(</span><span class="nf">process_response</span><span class="p">(</span><span class="n">response</span><span class="p">))</span> <span class="c1"># Check for more pages </span> <span class="k">if</span> <span class="sh">'</span><span class="s">NextToken</span><span class="sh">'</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">response</span><span class="p">:</span> <span class="k">break</span> <span class="n">next_token</span> <span class="o">=</span> <span class="n">response</span><span class="p">[</span><span class="sh">'</span><span class="s">NextToken</span><span class="sh">'</span><span class="p">]</span> <span class="k">return</span> <span class="n">resources</span> </code></pre> </div> <h3> Report Generation </h3> <p>The Excel report uses <code>xlsxwriter</code> to create structured, readable output:</p> <ul> <li>One worksheet per service with orphan alarms</li> <li>Columns: AlarmName, Namespace, and all relevant dimensions</li> <li>Auto-sized columns for readability</li> <li>Optional automatic deletion of identified orphans</li> </ul> <h2> Configuration &amp; Setup Instructions </h2> <h3> Prerequisites </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Python 3.8+</span> python3 <span class="nt">--version</span> <span class="c"># AWS CLI configured (optional)</span> aws configure <span class="c"># Required IAM permissions (see iam_policies.json)</span> </code></pre> </div> <h3> Installation </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Clone repository</span> git clone &lt;repository-url&gt; <span class="nb">cd </span>devops-automation/aws-cw-orphan-alarms <span class="c"># Create virtual environment</span> python3 <span class="nt">-m</span> venv .venv <span class="nb">source</span> .venv/bin/activate <span class="c"># On Windows: .venv\Scripts\activate</span> <span class="c"># Install dependencies</span> pip <span class="nb">install</span> <span class="nt">-r</span> requirements.txt </code></pre> </div> <h3> Configuration Files </h3> <h4> 1. inputs.yml - Runtime Configuration </h4> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># AWS Authentication (choose one method)</span> <span class="na">region_name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">us-east-1"</span> <span class="na">profile_name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">my-aws-profile"</span> <span class="c1"># For local development</span> <span class="na">role_arn</span><span class="pi">:</span> <span class="s2">"</span><span class="s">"</span> <span class="c1"># For cross-account access</span> <span class="na">access_key</span><span class="pi">:</span> <span class="s2">"</span><span class="s">"</span> <span class="c1"># For programmatic access</span> <span class="na">secret_key</span><span class="pi">:</span> <span class="s2">"</span><span class="s">"</span> <span class="na">session_token</span><span class="pi">:</span> <span class="s2">"</span><span class="s">"</span> <span class="c1"># For temporary credentials</span> <span class="c1"># Cleanup behavior</span> <span class="na">delete</span><span class="pi">:</span> <span class="kc">false</span> <span class="c1"># Set to true to auto-delete orphan alarms</span> <span class="c1"># Email notifications</span> <span class="na">Email</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">details</span><span class="pi">:</span> <span class="na">subject_prefix</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Production"</span> <span class="na">host</span><span class="pi">:</span> <span class="s2">"</span><span class="s">smtp.office365.com:587"</span> <span class="na">username</span><span class="pi">:</span> <span class="s2">"</span><span class="s">alerts@company.com"</span> <span class="na">password</span><span class="pi">:</span> <span class="s2">"</span><span class="s">secure-password"</span> <span class="na">from</span><span class="pi">:</span> <span class="s2">"</span><span class="s">alerts@company.com"</span> <span class="na">to</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">devops@company.com"</span> <span class="na">cc</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">platform@company.com"</span> </code></pre> </div> <h4> 2. input.json - Service Configuration </h4> <p>This file defines which services to scan and their dimension mappings. The default configuration covers all supported services. Customize to focus on specific services:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"EC2Instance"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Namespace"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"AWS/EC2"</span><span class="p">,</span><span class="w"> </span><span class="s2">"CWAgent"</span><span class="p">],</span><span class="w"> </span><span class="nl">"Dimension"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"InstanceId"</span><span class="p">],</span><span class="w"> </span><span class="nl">"ExcludeDimension"</span><span class="p">:</span><span class="w"> </span><span class="p">[]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> IAM Permissions </h3> <p>Create an IAM policy with the following permissions:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2012-10-17"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Statement"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"cloudwatch:DescribeAlarms"</span><span class="p">,</span><span class="w"> </span><span class="s2">"cloudwatch:DeleteAlarms"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:DescribeInstances"</span><span class="p">,</span><span class="w"> </span><span class="s2">"rds:DescribeDBInstances"</span><span class="p">,</span><span class="w"> </span><span class="s2">"rds:DescribeDBClusters"</span><span class="p">,</span><span class="w"> </span><span class="s2">"elasticloadbalancing:DescribeLoadBalancers"</span><span class="p">,</span><span class="w"> </span><span class="s2">"elasticloadbalancing:DescribeTargetGroups"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ecs:ListClusters"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ecs:ListServices"</span><span class="p">,</span><span class="w"> </span><span class="s2">"lambda:ListFunctions"</span><span class="p">,</span><span class="w"> </span><span class="s2">"lambda:ListVersionsByFunction"</span><span class="p">,</span><span class="w"> </span><span class="s2">"sqs:ListQueues"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> Usage Examples </h2> <h3> Local Execution </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Dry run (report only, no deletion)</span> python main.py <span class="c"># Review generated report</span> open Inventory.xlsx <span class="c"># Enable deletion in inputs.yml, then run</span> python main.py </code></pre> </div> <h3> Jenkins Pipeline Integration </h3> <p>The included <code>Jenkinsfile</code> provides automated scheduling:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight groovy"><code><span class="n">triggers</span> <span class="o">{</span> <span class="n">cron</span><span class="o">(</span><span class="s1">'0 5 * * 1'</span><span class="o">)</span> <span class="c1">// Every Monday at 5 AM</span> <span class="o">}</span> </code></pre> </div> <p><strong>Pipeline Flow:</strong></p> <ol> <li>Clean workspace</li> <li>Pull latest code from Git</li> <li>Download configuration from S3</li> <li>Execute Python script in virtual environment</li> <li>Send SNS notification on failure</li> </ol> <h3> Docker Execution </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Build image</span> docker build <span class="nt">-t</span> orphan-alarm-detector <span class="nb">.</span> <span class="c"># Run container</span> docker run <span class="nt">-v</span> <span class="si">$(</span><span class="nb">pwd</span><span class="si">)</span>/inputs.yml:/app/inputs.yml <span class="se">\</span> <span class="nt">-v</span> <span class="si">$(</span><span class="nb">pwd</span><span class="si">)</span>/output:/app/output <span class="se">\</span> orphan-alarm-detector </code></pre> </div> <h3> Lambda Deployment </h3> <p>For serverless execution, package the application:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Create deployment package</span> pip <span class="nb">install</span> <span class="nt">-r</span> requirements.txt <span class="nt">-t</span> package/ <span class="nb">cp</span> <span class="k">*</span>.py package/ <span class="nb">cd </span>package <span class="o">&amp;&amp;</span> zip <span class="nt">-r</span> ../lambda-function.zip <span class="nb">.</span> <span class="o">&amp;&amp;</span> <span class="nb">cd</span> .. <span class="c"># Deploy via AWS CLI</span> aws lambda create-function <span class="se">\</span> <span class="nt">--function-name</span> orphan-alarm-detector <span class="se">\</span> <span class="nt">--runtime</span> python3.13 <span class="se">\</span> <span class="nt">--handler</span> main.lambda_handler <span class="se">\</span> <span class="nt">--zip-file</span> fileb://lambda-function.zip <span class="se">\</span> <span class="nt">--role</span> arn:aws:iam::ACCOUNT:role/lambda-execution-role </code></pre> </div> <h2> Best Practices Followed </h2> <h3> Code Quality </h3> <ul> <li> <strong>PEP 8 Compliance</strong>: Consistent formatting and naming conventions</li> <li> <strong>Type Hints</strong>: Enhanced code readability and IDE support</li> <li> <strong>Docstrings</strong>: Comprehensive documentation for all functions</li> <li> <strong>Modular Design</strong>: Clear separation of concerns across modules</li> <li> <strong>Error Handling</strong>: Graceful degradation with detailed logging</li> </ul> <h3> AWS Best Practices </h3> <ul> <li> <strong>Pagination</strong>: Handles large result sets without memory issues</li> <li> <strong>Rate Limiting</strong>: Respects AWS API throttling limits</li> <li> <strong>Least Privilege</strong>: Minimal IAM permissions required</li> <li> <strong>Multi-Region Support</strong>: Configurable region targeting</li> <li> <strong>Credential Security</strong>: No hardcoded credentials</li> </ul> <h3> Operational Excellence </h3> <ul> <li> <strong>Logging</strong>: Structured logging for troubleshooting</li> <li> <strong>Idempotency</strong>: Safe to run multiple times</li> <li> <strong>Dry Run Mode</strong>: Test before making changes</li> <li> <strong>Audit Trail</strong>: Excel reports provide deletion history</li> <li> <strong>Notification</strong>: Email alerts for visibility</li> </ul> <h2> Security &amp; Performance Considerations </h2> <h3> Security </h3> <p><strong>Credential Management:</strong></p> <ul> <li>Never commit credentials to version control</li> <li>Use AWS Secrets Manager or Parameter Store for sensitive data</li> <li>Rotate credentials regularly</li> <li>Use IAM roles when possible (EC2, Lambda, ECS)</li> </ul> <p><strong>Network Security:</strong></p> <ul> <li>Run in private subnets with VPC endpoints for AWS services</li> <li>Use security groups to restrict outbound access</li> <li>Enable VPC Flow Logs for audit trails</li> </ul> <p><strong>Data Protection:</strong></p> <ul> <li>Excel reports may contain sensitive resource names</li> <li>Store reports in encrypted S3 buckets</li> <li>Implement lifecycle policies for automatic deletion</li> <li>Use SES with TLS for email transmission</li> </ul> <h3> Performance </h3> <p><strong>Optimization Strategies:</strong></p> <ol> <li> <strong>Pagination Tuning</strong>: Adjust <code>max_results</code> based on account size </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="n">max_results</span> <span class="o">=</span> <span class="mi">100</span> <span class="c1"># Balance between API calls and memory </span></code></pre> </div> <ol> <li> <strong>Parallel Processing</strong>: For multi-region scanning, use threading </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="kn">from</span> <span class="n">concurrent.futures</span> <span class="kn">import</span> <span class="n">ThreadPoolExecutor</span> <span class="k">with</span> <span class="nc">ThreadPoolExecutor</span><span class="p">(</span><span class="n">max_workers</span><span class="o">=</span><span class="mi">5</span><span class="p">)</span> <span class="k">as</span> <span class="n">executor</span><span class="p">:</span> <span class="n">futures</span> <span class="o">=</span> <span class="p">[</span><span class="n">executor</span><span class="p">.</span><span class="nf">submit</span><span class="p">(</span><span class="n">scan_region</span><span class="p">,</span> <span class="n">region</span><span class="p">)</span> <span class="k">for</span> <span class="n">region</span> <span class="ow">in</span> <span class="n">regions</span><span class="p">]</span> </code></pre> </div> <ol> <li> <strong>Caching</strong>: Cache resource lists for multiple alarm checks </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="kn">from</span> <span class="n">functools</span> <span class="kn">import</span> <span class="n">lru_cache</span> <span class="nd">@lru_cache</span><span class="p">(</span><span class="n">maxsize</span><span class="o">=</span><span class="mi">128</span><span class="p">)</span> <span class="k">def</span> <span class="nf">get_cached_resources</span><span class="p">(</span><span class="n">service</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">List</span><span class="p">[</span><span class="n">Dict</span><span class="p">]:</span> <span class="k">return</span> <span class="nf">fetch_resources</span><span class="p">(</span><span class="n">service</span><span class="p">)</span> </code></pre> </div> <p><strong>Execution Time Estimates:</strong></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Account Size</th> <th>Resources</th> <th>Alarms</th> <th>Execution Time</th> </tr> </thead> <tbody> <tr> <td>Small</td> <td>&lt; 100</td> <td>&lt; 50</td> <td>30-60 seconds</td> </tr> <tr> <td>Medium</td> <td>100-1000</td> <td>50-500</td> <td>2-5 minutes</td> </tr> <tr> <td>Large</td> <td>1000-5000</td> <td>500-2000</td> <td>5-15 minutes</td> </tr> <tr> <td>Enterprise</td> <td>&gt; 5000</td> <td>&gt; 2000</td> <td>15-30 minutes</td> </tr> </tbody> </table></div> <h2> Common Pitfalls &amp; Troubleshooting </h2> <h3> Issue: "No credentials found" </h3> <p><strong>Cause</strong>: AWS credentials not configured properly</p> <p><strong>Solution:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Option 1: Configure AWS CLI</span> aws configure <span class="c"># Option 2: Set environment variables</span> <span class="nb">export </span><span class="nv">AWS_ACCESS_KEY_ID</span><span class="o">=</span>your_key <span class="nb">export </span><span class="nv">AWS_SECRET_ACCESS_KEY</span><span class="o">=</span>your_secret <span class="nb">export </span><span class="nv">AWS_DEFAULT_REGION</span><span class="o">=</span>us-east-1 <span class="c"># Option 3: Use IAM role (recommended for EC2/Lambda)</span> <span class="c"># Attach IAM role to compute resource</span> </code></pre> </div> <h3> Issue: "Rate limit exceeded" </h3> <p><strong>Cause</strong>: Too many API calls in short period</p> <p><strong>Solution:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Add exponential backoff </span><span class="kn">import</span> <span class="n">time</span> <span class="kn">from</span> <span class="n">botocore.exceptions</span> <span class="kn">import</span> <span class="n">ClientError</span> <span class="k">def</span> <span class="nf">api_call_with_retry</span><span class="p">(</span><span class="n">func</span><span class="p">,</span> <span class="n">max_retries</span><span class="o">=</span><span class="mi">3</span><span class="p">):</span> <span class="k">for</span> <span class="n">attempt</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="n">max_retries</span><span class="p">):</span> <span class="k">try</span><span class="p">:</span> <span class="k">return</span> <span class="nf">func</span><span class="p">()</span> <span class="k">except</span> <span class="n">ClientError</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="k">if</span> <span class="n">e</span><span class="p">.</span><span class="n">response</span><span class="p">[</span><span class="sh">'</span><span class="s">Error</span><span class="sh">'</span><span class="p">][</span><span class="sh">'</span><span class="s">Code</span><span class="sh">'</span><span class="p">]</span> <span class="o">==</span> <span class="sh">'</span><span class="s">Throttling</span><span class="sh">'</span><span class="p">:</span> <span class="n">wait_time</span> <span class="o">=</span> <span class="mi">2</span> <span class="o">**</span> <span class="n">attempt</span> <span class="n">time</span><span class="p">.</span><span class="nf">sleep</span><span class="p">(</span><span class="n">wait_time</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="k">raise</span> </code></pre> </div> <h3> Issue: "Permission denied" errors </h3> <p><strong>Cause</strong>: Insufficient IAM permissions</p> <p><strong>Solution:</strong></p> <ol> <li>Review CloudTrail logs for denied API calls</li> <li>Add missing permissions to IAM policy</li> <li>Verify IAM role trust relationships for assumed roles</li> </ol> <h3> Issue: Alarms not detected as orphans </h3> <p><strong>Cause</strong>: Dimension mismatch or namespace filtering</p> <p><strong>Solution:</strong></p> <ol> <li>Check alarm dimensions in CloudWatch console</li> <li>Verify <code>input.json</code> configuration matches alarm structure</li> <li>Review logs for dimension comparison details</li> </ol> <h3> Issue: Email notifications not sending </h3> <p><strong>Cause</strong>: SMTP configuration or authentication issues</p> <p><strong>Solution:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># Verify SMTP settings</span> <span class="na">Email</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">details</span><span class="pi">:</span> <span class="na">host</span><span class="pi">:</span> <span class="s2">"</span><span class="s">smtp.office365.com:587"</span> <span class="c1"># Include port</span> <span class="na">username</span><span class="pi">:</span> <span class="s2">"</span><span class="s">full-email@domain.com"</span> <span class="c1"># Use full email</span> <span class="na">password</span><span class="pi">:</span> <span class="s2">"</span><span class="s">app-specific-password"</span> <span class="c1"># Not regular password</span> </code></pre> </div> <h2> Enhancements &amp; Future Improvements </h2> <h3> Planned Features </h3> <p><strong>Multi-Region Support:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">regions</span> <span class="o">=</span> <span class="p">[</span><span class="sh">'</span><span class="s">us-east-1</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">us-west-2</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">eu-west-1</span><span class="sh">'</span><span class="p">]</span> <span class="k">for</span> <span class="n">region</span> <span class="ow">in</span> <span class="n">regions</span><span class="p">:</span> <span class="nf">scan_region</span><span class="p">(</span><span class="n">region</span><span class="p">)</span> <span class="nf">generate_report</span><span class="p">(</span><span class="n">region</span><span class="p">)</span> </code></pre> </div> <p><strong>Multi-Account Scanning:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">accounts</span> <span class="o">=</span> <span class="p">[</span> <span class="p">{</span><span class="sh">'</span><span class="s">account_id</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">111111111111</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">role</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">OrganizationAccountAccessRole</span><span class="sh">'</span><span class="p">},</span> <span class="p">{</span><span class="sh">'</span><span class="s">account_id</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">222222222222</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">role</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">OrganizationAccountAccessRole</span><span class="sh">'</span><span class="p">}</span> <span class="p">]</span> <span class="k">for</span> <span class="n">account</span> <span class="ow">in</span> <span class="n">accounts</span><span class="p">:</span> <span class="nf">assume_role</span><span class="p">(</span><span class="n">account</span><span class="p">)</span> <span class="nf">scan_account</span><span class="p">(</span><span class="n">account</span><span class="p">[</span><span class="sh">'</span><span class="s">account_id</span><span class="sh">'</span><span class="p">])</span> </code></pre> </div> <p><strong>Slack Integration:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">send_slack_notification</span><span class="p">(</span><span class="n">webhook_url</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">orphan_count</span><span class="p">:</span> <span class="nb">int</span><span class="p">):</span> <span class="n">payload</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">:</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Found </span><span class="si">{</span><span class="n">orphan_count</span><span class="si">}</span><span class="s"> orphan alarms</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">attachments</span><span class="sh">"</span><span class="p">:</span> <span class="p">[{</span><span class="sh">"</span><span class="s">color</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">warning</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Review report</span><span class="sh">"</span><span class="p">}]</span> <span class="p">}</span> <span class="n">requests</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="n">webhook_url</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="n">payload</span><span class="p">)</span> </code></pre> </div> <p><strong>CloudWatch Dashboard:</strong></p> <ul> <li>Metric: Number of orphan alarms detected</li> <li>Metric: Cost savings from deleted alarms</li> <li>Metric: Execution duration and success rate</li> </ul> <p><strong>Terraform/CloudFormation Deployment:</strong></p> <ul> <li>Infrastructure as Code for Lambda deployment</li> <li>EventBridge rule for scheduled execution</li> <li>S3 bucket for report storage</li> <li>SNS topic for notifications</li> </ul> <p><strong>Advanced Filtering:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Exclude alarms by tag </span><span class="n">exclude_tags</span> <span class="o">=</span> <span class="p">{</span><span class="sh">'</span><span class="s">Environment</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">Production</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">Critical</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">true</span><span class="sh">'</span><span class="p">}</span> <span class="c1"># Exclude alarms by name pattern </span><span class="n">exclude_patterns</span> <span class="o">=</span> <span class="p">[</span><span class="sa">r</span><span class="sh">'</span><span class="s">^prod-.*</span><span class="sh">'</span><span class="p">,</span> <span class="sa">r</span><span class="sh">'</span><span class="s">.*-critical$</span><span class="sh">'</span><span class="p">]</span> <span class="c1"># Age-based filtering (only flag old orphans) </span><span class="n">min_age_days</span> <span class="o">=</span> <span class="mi">7</span> </code></pre> </div> <h3> Community Contributions Welcome </h3> <ul> <li>Additional AWS service support (CloudFront, API Gateway, DynamoDB)</li> <li>Azure and GCP equivalents</li> <li>Web UI for report visualization</li> <li>Automated remediation workflows</li> <li>Integration with ServiceNow/Jira for ticketing</li> </ul> <h2> Conclusion </h2> <p>Orphan CloudWatch alarms are an often-overlooked source of waste and operational noise in AWS environments. This automated solution provides a production-ready approach to identifying and managing these orphan alarms at scale.</p> <p><strong>Key Takeaways:</strong></p> <p>✅ <strong>Cost Optimization</strong>: Eliminate unnecessary CloudWatch alarm costs<br> ✅ <strong>Operational Efficiency</strong>: Reduce alert fatigue and manual cleanup efforts<br> ✅ <strong>Flexibility</strong>: Multiple authentication methods and deployment options<br> ✅ <strong>Safety</strong>: Dry-run mode and detailed reporting before deletion<br> ✅ <strong>Scalability</strong>: Handles large environments with thousands of resources<br> ✅ <strong>Integration</strong>: Works seamlessly with existing CI/CD pipelines</p> <p><strong>Getting Started:</strong></p> <ol> <li>Clone the repository and install dependencies</li> <li>Configure <code>inputs.yml</code> with your AWS credentials</li> <li>Run in dry-run mode to generate initial report</li> <li>Review orphan alarms and validate detection accuracy</li> <li>Enable deletion mode for automated cleanup</li> <li>Schedule regular execution via Jenkins/Lambda</li> </ol> <p><strong>Production Deployment Checklist:</strong></p> <ul> <li>[ ] IAM permissions configured with least privilege</li> <li>[ ] Credentials stored securely (Secrets Manager/Parameter Store)</li> <li>[ ] Email notifications tested and working</li> <li>[ ] Dry-run executed and results validated</li> <li>[ ] Backup of critical alarms documented</li> <li>[ ] Monitoring configured for script execution</li> <li>[ ] Runbook created for troubleshooting</li> <li>[ ] Stakeholders notified of automation deployment</li> </ul> <p>This solution has been battle-tested in production environments managing thousands of CloudWatch alarms across multiple AWS accounts. By automating orphan alarm detection, teams can focus on meaningful alerts while maintaining clean, cost-effective monitoring infrastructure.</p> <p><strong>Author</strong>: Prashant Gupta | Cloud Platform Lead<br><br> <strong>Repository</strong>: <a href="https://github.com/prashantgupta123/devops-automation" rel="noopener noreferrer">devops-automation</a><br><br> <strong>License</strong>: MIT</p> <p><strong>Questions or Issues?</strong> Open an issue on GitHub or reach out to the DevOps team.</p> aws cloudwatch monitoring Prashant Gupta Thu, 01 Jan 2026 10:42:26 +0000 https://dev.to/prashantgupta123/building-a-multi-channel-aws-ec2-spot-instance-interruption-alert-system-1j5d https://dev.to/prashantgupta123/building-a-multi-channel-aws-ec2-spot-instance-interruption-alert-system-1j5d <h2> Building a Multi-Channel AWS EC2 Spot Instance Interruption Alert System </h2> <p><em>A comprehensive guide to implementing real-time notifications for EC2 Spot Instance interruptions with ECS service impact analysis</em></p> <h2> Introduction &amp; Problem Statement </h2> <p>AWS EC2 Spot Instances offer significant cost savings—up to 90% compared to On-Demand pricing—making them an attractive option for cost-conscious organizations. However, this cost efficiency comes with a trade-off: <strong>Spot Instances can be interrupted with only a 2-minute warning when AWS needs the capacity back</strong>.</p> <h3> The Challenge </h3> <p>In production environments running containerized workloads on ECS clusters backed by Spot Instances, these interruptions can cause:</p> <ul> <li> <strong>Service disruptions</strong> without proper preparation</li> <li> <strong>Lost work</strong> if applications aren't designed for graceful shutdowns</li> <li> <strong>Cascading failures</strong> when multiple instances are interrupted simultaneously</li> <li> <strong>Operational blindness</strong> when teams aren't notified of impending interruptions</li> </ul> <h3> The Solution </h3> <p>This article presents a comprehensive, production-ready solution that:</p> <ol> <li> <strong>Monitors</strong> EC2 Spot Instance interruption warnings in real-time</li> <li> <strong>Identifies</strong> running ECS services on affected instances</li> <li> <strong>Delivers</strong> intelligent notifications across multiple channels (SNS, Google Chat, SMTP)</li> <li> <strong>Provides</strong> actionable information for rapid response</li> </ol> <h2> Architecture &amp; Design Overview </h2> <p>Our solution leverages AWS's native event-driven architecture to create a robust, serverless notification system:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>┌─────────────────┐ ┌──────────────────┐ ┌─────────────────┐ │ EC2 Spot │ │ EventBridge │ │ Lambda │ │ Interruption │───▶│ Rule │───▶│ Function │ │ Warning │ │ │ │ │ └─────────────────┘ └──────────────────┘ └─────────────────┘ │ ▼ ┌─────────────────────────────────────────────┐ │ Notification Channels │ │ ┌─────────┐ ┌─────────────┐ ┌───────────┐ │ │ │ SNS │ │ Google Chat │ │ SMTP │ │ │ │ Topic │ │ Webhook │ │ Email │ │ │ └─────────┘ └─────────────┘ └───────────┘ │ └─────────────────────────────────────────────┘ </code></pre> </div> <h3> Key Components </h3> <ul> <li> <strong>EventBridge Rule</strong>: Captures EC2 Spot Instance Interruption Warning events</li> <li> <strong>Lambda Function</strong>: Processes events, discovers ECS services, and orchestrates notifications</li> <li> <strong>Multi-Channel Notifications</strong>: Flexible delivery via SNS, Google Chat, and SMTP</li> <li> <strong>ECS Integration</strong>: Intelligent service discovery and impact assessment</li> </ul> <h2> Solution Approach </h2> <h3> Event-Driven Architecture </h3> <p>We chose an event-driven approach because:</p> <ol> <li> <strong>Real-time Response</strong>: EventBridge delivers events within seconds</li> <li> <strong>Cost Efficiency</strong>: Pay only for actual interruption events</li> <li> <strong>Scalability</strong>: Handles multiple simultaneous interruptions automatically</li> <li> <strong>Reliability</strong>: AWS-managed infrastructure with built-in retry mechanisms</li> </ol> <h3> Multi-Channel Notifications </h3> <p>Different teams prefer different communication channels:</p> <ul> <li> <strong>SNS</strong>: Integration with existing alerting systems (PagerDuty, OpsGenie)</li> <li> <strong>Google Chat</strong>: Real-time team collaboration</li> <li> <strong>SMTP Email</strong>: Detailed reports with HTML formatting</li> </ul> <h3> Service Impact Analysis </h3> <p>Rather than generic alerts, our solution provides:</p> <ul> <li> <strong>Service Identification</strong>: Which ECS services are running on the interrupted instance</li> <li> <strong>Impact Assessment</strong>: Filtering out daemon services that auto-restart</li> <li> <strong>Actionable Information</strong>: Instance details for rapid response</li> </ul> <h2> Code Walkthrough </h2> <p>Let's examine the key components that make this solution work:</p> <h3> 1. Event Processing &amp; Service Discovery </h3> <p>The core logic processes EventBridge events and discovers affected ECS services:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">lambda_handler</span><span class="p">(</span><span class="n">event</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">],</span> <span class="n">context</span><span class="p">:</span> <span class="n">Any</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">]:</span> <span class="sh">"""</span><span class="s">Main handler for spot interruption events.</span><span class="sh">"""</span> <span class="n">instance_id</span> <span class="o">=</span> <span class="n">event</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">detail</span><span class="sh">"</span><span class="p">,</span> <span class="p">{}).</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">instance-id</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Unknown</span><span class="sh">"</span><span class="p">)</span> <span class="n">config</span> <span class="o">=</span> <span class="nf">_load_configuration</span><span class="p">()</span> <span class="c1"># Initialize AWS clients </span> <span class="n">session</span> <span class="o">=</span> <span class="nf">get_aws_session</span><span class="p">(</span><span class="n">config</span><span class="p">[</span><span class="sh">'</span><span class="s">awsCredentials</span><span class="sh">'</span><span class="p">])</span> <span class="n">aws_clients</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">'</span><span class="s">ec2</span><span class="sh">'</span><span class="p">:</span> <span class="n">session</span><span class="p">.</span><span class="nf">client</span><span class="p">(</span><span class="sh">'</span><span class="s">ec2</span><span class="sh">'</span><span class="p">),</span> <span class="sh">'</span><span class="s">ecs</span><span class="sh">'</span><span class="p">:</span> <span class="n">session</span><span class="p">.</span><span class="nf">client</span><span class="p">(</span><span class="sh">'</span><span class="s">ecs</span><span class="sh">'</span><span class="p">),</span> <span class="sh">'</span><span class="s">sns</span><span class="sh">'</span><span class="p">:</span> <span class="n">session</span><span class="p">.</span><span class="nf">client</span><span class="p">(</span><span class="sh">'</span><span class="s">sns</span><span class="sh">'</span><span class="p">)</span> <span class="p">}</span> <span class="c1"># Discover services on interrupted instance </span> <span class="n">instance_info</span> <span class="o">=</span> <span class="nf">_analyze_instance</span><span class="p">(</span><span class="n">aws_clients</span><span class="p">[</span><span class="sh">'</span><span class="s">ec2</span><span class="sh">'</span><span class="p">],</span> <span class="n">instance_id</span><span class="p">)</span> <span class="n">service_names</span> <span class="o">=</span> <span class="nf">_discover_ecs_services</span><span class="p">(</span> <span class="n">aws_clients</span><span class="p">[</span><span class="sh">'</span><span class="s">ecs</span><span class="sh">'</span><span class="p">],</span> <span class="n">instance_id</span><span class="p">,</span> <span class="n">instance_info</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">cluster_name</span><span class="sh">'</span><span class="p">)</span> <span class="p">)</span> <span class="k">if</span> <span class="n">service_names</span><span class="p">:</span> <span class="nf">_send_notifications</span><span class="p">(</span><span class="n">aws_clients</span><span class="p">,</span> <span class="n">config</span><span class="p">,</span> <span class="n">instance_info</span><span class="p">,</span> <span class="n">service_names</span><span class="p">)</span> <span class="k">return</span> <span class="p">{</span><span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">success</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">services_affected</span><span class="sh">"</span><span class="p">:</span> <span class="nf">len</span><span class="p">(</span><span class="n">service_names</span><span class="p">)}</span> </code></pre> </div> <h3> 2. ECS Service Discovery Logic </h3> <p>The critical logic that identifies which services are running on the interrupted instance:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">_discover_ecs_services</span><span class="p">(</span><span class="n">ecs_client</span><span class="p">,</span> <span class="n">instance_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">cluster_name</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">List</span><span class="p">[</span><span class="nb">str</span><span class="p">]:</span> <span class="sh">"""</span><span class="s">Find ECS services on the interrupted instance.</span><span class="sh">"""</span> <span class="n">service_names</span> <span class="o">=</span> <span class="p">[]</span> <span class="c1"># Get container instances in cluster </span> <span class="n">container_instances</span> <span class="o">=</span> <span class="n">ecs_client</span><span class="p">.</span><span class="nf">list_container_instances</span><span class="p">(</span><span class="n">cluster</span><span class="o">=</span><span class="n">cluster_name</span><span class="p">)</span> <span class="k">for</span> <span class="n">arn</span> <span class="ow">in</span> <span class="n">container_instances</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">containerInstanceArns</span><span class="sh">'</span><span class="p">,</span> <span class="p">[]):</span> <span class="c1"># Check if this container instance matches our EC2 instance </span> <span class="n">details</span> <span class="o">=</span> <span class="n">ecs_client</span><span class="p">.</span><span class="nf">describe_container_instances</span><span class="p">(</span> <span class="n">cluster</span><span class="o">=</span><span class="n">cluster_name</span><span class="p">,</span> <span class="n">containerInstances</span><span class="o">=</span><span class="p">[</span><span class="n">arn</span><span class="p">]</span> <span class="p">)</span> <span class="k">if</span> <span class="n">details</span><span class="p">[</span><span class="sh">'</span><span class="s">containerInstances</span><span class="sh">'</span><span class="p">][</span><span class="mi">0</span><span class="p">][</span><span class="sh">'</span><span class="s">ec2InstanceId</span><span class="sh">'</span><span class="p">]</span> <span class="o">==</span> <span class="n">instance_id</span><span class="p">:</span> <span class="c1"># Get tasks running on this container instance </span> <span class="n">tasks</span> <span class="o">=</span> <span class="n">ecs_client</span><span class="p">.</span><span class="nf">list_tasks</span><span class="p">(</span><span class="n">cluster</span><span class="o">=</span><span class="n">cluster_name</span><span class="p">,</span> <span class="n">containerInstance</span><span class="o">=</span><span class="n">arn</span><span class="p">)</span> <span class="k">for</span> <span class="n">task_arn</span> <span class="ow">in</span> <span class="n">tasks</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">taskArns</span><span class="sh">'</span><span class="p">,</span> <span class="p">[]):</span> <span class="n">service_name</span> <span class="o">=</span> <span class="nf">_extract_service_from_task</span><span class="p">(</span><span class="n">ecs_client</span><span class="p">,</span> <span class="n">cluster_name</span><span class="p">,</span> <span class="n">task_arn</span><span class="p">)</span> <span class="k">if</span> <span class="n">service_name</span><span class="p">:</span> <span class="n">service_names</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">service_name</span><span class="p">)</span> <span class="k">return</span> <span class="nf">list</span><span class="p">(</span><span class="nf">set</span><span class="p">(</span><span class="n">service_names</span><span class="p">))</span> <span class="c1"># Remove duplicates </span></code></pre> </div> <h3> 3. Multi-Channel Notification Logic </h3> <p>The notification orchestration that sends alerts via multiple channels:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">_send_notifications</span><span class="p">(</span><span class="n">aws_clients</span><span class="p">,</span> <span class="n">config</span><span class="p">,</span> <span class="n">instance_info</span><span class="p">,</span> <span class="n">service_names</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">List</span><span class="p">[</span><span class="nb">str</span><span class="p">]:</span> <span class="sh">"""</span><span class="s">Send notifications via enabled channels.</span><span class="sh">"""</span> <span class="n">message</span> <span class="o">=</span> <span class="nf">_format_notification_message</span><span class="p">(</span><span class="n">instance_info</span><span class="p">,</span> <span class="n">service_names</span><span class="p">)</span> <span class="n">notifications_sent</span> <span class="o">=</span> <span class="p">[]</span> <span class="c1"># SNS Notification </span> <span class="k">if</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">ENABLE_SNS</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">false</span><span class="sh">'</span><span class="p">).</span><span class="nf">lower</span><span class="p">()</span> <span class="o">==</span> <span class="sh">'</span><span class="s">true</span><span class="sh">'</span><span class="p">:</span> <span class="k">try</span><span class="p">:</span> <span class="n">aws_clients</span><span class="p">[</span><span class="sh">'</span><span class="s">sns</span><span class="sh">'</span><span class="p">].</span><span class="nf">publish</span><span class="p">(</span> <span class="n">TopicArn</span><span class="o">=</span><span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">[</span><span class="sh">'</span><span class="s">SNS_TOPIC_ARN</span><span class="sh">'</span><span class="p">],</span> <span class="n">Subject</span><span class="o">=</span><span class="sh">"</span><span class="s">🚨 EC2 Spot Instance Interruption Alert</span><span class="sh">"</span><span class="p">,</span> <span class="n">Message</span><span class="o">=</span><span class="n">message</span> <span class="p">)</span> <span class="n">notifications_sent</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="sh">'</span><span class="s">SNS</span><span class="sh">'</span><span class="p">)</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">SNS notification failed: </span><span class="si">{</span><span class="n">e</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Google Chat Notification </span> <span class="k">if</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">ENABLE_CHAT</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">false</span><span class="sh">'</span><span class="p">).</span><span class="nf">lower</span><span class="p">()</span> <span class="o">==</span> <span class="sh">'</span><span class="s">true</span><span class="sh">'</span><span class="p">:</span> <span class="k">try</span><span class="p">:</span> <span class="n">response</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">[</span><span class="sh">'</span><span class="s">GOOGLE_CHAT_WEBHOOK</span><span class="sh">'</span><span class="p">],</span> <span class="n">json</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">:</span> <span class="n">message</span><span class="p">},</span> <span class="n">timeout</span><span class="o">=</span><span class="mi">10</span> <span class="p">)</span> <span class="n">response</span><span class="p">.</span><span class="nf">raise_for_status</span><span class="p">()</span> <span class="n">notifications_sent</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="sh">'</span><span class="s">Google Chat</span><span class="sh">'</span><span class="p">)</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Google Chat notification failed: </span><span class="si">{</span><span class="n">e</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Email Notification </span> <span class="k">if</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">ENABLE_EMAIL</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">false</span><span class="sh">'</span><span class="p">).</span><span class="nf">lower</span><span class="p">()</span> <span class="o">==</span> <span class="sh">'</span><span class="s">true</span><span class="sh">'</span><span class="p">:</span> <span class="k">try</span><span class="p">:</span> <span class="n">html_content</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">&lt;html&gt;&lt;body&gt;&lt;pre&gt;</span><span class="si">{</span><span class="n">message</span><span class="si">}</span><span class="s">&lt;/pre&gt;&lt;/body&gt;&lt;/html&gt;</span><span class="sh">"</span> <span class="nf">send_email</span><span class="p">(</span><span class="n">config</span><span class="p">[</span><span class="sh">'</span><span class="s">smtpCredentials</span><span class="sh">'</span><span class="p">],</span> <span class="n">config</span><span class="p">[</span><span class="sh">'</span><span class="s">emailNotification</span><span class="sh">'</span><span class="p">],</span> <span class="n">html_content</span><span class="p">)</span> <span class="n">notifications_sent</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="sh">'</span><span class="s">Email</span><span class="sh">'</span><span class="p">)</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Email notification failed: </span><span class="si">{</span><span class="n">e</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="n">notifications_sent</span> </code></pre> </div> <h3> 4. Flexible AWS Authentication </h3> <p>The session management supports multiple authentication methods:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">get_aws_session</span><span class="p">(</span><span class="n">credentials</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">])</span> <span class="o">-&gt;</span> <span class="n">boto3</span><span class="p">.</span><span class="n">Session</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Create AWS session with flexible authentication.</span><span class="sh">"""</span> <span class="n">region</span> <span class="o">=</span> <span class="n">credentials</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">region_name</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">us-east-1</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="n">credentials</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">profile_name</span><span class="sh">"</span><span class="p">):</span> <span class="k">return</span> <span class="n">boto3</span><span class="p">.</span><span class="nc">Session</span><span class="p">(</span><span class="n">profile_name</span><span class="o">=</span><span class="n">credentials</span><span class="p">[</span><span class="sh">"</span><span class="s">profile_name</span><span class="sh">"</span><span class="p">],</span> <span class="n">region_name</span><span class="o">=</span><span class="n">region</span><span class="p">)</span> <span class="k">elif</span> <span class="n">credentials</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">role_arn</span><span class="sh">"</span><span class="p">):</span> <span class="k">return</span> <span class="nf">_create_assumed_role_session</span><span class="p">(</span><span class="n">credentials</span><span class="p">[</span><span class="sh">"</span><span class="s">role_arn</span><span class="sh">"</span><span class="p">],</span> <span class="n">region</span><span class="p">)</span> <span class="k">elif</span> <span class="n">credentials</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">access_key</span><span class="sh">"</span><span class="p">):</span> <span class="k">return</span> <span class="n">boto3</span><span class="p">.</span><span class="nc">Session</span><span class="p">(</span> <span class="n">aws_access_key_id</span><span class="o">=</span><span class="n">credentials</span><span class="p">[</span><span class="sh">"</span><span class="s">access_key</span><span class="sh">"</span><span class="p">],</span> <span class="n">aws_secret_access_key</span><span class="o">=</span><span class="n">credentials</span><span class="p">[</span><span class="sh">"</span><span class="s">secret_key</span><span class="sh">"</span><span class="p">],</span> <span class="n">region_name</span><span class="o">=</span><span class="n">region</span> <span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="k">return</span> <span class="n">boto3</span><span class="p">.</span><span class="nc">Session</span><span class="p">(</span><span class="n">region_name</span><span class="o">=</span><span class="n">region</span><span class="p">)</span> <span class="c1"># Default credential chain </span></code></pre> </div> <h2> Configuration &amp; Setup Instructions </h2> <h3> Prerequisites </h3> <p>Before deploying the solution, ensure you have:</p> <ul> <li> <strong>AWS CLI</strong> configured with appropriate permissions</li> <li> <strong>Python 3.13+</strong> for local development</li> <li> <strong>IAM permissions</strong> for EC2, ECS, SNS, Lambda, and EventBridge</li> <li> <strong>SMTP credentials</strong> if using email notifications</li> <li> <strong>Google Chat webhook</strong> if using chat notifications</li> </ul> <h3> Step 1: Configuration Setup </h3> <p>Create your <code>input.json</code> configuration file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"awsCredentials"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"region_name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"us-east-1"</span><span class="p">,</span><span class="w"> </span><span class="nl">"profile_name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"your-aws-profile"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"smtpCredentials"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"host"</span><span class="p">:</span><span class="w"> </span><span class="s2">"smtp.gmail.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"port"</span><span class="p">:</span><span class="w"> </span><span class="s2">"587"</span><span class="p">,</span><span class="w"> </span><span class="nl">"username"</span><span class="p">:</span><span class="w"> </span><span class="s2">"alerts@yourcompany.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"password"</span><span class="p">:</span><span class="w"> </span><span class="s2">"your-app-specific-password"</span><span class="p">,</span><span class="w"> </span><span class="nl">"from_email"</span><span class="p">:</span><span class="w"> </span><span class="s2">"alerts@yourcompany.com"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"emailNotification"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"email_subject"</span><span class="p">:</span><span class="w"> </span><span class="s2">"🚨 Spot Instance Interruption Alert"</span><span class="p">,</span><span class="w"> </span><span class="nl">"subject_prefix"</span><span class="p">:</span><span class="w"> </span><span class="s2">"PRODUCTION"</span><span class="p">,</span><span class="w"> </span><span class="nl">"to"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"devops-team@yourcompany.com"</span><span class="p">],</span><span class="w"> </span><span class="nl">"cc"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"platform-team@yourcompany.com"</span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> Step 2: Deployment Scripts </h3> <p>Update the deployment configuration in <code>cloudformation_deploy.sh</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="nb">set</span> <span class="nt">-e</span> <span class="c"># Configuration</span> <span class="nv">STACK_NAME</span><span class="o">=</span><span class="s2">"spot-interruption-alerts"</span> <span class="nv">TEMPLATE_FILE</span><span class="o">=</span><span class="s2">"cloudformation-template.yml"</span> <span class="c"># Notification Settings</span> <span class="nv">SNS_TOPIC_ARN</span><span class="o">=</span><span class="s2">"arn:aws:sns:us-east-1:123456789012:critical-alerts"</span> <span class="nv">GOOGLE_CHAT_WEBHOOK</span><span class="o">=</span><span class="s2">"https://chat.googleapis.com/v1/spaces/AAAA/messages?key=xxx"</span> <span class="nv">ENABLE_SNS</span><span class="o">=</span><span class="s2">"true"</span> <span class="nv">ENABLE_EMAIL</span><span class="o">=</span><span class="s2">"true"</span> <span class="nv">ENABLE_CHAT</span><span class="o">=</span><span class="s2">"true"</span> <span class="nb">echo</span> <span class="s2">"🚀 Deploying Spot Interruption Alert System..."</span> <span class="c"># Build Lambda package</span> ./lambda_build.sh <span class="c"># Deploy infrastructure</span> aws cloudformation deploy <span class="se">\</span> <span class="nt">--template-file</span> <span class="nv">$TEMPLATE_FILE</span> <span class="se">\</span> <span class="nt">--stack-name</span> <span class="nv">$STACK_NAME</span> <span class="se">\</span> <span class="nt">--parameter-overrides</span> <span class="se">\</span> <span class="nv">SNSTopicArn</span><span class="o">=</span><span class="s2">"</span><span class="nv">$SNS_TOPIC_ARN</span><span class="s2">"</span> <span class="se">\</span> <span class="nv">GoogleChatWebhook</span><span class="o">=</span><span class="s2">"</span><span class="nv">$GOOGLE_CHAT_WEBHOOK</span><span class="s2">"</span> <span class="se">\</span> <span class="nv">EnableSNS</span><span class="o">=</span><span class="s2">"</span><span class="nv">$ENABLE_SNS</span><span class="s2">"</span> <span class="se">\</span> <span class="nv">EnableEmail</span><span class="o">=</span><span class="s2">"</span><span class="nv">$ENABLE_EMAIL</span><span class="s2">"</span> <span class="se">\</span> <span class="nv">EnableChat</span><span class="o">=</span><span class="s2">"</span><span class="nv">$ENABLE_CHAT</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">--capabilities</span> CAPABILITY_NAMED_IAM <span class="c"># Update Lambda code</span> <span class="nv">FUNCTION_NAME</span><span class="o">=</span><span class="si">$(</span>aws cloudformation describe-stacks <span class="se">\</span> <span class="nt">--stack-name</span> <span class="nv">$STACK_NAME</span> <span class="se">\</span> <span class="nt">--query</span> <span class="s1">'Stacks[0].Outputs[?OutputKey==`LambdaFunctionName`].OutputValue'</span> <span class="se">\</span> <span class="nt">--output</span> text<span class="si">)</span> aws lambda update-function-code <span class="se">\</span> <span class="nt">--function-name</span> <span class="nv">$FUNCTION_NAME</span> <span class="se">\</span> <span class="nt">--zip-file</span> fileb://lambda-deployment.zip <span class="nb">echo</span> <span class="s2">"✅ Deployment completed successfully!"</span> </code></pre> </div> <h3> Step 3: Build Script </h3> <p>The <code>lambda_build.sh</code> script packages your Lambda function:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="nb">echo</span> <span class="s2">"📦 Building Lambda deployment package..."</span> <span class="c"># Clean previous builds</span> <span class="nb">rm</span> <span class="nt">-rf</span> package/ lambda-deployment.zip <span class="c"># Create package directory</span> <span class="nb">mkdir</span> <span class="nt">-p</span> package <span class="c"># Install dependencies</span> pip <span class="nb">install</span> <span class="nt">-r</span> requirements.txt <span class="nt">-t</span> package/ <span class="c"># Copy source files</span> <span class="nb">cp</span> <span class="k">*</span>.py package/ <span class="nb">cp </span>input.json package/ <span class="c"># Create deployment package</span> <span class="nb">cd </span>package <span class="o">&amp;&amp;</span> zip <span class="nt">-r</span> ../lambda-deployment.zip <span class="nb">.</span> <span class="o">&amp;&amp;</span> <span class="nb">cd</span> .. <span class="c"># Cleanup</span> <span class="nb">rm</span> <span class="nt">-rf</span> package/ <span class="nb">echo</span> <span class="s2">"✅ Package created: lambda-deployment.zip"</span> </code></pre> </div> <h3> Step 4: Deploy the Solution </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Make scripts executable</span> <span class="nb">chmod</span> +x cloudformation_deploy.sh lambda_build.sh <span class="c"># Deploy the complete solution</span> ./cloudformation_deploy.sh </code></pre> </div> <h2> Usage Examples </h2> <h3> Example 1: SNS Integration with PagerDuty </h3> <p>Configure SNS topic to integrate with your existing alerting system:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Create SNS topic</span> aws sns create-topic <span class="nt">--name</span> spot-interruption-alerts <span class="c"># Subscribe PagerDuty endpoint</span> aws sns subscribe <span class="se">\</span> <span class="nt">--topic-arn</span> arn:aws:sns:us-east-1:123456789012:spot-interruption-alerts <span class="se">\</span> <span class="nt">--protocol</span> https <span class="se">\</span> <span class="nt">--notification-endpoint</span> https://events.pagerduty.com/integration/xxx/enqueue </code></pre> </div> <h3> Example 2: Google Chat Integration </h3> <p>Set up a Google Chat webhook:</p> <ol> <li>Go to Google Chat → Space Settings → Apps &amp; Integrations</li> <li>Add Webhook</li> <li>Copy the webhook URL</li> <li>Update your deployment script with the webhook URL</li> </ol> <h3> Example 3: Custom Email Templates </h3> <p>Customize email notifications by modifying the <code>_format_notification_message</code> function:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">_format_notification_message</span><span class="p">(</span><span class="n">instance_info</span><span class="p">,</span> <span class="n">service_names</span><span class="p">):</span> <span class="sh">"""</span><span class="s">Custom email template with company branding.</span><span class="sh">"""</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"""</span><span class="s"> &lt;div style=</span><span class="sh">"</span><span class="s">font-family: Arial; max-width: 600px;</span><span class="sh">"</span><span class="s">&gt; &lt;h2 style=</span><span class="sh">"</span><span class="s">color: #d32f2f;</span><span class="sh">"</span><span class="s">&gt;🚨 Spot Instance Interruption Alert&lt;/h2&gt; &lt;div style=</span><span class="sh">"</span><span class="s">background: #f5f5f5; padding: 15px; border-radius: 5px;</span><span class="sh">"</span><span class="s">&gt; &lt;h3&gt;Instance Details&lt;/h3&gt; &lt;ul&gt; &lt;li&gt;&lt;strong&gt;Instance ID:&lt;/strong&gt; </span><span class="si">{</span><span class="n">instance_info</span><span class="p">[</span><span class="sh">'</span><span class="s">instance_id</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s">&lt;/li&gt; &lt;li&gt;&lt;strong&gt;Type:&lt;/strong&gt; </span><span class="si">{</span><span class="n">instance_info</span><span class="p">[</span><span class="sh">'</span><span class="s">instance_type</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s">&lt;/li&gt; &lt;li&gt;&lt;strong&gt;AZ:&lt;/strong&gt; </span><span class="si">{</span><span class="n">instance_info</span><span class="p">[</span><span class="sh">'</span><span class="s">availability_zone</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s">&lt;/li&gt; &lt;/ul&gt; &lt;/div&gt; &lt;div style=</span><span class="sh">"</span><span class="s">background: #fff3cd; padding: 15px; border-radius: 5px; margin-top: 15px;</span><span class="sh">"</span><span class="s">&gt; &lt;h3&gt;Affected Services&lt;/h3&gt; &lt;ul&gt; </span><span class="si">{</span><span class="sh">''</span><span class="p">.</span><span class="n">join</span><span class="p">(</span><span class="sa">f</span><span class="sh">'</span><span class="s">&lt;li&gt;</span><span class="si">{</span><span class="n">service</span><span class="si">}</span><span class="o">&lt;/</span><span class="n">li</span><span class="o">&gt;</span><span class="sh">'</span><span class="s"> for service in service_names)</span><span class="si">}</span><span class="s"> &lt;/ul&gt; &lt;/div&gt; &lt;p&gt;&lt;em&gt;Automated alert from AWS Infrastructure Team&lt;/em&gt;&lt;/p&gt; &lt;/div&gt; </span><span class="sh">"""</span> </code></pre> </div> <h2> Best Practices Followed </h2> <h3> 1. <strong>Code Quality &amp; Maintainability</strong> </h3> <ul> <li> <strong>PEP 8 Compliance</strong>: Consistent code formatting and naming conventions</li> <li> <strong>Type Hints</strong>: Enhanced code readability and IDE support</li> <li> <strong>Modular Design</strong>: Separated concerns across multiple modules</li> <li> <strong>Comprehensive Logging</strong>: Structured logging with contextual information</li> </ul> <h3> 2. <strong>Error Handling &amp; Resilience</strong> </h3> <ul> <li> <strong>Graceful Degradation</strong>: Continue processing even if one notification channel fails</li> <li> <strong>Retry Logic</strong>: Built-in retry mechanisms for transient failures</li> <li> <strong>Input Validation</strong>: Robust validation of configuration and event data</li> <li> <strong>Exception Handling</strong>: Comprehensive error handling with detailed logging</li> </ul> <h3> 3. <strong>Security</strong> </h3> <ul> <li> <strong>Least Privilege IAM</strong>: Minimal required permissions for Lambda execution role</li> <li> <strong>Credential Management</strong>: Secure handling of SMTP and webhook credentials</li> <li> <strong>No Hardcoded Secrets</strong>: All sensitive data passed via environment variables or configuration</li> <li> <strong>Input Sanitization</strong>: Proper validation of event data and configuration</li> </ul> <h3> 4. <strong>Performance &amp; Cost Optimization</strong> </h3> <ul> <li> <strong>Efficient Resource Usage</strong>: Minimal Lambda memory allocation (128MB)</li> <li> <strong>Fast Execution</strong>: Optimized code paths for sub-10-second execution</li> <li> <strong>Event-Driven</strong>: Pay only for actual interruption events</li> <li> <strong>Connection Reuse</strong>: Efficient AWS client initialization</li> </ul> <h2> Security &amp; Performance Considerations </h2> <h3> Security Measures </h3> <ol> <li> <strong>IAM Role Permissions</strong> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2012-10-17"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Statement"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"ec2:DescribeInstances"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ecs:ListContainerInstances"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ecs:DescribeContainerInstances"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ecs:ListTasks"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ecs:DescribeTasks"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ecs:DescribeServices"</span><span class="p">,</span><span class="w"> </span><span class="s2">"sns:Publish"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <ol> <li> <p><strong>Credential Security</strong></p> <ul> <li>SMTP passwords stored in configuration files (consider AWS Secrets Manager for production)</li> <li>Google Chat webhooks marked as <code>NoEcho</code> in CloudFormation</li> <li>No hardcoded credentials in source code</li> </ul> </li> <li> <p><strong>Network Security</strong></p> <ul> <li>Lambda function can be deployed in VPC for additional isolation</li> <li>HTTPS-only communication for all external APIs</li> <li>Webhook URL validation to prevent SSRF attacks</li> </ul> </li> </ol> <h3> Performance Optimizations </h3> <ol> <li> <p><strong>Lambda Configuration</strong></p> <ul> <li> <strong>Memory</strong>: 128MB (sufficient for most workloads)</li> <li> <strong>Timeout</strong>: 30 seconds (allows for network retries)</li> <li> <strong>Runtime</strong>: Python 3.13 (latest stable version)</li> </ul> </li> <li> <p><strong>Efficient Processing</strong></p> <ul> <li>Parallel notification sending where possible</li> <li>Early exit for instances without services</li> <li>Minimal AWS API calls through intelligent filtering</li> </ul> </li> <li> <p><strong>Cost Considerations</strong></p> <ul> <li> <strong>Lambda Invocations</strong>: Only triggered by actual interruption events</li> <li> <strong>Data Transfer</strong>: Minimal outbound data for notifications</li> <li> <strong>CloudWatch Logs</strong>: Structured logging to minimize log volume</li> </ul> </li> </ol> <h2> Common Pitfalls &amp; Troubleshooting </h2> <h3> Issue 1: Lambda Timeout </h3> <p><strong>Symptoms</strong>: Lambda function times out before completing notifications</p> <p><strong>Solutions</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Increase timeout in CloudFormation template </span><span class="n">Timeout</span><span class="p">:</span> <span class="mi">60</span> <span class="c1"># Increase from 30 to 60 seconds </span> <span class="c1"># Add timeout handling in code </span><span class="kn">import</span> <span class="n">signal</span> <span class="k">def</span> <span class="nf">timeout_handler</span><span class="p">(</span><span class="n">signum</span><span class="p">,</span> <span class="n">frame</span><span class="p">):</span> <span class="k">raise</span> <span class="nc">TimeoutError</span><span class="p">(</span><span class="sh">"</span><span class="s">Lambda function timeout</span><span class="sh">"</span><span class="p">)</span> <span class="n">signal</span><span class="p">.</span><span class="nf">signal</span><span class="p">(</span><span class="n">signal</span><span class="p">.</span><span class="n">SIGALRM</span><span class="p">,</span> <span class="n">timeout_handler</span><span class="p">)</span> <span class="n">signal</span><span class="p">.</span><span class="nf">alarm</span><span class="p">(</span><span class="mi">25</span><span class="p">)</span> <span class="c1"># Set alarm for 25 seconds (5 seconds before Lambda timeout) </span></code></pre> </div> <h3> Issue 2: SMTP Authentication Failures </h3> <p><strong>Symptoms</strong>: Email notifications fail with authentication errors</p> <p><strong>Solutions</strong>:</p> <ol> <li> <strong>Gmail</strong>: Use App-Specific Passwords instead of regular passwords</li> <li> <strong>Office 365</strong>: Enable SMTP AUTH for the mailbox</li> <li> <strong>Corporate SMTP</strong>: Verify firewall rules allow outbound SMTP traffic </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Enhanced SMTP error handling </span><span class="k">def</span> <span class="nf">_send_via_smtp</span><span class="p">(</span><span class="n">smtp_config</span><span class="p">,</span> <span class="n">message</span><span class="p">,</span> <span class="n">recipients</span><span class="p">):</span> <span class="k">try</span><span class="p">:</span> <span class="n">server</span> <span class="o">=</span> <span class="n">smtplib</span><span class="p">.</span><span class="nc">SMTP</span><span class="p">(</span><span class="n">smtp_config</span><span class="p">[</span><span class="sh">"</span><span class="s">host</span><span class="sh">"</span><span class="p">],</span> <span class="nf">int</span><span class="p">(</span><span class="n">smtp_config</span><span class="p">[</span><span class="sh">"</span><span class="s">port</span><span class="sh">"</span><span class="p">]))</span> <span class="n">server</span><span class="p">.</span><span class="nf">set_debuglevel</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span> <span class="c1"># Enable debug output </span> <span class="n">server</span><span class="p">.</span><span class="nf">starttls</span><span class="p">()</span> <span class="n">server</span><span class="p">.</span><span class="nf">login</span><span class="p">(</span><span class="n">smtp_config</span><span class="p">[</span><span class="sh">"</span><span class="s">username</span><span class="sh">"</span><span class="p">],</span> <span class="n">smtp_config</span><span class="p">[</span><span class="sh">"</span><span class="s">password</span><span class="sh">"</span><span class="p">])</span> <span class="c1"># ... rest of the code </span> <span class="k">except</span> <span class="n">smtplib</span><span class="p">.</span><span class="n">SMTPAuthenticationError</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">SMTP authentication failed: </span><span class="si">{</span><span class="n">e</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Consider fallback notification method </span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">SMTP error: </span><span class="si">{</span><span class="n">e</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <h3> Issue 3: Missing ECS Services </h3> <p><strong>Symptoms</strong>: Alerts sent for instances without detected services</p> <p><strong>Root Causes</strong>:</p> <ul> <li>Incorrect ECS cluster name detection</li> <li>Services not properly tagged</li> <li>Daemon services incorrectly filtered</li> </ul> <p><strong>Solutions</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Enhanced cluster detection </span><span class="k">def</span> <span class="nf">_get_cluster_name_from_instance</span><span class="p">(</span><span class="n">ec2_client</span><span class="p">,</span> <span class="n">instance_id</span><span class="p">):</span> <span class="sh">"""</span><span class="s">Multiple methods to detect ECS cluster name.</span><span class="sh">"""</span> <span class="k">try</span><span class="p">:</span> <span class="n">response</span> <span class="o">=</span> <span class="n">ec2_client</span><span class="p">.</span><span class="nf">describe_instances</span><span class="p">(</span><span class="n">InstanceIds</span><span class="o">=</span><span class="p">[</span><span class="n">instance_id</span><span class="p">])</span> <span class="n">instance</span> <span class="o">=</span> <span class="n">response</span><span class="p">[</span><span class="sh">'</span><span class="s">Reservations</span><span class="sh">'</span><span class="p">][</span><span class="mi">0</span><span class="p">][</span><span class="sh">'</span><span class="s">Instances</span><span class="sh">'</span><span class="p">][</span><span class="mi">0</span><span class="p">]</span> <span class="c1"># Method 1: Auto Scaling Group tag </span> <span class="k">for</span> <span class="n">tag</span> <span class="ow">in</span> <span class="n">instance</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">Tags</span><span class="sh">'</span><span class="p">,</span> <span class="p">[]):</span> <span class="k">if</span> <span class="n">tag</span><span class="p">[</span><span class="sh">'</span><span class="s">Key</span><span class="sh">'</span><span class="p">]</span> <span class="o">==</span> <span class="sh">'</span><span class="s">aws:autoscaling:groupName</span><span class="sh">'</span><span class="p">:</span> <span class="k">return</span> <span class="n">tag</span><span class="p">[</span><span class="sh">'</span><span class="s">Value</span><span class="sh">'</span><span class="p">]</span> <span class="c1"># Method 2: ECS Cluster tag </span> <span class="k">for</span> <span class="n">tag</span> <span class="ow">in</span> <span class="n">instance</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">Tags</span><span class="sh">'</span><span class="p">,</span> <span class="p">[]):</span> <span class="k">if</span> <span class="n">tag</span><span class="p">[</span><span class="sh">'</span><span class="s">Key</span><span class="sh">'</span><span class="p">]</span> <span class="o">==</span> <span class="sh">'</span><span class="s">ecs:cluster-name</span><span class="sh">'</span><span class="p">:</span> <span class="k">return</span> <span class="n">tag</span><span class="p">[</span><span class="sh">'</span><span class="s">Value</span><span class="sh">'</span><span class="p">]</span> <span class="c1"># Method 3: Parse from instance name </span> <span class="n">instance_name</span> <span class="o">=</span> <span class="nf">next</span><span class="p">(</span> <span class="p">(</span><span class="n">tag</span><span class="p">[</span><span class="sh">'</span><span class="s">Value</span><span class="sh">'</span><span class="p">]</span> <span class="k">for</span> <span class="n">tag</span> <span class="ow">in</span> <span class="n">instance</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">Tags</span><span class="sh">'</span><span class="p">,</span> <span class="p">[])</span> <span class="k">if</span> <span class="n">tag</span><span class="p">[</span><span class="sh">'</span><span class="s">Key</span><span class="sh">'</span><span class="p">]</span> <span class="o">==</span> <span class="sh">'</span><span class="s">Name</span><span class="sh">'</span><span class="p">),</span> <span class="sh">''</span> <span class="p">)</span> <span class="k">if</span> <span class="sh">'</span><span class="s">ecs</span><span class="sh">'</span> <span class="ow">in</span> <span class="n">instance_name</span><span class="p">.</span><span class="nf">lower</span><span class="p">():</span> <span class="k">return</span> <span class="n">instance_name</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="sh">'</span><span class="s">-</span><span class="sh">'</span><span class="p">)[</span><span class="mi">0</span><span class="p">]</span> <span class="c1"># Assuming naming convention </span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Failed to detect cluster name: </span><span class="si">{</span><span class="n">e</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="bp">None</span> </code></pre> </div> <h3> Issue 4: Google Chat Webhook Failures </h3> <p><strong>Symptoms</strong>: Google Chat notifications fail silently</p> <p><strong>Solutions</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">_send_chat_notification</span><span class="p">(</span><span class="n">message</span><span class="p">):</span> <span class="sh">"""</span><span class="s">Enhanced Google Chat notification with retry logic.</span><span class="sh">"""</span> <span class="n">webhook_url</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">GOOGLE_CHAT_WEBHOOK</span><span class="sh">'</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">webhook_url</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">warning</span><span class="p">(</span><span class="sh">"</span><span class="s">Google Chat webhook not configured</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="bp">False</span> <span class="n">max_retries</span> <span class="o">=</span> <span class="mi">3</span> <span class="k">for</span> <span class="n">attempt</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="n">max_retries</span><span class="p">):</span> <span class="k">try</span><span class="p">:</span> <span class="n">response</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="n">webhook_url</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">:</span> <span class="n">message</span><span class="p">},</span> <span class="n">timeout</span><span class="o">=</span><span class="mi">10</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="sh">'</span><span class="s">Content-Type</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">application/json</span><span class="sh">'</span><span class="p">}</span> <span class="p">)</span> <span class="n">response</span><span class="p">.</span><span class="nf">raise_for_status</span><span class="p">()</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sh">"</span><span class="s">Google Chat notification sent successfully</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="bp">True</span> <span class="k">except</span> <span class="n">requests</span><span class="p">.</span><span class="n">exceptions</span><span class="p">.</span><span class="n">RequestException</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">warning</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Google Chat attempt </span><span class="si">{</span><span class="n">attempt</span> <span class="o">+</span> <span class="mi">1</span><span class="si">}</span><span class="s"> failed: </span><span class="si">{</span><span class="n">e</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="n">attempt</span> <span class="o">&lt;</span> <span class="n">max_retries</span> <span class="o">-</span> <span class="mi">1</span><span class="p">:</span> <span class="n">time</span><span class="p">.</span><span class="nf">sleep</span><span class="p">(</span><span class="mi">2</span> <span class="o">**</span> <span class="n">attempt</span><span class="p">)</span> <span class="c1"># Exponential backoff </span> <span class="n">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="sh">"</span><span class="s">Google Chat notification failed after all retries</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="bp">False</span> </code></pre> </div> <h2> Enhancements &amp; Future Improvements </h2> <h3> 1. <strong>Advanced Service Discovery</strong> </h3> <p>Enhance ECS service detection with additional metadata:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">_get_enhanced_service_info</span><span class="p">(</span><span class="n">ecs_client</span><span class="p">,</span> <span class="n">cluster_name</span><span class="p">,</span> <span class="n">service_name</span><span class="p">):</span> <span class="sh">"""</span><span class="s">Get detailed service information for better alerting.</span><span class="sh">"""</span> <span class="k">try</span><span class="p">:</span> <span class="n">service_details</span> <span class="o">=</span> <span class="n">ecs_client</span><span class="p">.</span><span class="nf">describe_services</span><span class="p">(</span> <span class="n">cluster</span><span class="o">=</span><span class="n">cluster_name</span><span class="p">,</span> <span class="n">services</span><span class="o">=</span><span class="p">[</span><span class="n">service_name</span><span class="p">]</span> <span class="p">)</span> <span class="k">if</span> <span class="n">service_details</span> <span class="ow">and</span> <span class="n">service_details</span><span class="p">[</span><span class="sh">'</span><span class="s">services</span><span class="sh">'</span><span class="p">]:</span> <span class="n">service</span> <span class="o">=</span> <span class="n">service_details</span><span class="p">[</span><span class="sh">'</span><span class="s">services</span><span class="sh">'</span><span class="p">][</span><span class="mi">0</span><span class="p">]</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">'</span><span class="s">name</span><span class="sh">'</span><span class="p">:</span> <span class="n">service_name</span><span class="p">,</span> <span class="sh">'</span><span class="s">desired_count</span><span class="sh">'</span><span class="p">:</span> <span class="n">service</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">desiredCount</span><span class="sh">'</span><span class="p">,</span> <span class="mi">0</span><span class="p">),</span> <span class="sh">'</span><span class="s">running_count</span><span class="sh">'</span><span class="p">:</span> <span class="n">service</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">runningCount</span><span class="sh">'</span><span class="p">,</span> <span class="mi">0</span><span class="p">),</span> <span class="sh">'</span><span class="s">pending_count</span><span class="sh">'</span><span class="p">:</span> <span class="n">service</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">pendingCount</span><span class="sh">'</span><span class="p">,</span> <span class="mi">0</span><span class="p">),</span> <span class="sh">'</span><span class="s">task_definition</span><span class="sh">'</span><span class="p">:</span> <span class="n">service</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">taskDefinition</span><span class="sh">'</span><span class="p">,</span> <span class="sh">''</span><span class="p">).</span><span class="nf">split</span><span class="p">(</span><span class="sh">'</span><span class="s">/</span><span class="sh">'</span><span class="p">)[</span><span class="o">-</span><span class="mi">1</span><span class="p">],</span> <span class="sh">'</span><span class="s">load_balancers</span><span class="sh">'</span><span class="p">:</span> <span class="nf">len</span><span class="p">(</span><span class="n">service</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">loadBalancers</span><span class="sh">'</span><span class="p">,</span> <span class="p">[]))</span> <span class="o">&gt;</span> <span class="mi">0</span> <span class="p">}</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Failed to get enhanced service info: </span><span class="si">{</span><span class="n">e</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="p">{</span><span class="sh">'</span><span class="s">name</span><span class="sh">'</span><span class="p">:</span> <span class="n">service_name</span><span class="p">}</span> </code></pre> </div> <h3> 2. <strong>Intelligent Alert Suppression</strong> </h3> <p>Implement smart alerting to reduce noise:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">_should_send_alert</span><span class="p">(</span><span class="n">instance_info</span><span class="p">,</span> <span class="n">service_names</span><span class="p">):</span> <span class="sh">"""</span><span class="s">Determine if alert should be sent based on business rules.</span><span class="sh">"""</span> <span class="c1"># Skip alerts during maintenance windows </span> <span class="k">if</span> <span class="nf">_is_maintenance_window</span><span class="p">():</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sh">"</span><span class="s">Skipping alert during maintenance window</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="bp">False</span> <span class="c1"># Skip alerts for non-critical services </span> <span class="n">critical_services</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">CRITICAL_SERVICES</span><span class="sh">'</span><span class="p">,</span> <span class="sh">''</span><span class="p">).</span><span class="nf">split</span><span class="p">(</span><span class="sh">'</span><span class="s">,</span><span class="sh">'</span><span class="p">)</span> <span class="k">if</span> <span class="n">critical_services</span> <span class="ow">and</span> <span class="ow">not</span> <span class="nf">any</span><span class="p">(</span> <span class="n">service</span> <span class="ow">in</span> <span class="n">critical_services</span> <span class="k">for</span> <span class="n">service</span> <span class="ow">in</span> <span class="n">service_names</span> <span class="p">):</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sh">"</span><span class="s">No critical services affected, skipping alert</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="bp">False</span> <span class="c1"># Skip alerts if cluster has sufficient capacity </span> <span class="k">if</span> <span class="nf">_has_sufficient_capacity</span><span class="p">(</span><span class="n">instance_info</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">cluster_name</span><span class="sh">'</span><span class="p">)):</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sh">"</span><span class="s">Cluster has sufficient capacity, skipping alert</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="bp">False</span> <span class="k">return</span> <span class="bp">True</span> </code></pre> </div> <h3> 3. <strong>Metrics and Monitoring</strong> </h3> <p>Add CloudWatch custom metrics for better observability:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">_publish_custom_metrics</span><span class="p">(</span><span class="n">instance_info</span><span class="p">,</span> <span class="n">service_names</span><span class="p">,</span> <span class="n">notifications_sent</span><span class="p">):</span> <span class="sh">"""</span><span class="s">Publish custom CloudWatch metrics.</span><span class="sh">"""</span> <span class="n">cloudwatch</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="nf">client</span><span class="p">(</span><span class="sh">'</span><span class="s">cloudwatch</span><span class="sh">'</span><span class="p">)</span> <span class="k">try</span><span class="p">:</span> <span class="c1"># Metric: Spot interruptions by instance type </span> <span class="n">cloudwatch</span><span class="p">.</span><span class="nf">put_metric_data</span><span class="p">(</span> <span class="n">Namespace</span><span class="o">=</span><span class="sh">'</span><span class="s">SpotInterruption</span><span class="sh">'</span><span class="p">,</span> <span class="n">MetricData</span><span class="o">=</span><span class="p">[</span> <span class="p">{</span> <span class="sh">'</span><span class="s">MetricName</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">InterruptionCount</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">Dimensions</span><span class="sh">'</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="sh">'</span><span class="s">Name</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">InstanceType</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">Value</span><span class="sh">'</span><span class="p">:</span> <span class="n">instance_info</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">instance_type</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">Unknown</span><span class="sh">'</span><span class="p">)</span> <span class="p">}</span> <span class="p">],</span> <span class="sh">'</span><span class="s">Value</span><span class="sh">'</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="sh">'</span><span class="s">Unit</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">Count</span><span class="sh">'</span> <span class="p">}</span> <span class="p">]</span> <span class="p">)</span> <span class="c1"># Metric: Services affected </span> <span class="n">cloudwatch</span><span class="p">.</span><span class="nf">put_metric_data</span><span class="p">(</span> <span class="n">Namespace</span><span class="o">=</span><span class="sh">'</span><span class="s">SpotInterruption</span><span class="sh">'</span><span class="p">,</span> <span class="n">MetricData</span><span class="o">=</span><span class="p">[</span> <span class="p">{</span> <span class="sh">'</span><span class="s">MetricName</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">ServicesAffected</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">Value</span><span class="sh">'</span><span class="p">:</span> <span class="nf">len</span><span class="p">(</span><span class="n">service_names</span><span class="p">),</span> <span class="sh">'</span><span class="s">Unit</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">Count</span><span class="sh">'</span> <span class="p">}</span> <span class="p">]</span> <span class="p">)</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Failed to publish metrics: </span><span class="si">{</span><span class="n">e</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <h3> 4. <strong>Integration with External Systems</strong> </h3> <p>Add support for additional notification channels:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">_send_slack_notification</span><span class="p">(</span><span class="n">message</span><span class="p">):</span> <span class="sh">"""</span><span class="s">Send notification to Slack via webhook.</span><span class="sh">"""</span> <span class="n">webhook_url</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">SLACK_WEBHOOK_URL</span><span class="sh">'</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">webhook_url</span><span class="p">:</span> <span class="k">return</span> <span class="bp">False</span> <span class="n">slack_message</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Spot Instance Interruption Alert</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">attachments</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">color</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">danger</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">:</span> <span class="n">message</span><span class="p">,</span> <span class="sh">"</span><span class="s">footer</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">AWS Lambda Alert System</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">ts</span><span class="sh">"</span><span class="p">:</span> <span class="nf">int</span><span class="p">(</span><span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">())</span> <span class="p">}</span> <span class="p">]</span> <span class="p">}</span> <span class="k">try</span><span class="p">:</span> <span class="n">response</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="n">webhook_url</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="n">slack_message</span><span class="p">,</span> <span class="n">timeout</span><span class="o">=</span><span class="mi">10</span><span class="p">)</span> <span class="n">response</span><span class="p">.</span><span class="nf">raise_for_status</span><span class="p">()</span> <span class="k">return</span> <span class="bp">True</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Slack notification failed: </span><span class="si">{</span><span class="n">e</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="bp">False</span> <span class="k">def</span> <span class="nf">_create_jira_ticket</span><span class="p">(</span><span class="n">instance_info</span><span class="p">,</span> <span class="n">service_names</span><span class="p">):</span> <span class="sh">"""</span><span class="s">Create JIRA ticket for critical service interruptions.</span><span class="sh">"""</span> <span class="k">if</span> <span class="ow">not</span> <span class="nf">_is_critical_interruption</span><span class="p">(</span><span class="n">service_names</span><span class="p">):</span> <span class="k">return</span> <span class="n">jira_config</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">'</span><span class="s">url</span><span class="sh">'</span><span class="p">:</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">JIRA_URL</span><span class="sh">'</span><span class="p">),</span> <span class="sh">'</span><span class="s">username</span><span class="sh">'</span><span class="p">:</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">JIRA_USERNAME</span><span class="sh">'</span><span class="p">),</span> <span class="sh">'</span><span class="s">token</span><span class="sh">'</span><span class="p">:</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">JIRA_TOKEN</span><span class="sh">'</span><span class="p">)</span> <span class="p">}</span> <span class="n">ticket_data</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">'</span><span class="s">fields</span><span class="sh">'</span><span class="p">:</span> <span class="p">{</span> <span class="sh">'</span><span class="s">project</span><span class="sh">'</span><span class="p">:</span> <span class="p">{</span><span class="sh">'</span><span class="s">key</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">INFRA</span><span class="sh">'</span><span class="p">},</span> <span class="sh">'</span><span class="s">summary</span><span class="sh">'</span><span class="p">:</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Spot Instance Interruption: </span><span class="si">{</span><span class="n">instance_info</span><span class="p">[</span><span class="sh">'</span><span class="s">instance_id</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="sh">'</span><span class="s">description</span><span class="sh">'</span><span class="p">:</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Services affected: </span><span class="si">{</span><span class="sh">'</span><span class="s">, </span><span class="sh">'</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="n">service_names</span><span class="p">)</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="sh">'</span><span class="s">issuetype</span><span class="sh">'</span><span class="p">:</span> <span class="p">{</span><span class="sh">'</span><span class="s">name</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">Incident</span><span class="sh">'</span><span class="p">},</span> <span class="sh">'</span><span class="s">priority</span><span class="sh">'</span><span class="p">:</span> <span class="p">{</span><span class="sh">'</span><span class="s">name</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">High</span><span class="sh">'</span><span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="c1"># Implementation details... </span></code></pre> </div> <h3> 5. <strong>Configuration Management</strong> </h3> <p>Move to AWS Systems Manager Parameter Store or Secrets Manager:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">_load_configuration_from_ssm</span><span class="p">():</span> <span class="sh">"""</span><span class="s">Load configuration from AWS Systems Manager Parameter Store.</span><span class="sh">"""</span> <span class="n">ssm</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="nf">client</span><span class="p">(</span><span class="sh">'</span><span class="s">ssm</span><span class="sh">'</span><span class="p">)</span> <span class="k">try</span><span class="p">:</span> <span class="c1"># Get SMTP configuration </span> <span class="n">smtp_params</span> <span class="o">=</span> <span class="n">ssm</span><span class="p">.</span><span class="nf">get_parameters_by_path</span><span class="p">(</span> <span class="n">Path</span><span class="o">=</span><span class="sh">'</span><span class="s">/spot-interruption/smtp</span><span class="sh">'</span><span class="p">,</span> <span class="n">Recursive</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">WithDecryption</span><span class="o">=</span><span class="bp">True</span> <span class="p">)</span> <span class="c1"># Get email configuration </span> <span class="n">email_params</span> <span class="o">=</span> <span class="n">ssm</span><span class="p">.</span><span class="nf">get_parameters_by_path</span><span class="p">(</span> <span class="n">Path</span><span class="o">=</span><span class="sh">'</span><span class="s">/spot-interruption/email</span><span class="sh">'</span><span class="p">,</span> <span class="n">Recursive</span><span class="o">=</span><span class="bp">True</span> <span class="p">)</span> <span class="c1"># Build configuration dictionary </span> <span class="n">config</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">'</span><span class="s">smtpCredentials</span><span class="sh">'</span><span class="p">:</span> <span class="p">{},</span> <span class="sh">'</span><span class="s">emailNotification</span><span class="sh">'</span><span class="p">:</span> <span class="p">{}</span> <span class="p">}</span> <span class="k">for</span> <span class="n">param</span> <span class="ow">in</span> <span class="n">smtp_params</span><span class="p">[</span><span class="sh">'</span><span class="s">Parameters</span><span class="sh">'</span><span class="p">]:</span> <span class="n">key</span> <span class="o">=</span> <span class="n">param</span><span class="p">[</span><span class="sh">'</span><span class="s">Name</span><span class="sh">'</span><span class="p">].</span><span class="nf">split</span><span class="p">(</span><span class="sh">'</span><span class="s">/</span><span class="sh">'</span><span class="p">)[</span><span class="o">-</span><span class="mi">1</span><span class="p">]</span> <span class="n">config</span><span class="p">[</span><span class="sh">'</span><span class="s">smtpCredentials</span><span class="sh">'</span><span class="p">][</span><span class="n">key</span><span class="p">]</span> <span class="o">=</span> <span class="n">param</span><span class="p">[</span><span class="sh">'</span><span class="s">Value</span><span class="sh">'</span><span class="p">]</span> <span class="k">for</span> <span class="n">param</span> <span class="ow">in</span> <span class="n">email_params</span><span class="p">[</span><span class="sh">'</span><span class="s">Parameters</span><span class="sh">'</span><span class="p">]:</span> <span class="n">key</span> <span class="o">=</span> <span class="n">param</span><span class="p">[</span><span class="sh">'</span><span class="s">Name</span><span class="sh">'</span><span class="p">].</span><span class="nf">split</span><span class="p">(</span><span class="sh">'</span><span class="s">/</span><span class="sh">'</span><span class="p">)[</span><span class="o">-</span><span class="mi">1</span><span class="p">]</span> <span class="n">config</span><span class="p">[</span><span class="sh">'</span><span class="s">emailNotification</span><span class="sh">'</span><span class="p">][</span><span class="n">key</span><span class="p">]</span> <span class="o">=</span> <span class="n">param</span><span class="p">[</span><span class="sh">'</span><span class="s">Value</span><span class="sh">'</span><span class="p">].</span><span class="nf">split</span><span class="p">(</span><span class="sh">'</span><span class="s">,</span><span class="sh">'</span><span class="p">)</span> <span class="k">if</span> <span class="n">key</span> <span class="ow">in</span> <span class="p">[</span><span class="sh">'</span><span class="s">to</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">cc</span><span class="sh">'</span><span class="p">]</span> <span class="k">else</span> <span class="n">param</span><span class="p">[</span><span class="sh">'</span><span class="s">Value</span><span class="sh">'</span><span class="p">]</span> <span class="k">return</span> <span class="n">config</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Failed to load configuration from SSM: </span><span class="si">{</span><span class="n">e</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">raise</span> </code></pre> </div> <h2> Conclusion </h2> <p>Building a robust spot instance interruption notification system requires careful consideration of multiple factors: real-time event processing, intelligent service discovery, multi-channel notifications, and operational resilience.</p> <h3> Key Takeaways </h3> <ol> <li><p><strong>Event-Driven Architecture</strong>: Leveraging AWS EventBridge provides real-time, scalable event processing with minimal operational overhead.</p></li> <li><p><strong>Multi-Channel Notifications</strong>: Different teams prefer different communication methods. Supporting SNS, Google Chat, and SMTP ensures broad coverage.</p></li> <li><p><strong>Intelligent Service Discovery</strong>: Rather than generic alerts, providing specific service impact information enables faster response times.</p></li> <li><p><strong>Production-Ready Code</strong>: Following Python best practices, comprehensive error handling, and structured logging creates maintainable, reliable systems.</p></li> <li><p><strong>Security First</strong>: Implementing least-privilege IAM roles, secure credential handling, and input validation protects against common security vulnerabilities.</p></li> </ol> <h3> Business Impact </h3> <p>This solution provides several business benefits:</p> <ul> <li> <strong>Reduced MTTR</strong>: Faster notification and service identification reduces mean time to recovery</li> <li> <strong>Cost Optimization</strong>: Enables confident use of spot instances with proper monitoring</li> <li> <strong>Operational Excellence</strong>: Automated alerting reduces manual monitoring overhead</li> <li> <strong>Scalability</strong>: Event-driven architecture scales automatically with infrastructure growth</li> </ul> <h3> Next Steps </h3> <p>Consider implementing the suggested enhancements based on your organization's needs:</p> <ul> <li> <strong>Advanced Metrics</strong>: Add CloudWatch dashboards for spot interruption trends</li> <li> <strong>Integration</strong>: Connect with existing ITSM tools (ServiceNow, JIRA)</li> <li> <strong>Machine Learning</strong>: Implement predictive analytics for interruption patterns</li> <li> <strong>Multi-Region</strong>: Extend solution across multiple AWS regions</li> </ul> <p>The complete source code, CloudFormation templates, and deployment scripts are available in the repository. This solution has been tested in production environments and can be adapted to meet specific organizational requirements.</p> <p><em>This solution demonstrates how modern cloud-native architectures can solve real operational challenges while maintaining security, performance, and cost-effectiveness. The modular design allows for easy customization and extension as requirements evolve.</em></p> aws ec2 monitoring Prashant Gupta Tue, 30 Dec 2025 18:01:51 +0000 https://dev.to/prashantgupta123/building-a-multi-channel-aws-guardduty-alert-system-from-detection-to-action-34pb https://dev.to/prashantgupta123/building-a-multi-channel-aws-guardduty-alert-system-from-detection-to-action-34pb <h2> Building a Multi-Channel AWS GuardDuty Alert System: From Detection to Action </h2> <h2> Introduction &amp; Problem Statement </h2> <p>In today's cloud-first world, security threats are evolving rapidly, and traditional perimeter-based security models are no longer sufficient. AWS GuardDuty provides intelligent threat detection using machine learning, anomaly detection, and integrated threat intelligence, but detecting threats is only half the battle. The real challenge lies in ensuring that security teams are immediately notified when threats are detected, enabling rapid response and mitigation.</p> <h3> The Challenge </h3> <p>Many organizations struggle with:</p> <ul> <li> <strong>Alert Fatigue</strong>: Security teams receive hundreds of notifications daily</li> <li> <strong>Delayed Response</strong>: Critical security findings buried in email or lost in noise</li> <li> <strong>Fragmented Communication</strong>: Different teams use different communication channels</li> <li> <strong>Manual Processes</strong>: No automated workflow from detection to notification</li> </ul> <h3> Our Solution </h3> <p>This article presents a comprehensive, serverless solution that automatically processes AWS GuardDuty findings and delivers intelligent notifications across multiple channels including SNS, email, and Google Chat. The system is designed to be:</p> <ul> <li> <strong>Serverless</strong>: No infrastructure to manage</li> <li> <strong>Multi-channel</strong>: Flexible notification delivery</li> <li> <strong>Configurable</strong>: Easy to customize for different environments</li> <li> <strong>Production-ready</strong>: Built with enterprise security and reliability in mind</li> </ul> <h2> Architecture &amp; Design Overview </h2> <p>Our solution follows a event-driven architecture pattern that leverages AWS native services for maximum reliability and minimal operational overhead.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>┌─────────────────┐ ┌──────────────────┐ ┌─────────────────────┐ │ GuardDuty │ │ EventBridge │ │ Lambda Function │ │ Findings │───▶│ Rule │───▶│ Processor │ └─────────────────┘ └──────────────────┘ └─────────────────────┘ │ ┌──────────────────────────────────┼──────────────────────────────────┐ │ │ │ ▼ ▼ ▼ ┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐ │ SNS Topic │ │ SMTP Server │ │ Google Chat │ │ Notification │ │ Email Alert │ │ Webhook │ └─────────────────┘ └─────────────────┘ └─────────────────┘ </code></pre> </div> <h3> Key Components </h3> <ol> <li> <strong>EventBridge Rule</strong>: Captures GuardDuty findings in real-time</li> <li> <strong>Lambda Function</strong>: Processes findings and orchestrates notifications</li> <li> <strong>Multi-Channel Delivery</strong>: SNS, Email, and Google Chat integration</li> <li> <strong>Configuration Management</strong>: Environment-based settings for flexibility</li> </ol> <h2> Solution Approach </h2> <h3> Design Principles </h3> <p>Our solution is built on several key principles:</p> <p><strong>1. Event-Driven Architecture</strong></p> <ul> <li>Leverages AWS EventBridge for real-time event processing</li> <li>Decoupled components for better maintainability</li> <li>Automatic scaling based on finding volume</li> </ul> <p><strong>2. Fail-Safe Notifications</strong></p> <ul> <li>Multiple notification channels for redundancy</li> <li>Graceful degradation if one channel fails</li> <li>Comprehensive error handling and logging</li> </ul> <p><strong>3. Security First</strong></p> <ul> <li>Least privilege IAM roles</li> <li>Secure credential management</li> <li>No hardcoded secrets in code</li> </ul> <p><strong>4. Operational Excellence</strong></p> <ul> <li>Comprehensive logging for troubleshooting</li> <li>CloudFormation for infrastructure as code</li> <li>Automated deployment scripts</li> </ul> <h2> Code Walkthrough </h2> <p>Let's examine the key components of our solution:</p> <h3> 1. AWS Session Management (<code>AWSSession.py</code>) </h3> <p>The session manager provides flexible AWS authentication supporting multiple credential types:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">boto3</span> <span class="kn">import</span> <span class="n">logging</span> <span class="kn">from</span> <span class="n">typing</span> <span class="kn">import</span> <span class="n">Dict</span><span class="p">,</span> <span class="n">Any</span> <span class="n">logger</span> <span class="o">=</span> <span class="n">logging</span><span class="p">.</span><span class="nf">getLogger</span><span class="p">(</span><span class="n">__name__</span><span class="p">)</span> <span class="k">def</span> <span class="nf">get_aws_session</span><span class="p">(</span><span class="n">credentials</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">])</span> <span class="o">-&gt;</span> <span class="n">boto3</span><span class="p">.</span><span class="n">Session</span><span class="p">:</span> <span class="sh">"""</span><span class="s"> Create AWS session with flexible authentication methods. Args: credentials: Dictionary containing AWS credential information Returns: boto3.Session: Configured AWS session Raises: ValueError: If invalid credentials provided boto3.exceptions.Boto3Error: If session creation fails </span><span class="sh">"""</span> <span class="n">region</span> <span class="o">=</span> <span class="n">credentials</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">region_name</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">us-east-1</span><span class="sh">"</span><span class="p">)</span> <span class="k">try</span><span class="p">:</span> <span class="k">if</span> <span class="n">credentials</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">profile_name</span><span class="sh">"</span><span class="p">):</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sh">"</span><span class="s">Creating AWS session with profile authentication</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="n">boto3</span><span class="p">.</span><span class="nc">Session</span><span class="p">(</span> <span class="n">profile_name</span><span class="o">=</span><span class="n">credentials</span><span class="p">[</span><span class="sh">"</span><span class="s">profile_name</span><span class="sh">"</span><span class="p">],</span> <span class="n">region_name</span><span class="o">=</span><span class="n">region</span> <span class="p">)</span> <span class="k">elif</span> <span class="n">credentials</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">role_arn</span><span class="sh">"</span><span class="p">):</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sh">"</span><span class="s">Creating AWS session with assumed role</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="nf">_create_assumed_role_session</span><span class="p">(</span><span class="n">credentials</span><span class="p">[</span><span class="sh">"</span><span class="s">role_arn</span><span class="sh">"</span><span class="p">],</span> <span class="n">region</span><span class="p">)</span> <span class="k">elif</span> <span class="n">credentials</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">session_token</span><span class="sh">"</span><span class="p">):</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sh">"</span><span class="s">Creating AWS session with temporary credentials</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="n">boto3</span><span class="p">.</span><span class="nc">Session</span><span class="p">(</span> <span class="n">aws_access_key_id</span><span class="o">=</span><span class="n">credentials</span><span class="p">[</span><span class="sh">"</span><span class="s">access_key</span><span class="sh">"</span><span class="p">],</span> <span class="n">aws_secret_access_key</span><span class="o">=</span><span class="n">credentials</span><span class="p">[</span><span class="sh">"</span><span class="s">secret_key</span><span class="sh">"</span><span class="p">],</span> <span class="n">aws_session_token</span><span class="o">=</span><span class="n">credentials</span><span class="p">[</span><span class="sh">"</span><span class="s">session_token</span><span class="sh">"</span><span class="p">],</span> <span class="n">region_name</span><span class="o">=</span><span class="n">region</span> <span class="p">)</span> <span class="k">elif</span> <span class="n">credentials</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">access_key</span><span class="sh">"</span><span class="p">):</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sh">"</span><span class="s">Creating AWS session with access keys</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="n">boto3</span><span class="p">.</span><span class="nc">Session</span><span class="p">(</span> <span class="n">aws_access_key_id</span><span class="o">=</span><span class="n">credentials</span><span class="p">[</span><span class="sh">"</span><span class="s">access_key</span><span class="sh">"</span><span class="p">],</span> <span class="n">aws_secret_access_key</span><span class="o">=</span><span class="n">credentials</span><span class="p">[</span><span class="sh">"</span><span class="s">secret_key</span><span class="sh">"</span><span class="p">],</span> <span class="n">region_name</span><span class="o">=</span><span class="n">region</span> <span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sh">"</span><span class="s">Creating AWS session with default credentials</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="n">boto3</span><span class="p">.</span><span class="nc">Session</span><span class="p">(</span><span class="n">region_name</span><span class="o">=</span><span class="n">region</span><span class="p">)</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Failed to create AWS session: </span><span class="si">{</span><span class="nf">str</span><span class="p">(</span><span class="n">e</span><span class="p">)</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">raise</span> <span class="k">def</span> <span class="nf">_create_assumed_role_session</span><span class="p">(</span><span class="n">role_arn</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">region</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">boto3</span><span class="p">.</span><span class="n">Session</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Create session using assumed role credentials.</span><span class="sh">"""</span> <span class="n">sts_client</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="nf">client</span><span class="p">(</span><span class="sh">'</span><span class="s">sts</span><span class="sh">'</span><span class="p">,</span> <span class="n">region_name</span><span class="o">=</span><span class="n">region</span><span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="n">sts_client</span><span class="p">.</span><span class="nf">assume_role</span><span class="p">(</span> <span class="n">RoleArn</span><span class="o">=</span><span class="n">role_arn</span><span class="p">,</span> <span class="n">RoleSessionName</span><span class="o">=</span><span class="sh">'</span><span class="s">GuardDutyNotificationSession</span><span class="sh">'</span><span class="p">,</span> <span class="n">DurationSeconds</span><span class="o">=</span><span class="mi">3600</span> <span class="p">)</span> <span class="n">credentials</span> <span class="o">=</span> <span class="n">response</span><span class="p">[</span><span class="sh">'</span><span class="s">Credentials</span><span class="sh">'</span><span class="p">]</span> <span class="k">return</span> <span class="n">boto3</span><span class="p">.</span><span class="nc">Session</span><span class="p">(</span> <span class="n">aws_access_key_id</span><span class="o">=</span><span class="n">credentials</span><span class="p">[</span><span class="sh">'</span><span class="s">AccessKeyId</span><span class="sh">'</span><span class="p">],</span> <span class="n">aws_secret_access_key</span><span class="o">=</span><span class="n">credentials</span><span class="p">[</span><span class="sh">'</span><span class="s">SecretAccessKey</span><span class="sh">'</span><span class="p">],</span> <span class="n">aws_session_token</span><span class="o">=</span><span class="n">credentials</span><span class="p">[</span><span class="sh">'</span><span class="s">SessionToken</span><span class="sh">'</span><span class="p">],</span> <span class="n">region_name</span><span class="o">=</span><span class="n">region</span> <span class="p">)</span> </code></pre> </div> <h3> 2. Notification Engine (<code>Notification.py</code>) </h3> <p>The notification engine handles email delivery with robust error handling:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">smtplib</span> <span class="kn">import</span> <span class="n">logging</span> <span class="kn">from</span> <span class="n">datetime</span> <span class="kn">import</span> <span class="n">datetime</span> <span class="kn">from</span> <span class="n">email.mime.multipart</span> <span class="kn">import</span> <span class="n">MIMEMultipart</span> <span class="kn">from</span> <span class="n">email.mime.text</span> <span class="kn">import</span> <span class="n">MIMEText</span> <span class="kn">from</span> <span class="n">email.mime.application</span> <span class="kn">import</span> <span class="n">MIMEApplication</span> <span class="kn">from</span> <span class="n">typing</span> <span class="kn">import</span> <span class="n">Dict</span><span class="p">,</span> <span class="n">List</span><span class="p">,</span> <span class="n">Any</span> <span class="kn">import</span> <span class="n">os</span> <span class="n">logger</span> <span class="o">=</span> <span class="n">logging</span><span class="p">.</span><span class="nf">getLogger</span><span class="p">(</span><span class="n">__name__</span><span class="p">)</span> <span class="k">def</span> <span class="nf">send_email</span><span class="p">(</span><span class="n">smtp_config</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="nb">str</span><span class="p">],</span> <span class="n">email_details</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">],</span> <span class="n">content</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> <span class="sh">"""</span><span class="s"> Send email notification with comprehensive error handling. Args: smtp_config: SMTP server configuration email_details: Email recipient and subject details content: HTML email content Raises: smtplib.SMTPException: If SMTP operation fails ValueError: If invalid email configuration </span><span class="sh">"""</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sh">"</span><span class="s">Initiating email notification</span><span class="sh">"</span><span class="p">)</span> <span class="k">try</span><span class="p">:</span> <span class="n">message</span> <span class="o">=</span> <span class="nf">_build_email_message</span><span class="p">(</span><span class="n">smtp_config</span><span class="p">,</span> <span class="n">email_details</span><span class="p">,</span> <span class="n">content</span><span class="p">)</span> <span class="n">recipients</span> <span class="o">=</span> <span class="nf">_get_all_recipients</span><span class="p">(</span><span class="n">email_details</span><span class="p">)</span> <span class="nf">_send_via_smtp</span><span class="p">(</span><span class="n">smtp_config</span><span class="p">,</span> <span class="n">message</span><span class="p">,</span> <span class="n">recipients</span><span class="p">)</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sh">"</span><span class="s">Email notification sent successfully</span><span class="sh">"</span><span class="p">)</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Email notification failed: </span><span class="si">{</span><span class="nf">str</span><span class="p">(</span><span class="n">e</span><span class="p">)</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">raise</span> <span class="k">def</span> <span class="nf">_build_email_message</span><span class="p">(</span><span class="n">smtp_config</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="nb">str</span><span class="p">],</span> <span class="n">email_details</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">],</span> <span class="n">content</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">MIMEMultipart</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Build email message with headers and content.</span><span class="sh">"""</span> <span class="n">current_date</span> <span class="o">=</span> <span class="n">datetime</span><span class="p">.</span><span class="nf">now</span><span class="p">().</span><span class="nf">strftime</span><span class="p">(</span><span class="sh">"</span><span class="s">%d %B %Y</span><span class="sh">"</span><span class="p">)</span> <span class="n">subject</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">email_details</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">subject_prefix</span><span class="sh">'</span><span class="p">,</span> <span class="sh">''</span><span class="p">)</span><span class="si">}</span><span class="s"> | </span><span class="si">{</span><span class="n">email_details</span><span class="p">[</span><span class="sh">'</span><span class="s">email_subject</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s"> | </span><span class="si">{</span><span class="n">current_date</span><span class="si">}</span><span class="sh">"</span> <span class="n">message</span> <span class="o">=</span> <span class="nc">MIMEMultipart</span><span class="p">()</span> <span class="n">message</span><span class="p">[</span><span class="sh">'</span><span class="s">Subject</span><span class="sh">'</span><span class="p">]</span> <span class="o">=</span> <span class="n">subject</span> <span class="n">message</span><span class="p">[</span><span class="sh">'</span><span class="s">From</span><span class="sh">'</span><span class="p">]</span> <span class="o">=</span> <span class="n">smtp_config</span><span class="p">[</span><span class="sh">"</span><span class="s">from_email</span><span class="sh">"</span><span class="p">]</span> <span class="n">message</span><span class="p">[</span><span class="sh">'</span><span class="s">To</span><span class="sh">'</span><span class="p">]</span> <span class="o">=</span> <span class="sh">"</span><span class="s">,</span><span class="sh">"</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="n">email_details</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">to</span><span class="sh">"</span><span class="p">,</span> <span class="p">[]))</span> <span class="n">message</span><span class="p">[</span><span class="sh">'</span><span class="s">Cc</span><span class="sh">'</span><span class="p">]</span> <span class="o">=</span> <span class="sh">"</span><span class="s">,</span><span class="sh">"</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="n">email_details</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">cc</span><span class="sh">"</span><span class="p">,</span> <span class="p">[]))</span> <span class="c1"># Attach HTML content </span> <span class="n">message</span><span class="p">.</span><span class="nf">attach</span><span class="p">(</span><span class="nc">MIMEText</span><span class="p">(</span><span class="n">content</span><span class="p">,</span> <span class="sh">'</span><span class="s">html</span><span class="sh">'</span><span class="p">))</span> <span class="c1"># Handle attachments if present </span> <span class="k">for</span> <span class="n">attachment_path</span> <span class="ow">in</span> <span class="n">email_details</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">attachments</span><span class="sh">"</span><span class="p">,</span> <span class="p">[]):</span> <span class="nf">_attach_file</span><span class="p">(</span><span class="n">message</span><span class="p">,</span> <span class="n">attachment_path</span><span class="p">)</span> <span class="k">return</span> <span class="n">message</span> <span class="k">def</span> <span class="nf">_get_all_recipients</span><span class="p">(</span><span class="n">email_details</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">])</span> <span class="o">-&gt;</span> <span class="n">List</span><span class="p">[</span><span class="nb">str</span><span class="p">]:</span> <span class="sh">"""</span><span class="s">Extract all email recipients from configuration.</span><span class="sh">"""</span> <span class="n">recipients</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">for</span> <span class="n">field</span> <span class="ow">in</span> <span class="p">[</span><span class="sh">'</span><span class="s">to</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">cc</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">bcc</span><span class="sh">'</span><span class="p">]:</span> <span class="n">field_value</span> <span class="o">=</span> <span class="n">email_details</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">field</span><span class="p">,</span> <span class="p">[])</span> <span class="k">if</span> <span class="nf">isinstance</span><span class="p">(</span><span class="n">field_value</span><span class="p">,</span> <span class="nb">list</span><span class="p">):</span> <span class="n">recipients</span><span class="p">.</span><span class="nf">extend</span><span class="p">(</span><span class="n">field_value</span><span class="p">)</span> <span class="k">elif</span> <span class="n">field_value</span><span class="p">:</span> <span class="n">recipients</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">field_value</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">recipients</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">ValueError</span><span class="p">(</span><span class="sh">"</span><span class="s">No valid email recipients configured</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="n">recipients</span> <span class="k">def</span> <span class="nf">_send_via_smtp</span><span class="p">(</span><span class="n">smtp_config</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="nb">str</span><span class="p">],</span> <span class="n">message</span><span class="p">:</span> <span class="n">MIMEMultipart</span><span class="p">,</span> <span class="n">recipients</span><span class="p">:</span> <span class="n">List</span><span class="p">[</span><span class="nb">str</span><span class="p">])</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Send email via SMTP server.</span><span class="sh">"""</span> <span class="n">server</span> <span class="o">=</span> <span class="n">smtplib</span><span class="p">.</span><span class="nc">SMTP</span><span class="p">(</span><span class="n">smtp_config</span><span class="p">[</span><span class="sh">"</span><span class="s">host</span><span class="sh">"</span><span class="p">],</span> <span class="nf">int</span><span class="p">(</span><span class="n">smtp_config</span><span class="p">[</span><span class="sh">"</span><span class="s">port</span><span class="sh">"</span><span class="p">]),</span> <span class="n">timeout</span><span class="o">=</span><span class="mi">30</span><span class="p">)</span> <span class="k">try</span><span class="p">:</span> <span class="n">server</span><span class="p">.</span><span class="nf">starttls</span><span class="p">()</span> <span class="k">if</span> <span class="n">smtp_config</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">username</span><span class="sh">"</span><span class="p">):</span> <span class="n">server</span><span class="p">.</span><span class="nf">login</span><span class="p">(</span><span class="n">smtp_config</span><span class="p">[</span><span class="sh">"</span><span class="s">username</span><span class="sh">"</span><span class="p">],</span> <span class="n">smtp_config</span><span class="p">[</span><span class="sh">"</span><span class="s">password</span><span class="sh">"</span><span class="p">])</span> <span class="n">server</span><span class="p">.</span><span class="nf">sendmail</span><span class="p">(</span><span class="n">smtp_config</span><span class="p">[</span><span class="sh">"</span><span class="s">from_email</span><span class="sh">"</span><span class="p">],</span> <span class="n">recipients</span><span class="p">,</span> <span class="n">message</span><span class="p">.</span><span class="nf">as_string</span><span class="p">())</span> <span class="k">finally</span><span class="p">:</span> <span class="n">server</span><span class="p">.</span><span class="nf">quit</span><span class="p">()</span> <span class="k">def</span> <span class="nf">_attach_file</span><span class="p">(</span><span class="n">message</span><span class="p">:</span> <span class="n">MIMEMultipart</span><span class="p">,</span> <span class="n">file_path</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Attach file to email message.</span><span class="sh">"""</span> <span class="k">try</span><span class="p">:</span> <span class="k">with</span> <span class="nf">open</span><span class="p">(</span><span class="n">file_path</span><span class="p">,</span> <span class="sh">'</span><span class="s">rb</span><span class="sh">'</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span> <span class="n">attachment</span> <span class="o">=</span> <span class="nc">MIMEApplication</span><span class="p">(</span><span class="n">f</span><span class="p">.</span><span class="nf">read</span><span class="p">())</span> <span class="n">filename</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="n">path</span><span class="p">.</span><span class="nf">basename</span><span class="p">(</span><span class="n">file_path</span><span class="p">)</span> <span class="n">attachment</span><span class="p">.</span><span class="nf">add_header</span><span class="p">(</span><span class="sh">'</span><span class="s">Content-Disposition</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">attachment</span><span class="sh">'</span><span class="p">,</span> <span class="n">filename</span><span class="o">=</span><span class="n">filename</span><span class="p">)</span> <span class="n">message</span><span class="p">.</span><span class="nf">attach</span><span class="p">(</span><span class="n">attachment</span><span class="p">)</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">File attached: </span><span class="si">{</span><span class="n">filename</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Failed to attach file </span><span class="si">{</span><span class="n">file_path</span><span class="si">}</span><span class="s">: </span><span class="si">{</span><span class="nf">str</span><span class="p">(</span><span class="n">e</span><span class="p">)</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">raise</span> </code></pre> </div> <h3> 3. Lambda Function Handler (<code>lambda_function.py</code>) </h3> <p>The main Lambda function orchestrates the entire notification process:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">json</span> <span class="kn">import</span> <span class="n">os</span> <span class="kn">import</span> <span class="n">logging</span> <span class="kn">from</span> <span class="n">typing</span> <span class="kn">import</span> <span class="n">Dict</span><span class="p">,</span> <span class="n">Any</span> <span class="kn">import</span> <span class="n">requests</span> <span class="kn">from</span> <span class="n">AWSSession</span> <span class="kn">import</span> <span class="n">get_aws_session</span> <span class="kn">from</span> <span class="n">Notification</span> <span class="kn">import</span> <span class="n">send_email</span> <span class="c1"># Configure logging </span><span class="n">logging</span><span class="p">.</span><span class="nf">basicConfig</span><span class="p">(</span><span class="n">level</span><span class="o">=</span><span class="n">logging</span><span class="p">.</span><span class="n">INFO</span><span class="p">)</span> <span class="n">logger</span> <span class="o">=</span> <span class="n">logging</span><span class="p">.</span><span class="nf">getLogger</span><span class="p">(</span><span class="n">__name__</span><span class="p">)</span> <span class="k">def</span> <span class="nf">lambda_handler</span><span class="p">(</span><span class="n">event</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">],</span> <span class="n">context</span><span class="p">:</span> <span class="n">Any</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">]:</span> <span class="sh">"""</span><span class="s"> Process GuardDuty findings and send multi-channel notifications. Args: event: EventBridge event containing GuardDuty finding context: Lambda context object Returns: Dict containing response status and details </span><span class="sh">"""</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sh">"</span><span class="s">Processing GuardDuty finding notification</span><span class="sh">"</span><span class="p">)</span> <span class="k">try</span><span class="p">:</span> <span class="c1"># Load configuration </span> <span class="n">config</span> <span class="o">=</span> <span class="nf">_load_configuration</span><span class="p">()</span> <span class="c1"># Extract finding details </span> <span class="n">finding_data</span> <span class="o">=</span> <span class="nf">_extract_finding_data</span><span class="p">(</span><span class="n">event</span><span class="p">)</span> <span class="c1"># Send notifications based on configuration </span> <span class="n">notification_results</span> <span class="o">=</span> <span class="nf">_send_notifications</span><span class="p">(</span><span class="n">config</span><span class="p">,</span> <span class="n">finding_data</span><span class="p">)</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sh">"</span><span class="s">GuardDuty notification processing completed successfully</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">'</span><span class="s">statusCode</span><span class="sh">'</span><span class="p">:</span> <span class="mi">200</span><span class="p">,</span> <span class="sh">'</span><span class="s">body</span><span class="sh">'</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span> <span class="sh">'</span><span class="s">message</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">Notifications processed successfully</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">results</span><span class="sh">'</span><span class="p">:</span> <span class="n">notification_results</span><span class="p">,</span> <span class="sh">'</span><span class="s">finding_id</span><span class="sh">'</span><span class="p">:</span> <span class="n">finding_data</span><span class="p">[</span><span class="sh">'</span><span class="s">finding_id</span><span class="sh">'</span><span class="p">]</span> <span class="p">})</span> <span class="p">}</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Failed to process GuardDuty notification: </span><span class="si">{</span><span class="nf">str</span><span class="p">(</span><span class="n">e</span><span class="p">)</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">'</span><span class="s">statusCode</span><span class="sh">'</span><span class="p">:</span> <span class="mi">500</span><span class="p">,</span> <span class="sh">'</span><span class="s">body</span><span class="sh">'</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span> <span class="sh">'</span><span class="s">error</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">Notification processing failed</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">message</span><span class="sh">'</span><span class="p">:</span> <span class="nf">str</span><span class="p">(</span><span class="n">e</span><span class="p">)</span> <span class="p">})</span> <span class="p">}</span> <span class="k">def</span> <span class="nf">_load_configuration</span><span class="p">()</span> <span class="o">-&gt;</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">]:</span> <span class="sh">"""</span><span class="s">Load configuration from input.json file.</span><span class="sh">"""</span> <span class="k">try</span><span class="p">:</span> <span class="k">with</span> <span class="nf">open</span><span class="p">(</span><span class="sh">'</span><span class="s">input.json</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">r</span><span class="sh">'</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span> <span class="k">return</span> <span class="n">json</span><span class="p">.</span><span class="nf">load</span><span class="p">(</span><span class="n">f</span><span class="p">)</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Failed to load configuration: </span><span class="si">{</span><span class="nf">str</span><span class="p">(</span><span class="n">e</span><span class="p">)</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">raise</span> <span class="k">def</span> <span class="nf">_extract_finding_data</span><span class="p">(</span><span class="n">event</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">])</span> <span class="o">-&gt;</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">]:</span> <span class="sh">"""</span><span class="s">Extract relevant data from GuardDuty finding event.</span><span class="sh">"""</span> <span class="n">detail</span> <span class="o">=</span> <span class="n">event</span><span class="p">[</span><span class="sh">'</span><span class="s">detail</span><span class="sh">'</span><span class="p">]</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">'</span><span class="s">severity</span><span class="sh">'</span><span class="p">:</span> <span class="n">detail</span><span class="p">[</span><span class="sh">'</span><span class="s">severity</span><span class="sh">'</span><span class="p">],</span> <span class="sh">'</span><span class="s">title</span><span class="sh">'</span><span class="p">:</span> <span class="n">detail</span><span class="p">[</span><span class="sh">'</span><span class="s">title</span><span class="sh">'</span><span class="p">],</span> <span class="sh">'</span><span class="s">description</span><span class="sh">'</span><span class="p">:</span> <span class="n">detail</span><span class="p">[</span><span class="sh">'</span><span class="s">description</span><span class="sh">'</span><span class="p">],</span> <span class="sh">'</span><span class="s">finding_type</span><span class="sh">'</span><span class="p">:</span> <span class="n">detail</span><span class="p">[</span><span class="sh">'</span><span class="s">type</span><span class="sh">'</span><span class="p">],</span> <span class="sh">'</span><span class="s">resource</span><span class="sh">'</span><span class="p">:</span> <span class="n">detail</span><span class="p">[</span><span class="sh">'</span><span class="s">resource</span><span class="sh">'</span><span class="p">][</span><span class="sh">'</span><span class="s">resourceType</span><span class="sh">'</span><span class="p">],</span> <span class="sh">'</span><span class="s">account</span><span class="sh">'</span><span class="p">:</span> <span class="n">event</span><span class="p">[</span><span class="sh">'</span><span class="s">account</span><span class="sh">'</span><span class="p">],</span> <span class="sh">'</span><span class="s">region</span><span class="sh">'</span><span class="p">:</span> <span class="n">event</span><span class="p">[</span><span class="sh">'</span><span class="s">region</span><span class="sh">'</span><span class="p">],</span> <span class="sh">'</span><span class="s">finding_id</span><span class="sh">'</span><span class="p">:</span> <span class="n">detail</span><span class="p">[</span><span class="sh">'</span><span class="s">id</span><span class="sh">'</span><span class="p">],</span> <span class="sh">'</span><span class="s">created_at</span><span class="sh">'</span><span class="p">:</span> <span class="n">detail</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">createdAt</span><span class="sh">'</span><span class="p">,</span> <span class="sh">''</span><span class="p">),</span> <span class="sh">'</span><span class="s">updated_at</span><span class="sh">'</span><span class="p">:</span> <span class="n">detail</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">updatedAt</span><span class="sh">'</span><span class="p">,</span> <span class="sh">''</span><span class="p">)</span> <span class="p">}</span> <span class="k">def</span> <span class="nf">_send_notifications</span><span class="p">(</span><span class="n">config</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">],</span> <span class="n">finding_data</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">])</span> <span class="o">-&gt;</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="nb">str</span><span class="p">]:</span> <span class="sh">"""</span><span class="s">Send notifications via configured channels.</span><span class="sh">"""</span> <span class="n">results</span> <span class="o">=</span> <span class="p">{}</span> <span class="c1"># SNS Notification </span> <span class="k">if</span> <span class="nf">_is_enabled</span><span class="p">(</span><span class="sh">'</span><span class="s">ENABLE_SNS</span><span class="sh">'</span><span class="p">)</span> <span class="ow">and</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">SNS_TOPIC_ARN</span><span class="sh">'</span><span class="p">):</span> <span class="k">try</span><span class="p">:</span> <span class="nf">_send_sns_notification</span><span class="p">(</span><span class="n">config</span><span class="p">,</span> <span class="n">finding_data</span><span class="p">)</span> <span class="n">results</span><span class="p">[</span><span class="sh">'</span><span class="s">sns</span><span class="sh">'</span><span class="p">]</span> <span class="o">=</span> <span class="sh">'</span><span class="s">Success</span><span class="sh">'</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">SNS notification failed: </span><span class="si">{</span><span class="nf">str</span><span class="p">(</span><span class="n">e</span><span class="p">)</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">results</span><span class="p">[</span><span class="sh">'</span><span class="s">sns</span><span class="sh">'</span><span class="p">]</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">'</span><span class="s">Failed: </span><span class="si">{</span><span class="nf">str</span><span class="p">(</span><span class="n">e</span><span class="p">)</span><span class="si">}</span><span class="sh">'</span> <span class="c1"># Email Notification </span> <span class="k">if</span> <span class="nf">_is_enabled</span><span class="p">(</span><span class="sh">'</span><span class="s">ENABLE_EMAIL</span><span class="sh">'</span><span class="p">):</span> <span class="k">try</span><span class="p">:</span> <span class="nf">_send_email_notification</span><span class="p">(</span><span class="n">config</span><span class="p">,</span> <span class="n">finding_data</span><span class="p">)</span> <span class="n">results</span><span class="p">[</span><span class="sh">'</span><span class="s">email</span><span class="sh">'</span><span class="p">]</span> <span class="o">=</span> <span class="sh">'</span><span class="s">Success</span><span class="sh">'</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Email notification failed: </span><span class="si">{</span><span class="nf">str</span><span class="p">(</span><span class="n">e</span><span class="p">)</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">results</span><span class="p">[</span><span class="sh">'</span><span class="s">email</span><span class="sh">'</span><span class="p">]</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">'</span><span class="s">Failed: </span><span class="si">{</span><span class="nf">str</span><span class="p">(</span><span class="n">e</span><span class="p">)</span><span class="si">}</span><span class="sh">'</span> <span class="c1"># Google Chat Notification </span> <span class="k">if</span> <span class="nf">_is_enabled</span><span class="p">(</span><span class="sh">'</span><span class="s">ENABLE_CHAT</span><span class="sh">'</span><span class="p">)</span> <span class="ow">and</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">GOOGLE_CHAT_WEBHOOK</span><span class="sh">'</span><span class="p">):</span> <span class="k">try</span><span class="p">:</span> <span class="nf">_send_chat_notification</span><span class="p">(</span><span class="n">finding_data</span><span class="p">)</span> <span class="n">results</span><span class="p">[</span><span class="sh">'</span><span class="s">chat</span><span class="sh">'</span><span class="p">]</span> <span class="o">=</span> <span class="sh">'</span><span class="s">Success</span><span class="sh">'</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Chat notification failed: </span><span class="si">{</span><span class="nf">str</span><span class="p">(</span><span class="n">e</span><span class="p">)</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">results</span><span class="p">[</span><span class="sh">'</span><span class="s">chat</span><span class="sh">'</span><span class="p">]</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">'</span><span class="s">Failed: </span><span class="si">{</span><span class="nf">str</span><span class="p">(</span><span class="n">e</span><span class="p">)</span><span class="si">}</span><span class="sh">'</span> <span class="k">return</span> <span class="n">results</span> <span class="k">def</span> <span class="nf">_send_sns_notification</span><span class="p">(</span><span class="n">config</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">],</span> <span class="n">finding_data</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">])</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Send SNS notification.</span><span class="sh">"""</span> <span class="n">session</span> <span class="o">=</span> <span class="nf">get_aws_session</span><span class="p">(</span><span class="n">config</span><span class="p">[</span><span class="sh">'</span><span class="s">awsCredentials</span><span class="sh">'</span><span class="p">])</span> <span class="n">sns_client</span> <span class="o">=</span> <span class="n">session</span><span class="p">.</span><span class="nf">client</span><span class="p">(</span><span class="sh">'</span><span class="s">sns</span><span class="sh">'</span><span class="p">)</span> <span class="n">message</span> <span class="o">=</span> <span class="nf">_format_sns_message</span><span class="p">(</span><span class="n">finding_data</span><span class="p">)</span> <span class="n">subject</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">🚨 GuardDuty Alert | </span><span class="si">{</span><span class="n">finding_data</span><span class="p">[</span><span class="sh">'</span><span class="s">title</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span> <span class="n">sns_client</span><span class="p">.</span><span class="nf">publish</span><span class="p">(</span> <span class="n">TopicArn</span><span class="o">=</span><span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">[</span><span class="sh">'</span><span class="s">SNS_TOPIC_ARN</span><span class="sh">'</span><span class="p">],</span> <span class="n">Subject</span><span class="o">=</span><span class="n">subject</span><span class="p">,</span> <span class="n">Message</span><span class="o">=</span><span class="n">message</span> <span class="p">)</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sh">"</span><span class="s">SNS notification sent successfully</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">_send_email_notification</span><span class="p">(</span><span class="n">config</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">],</span> <span class="n">finding_data</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">])</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Send email notification.</span><span class="sh">"""</span> <span class="n">email_content</span> <span class="o">=</span> <span class="nf">_format_email_content</span><span class="p">(</span><span class="n">finding_data</span><span class="p">)</span> <span class="n">email_details</span> <span class="o">=</span> <span class="n">config</span><span class="p">[</span><span class="sh">'</span><span class="s">emailNotification</span><span class="sh">'</span><span class="p">].</span><span class="nf">copy</span><span class="p">()</span> <span class="n">email_details</span><span class="p">[</span><span class="sh">'</span><span class="s">email_subject</span><span class="sh">'</span><span class="p">]</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">GuardDuty Alert | </span><span class="si">{</span><span class="n">finding_data</span><span class="p">[</span><span class="sh">'</span><span class="s">title</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span> <span class="nf">send_email</span><span class="p">(</span><span class="n">config</span><span class="p">[</span><span class="sh">'</span><span class="s">smtpCredentials</span><span class="sh">'</span><span class="p">],</span> <span class="n">email_details</span><span class="p">,</span> <span class="n">email_content</span><span class="p">)</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sh">"</span><span class="s">Email notification sent successfully</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">_send_chat_notification</span><span class="p">(</span><span class="n">finding_data</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">])</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Send Google Chat notification.</span><span class="sh">"""</span> <span class="n">message</span> <span class="o">=</span> <span class="nf">_format_chat_message</span><span class="p">(</span><span class="n">finding_data</span><span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">[</span><span class="sh">'</span><span class="s">GOOGLE_CHAT_WEBHOOK</span><span class="sh">'</span><span class="p">],</span> <span class="n">json</span><span class="o">=</span><span class="n">message</span><span class="p">,</span> <span class="n">timeout</span><span class="o">=</span><span class="mi">10</span> <span class="p">)</span> <span class="n">response</span><span class="p">.</span><span class="nf">raise_for_status</span><span class="p">()</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sh">"</span><span class="s">Google Chat notification sent successfully</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">_format_sns_message</span><span class="p">(</span><span class="n">finding_data</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">])</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Format message for SNS notification.</span><span class="sh">"""</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"""</span><span class="s">GuardDuty Security Finding Title: </span><span class="si">{</span><span class="n">finding_data</span><span class="p">[</span><span class="sh">'</span><span class="s">title</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s"> Description: </span><span class="si">{</span><span class="n">finding_data</span><span class="p">[</span><span class="sh">'</span><span class="s">description</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s"> Type: </span><span class="si">{</span><span class="n">finding_data</span><span class="p">[</span><span class="sh">'</span><span class="s">finding_type</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s"> Severity: </span><span class="si">{</span><span class="n">finding_data</span><span class="p">[</span><span class="sh">'</span><span class="s">severity</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s"> Resource: </span><span class="si">{</span><span class="n">finding_data</span><span class="p">[</span><span class="sh">'</span><span class="s">resource</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s"> Account: </span><span class="si">{</span><span class="n">finding_data</span><span class="p">[</span><span class="sh">'</span><span class="s">account</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s"> Region: </span><span class="si">{</span><span class="n">finding_data</span><span class="p">[</span><span class="sh">'</span><span class="s">region</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s"> Finding ID: </span><span class="si">{</span><span class="n">finding_data</span><span class="p">[</span><span class="sh">'</span><span class="s">finding_id</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s"> Action Required: Please investigate this finding in the AWS GuardDuty console immediately.</span><span class="sh">"""</span> <span class="k">def</span> <span class="nf">_format_email_content</span><span class="p">(</span><span class="n">finding_data</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">])</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Format HTML content for email notification.</span><span class="sh">"""</span> <span class="n">severity_color</span> <span class="o">=</span> <span class="nf">_get_severity_color</span><span class="p">(</span><span class="n">finding_data</span><span class="p">[</span><span class="sh">'</span><span class="s">severity</span><span class="sh">'</span><span class="p">])</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"""</span><span class="s"> &lt;html&gt; &lt;body style=</span><span class="sh">"</span><span class="s">font-family: Arial, sans-serif; margin: 20px;</span><span class="sh">"</span><span class="s">&gt; &lt;div style=</span><span class="sh">"</span><span class="s">border-left: 4px solid </span><span class="si">{</span><span class="n">severity_color</span><span class="si">}</span><span class="s">; padding-left: 20px;</span><span class="sh">"</span><span class="s">&gt; &lt;h2 style=</span><span class="sh">"</span><span class="s">color: </span><span class="si">{</span><span class="n">severity_color</span><span class="si">}</span><span class="s">;</span><span class="sh">"</span><span class="s">&gt;🚨 GuardDuty Security Alert&lt;/h2&gt; &lt;table style=</span><span class="sh">"</span><span class="s">border-collapse: collapse; width: 100%; margin-top: 20px;</span><span class="sh">"</span><span class="s">&gt; &lt;tr&gt;&lt;td style=</span><span class="sh">"</span><span class="s">padding: 8px; font-weight: bold; background-color: #f5f5f5;</span><span class="sh">"</span><span class="s">&gt;Title:&lt;/td&gt; &lt;td style=</span><span class="sh">"</span><span class="s">padding: 8px;</span><span class="sh">"</span><span class="s">&gt;</span><span class="si">{</span><span class="n">finding_data</span><span class="p">[</span><span class="sh">'</span><span class="s">title</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s">&lt;/td&gt;&lt;/tr&gt; &lt;tr&gt;&lt;td style=</span><span class="sh">"</span><span class="s">padding: 8px; font-weight: bold; background-color: #f5f5f5;</span><span class="sh">"</span><span class="s">&gt;Description:&lt;/td&gt; &lt;td style=</span><span class="sh">"</span><span class="s">padding: 8px;</span><span class="sh">"</span><span class="s">&gt;</span><span class="si">{</span><span class="n">finding_data</span><span class="p">[</span><span class="sh">'</span><span class="s">description</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s">&lt;/td&gt;&lt;/tr&gt; &lt;tr&gt;&lt;td style=</span><span class="sh">"</span><span class="s">padding: 8px; font-weight: bold; background-color: #f5f5f5;</span><span class="sh">"</span><span class="s">&gt;Type:&lt;/td&gt; &lt;td style=</span><span class="sh">"</span><span class="s">padding: 8px;</span><span class="sh">"</span><span class="s">&gt;</span><span class="si">{</span><span class="n">finding_data</span><span class="p">[</span><span class="sh">'</span><span class="s">finding_type</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s">&lt;/td&gt;&lt;/tr&gt; &lt;tr&gt;&lt;td style=</span><span class="sh">"</span><span class="s">padding: 8px; font-weight: bold; background-color: #f5f5f5;</span><span class="sh">"</span><span class="s">&gt;Severity:&lt;/td&gt; &lt;td style=</span><span class="sh">"</span><span class="s">padding: 8px; color: </span><span class="si">{</span><span class="n">severity_color</span><span class="si">}</span><span class="s">; font-weight: bold;</span><span class="sh">"</span><span class="s">&gt;</span><span class="si">{</span><span class="n">finding_data</span><span class="p">[</span><span class="sh">'</span><span class="s">severity</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s">&lt;/td&gt;&lt;/tr&gt; &lt;tr&gt;&lt;td style=</span><span class="sh">"</span><span class="s">padding: 8px; font-weight: bold; background-color: #f5f5f5;</span><span class="sh">"</span><span class="s">&gt;Resource:&lt;/td&gt; &lt;td style=</span><span class="sh">"</span><span class="s">padding: 8px;</span><span class="sh">"</span><span class="s">&gt;</span><span class="si">{</span><span class="n">finding_data</span><span class="p">[</span><span class="sh">'</span><span class="s">resource</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s">&lt;/td&gt;&lt;/tr&gt; &lt;tr&gt;&lt;td style=</span><span class="sh">"</span><span class="s">padding: 8px; font-weight: bold; background-color: #f5f5f5;</span><span class="sh">"</span><span class="s">&gt;Account:&lt;/td&gt; &lt;td style=</span><span class="sh">"</span><span class="s">padding: 8px;</span><span class="sh">"</span><span class="s">&gt;</span><span class="si">{</span><span class="n">finding_data</span><span class="p">[</span><span class="sh">'</span><span class="s">account</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s">&lt;/td&gt;&lt;/tr&gt; &lt;tr&gt;&lt;td style=</span><span class="sh">"</span><span class="s">padding: 8px; font-weight: bold; background-color: #f5f5f5;</span><span class="sh">"</span><span class="s">&gt;Region:&lt;/td&gt; &lt;td style=</span><span class="sh">"</span><span class="s">padding: 8px;</span><span class="sh">"</span><span class="s">&gt;</span><span class="si">{</span><span class="n">finding_data</span><span class="p">[</span><span class="sh">'</span><span class="s">region</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s">&lt;/td&gt;&lt;/tr&gt; &lt;tr&gt;&lt;td style=</span><span class="sh">"</span><span class="s">padding: 8px; font-weight: bold; background-color: #f5f5f5;</span><span class="sh">"</span><span class="s">&gt;Finding ID:&lt;/td&gt; &lt;td style=</span><span class="sh">"</span><span class="s">padding: 8px; font-family: monospace;</span><span class="sh">"</span><span class="s">&gt;</span><span class="si">{</span><span class="n">finding_data</span><span class="p">[</span><span class="sh">'</span><span class="s">finding_id</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s">&lt;/td&gt;&lt;/tr&gt; &lt;/table&gt; &lt;div style=</span><span class="sh">"</span><span class="s">margin-top: 20px; padding: 15px; background-color: #fff3cd; border: 1px solid #ffeaa7; border-radius: 4px;</span><span class="sh">"</span><span class="s">&gt; &lt;strong&gt;Action Required:&lt;/strong&gt; Please investigate this finding in the AWS GuardDuty console immediately. &lt;/div&gt; &lt;/div&gt; &lt;/body&gt; &lt;/html&gt; </span><span class="sh">"""</span> <span class="k">def</span> <span class="nf">_format_chat_message</span><span class="p">(</span><span class="n">finding_data</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">])</span> <span class="o">-&gt;</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="nb">str</span><span class="p">]:</span> <span class="sh">"""</span><span class="s">Format message for Google Chat notification.</span><span class="sh">"""</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">:</span> <span class="sa">f</span><span class="sh">"""</span><span class="s">🚨 *GuardDuty Security Alert* *Title:* </span><span class="si">{</span><span class="n">finding_data</span><span class="p">[</span><span class="sh">'</span><span class="s">title</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s"> *Description:* </span><span class="si">{</span><span class="n">finding_data</span><span class="p">[</span><span class="sh">'</span><span class="s">description</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s"> *Type:* </span><span class="si">{</span><span class="n">finding_data</span><span class="p">[</span><span class="sh">'</span><span class="s">finding_type</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s"> *Severity:* </span><span class="si">{</span><span class="n">finding_data</span><span class="p">[</span><span class="sh">'</span><span class="s">severity</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s"> *Resource:* </span><span class="si">{</span><span class="n">finding_data</span><span class="p">[</span><span class="sh">'</span><span class="s">resource</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s"> *Account:* </span><span class="si">{</span><span class="n">finding_data</span><span class="p">[</span><span class="sh">'</span><span class="s">account</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s"> *Region:* </span><span class="si">{</span><span class="n">finding_data</span><span class="p">[</span><span class="sh">'</span><span class="s">region</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s"> *Finding ID:* </span><span class="si">{</span><span class="n">finding_data</span><span class="p">[</span><span class="sh">'</span><span class="s">finding_id</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s"> ⚠️ *Action Required:* Please investigate this finding in the AWS GuardDuty console immediately.</span><span class="sh">"""</span> <span class="p">}</span> <span class="k">def</span> <span class="nf">_get_severity_color</span><span class="p">(</span><span class="n">severity</span><span class="p">:</span> <span class="nb">float</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Get color code based on severity level.</span><span class="sh">"""</span> <span class="k">if</span> <span class="n">severity</span> <span class="o">&gt;=</span> <span class="mf">7.0</span><span class="p">:</span> <span class="k">return</span> <span class="sh">"</span><span class="s">#dc3545</span><span class="sh">"</span> <span class="c1"># Red for high severity </span> <span class="k">elif</span> <span class="n">severity</span> <span class="o">&gt;=</span> <span class="mf">4.0</span><span class="p">:</span> <span class="k">return</span> <span class="sh">"</span><span class="s">#fd7e14</span><span class="sh">"</span> <span class="c1"># Orange for medium severity </span> <span class="k">else</span><span class="p">:</span> <span class="k">return</span> <span class="sh">"</span><span class="s">#28a745</span><span class="sh">"</span> <span class="c1"># Green for low severity </span> <span class="k">def</span> <span class="nf">_is_enabled</span><span class="p">(</span><span class="n">env_var</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">bool</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Check if notification channel is enabled.</span><span class="sh">"""</span> <span class="k">return</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">env_var</span><span class="p">,</span> <span class="sh">'</span><span class="s">false</span><span class="sh">'</span><span class="p">).</span><span class="nf">lower</span><span class="p">()</span> <span class="o">==</span> <span class="sh">'</span><span class="s">true</span><span class="sh">'</span> </code></pre> </div> <h2> Configuration &amp; Setup Instructions </h2> <h3> Prerequisites </h3> <ul> <li>AWS CLI configured with appropriate permissions</li> <li>Python 3.9+ for local development</li> <li>Access to AWS Lambda, EventBridge, and SNS services</li> </ul> <h3> Step 1: Clone and Prepare </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git clone &lt;repository-url&gt; <span class="nb">cd </span>aws-guardduty-notification </code></pre> </div> <h3> Step 2: Configure Input Parameters </h3> <p>Update <code>input.json</code> with your environment-specific settings:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"awsCredentials"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"region_name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"us-east-1"</span><span class="p">,</span><span class="w"> </span><span class="nl">"profile_name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"your-aws-profile"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"smtpCredentials"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"host"</span><span class="p">:</span><span class="w"> </span><span class="s2">"smtp.gmail.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"port"</span><span class="p">:</span><span class="w"> </span><span class="s2">"587"</span><span class="p">,</span><span class="w"> </span><span class="nl">"username"</span><span class="p">:</span><span class="w"> </span><span class="s2">"your-email@company.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"password"</span><span class="p">:</span><span class="w"> </span><span class="s2">"your-app-password"</span><span class="p">,</span><span class="w"> </span><span class="nl">"from_email"</span><span class="p">:</span><span class="w"> </span><span class="s2">"alerts@company.com"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"emailNotification"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"email_subject"</span><span class="p">:</span><span class="w"> </span><span class="s2">"GuardDuty Security Alert"</span><span class="p">,</span><span class="w"> </span><span class="nl">"subject_prefix"</span><span class="p">:</span><span class="w"> </span><span class="s2">"SECURITY"</span><span class="p">,</span><span class="w"> </span><span class="nl">"to"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"security-team@company.com"</span><span class="p">],</span><span class="w"> </span><span class="nl">"cc"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"devops@company.com"</span><span class="p">],</span><span class="w"> </span><span class="nl">"bcc"</span><span class="p">:</span><span class="w"> </span><span class="p">[]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> Step 3: Deploy Infrastructure </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Make deployment script executable</span> <span class="nb">chmod</span> +x cloudformation_deploy.sh <span class="c"># Update deployment parameters</span> <span class="nb">export </span><span class="nv">SNS_TOPIC_ARN</span><span class="o">=</span><span class="s2">"arn:aws:sns:us-east-1:123456789012:security-alerts"</span> <span class="nb">export </span><span class="nv">GOOGLE_CHAT_WEBHOOK</span><span class="o">=</span><span class="s2">"https://chat.googleapis.com/v1/spaces/xxx/messages?key=xxx"</span> <span class="c"># Deploy the stack</span> ./cloudformation_deploy.sh </code></pre> </div> <h3> Step 4: Verify Deployment </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Check stack status</span> aws cloudformation describe-stacks <span class="nt">--stack-name</span> guardduty-notifications <span class="c"># Test Lambda function</span> aws lambda invoke <span class="nt">--function-name</span> guardduty-notifications-guardduty-processor <span class="se">\</span> <span class="nt">--payload</span> file://test-event.json response.json </code></pre> </div> <h2> Usage Examples </h2> <h3> Testing with Sample Event </h3> <p>Create a test event file (<code>test-event.json</code>):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"test-event-id"</span><span class="p">,</span><span class="w"> </span><span class="nl">"detail-type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"GuardDuty Finding"</span><span class="p">,</span><span class="w"> </span><span class="nl">"source"</span><span class="p">:</span><span class="w"> </span><span class="s2">"aws.guardduty"</span><span class="p">,</span><span class="w"> </span><span class="nl">"account"</span><span class="p">:</span><span class="w"> </span><span class="s2">"123456789012"</span><span class="p">,</span><span class="w"> </span><span class="nl">"time"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2025-01-15T10:30:00Z"</span><span class="p">,</span><span class="w"> </span><span class="nl">"region"</span><span class="p">:</span><span class="w"> </span><span class="s2">"us-east-1"</span><span class="p">,</span><span class="w"> </span><span class="nl">"detail"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"test-finding-id"</span><span class="p">,</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Backdoor:EC2/C&amp;CActivity.B!DNS"</span><span class="p">,</span><span class="w"> </span><span class="nl">"title"</span><span class="p">:</span><span class="w"> </span><span class="s2">"EC2 instance is querying a domain name associated with a known command and control server"</span><span class="p">,</span><span class="w"> </span><span class="nl">"description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"EC2 instance i-1234567890abcdef0 is querying a domain name associated with a known command and control server."</span><span class="p">,</span><span class="w"> </span><span class="nl">"severity"</span><span class="p">:</span><span class="w"> </span><span class="mf">8.5</span><span class="p">,</span><span class="w"> </span><span class="nl">"resource"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"resourceType"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Instance"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"createdAt"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2025-01-15T10:30:00.000Z"</span><span class="p">,</span><span class="w"> </span><span class="nl">"updatedAt"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2025-01-15T10:30:00.000Z"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> Environment Variables Configuration </h3> <p>The Lambda function uses these environment variables:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">SNS_TOPIC_ARN</span><span class="o">=</span>arn:aws:sns:us-east-1:123456789012:security-alerts <span class="nv">GOOGLE_CHAT_WEBHOOK</span><span class="o">=</span>https://chat.googleapis.com/v1/spaces/xxx/messages?key<span class="o">=</span>xxx <span class="nv">ENABLE_SNS</span><span class="o">=</span><span class="nb">true </span><span class="nv">ENABLE_EMAIL</span><span class="o">=</span><span class="nb">true </span><span class="nv">ENABLE_CHAT</span><span class="o">=</span><span class="nb">true</span> </code></pre> </div> <h2> Best Practices Followed </h2> <h3> 1. Security Best Practices </h3> <p><strong>Least Privilege IAM Roles</strong></p> <ul> <li>Lambda execution role has minimal required permissions</li> <li>No hardcoded credentials in source code</li> <li>Secure parameter handling for sensitive data</li> </ul> <p><strong>Credential Management</strong></p> <ul> <li>Support for multiple AWS authentication methods</li> <li>Secure SMTP credential handling</li> <li>Environment variable usage for configuration</li> </ul> <h3> 2. Operational Excellence </h3> <p><strong>Comprehensive Logging</strong></p> <ul> <li>Structured logging throughout the application</li> <li>Error tracking and debugging information</li> <li>Performance monitoring capabilities</li> </ul> <p><strong>Infrastructure as Code</strong></p> <ul> <li>Complete CloudFormation template</li> <li>Automated deployment scripts</li> <li>Version-controlled infrastructure</li> </ul> <h3> 3. Reliability &amp; Performance </h3> <p><strong>Error Handling</strong></p> <ul> <li>Graceful degradation when channels fail</li> <li>Retry logic for transient failures</li> <li>Comprehensive exception handling</li> </ul> <p><strong>Scalability</strong></p> <ul> <li>Serverless architecture for automatic scaling</li> <li>Efficient resource utilization</li> <li>Minimal cold start impact</li> </ul> <h2> Security &amp; Performance Considerations </h2> <h3> Security Measures </h3> <ol> <li> <p><strong>Data Protection</strong></p> <ul> <li>No sensitive data logged</li> <li>Secure credential transmission</li> <li>Encrypted communication channels</li> </ul> </li> <li> <p><strong>Access Control</strong></p> <ul> <li>IAM role-based permissions</li> <li>Resource-level access restrictions</li> <li>Audit trail maintenance</li> </ul> </li> <li> <p><strong>Network Security</strong></p> <ul> <li>VPC deployment options</li> <li>Security group configurations</li> <li>Encrypted data in transit</li> </ul> </li> </ol> <h3> Performance Optimizations </h3> <ol> <li> <p><strong>Lambda Optimization</strong></p> <ul> <li>Minimal package size</li> <li>Efficient memory allocation</li> <li>Connection pooling for SMTP</li> </ul> </li> <li> <p><strong>Cost Management</strong></p> <ul> <li>Pay-per-use pricing model</li> <li>Efficient resource utilization</li> <li>Automated scaling</li> </ul> </li> </ol> <h2> Common Pitfalls &amp; Troubleshooting </h2> <h3> Issue 1: Email Delivery Failures </h3> <p><strong>Symptoms:</strong></p> <ul> <li>Email notifications not received</li> <li>SMTP authentication errors</li> </ul> <p><strong>Solutions:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Check SMTP credentials</span> aws logs filter-log-events <span class="nt">--log-group-name</span> /aws/lambda/guardduty-processor <span class="se">\</span> <span class="nt">--filter-pattern</span> <span class="s2">"SMTP"</span> <span class="c"># Verify email configuration</span> python <span class="nt">-c</span> <span class="s2">" import smtplib server = smtplib.SMTP('smtp.gmail.com', 587) server.starttls() server.login('username', 'password') print('SMTP connection successful') "</span> </code></pre> </div> <h3> Issue 2: Lambda Timeout Errors </h3> <p><strong>Symptoms:</strong></p> <ul> <li>Function timeouts during execution</li> <li>Incomplete notification delivery</li> </ul> <p><strong>Solutions:</strong></p> <ul> <li>Increase Lambda timeout in CloudFormation template</li> <li>Optimize SMTP connection handling</li> <li>Implement asynchronous processing for multiple channels</li> </ul> <h3> Issue 3: EventBridge Rule Not Triggering </h3> <p><strong>Symptoms:</strong></p> <ul> <li>GuardDuty findings not triggering Lambda</li> <li>Missing event pattern matches</li> </ul> <p><strong>Solutions:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Verify EventBridge rule</span> aws events describe-rule <span class="nt">--name</span> guardduty-notifications-guardduty-rule <span class="c"># Check rule targets</span> aws events list-targets-by-rule <span class="nt">--rule</span> guardduty-notifications-guardduty-rule <span class="c"># Test event pattern</span> aws events test-event-pattern <span class="nt">--event-pattern</span> file://event-pattern.json <span class="se">\</span> <span class="nt">--event</span> file://test-event.json </code></pre> </div> <h3> Issue 4: Google Chat Webhook Failures </h3> <p><strong>Symptoms:</strong></p> <ul> <li>Chat notifications not appearing</li> <li>Webhook authentication errors</li> </ul> <p><strong>Solutions:</strong></p> <ul> <li>Verify webhook URL format and permissions</li> <li>Check Google Chat space configuration</li> <li>Test webhook independently: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-X</span> POST <span class="s2">"https://chat.googleapis.com/v1/spaces/xxx/messages?key=xxx"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{"text": "Test message"}'</span> </code></pre> </div> <h2> Enhancements &amp; Future Improvements </h2> <h3> Planned Enhancements </h3> <ol> <li> <p><strong>Advanced Filtering</strong></p> <ul> <li>Severity-based routing</li> <li>Finding type categorization</li> <li>Custom filtering rules</li> </ul> </li> <li> <p><strong>Integration Expansions</strong></p> <ul> <li>Slack integration</li> <li>Microsoft Teams support</li> <li>PagerDuty escalation</li> </ul> </li> <li> <p><strong>Analytics &amp; Reporting</strong></p> <ul> <li>Finding trend analysis</li> <li>Response time metrics</li> <li>Dashboard integration</li> </ul> </li> <li> <p><strong>Automation Workflows</strong></p> <ul> <li>Automatic remediation for low-risk findings</li> <li>Ticket creation integration</li> <li>Escalation workflows</li> </ul> </li> </ol> <h3> Implementation Roadmap </h3> <p><strong>Phase 1: Enhanced Filtering (Q2 2025)</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">should_notify</span><span class="p">(</span><span class="n">finding_data</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">],</span> <span class="n">filters</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">])</span> <span class="o">-&gt;</span> <span class="nb">bool</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Determine if finding should trigger notification based on filters.</span><span class="sh">"""</span> <span class="n">severity_threshold</span> <span class="o">=</span> <span class="n">filters</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">min_severity</span><span class="sh">'</span><span class="p">,</span> <span class="mi">0</span><span class="p">)</span> <span class="n">excluded_types</span> <span class="o">=</span> <span class="n">filters</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">excluded_types</span><span class="sh">'</span><span class="p">,</span> <span class="p">[])</span> <span class="k">if</span> <span class="n">finding_data</span><span class="p">[</span><span class="sh">'</span><span class="s">severity</span><span class="sh">'</span><span class="p">]</span> <span class="o">&lt;</span> <span class="n">severity_threshold</span><span class="p">:</span> <span class="k">return</span> <span class="bp">False</span> <span class="k">if</span> <span class="n">finding_data</span><span class="p">[</span><span class="sh">'</span><span class="s">finding_type</span><span class="sh">'</span><span class="p">]</span> <span class="ow">in</span> <span class="n">excluded_types</span><span class="p">:</span> <span class="k">return</span> <span class="bp">False</span> <span class="k">return</span> <span class="bp">True</span> </code></pre> </div> <p><strong>Phase 2: Slack Integration (Q3 2025)</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">send_slack_notification</span><span class="p">(</span><span class="n">webhook_url</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">finding_data</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">])</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Send formatted notification to Slack channel.</span><span class="sh">"""</span> <span class="n">payload</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">blocks</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">header</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">plain_text</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">:</span> <span class="sa">f</span><span class="sh">"</span><span class="s">🚨 GuardDuty Alert: </span><span class="si">{</span><span class="n">finding_data</span><span class="p">[</span><span class="sh">'</span><span class="s">title</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span> <span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">section</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">fields</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span><span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">mrkdwn</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">:</span> <span class="sa">f</span><span class="sh">"</span><span class="s">*Severity:* </span><span class="si">{</span><span class="n">finding_data</span><span class="p">[</span><span class="sh">'</span><span class="s">severity</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span><span class="p">},</span> <span class="p">{</span><span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">mrkdwn</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">:</span> <span class="sa">f</span><span class="sh">"</span><span class="s">*Account:* </span><span class="si">{</span><span class="n">finding_data</span><span class="p">[</span><span class="sh">'</span><span class="s">account</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span><span class="p">}</span> <span class="p">]</span> <span class="p">}</span> <span class="p">]</span> <span class="p">}</span> <span class="n">requests</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="n">webhook_url</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="n">payload</span><span class="p">)</span> </code></pre> </div> <p><strong>Phase 3: Automated Remediation (Q4 2025)</strong></p> <ul> <li>Integration with AWS Systems Manager</li> <li>Automated EC2 instance isolation</li> <li>Security group modification workflows</li> </ul> <h2> Conclusion </h2> <p>Building a robust security notification system requires careful consideration of multiple factors: reliability, security, performance, and operational excellence. Our AWS GuardDuty notification solution demonstrates how to leverage serverless architecture and AWS native services to create a production-ready system that scales automatically and provides comprehensive security alerting.</p> <h3> Key Takeaways </h3> <ol> <li> <strong>Event-Driven Architecture</strong>: Leveraging EventBridge provides real-time processing with minimal operational overhead</li> <li> <strong>Multi-Channel Redundancy</strong>: Supporting multiple notification channels ensures critical alerts are never missed</li> <li> <strong>Security First</strong>: Implementing proper IAM roles and credential management from the start</li> <li> <strong>Operational Excellence</strong>: Comprehensive logging and infrastructure as code enable reliable operations</li> </ol> <h3> Getting Started </h3> <p>The complete solution is available in our repository with detailed setup instructions. Start with the basic configuration and gradually enable additional notification channels based on your team's needs.</p> <h3> Community &amp; Support </h3> <p>We encourage contributions and feedback from the community. Whether you're implementing additional notification channels, improving error handling, or adding new features, your contributions help make this solution better for everyone.</p> <p><strong>Next Steps:</strong></p> <ol> <li>Deploy the basic solution in your environment</li> <li>Customize notification channels for your team</li> <li>Implement additional filtering based on your security requirements</li> <li>Consider contributing enhancements back to the community</li> </ol> <p>Security is a team effort, and automated notification systems like this one help ensure that your security team can respond quickly to threats. By following the patterns and practices outlined in this article, you can build robust, scalable security automation that grows with your organization's needs.</p> <p><em>This solution has been tested in production environments and follows AWS Well-Architected Framework principles. For questions or contributions, please refer to the repository's issue tracker and contribution guidelines.</em></p> aws guardduty monitoring Prashant Gupta Tue, 30 Dec 2025 12:23:03 +0000 https://dev.to/prashantgupta123/aws-bedrock-agentcore-runtime-building-and-deploying-ai-agents-at-scale-1de3 https://dev.to/prashantgupta123/aws-bedrock-agentcore-runtime-building-and-deploying-ai-agents-at-scale-1de3 <h2> AWS Bedrock AgentCore Runtime: Building and Deploying AI Agents at Scale </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flvqnn8neawr4o46gj8c7.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flvqnn8neawr4o46gj8c7.png" alt="AWS Bedrock AgentCore Architecture" width="800" height="221"></a></p> <h2> 🚀 Introduction </h2> <p>AWS Bedrock AgentCore Runtime represents a revolutionary approach to deploying and managing AI agents in the cloud. This comprehensive guide walks you through building, deploying, and invoking AI agents using AWS's fully managed AgentCore service, eliminating the complexity of infrastructure management while providing enterprise-grade scalability and security.</p> <p>In this blog-style guide, we'll explore how to create a production-ready AI agent that leverages Claude 3 Haiku through Bedrock, deploy it using automated build scripts, and invoke it seamlessly from your applications or Lambda functions.</p> <h2> 📋 Table of Contents </h2> <ul> <li>Architecture Overview</li> <li>Prerequisites</li> <li>Project Structure</li> <li>Core Components</li> <li>Step-by-Step Implementation</li> <li>Deployment Process</li> <li>Agent Invocation</li> <li>Best Practices</li> <li>Troubleshooting</li> <li>Advanced Configuration</li> </ul> <h2> 🏗️ Architecture Overview </h2> <p>AWS Bedrock AgentCore Runtime provides a serverless, fully managed environment for running AI agents. The architecture consists of several key components:</p> <h3> High-Level Architecture </h3> <p>The AgentCore Runtime follows a simple yet powerful pattern:</p> <ol> <li> <strong>Agent Code</strong>: Your Python application using the Bedrock AgentCore SDK</li> <li> <strong>S3 Storage</strong>: Packaged agent code stored as ZIP files</li> <li> <strong>AgentCore Runtime</strong>: Managed service that hosts and executes your agent</li> <li> <strong>Invocation Layer</strong>: Direct API calls or Lambda integration for triggering agents</li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fe2lh09nkseh7pk8a6gjb.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fe2lh09nkseh7pk8a6gjb.png" alt="AgentCore Runtime Host" width="800" height="442"></a></p> <h3> Key Benefits </h3> <ul> <li> <strong>Serverless</strong>: No infrastructure to manage</li> <li> <strong>Scalable</strong>: Automatic scaling based on demand</li> <li> <strong>Secure</strong>: Built-in AWS security and compliance</li> <li> <strong>Cost-Effective</strong>: Pay only for what you use</li> <li> <strong>Integrated</strong>: Native integration with Bedrock models</li> </ul> <h2> 🔧 Prerequisites </h2> <p>Before diving into the implementation, ensure you have the following:</p> <h3> AWS Requirements </h3> <ul> <li>AWS Account with appropriate permissions</li> <li>AWS CLI configured with credentials</li> <li>Access to Amazon Bedrock service</li> <li>S3 bucket for storing agent packages</li> </ul> <h3> Development Environment </h3> <ul> <li>Python 3.13 or higher</li> <li>pip package manager</li> <li>bash shell (for deployment scripts)</li> <li>Git for version control</li> </ul> <h3> Required AWS Permissions </h3> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2012-10-17"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Statement"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"bedrock:*"</span><span class="p">,</span><span class="w"> </span><span class="s2">"bedrock-agentcore:*"</span><span class="p">,</span><span class="w"> </span><span class="s2">"s3:GetObject"</span><span class="p">,</span><span class="w"> </span><span class="s2">"s3:PutObject"</span><span class="p">,</span><span class="w"> </span><span class="s2">"s3:ListBucket"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> 📁 Project Structure </h2> <p>Our AgentCore Runtime project follows a clean, organized structure:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>aws-agentcore-runtime/ ├── main.py # Core agent implementation ├── requirements.txt # Python dependencies ├── script.sh # Automated build and deployment script ├── trigger-agent.py # Agent invocation client ├── images/ # Documentation screenshots │ ├── 1-AgentCoreDiagram.png │ ├── 2-AgentCoreRuntimeHost.png │ ├── 3-AgentCoreRuntimeHostSource.png │ ├── 4-AgentCoreRuntimeHostPermission.png │ ├── 5-AgentCoreRuntimeHostProtocol.png │ ├── 6-AgentCoreRuntimeHostSecurity.png │ └── 7-AgentCoreRuntimeEndpoint.png └── README.md # This comprehensive guide </code></pre> </div> <h2> 🧩 Core Components </h2> <h3> 1. Agent Implementation (<code>main.py</code>) </h3> <p>The heart of our AI agent is a Python application that leverages the Bedrock AgentCore SDK:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="sh">"""</span><span class="s">AWS Bedrock AgentCore Runtime - AI Agent Implementation</span><span class="sh">"""</span> <span class="kn">import</span> <span class="n">logging</span> <span class="kn">from</span> <span class="n">typing</span> <span class="kn">import</span> <span class="n">Dict</span><span class="p">,</span> <span class="n">Any</span> <span class="kn">from</span> <span class="n">bedrock_agentcore</span> <span class="kn">import</span> <span class="n">BedrockAgentCoreApp</span> <span class="kn">from</span> <span class="n">strands</span> <span class="kn">import</span> <span class="n">Agent</span> <span class="kn">from</span> <span class="n">strands.models</span> <span class="kn">import</span> <span class="n">BedrockModel</span> <span class="c1"># Configure logging </span><span class="n">logging</span><span class="p">.</span><span class="nf">basicConfig</span><span class="p">(</span><span class="n">level</span><span class="o">=</span><span class="n">logging</span><span class="p">.</span><span class="n">INFO</span><span class="p">)</span> <span class="n">logger</span> <span class="o">=</span> <span class="n">logging</span><span class="p">.</span><span class="nf">getLogger</span><span class="p">(</span><span class="n">__name__</span><span class="p">)</span> <span class="c1"># Initialize Bedrock model </span><span class="n">bedrock_model</span> <span class="o">=</span> <span class="nc">BedrockModel</span><span class="p">(</span> <span class="n">model_id</span><span class="o">=</span><span class="sh">"</span><span class="s">anthropic.claude-3-haiku-20240307-v1:0</span><span class="sh">"</span><span class="p">,</span> <span class="n">region_name</span><span class="o">=</span><span class="sh">"</span><span class="s">us-east-1</span><span class="sh">"</span><span class="p">,</span> <span class="p">)</span> <span class="c1"># Initialize app and agent </span><span class="n">app</span> <span class="o">=</span> <span class="nc">BedrockAgentCoreApp</span><span class="p">()</span> <span class="n">agent</span> <span class="o">=</span> <span class="nc">Agent</span><span class="p">(</span><span class="n">model</span><span class="o">=</span><span class="n">bedrock_model</span><span class="p">)</span> <span class="nd">@app.entrypoint</span> <span class="k">def</span> <span class="nf">invoke</span><span class="p">(</span><span class="n">payload</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">])</span> <span class="o">-&gt;</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="nb">str</span><span class="p">]:</span> <span class="sh">"""</span><span class="s">AI agent entrypoint function.</span><span class="sh">"""</span> <span class="k">try</span><span class="p">:</span> <span class="n">user_message</span> <span class="o">=</span> <span class="n">payload</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">prompt</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Hello! How can I help you today?</span><span class="sh">"</span><span class="p">)</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Processing request with prompt length: </span><span class="si">{</span><span class="nf">len</span><span class="p">(</span><span class="n">user_message</span><span class="p">)</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">result</span> <span class="o">=</span> <span class="nf">agent</span><span class="p">(</span><span class="n">user_message</span><span class="p">)</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sh">"</span><span class="s">Successfully processed agent request</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="p">{</span><span class="sh">"</span><span class="s">result</span><span class="sh">"</span><span class="p">:</span> <span class="n">result</span><span class="p">.</span><span class="n">message</span><span class="p">}</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Agent processing failed: </span><span class="si">{</span><span class="nf">str</span><span class="p">(</span><span class="n">e</span><span class="p">)</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="p">{</span><span class="sh">"</span><span class="s">result</span><span class="sh">"</span><span class="p">:</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Error processing request: </span><span class="si">{</span><span class="nf">str</span><span class="p">(</span><span class="n">e</span><span class="p">)</span><span class="si">}</span><span class="sh">"</span><span class="p">}</span> <span class="k">if</span> <span class="n">__name__</span> <span class="o">==</span> <span class="sh">"</span><span class="s">__main__</span><span class="sh">"</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sh">"</span><span class="s">Starting AWS Bedrock AgentCore Runtime</span><span class="sh">"</span><span class="p">)</span> <span class="n">app</span><span class="p">.</span><span class="nf">run</span><span class="p">()</span> </code></pre> </div> <p><strong>Key Features:</strong></p> <ul> <li> <strong>Error Handling</strong>: Comprehensive exception handling with logging</li> <li> <strong>Type Hints</strong>: Full type annotations for better code quality</li> <li> <strong>Logging</strong>: Structured logging for debugging and monitoring</li> <li> <strong>Flexibility</strong>: Configurable model and region settings</li> </ul> <h3> 2. Dependencies (<code>requirements.txt</code>) </h3> <p>Our agent requires specific Python packages:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>bedrock-agentcore strands-agents pydantic pydantic_core </code></pre> </div> <p><strong>Package Overview:</strong></p> <ul> <li> <code>bedrock-agentcore</code>: Core SDK for AgentCore Runtime</li> <li> <code>strands-agents</code>: Agent framework for building AI applications</li> <li> <code>pydantic</code>: Data validation and settings management</li> <li> <code>pydantic_core</code>: Core validation library</li> </ul> <h3> 3. Build and Deployment Script (<code>script.sh</code>) </h3> <p>The automated deployment script handles the entire build and upload process:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="nb">set</span> <span class="nt">-e</span> <span class="nv">S3_BUCKET</span><span class="o">=</span><span class="nv">$1</span> <span class="nv">VERSION</span><span class="o">=</span><span class="nv">$2</span> <span class="k">if</span> <span class="o">[</span> <span class="nt">-z</span> <span class="s2">"</span><span class="nv">$S3_BUCKET</span><span class="s2">"</span> <span class="o">]</span> <span class="o">||</span> <span class="o">[</span> <span class="nt">-z</span> <span class="s2">"</span><span class="nv">$VERSION</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Usage: </span><span class="nv">$0</span><span class="s2"> &lt;s3-bucket&gt; &lt;version&gt;"</span> <span class="nb">exit </span>1 <span class="k">fi </span><span class="nb">echo</span> <span class="s2">"Building agent version </span><span class="nv">$VERSION</span><span class="s2"> for S3 bucket </span><span class="nv">$S3_BUCKET</span><span class="s2">"</span> <span class="c"># Version normalization</span> <span class="nv">VERSION</span><span class="o">=</span><span class="si">$(</span><span class="nb">echo</span> <span class="s2">"</span><span class="nv">$VERSION</span><span class="s2">"</span> | <span class="nb">tr</span> <span class="s1">'[:upper:]'</span> <span class="s1">'[:lower:]'</span> | <span class="nb">tr</span> <span class="s1">' '</span> <span class="s1">'_'</span> | <span class="nb">tr</span> <span class="nt">-cd</span> <span class="s1">'[:alnum:]-._'</span> | <span class="nb">tr</span> <span class="s1">'.'</span> <span class="s1">'_'</span><span class="si">)</span> <span class="c"># Clean environment</span> <span class="nb">echo</span> <span class="s2">"Cleaning up local files"</span> <span class="nb">rm</span> <span class="nt">-f</span> agent.zip <span class="nb">rm</span> <span class="nt">-rf</span> package <span class="nb">rm</span> <span class="nt">-rf</span> .venv <span class="c"># Build process</span> <span class="nb">echo</span> <span class="s2">"Building agent"</span> python3 <span class="nt">-m</span> venv .venv <span class="nb">source</span> .venv/bin/activate pip <span class="nb">install</span> <span class="nt">--upgrade</span> pip <span class="nt">--no-cache-dir</span> pip <span class="nb">install</span> <span class="nt">-r</span> requirements.txt <span class="nt">--no-cache-dir</span> deactivate <span class="c"># Package creation</span> <span class="nb">echo</span> <span class="s2">"Packaging agent"</span> <span class="nb">mkdir </span>package <span class="o">||</span> <span class="nb">true cp</span> <span class="nt">-r</span> .venv/lib/python3.<span class="k">*</span>/site-packages/<span class="k">*</span> package/ <span class="nb">cp</span> <span class="nt">-r</span> main.py package/ <span class="nb">cd </span>package find <span class="nb">.</span> <span class="nt">-type</span> f <span class="nt">-name</span> <span class="s1">'*.py[co]'</span> <span class="nt">-delete</span> <span class="nt">-o</span> <span class="nt">-type</span> d <span class="nt">-name</span> __pycache__ <span class="nt">-delete</span> zip <span class="nt">-r</span> ../agent.zip <span class="k">*</span> <span class="nb">cd</span> .. <span class="c"># S3 upload</span> <span class="nb">echo</span> <span class="s2">"Uploading agent to S3"</span> aws s3 <span class="nb">cp </span>agent.zip s3://<span class="nv">$S3_BUCKET</span>/agent-<span class="nv">$VERSION</span>.zip <span class="nb">echo</span> <span class="s2">"Agent uploaded to s3://</span><span class="nv">$S3_BUCKET</span><span class="s2">/agent-</span><span class="nv">$VERSION</span><span class="s2">.zip"</span> <span class="c"># Cleanup</span> <span class="nb">rm</span> <span class="nt">-f</span> agent.zip <span class="nb">rm</span> <span class="nt">-rf</span> package <span class="nb">rm</span> <span class="nt">-rf</span> .venv <span class="nb">echo</span> <span class="s2">"Script completed successfully"</span> </code></pre> </div> <p><strong>Script Features:</strong></p> <ul> <li> <strong>Version Management</strong>: Automatic version normalization</li> <li> <strong>Clean Builds</strong>: Removes previous artifacts</li> <li> <strong>Dependency Isolation</strong>: Uses virtual environments</li> <li> <strong>Optimization</strong>: Removes unnecessary files from package</li> <li> <strong>Error Handling</strong>: Fails fast on any error</li> </ul> <h2> 🚀 Step-by-Step Implementation </h2> <h3> Step 1: Setting Up the AgentCore Runtime </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnt0lzplfhgu27eh7euv2.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnt0lzplfhgu27eh7euv2.png" alt="AgentCore Runtime Host Source" width="800" height="340"></a></p> <p>First, create your AgentCore Runtime in the AWS Console:</p> <ol> <li>Navigate to Amazon Bedrock in the AWS Console</li> <li>Select "AgentCore" from the left navigation</li> <li>Click "Create Runtime"</li> <li>Configure the runtime settings: <ul> <li> <strong>Name</strong>: Choose a descriptive name</li> <li> <strong>Description</strong>: Document the runtime purpose</li> <li> <strong>Source</strong>: Select "S3" as the source type</li> </ul> </li> </ol> <h3> Step 2: Configuring Permissions </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2iew9ooof6gaitjpsfv7.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2iew9ooof6gaitjpsfv7.png" alt="AgentCore Runtime Host Permission" width="800" height="186"></a></p> <p>Set up the necessary IAM permissions:</p> <ol> <li>Create an execution role for the AgentCore Runtime</li> <li>Attach policies for: <ul> <li>Bedrock model access</li> <li>S3 bucket access</li> <li>CloudWatch logging</li> </ul> </li> <li>Configure the runtime to use this role</li> </ol> <h3> Step 3: Protocol Configuration </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fds60rhqqkxnev5fr8k2b.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fds60rhqqkxnev5fr8k2b.png" alt="AgentCore Runtime Host Protocol" width="800" height="231"></a></p> <p>Configure the communication protocol:</p> <ol> <li>Set the invocation method (HTTP/HTTPS)</li> <li>Configure timeout settings</li> <li>Set up retry policies</li> <li>Define payload format requirements</li> </ol> <h3> Step 4: Security Configuration </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fam04ma4gyllla5po1o06.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fam04ma4gyllla5po1o06.png" alt="AgentCore Runtime Host Security" width="800" height="246"></a></p> <p>Implement security best practices:</p> <ol> <li>Enable encryption in transit and at rest</li> <li>Configure VPC settings if required</li> <li>Set up access controls</li> <li>Enable audit logging</li> </ol> <h3> Step 5: Endpoint Configuration </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fw0or6dwb03ia0m32p2fu.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fw0or6dwb03ia0m32p2fu.png" alt="AgentCore Runtime Host Endpoint" width="800" height="400"></a></p> <p>Finalize the endpoint configuration:</p> <ol> <li>Review the generated endpoint ARN</li> <li>Configure any custom domains</li> <li>Set up monitoring and alerting</li> <li>Test the endpoint connectivity</li> </ol> <h2> 📦 Deployment Process </h2> <h3> Building and Deploying Your Agent </h3> <ol> <li> <strong>Prepare Your Environment</strong> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="c"># Clone or navigate to your project directory</span> <span class="nb">cd </span>aws-agentcore-runtime <span class="c"># Ensure AWS CLI is configured</span> aws configure list </code></pre> </div> <ol> <li> <strong>Run the Deployment Script</strong> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="c"># Make the script executable</span> <span class="nb">chmod</span> +x script.sh <span class="c"># Deploy your agent</span> ./script.sh your-s3-bucket-name v1.0.0 </code></pre> </div> <ol> <li> <strong>Monitor the Deployment</strong> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="c"># Check S3 upload</span> aws s3 <span class="nb">ls </span>s3://your-s3-bucket-name/ <span class="c"># Verify the agent package</span> aws s3 <span class="nb">ls </span>s3://your-s3-bucket-name/agent-v1_0_0.zip </code></pre> </div> <h3> Deployment Best Practices </h3> <ul> <li> <strong>Version Control</strong>: Always use semantic versioning</li> <li> <strong>Testing</strong>: Test in development environments first</li> <li> <strong>Rollback Plan</strong>: Keep previous versions for quick rollback</li> <li> <strong>Monitoring</strong>: Set up CloudWatch alarms for deployment health</li> </ul> <h2> 🔧 Agent Invocation </h2> <h3> Direct Invocation from Applications </h3> <p>Use the enhanced <code>trigger-agent.py</code> for invoking your agent:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="sh">"""</span><span class="s">AWS Bedrock AgentCore Runtime - Agent Invocation Client</span><span class="sh">"""</span> <span class="kn">import</span> <span class="n">json</span> <span class="kn">import</span> <span class="n">logging</span> <span class="kn">from</span> <span class="n">typing</span> <span class="kn">import</span> <span class="n">Dict</span><span class="p">,</span> <span class="n">Any</span> <span class="kn">import</span> <span class="n">boto3</span> <span class="kn">from</span> <span class="n">botocore.exceptions</span> <span class="kn">import</span> <span class="n">ClientError</span> <span class="c1"># Configure logging </span><span class="n">logging</span><span class="p">.</span><span class="nf">basicConfig</span><span class="p">(</span><span class="n">level</span><span class="o">=</span><span class="n">logging</span><span class="p">.</span><span class="n">INFO</span><span class="p">)</span> <span class="n">logger</span> <span class="o">=</span> <span class="n">logging</span><span class="p">.</span><span class="nf">getLogger</span><span class="p">(</span><span class="n">__name__</span><span class="p">)</span> <span class="c1"># Configuration </span><span class="n">REGION_NAME</span> <span class="o">=</span> <span class="sh">'</span><span class="s">us-east-1</span><span class="sh">'</span> <span class="n">AGENT_RUNTIME_ARN</span> <span class="o">=</span> <span class="sh">'</span><span class="s">arn:aws:bedrock-agentcore:us-east-1:999999999999:runtime/hosted_agent_phmxx-dtrZCGFffv</span><span class="sh">'</span> <span class="n">RUNTIME_SESSION_ID</span> <span class="o">=</span> <span class="sh">'</span><span class="s">dfmeoagmreaklgmrkleafremoigrmtesogmtrskhmtkrlshmt</span><span class="sh">'</span> <span class="c1"># Must be 33+ chars </span><span class="n">QUALIFIER</span> <span class="o">=</span> <span class="sh">"</span><span class="s">DEFAULT</span><span class="sh">"</span> <span class="k">def</span> <span class="nf">invoke_agent</span><span class="p">(</span><span class="n">prompt</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">]:</span> <span class="sh">"""</span><span class="s">Invoke the Bedrock AgentCore runtime with a given prompt.</span><span class="sh">"""</span> <span class="k">try</span><span class="p">:</span> <span class="n">client</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="nf">client</span><span class="p">(</span><span class="sh">'</span><span class="s">bedrock-agentcore</span><span class="sh">'</span><span class="p">,</span> <span class="n">region_name</span><span class="o">=</span><span class="n">REGION_NAME</span><span class="p">)</span> <span class="n">payload</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">prompt</span><span class="sh">"</span><span class="p">:</span> <span class="n">prompt</span><span class="p">})</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Invoking agent with prompt length: </span><span class="si">{</span><span class="nf">len</span><span class="p">(</span><span class="n">prompt</span><span class="p">)</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="nf">invoke_agent_runtime</span><span class="p">(</span> <span class="n">agentRuntimeArn</span><span class="o">=</span><span class="n">AGENT_RUNTIME_ARN</span><span class="p">,</span> <span class="n">runtimeSessionId</span><span class="o">=</span><span class="n">RUNTIME_SESSION_ID</span><span class="p">,</span> <span class="n">payload</span><span class="o">=</span><span class="n">payload</span><span class="p">,</span> <span class="n">qualifier</span><span class="o">=</span><span class="n">QUALIFIER</span> <span class="p">)</span> <span class="n">response_body</span> <span class="o">=</span> <span class="n">response</span><span class="p">[</span><span class="sh">'</span><span class="s">response</span><span class="sh">'</span><span class="p">].</span><span class="nf">read</span><span class="p">()</span> <span class="n">response_data</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="nf">loads</span><span class="p">(</span><span class="n">response_body</span><span class="p">)</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sh">"</span><span class="s">Successfully received agent response</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="n">response_data</span> <span class="k">except</span> <span class="n">ClientError</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">AWS API error: </span><span class="si">{</span><span class="n">e</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">raise</span> <span class="k">except</span> <span class="n">json</span><span class="p">.</span><span class="n">JSONDecodeError</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">JSON decode error: </span><span class="si">{</span><span class="n">e</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">raise</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Unexpected error: </span><span class="si">{</span><span class="n">e</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">raise</span> <span class="k">def</span> <span class="nf">main</span><span class="p">():</span> <span class="sh">"""</span><span class="s">Main function to demonstrate agent invocation.</span><span class="sh">"""</span> <span class="k">try</span><span class="p">:</span> <span class="n">prompt</span> <span class="o">=</span> <span class="sh">"</span><span class="s">Explain machine learning in simple terms</span><span class="sh">"</span> <span class="n">response_data</span> <span class="o">=</span> <span class="nf">invoke_agent</span><span class="p">(</span><span class="n">prompt</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Agent Response:</span><span class="sh">"</span><span class="p">,</span> <span class="n">response_data</span><span class="p">)</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Failed to invoke agent: </span><span class="si">{</span><span class="n">e</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="mi">1</span> <span class="k">return</span> <span class="mi">0</span> <span class="k">if</span> <span class="n">__name__</span> <span class="o">==</span> <span class="sh">"</span><span class="s">__main__</span><span class="sh">"</span><span class="p">:</span> <span class="nf">exit</span><span class="p">(</span><span class="nf">main</span><span class="p">())</span> </code></pre> </div> <h3> Lambda Integration </h3> <p>For serverless applications, integrate with AWS Lambda:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">json</span> <span class="kn">import</span> <span class="n">boto3</span> <span class="kn">from</span> <span class="n">typing</span> <span class="kn">import</span> <span class="n">Dict</span><span class="p">,</span> <span class="n">Any</span> <span class="k">def</span> <span class="nf">lambda_handler</span><span class="p">(</span><span class="n">event</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">],</span> <span class="n">context</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">]:</span> <span class="sh">"""</span><span class="s">Lambda function to invoke AgentCore Runtime.</span><span class="sh">"""</span> <span class="n">client</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="nf">client</span><span class="p">(</span><span class="sh">'</span><span class="s">bedrock-agentcore</span><span class="sh">'</span><span class="p">)</span> <span class="c1"># Extract prompt from event </span> <span class="n">prompt</span> <span class="o">=</span> <span class="n">event</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">prompt</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">Hello!</span><span class="sh">'</span><span class="p">)</span> <span class="c1"># Invoke agent </span> <span class="n">response</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="nf">invoke_agent_runtime</span><span class="p">(</span> <span class="n">agentRuntimeArn</span><span class="o">=</span><span class="n">event</span><span class="p">[</span><span class="sh">'</span><span class="s">agentRuntimeArn</span><span class="sh">'</span><span class="p">],</span> <span class="n">runtimeSessionId</span><span class="o">=</span><span class="n">event</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">sessionId</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">default-session-id-12345678901234567890</span><span class="sh">'</span><span class="p">),</span> <span class="n">payload</span><span class="o">=</span><span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">prompt</span><span class="sh">"</span><span class="p">:</span> <span class="n">prompt</span><span class="p">}),</span> <span class="n">qualifier</span><span class="o">=</span><span class="n">event</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">qualifier</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">DEFAULT</span><span class="sh">'</span><span class="p">)</span> <span class="p">)</span> <span class="c1"># Process response </span> <span class="n">response_body</span> <span class="o">=</span> <span class="n">response</span><span class="p">[</span><span class="sh">'</span><span class="s">response</span><span class="sh">'</span><span class="p">].</span><span class="nf">read</span><span class="p">()</span> <span class="n">response_data</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="nf">loads</span><span class="p">(</span><span class="n">response_body</span><span class="p">)</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">'</span><span class="s">statusCode</span><span class="sh">'</span><span class="p">:</span> <span class="mi">200</span><span class="p">,</span> <span class="sh">'</span><span class="s">body</span><span class="sh">'</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">(</span><span class="n">response_data</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <h2> 🎯 Best Practices </h2> <h3> Code Quality </h3> <ul> <li> <strong>Type Hints</strong>: Use comprehensive type annotations</li> <li> <strong>Error Handling</strong>: Implement robust exception handling</li> <li> <strong>Logging</strong>: Add structured logging throughout your code</li> <li> <strong>Documentation</strong>: Include docstrings for all functions</li> </ul> <h3> Security </h3> <ul> <li> <strong>Credentials</strong>: Never hardcode credentials in your code</li> <li> <strong>IAM Roles</strong>: Use least privilege principle for IAM roles</li> <li> <strong>Encryption</strong>: Enable encryption for data in transit and at rest</li> <li> <strong>Secrets Management</strong>: Use AWS Secrets Manager for sensitive data</li> </ul> <h3> Performance </h3> <ul> <li> <strong>Model Selection</strong>: Choose appropriate Bedrock models for your use case</li> <li> <strong>Caching</strong>: Implement response caching where appropriate</li> <li> <strong>Timeout Configuration</strong>: Set reasonable timeout values</li> <li> <strong>Resource Optimization</strong>: Monitor and optimize resource usage</li> </ul> <h3> Monitoring and Observability </h3> <ul> <li> <strong>CloudWatch Metrics</strong>: Set up custom metrics for your agent</li> <li> <strong>Alarms</strong>: Create alarms for error rates and latency</li> <li> <strong>Distributed Tracing</strong>: Use AWS X-Ray for request tracing</li> <li> <strong>Log Analysis</strong>: Implement log aggregation and analysis</li> </ul> <h2> 🔍 Troubleshooting </h2> <h3> Common Issues and Solutions </h3> <h4> 1. Agent Deployment Failures </h4> <p><strong>Problem</strong>: Agent fails to deploy to S3 or AgentCore Runtime<br> <strong>Solutions</strong>:</p> <ul> <li>Verify S3 bucket permissions</li> <li>Check AWS CLI configuration</li> <li>Validate package structure</li> <li>Review CloudWatch logs</li> </ul> <h4> 2. Invocation Errors </h4> <p><strong>Problem</strong>: Agent invocation returns errors<br> <strong>Solutions</strong>:</p> <ul> <li>Verify AgentCore Runtime ARN</li> <li>Check session ID format (must be 33+ characters)</li> <li>Validate payload structure</li> <li>Review IAM permissions</li> </ul> <h4> 3. Performance Issues </h4> <p><strong>Problem</strong>: Slow response times or timeouts<br> <strong>Solutions</strong>:</p> <ul> <li>Optimize model selection</li> <li>Implement request caching</li> <li>Adjust timeout configurations</li> <li>Monitor resource utilization</li> </ul> <h4> 4. Authentication Failures </h4> <p><strong>Problem</strong>: Access denied errors<br> <strong>Solutions</strong>:</p> <ul> <li>Verify IAM role permissions</li> <li>Check AWS credentials configuration</li> <li>Validate resource ARNs</li> <li>Review security group settings</li> </ul> <h3> Debugging Tips </h3> <ol> <li> <strong>Enable Detailed Logging</strong> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="kn">import</span> <span class="n">logging</span> <span class="n">logging</span><span class="p">.</span><span class="nf">basicConfig</span><span class="p">(</span><span class="n">level</span><span class="o">=</span><span class="n">logging</span><span class="p">.</span><span class="n">DEBUG</span><span class="p">)</span> </code></pre> </div> <ol> <li> <strong>Use AWS CLI for Testing</strong> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> aws bedrock-agentcore invoke-agent-runtime <span class="se">\</span> <span class="nt">--agent-runtime-arn</span> <span class="s2">"your-arn"</span> <span class="se">\</span> <span class="nt">--runtime-session-id</span> <span class="s2">"your-session-id"</span> <span class="se">\</span> <span class="nt">--payload</span> <span class="s1">'{"prompt": "test"}'</span> </code></pre> </div> <ol> <li> <strong>Monitor CloudWatch Logs</strong> <ul> <li>Check AgentCore Runtime logs</li> <li>Review application logs</li> <li>Monitor error patterns</li> </ul> </li> </ol> <h2> ⚙️ Advanced Configuration </h2> <h3> Custom Model Configuration </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Using different Bedrock models </span><span class="n">bedrock_model</span> <span class="o">=</span> <span class="nc">BedrockModel</span><span class="p">(</span> <span class="n">model_id</span><span class="o">=</span><span class="sh">"</span><span class="s">anthropic.claude-3-sonnet-20240229-v1:0</span><span class="sh">"</span><span class="p">,</span> <span class="c1"># More powerful model </span> <span class="n">region_name</span><span class="o">=</span><span class="sh">"</span><span class="s">us-west-2</span><span class="sh">"</span><span class="p">,</span> <span class="n">model_kwargs</span><span class="o">=</span><span class="p">{</span> <span class="sh">"</span><span class="s">max_tokens</span><span class="sh">"</span><span class="p">:</span> <span class="mi">1000</span><span class="p">,</span> <span class="sh">"</span><span class="s">temperature</span><span class="sh">"</span><span class="p">:</span> <span class="mf">0.7</span><span class="p">,</span> <span class="sh">"</span><span class="s">top_p</span><span class="sh">"</span><span class="p">:</span> <span class="mf">0.9</span> <span class="p">}</span> <span class="p">)</span> </code></pre> </div> <h3> Multi-Region Deployment </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Deploy to multiple regions</span> <span class="nv">regions</span><span class="o">=(</span><span class="s2">"us-east-1"</span> <span class="s2">"us-west-2"</span> <span class="s2">"eu-west-1"</span><span class="o">)</span> <span class="k">for </span>region <span class="k">in</span> <span class="s2">"</span><span class="k">${</span><span class="nv">regions</span><span class="p">[@]</span><span class="k">}</span><span class="s2">"</span><span class="p">;</span> <span class="k">do </span><span class="nb">echo</span> <span class="s2">"Deploying to </span><span class="nv">$region</span><span class="s2">"</span> aws s3 <span class="nb">cp </span>agent.zip s3://your-bucket-<span class="nv">$region</span>/agent-v1.0.0.zip <span class="nt">--region</span> <span class="nv">$region</span> <span class="k">done</span> </code></pre> </div> <h3> Environment-Specific Configuration </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">os</span> <span class="kn">from</span> <span class="n">typing</span> <span class="kn">import</span> <span class="n">Dict</span><span class="p">,</span> <span class="n">Any</span> <span class="k">class</span> <span class="nc">AgentConfig</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Configuration management for different environments.</span><span class="sh">"""</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">environment</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="nf">getenv</span><span class="p">(</span><span class="sh">'</span><span class="s">ENVIRONMENT</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">development</span><span class="sh">'</span><span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="n">config</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="nf">_load_config</span><span class="p">()</span> <span class="k">def</span> <span class="nf">_load_config</span><span class="p">(</span><span class="n">self</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">]:</span> <span class="n">configs</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">'</span><span class="s">development</span><span class="sh">'</span><span class="p">:</span> <span class="p">{</span> <span class="sh">'</span><span class="s">model_id</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">anthropic.claude-3-haiku-20240307-v1:0</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">region</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">us-east-1</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">log_level</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">DEBUG</span><span class="sh">'</span> <span class="p">},</span> <span class="sh">'</span><span class="s">production</span><span class="sh">'</span><span class="p">:</span> <span class="p">{</span> <span class="sh">'</span><span class="s">model_id</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">anthropic.claude-3-sonnet-20240229-v1:0</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">region</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">us-east-1</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">log_level</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">INFO</span><span class="sh">'</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="n">configs</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">environment</span><span class="p">,</span> <span class="n">configs</span><span class="p">[</span><span class="sh">'</span><span class="s">development</span><span class="sh">'</span><span class="p">])</span> </code></pre> </div> <h2> 📊 Monitoring and Metrics </h2> <h3> Custom CloudWatch Metrics </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">boto3</span> <span class="kn">from</span> <span class="n">datetime</span> <span class="kn">import</span> <span class="n">datetime</span> <span class="k">def</span> <span class="nf">publish_custom_metrics</span><span class="p">(</span><span class="n">metric_name</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">value</span><span class="p">:</span> <span class="nb">float</span><span class="p">,</span> <span class="n">unit</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="sh">'</span><span class="s">Count</span><span class="sh">'</span><span class="p">):</span> <span class="sh">"""</span><span class="s">Publish custom metrics to CloudWatch.</span><span class="sh">"""</span> <span class="n">cloudwatch</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="nf">client</span><span class="p">(</span><span class="sh">'</span><span class="s">cloudwatch</span><span class="sh">'</span><span class="p">)</span> <span class="n">cloudwatch</span><span class="p">.</span><span class="nf">put_metric_data</span><span class="p">(</span> <span class="n">Namespace</span><span class="o">=</span><span class="sh">'</span><span class="s">AgentCore/Runtime</span><span class="sh">'</span><span class="p">,</span> <span class="n">MetricData</span><span class="o">=</span><span class="p">[</span> <span class="p">{</span> <span class="sh">'</span><span class="s">MetricName</span><span class="sh">'</span><span class="p">:</span> <span class="n">metric_name</span><span class="p">,</span> <span class="sh">'</span><span class="s">Value</span><span class="sh">'</span><span class="p">:</span> <span class="n">value</span><span class="p">,</span> <span class="sh">'</span><span class="s">Unit</span><span class="sh">'</span><span class="p">:</span> <span class="n">unit</span><span class="p">,</span> <span class="sh">'</span><span class="s">Timestamp</span><span class="sh">'</span><span class="p">:</span> <span class="n">datetime</span><span class="p">.</span><span class="nf">utcnow</span><span class="p">()</span> <span class="p">}</span> <span class="p">]</span> <span class="p">)</span> <span class="c1"># Usage in your agent </span><span class="nd">@app.entrypoint</span> <span class="k">def</span> <span class="nf">invoke</span><span class="p">(</span><span class="n">payload</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">])</span> <span class="o">-&gt;</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="nb">str</span><span class="p">]:</span> <span class="n">start_time</span> <span class="o">=</span> <span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="k">try</span><span class="p">:</span> <span class="c1"># Your agent logic here </span> <span class="n">result</span> <span class="o">=</span> <span class="nf">agent</span><span class="p">(</span><span class="n">user_message</span><span class="p">)</span> <span class="c1"># Publish success metric </span> <span class="nf">publish_custom_metrics</span><span class="p">(</span><span class="sh">'</span><span class="s">AgentInvocations</span><span class="sh">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">,</span> <span class="sh">'</span><span class="s">Count</span><span class="sh">'</span><span class="p">)</span> <span class="nf">publish_custom_metrics</span><span class="p">(</span><span class="sh">'</span><span class="s">ResponseTime</span><span class="sh">'</span><span class="p">,</span> <span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="o">-</span> <span class="n">start_time</span><span class="p">,</span> <span class="sh">'</span><span class="s">Seconds</span><span class="sh">'</span><span class="p">)</span> <span class="k">return</span> <span class="p">{</span><span class="sh">"</span><span class="s">result</span><span class="sh">"</span><span class="p">:</span> <span class="n">result</span><span class="p">.</span><span class="n">message</span><span class="p">}</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="c1"># Publish error metric </span> <span class="nf">publish_custom_metrics</span><span class="p">(</span><span class="sh">'</span><span class="s">AgentErrors</span><span class="sh">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">,</span> <span class="sh">'</span><span class="s">Count</span><span class="sh">'</span><span class="p">)</span> <span class="k">raise</span> </code></pre> </div> <h2> 🚀 Scaling and Optimization </h2> <h3> Performance Optimization Strategies </h3> <ol> <li> <p><strong>Model Selection</strong>: Choose the right model for your use case</p> <ul> <li>Haiku: Fast, cost-effective for simple tasks</li> <li>Sonnet: Balanced performance and capability</li> <li>Opus: Maximum capability for complex tasks</li> </ul> </li> <li><p><strong>Caching Strategy</strong>: Implement intelligent caching<br> </p></li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="kn">from</span> <span class="n">functools</span> <span class="kn">import</span> <span class="n">lru_cache</span> <span class="nd">@lru_cache</span><span class="p">(</span><span class="n">maxsize</span><span class="o">=</span><span class="mi">100</span><span class="p">)</span> <span class="k">def</span> <span class="nf">cached_agent_response</span><span class="p">(</span><span class="n">prompt_hash</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="c1"># Cache responses for identical prompts </span> <span class="k">pass</span> </code></pre> </div> <ol> <li> <strong>Batch Processing</strong>: Process multiple requests efficiently </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="k">def</span> <span class="nf">batch_invoke</span><span class="p">(</span><span class="n">prompts</span><span class="p">:</span> <span class="n">List</span><span class="p">[</span><span class="nb">str</span><span class="p">])</span> <span class="o">-&gt;</span> <span class="n">List</span><span class="p">[</span><span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="nb">str</span><span class="p">]]:</span> <span class="sh">"""</span><span class="s">Process multiple prompts in batch.</span><span class="sh">"""</span> <span class="n">results</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">for</span> <span class="n">prompt</span> <span class="ow">in</span> <span class="n">prompts</span><span class="p">:</span> <span class="n">result</span> <span class="o">=</span> <span class="nf">agent</span><span class="p">(</span><span class="n">prompt</span><span class="p">)</span> <span class="n">results</span><span class="p">.</span><span class="nf">append</span><span class="p">({</span><span class="sh">"</span><span class="s">result</span><span class="sh">"</span><span class="p">:</span> <span class="n">result</span><span class="p">.</span><span class="n">message</span><span class="p">})</span> <span class="k">return</span> <span class="n">results</span> </code></pre> </div> <h2> 🔐 Security Considerations </h2> <h3> Data Privacy and Compliance </h3> <ol> <li> <strong>Data Encryption</strong>: Ensure all data is encrypted</li> <li> <strong>Access Controls</strong>: Implement fine-grained access controls</li> <li> <strong>Audit Logging</strong>: Enable comprehensive audit logging</li> <li> <strong>Compliance</strong>: Follow industry-specific compliance requirements</li> </ol> <h3> Security Best Practices </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">hashlib</span> <span class="kn">import</span> <span class="n">hmac</span> <span class="kn">from</span> <span class="n">typing</span> <span class="kn">import</span> <span class="n">Optional</span> <span class="k">class</span> <span class="nc">SecurityManager</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Security utilities for agent operations.</span><span class="sh">"""</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">secret_key</span><span class="p">:</span> <span class="nb">str</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">secret_key</span> <span class="o">=</span> <span class="n">secret_key</span> <span class="k">def</span> <span class="nf">validate_request</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">payload</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">signature</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">bool</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Validate request signature.</span><span class="sh">"""</span> <span class="n">expected_signature</span> <span class="o">=</span> <span class="n">hmac</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span> <span class="n">self</span><span class="p">.</span><span class="n">secret_key</span><span class="p">.</span><span class="nf">encode</span><span class="p">(),</span> <span class="n">payload</span><span class="p">.</span><span class="nf">encode</span><span class="p">(),</span> <span class="n">hashlib</span><span class="p">.</span><span class="n">sha256</span> <span class="p">).</span><span class="nf">hexdigest</span><span class="p">()</span> <span class="k">return</span> <span class="n">hmac</span><span class="p">.</span><span class="nf">compare_digest</span><span class="p">(</span><span class="n">signature</span><span class="p">,</span> <span class="n">expected_signature</span><span class="p">)</span> <span class="k">def</span> <span class="nf">sanitize_input</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">user_input</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Sanitize user input to prevent injection attacks.</span><span class="sh">"""</span> <span class="c1"># Implement input sanitization logic </span> <span class="k">return</span> <span class="n">user_input</span><span class="p">.</span><span class="nf">strip</span><span class="p">()</span> </code></pre> </div> <h2> 📈 Cost Optimization </h2> <h3> Cost Management Strategies </h3> <ol> <li> <strong>Model Selection</strong>: Choose cost-effective models</li> <li> <strong>Request Optimization</strong>: Minimize unnecessary requests</li> <li> <strong>Caching</strong>: Implement response caching</li> <li> <strong>Monitoring</strong>: Track usage and costs</li> </ol> <h3> Cost Monitoring </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">calculate_estimated_cost</span><span class="p">(</span><span class="n">tokens_used</span><span class="p">:</span> <span class="nb">int</span><span class="p">,</span> <span class="n">model_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">float</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Calculate estimated cost based on token usage.</span><span class="sh">"""</span> <span class="c1"># Pricing per 1K tokens (example rates) </span> <span class="n">pricing</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">'</span><span class="s">anthropic.claude-3-haiku-20240307-v1:0</span><span class="sh">'</span><span class="p">:</span> <span class="mf">0.00025</span><span class="p">,</span> <span class="sh">'</span><span class="s">anthropic.claude-3-sonnet-20240229-v1:0</span><span class="sh">'</span><span class="p">:</span> <span class="mf">0.003</span><span class="p">,</span> <span class="sh">'</span><span class="s">anthropic.claude-3-opus-20240229-v1:0</span><span class="sh">'</span><span class="p">:</span> <span class="mf">0.015</span> <span class="p">}</span> <span class="n">rate</span> <span class="o">=</span> <span class="n">pricing</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">model_id</span><span class="p">,</span> <span class="mf">0.001</span><span class="p">)</span> <span class="nf">return </span><span class="p">(</span><span class="n">tokens_used</span> <span class="o">/</span> <span class="mi">1000</span><span class="p">)</span> <span class="o">*</span> <span class="n">rate</span> </code></pre> </div> <h2> 🎯 Conclusion </h2> <p>AWS Bedrock AgentCore Runtime provides a powerful, scalable platform for deploying AI agents in production environments. By following the practices and patterns outlined in this guide, you can build robust, secure, and efficient AI agents that scale with your business needs.</p> <h3> Key Takeaways </h3> <ol> <li> <strong>Simplicity</strong>: AgentCore Runtime eliminates infrastructure complexity</li> <li> <strong>Scalability</strong>: Automatic scaling handles varying workloads</li> <li> <strong>Security</strong>: Built-in AWS security features protect your agents</li> <li> <strong>Cost-Effectiveness</strong>: Pay-per-use model optimizes costs</li> <li> <strong>Integration</strong>: Seamless integration with AWS services</li> </ol> <h3> Next Steps </h3> <ol> <li> <strong>Experiment</strong>: Try different Bedrock models for your use cases</li> <li> <strong>Optimize</strong>: Implement caching and performance optimizations</li> <li> <strong>Monitor</strong>: Set up comprehensive monitoring and alerting</li> <li> <strong>Scale</strong>: Deploy across multiple regions for global availability</li> <li> <strong>Innovate</strong>: Explore advanced agent capabilities and integrations</li> </ol> <h2> Github Link </h2> <p><a href="https://github.com/prashantgupta123/devops-automation/tree/main/aws-agentcore-runtime" rel="noopener noreferrer">https://github.com/prashantgupta123/devops-automation/tree/main/aws-agentcore-runtime</a></p> <h3> Resources </h3> <ul> <li><a href="https://docs.aws.amazon.com/bedrock/" rel="noopener noreferrer">AWS Bedrock Documentation</a></li> <li><a href="https://docs.aws.amazon.com/bedrock/latest/APIReference/" rel="noopener noreferrer">AgentCore Runtime API Reference</a></li> <li><a href="https://docs.aws.amazon.com/bedrock/latest/userguide/models-supported.html" rel="noopener noreferrer">Bedrock Model Documentation</a></li> <li><a href="https://aws.amazon.com/security/security-learning/" rel="noopener noreferrer">AWS Security Best Practices</a></li> </ul> <p><strong>Ready to build your next AI agent?</strong> Start with this foundation and customize it for your specific use case. The future of AI applications is serverless, scalable, and secure with AWS Bedrock AgentCore Runtime.</p> aws bedrock agents Prashant Gupta Mon, 29 Dec 2025 12:13:13 +0000 https://dev.to/prashantgupta123/aws-terraform-modules-from-basic-to-advanced-1djc https://dev.to/prashantgupta123/aws-terraform-modules-from-basic-to-advanced-1djc <h2> AWS Terraform Modules </h2> <p>A collection of reusable Terraform modules for AWS infrastructure provisioning. These modules follow best practices and provide flexible, production-ready infrastructure components.</p> <h2> 📁 Module Directory Structure </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>aws-terraform-modules/ ├── aws-terraform-vpc/ # VPC infrastructure module ├── aws-terraform-vpc-endpoint/ # VPC endpoints module ├── aws-terraform-vpc-peering/ # VPC peering connections module └── README.md # This file </code></pre> </div> <h2> 🏗️ Available Modules </h2> <h3> <a href="https://github.com/prashantgupta123/aws-terraform-modules/blob/main/aws-terraform-vpc" rel="noopener noreferrer">AWS VPC Module</a> </h3> <p><strong>Purpose</strong>: Comprehensive VPC infrastructure provisioning with subnets, route tables, NAT gateways, internet gateways, and VPC endpoints.</p> <p><strong>Key Features</strong>:</p> <ul> <li>Dual deployment modes (Simple/Advanced)</li> <li>Public, Private, and Database subnets</li> <li>Internet Gateway and NAT Gateway support</li> <li>VPC Flow Logs and VPC Endpoints</li> <li>Flexible subnet configuration</li> </ul> <p><strong>Use Cases</strong>: Complete VPC setup for applications requiring network isolation, multi-tier architectures, and secure AWS service access.</p> <h3> <a href="https://github.com/prashantgupta123/aws-terraform-modules/tree/main/aws-terraform-vpc-endpoint" rel="noopener noreferrer">AWS VPC Endpoint Module</a> </h3> <p><strong>Purpose</strong>: Secure, private connectivity to AWS services without internet access through VPC endpoints.</p> <p><strong>Key Features</strong>:</p> <ul> <li>Default SSM connectivity endpoints</li> <li>Interface and Gateway endpoint support</li> <li>Automatic security group management</li> <li>Multi-AZ deployment</li> <li>Cost-effective S3 and DynamoDB access</li> </ul> <p><strong>Use Cases</strong>: Private AWS service access for EC2 instances, container workloads, and serverless applications.</p> <h3> <a href="https://github.com/prashantgupta123/aws-terraform-modules/tree/main/aws-terraform-vpc-peering" rel="noopener noreferrer">AWS VPC Peering Module</a> </h3> <p><strong>Purpose</strong>: Establish private network connectivity between VPCs within the same or different AWS accounts and regions.</p> <p><strong>Key Features</strong>:</p> <ul> <li>Cross-account and cross-region peering support</li> <li>Automatic peering acceptance and DNS resolution</li> <li>Route table management and CIDR routing</li> <li>Dual AWS provider configuration</li> <li>Comprehensive tagging and naming conventions</li> </ul> <p><strong>Use Cases</strong>: Multi-VPC architectures, cross-account resource sharing, disaster recovery setups, and hybrid cloud connectivity.</p> <h2> 🚀 Quick Start </h2> <h3> Prerequisites </h3> <ul> <li>Terraform &gt;= 1.14.3</li> <li>AWS CLI configured with appropriate permissions</li> <li>AWS Provider ~&gt; 6.27.0</li> </ul> <h3> Basic VPC Setup </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">module</span> <span class="s2">"vpc"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"git::https://github.com/prashantgupta123/aws-terraform-modules.git?ref=v1.0.0//aws-terraform-vpc"</span> <span class="nx">cidr_block</span> <span class="p">=</span> <span class="s2">"10.0.0.0/16"</span> <span class="nx">subnet_bits</span> <span class="p">=</span> <span class="mi">8</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"my-vpc"</span> <span class="p">}</span> <span class="nx">module</span> <span class="s2">"vpc_endpoints"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"git::https://github.com/prashantgupta123/aws-terraform-modules.git?ref=v1.0.0//aws-terraform-vpc-endpoint"</span> <span class="nx">project_name_prefix</span> <span class="p">=</span> <span class="s2">"my-project"</span> <span class="nx">vpc_id</span> <span class="p">=</span> <span class="nx">module</span><span class="p">.</span><span class="nx">vpc</span><span class="p">.</span><span class="nx">vpc_id</span> <span class="nx">subnet_ids</span> <span class="p">=</span> <span class="nx">module</span><span class="p">.</span><span class="nx">vpc</span><span class="p">.</span><span class="nx">subnet_ids</span><span class="p">[</span><span class="s2">"private"</span><span class="p">]</span> <span class="nx">route_table_ids</span> <span class="p">=</span> <span class="p">[</span><span class="nx">module</span><span class="p">.</span><span class="nx">vpc</span><span class="p">.</span><span class="nx">route_table_id</span><span class="p">[</span><span class="s2">"private"</span><span class="p">]]</span> <span class="p">}</span> </code></pre> </div> <h2> 📋 Common Usage Patterns </h2> <h3> 1. Simple Three-Tier Architecture </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">module</span> <span class="s2">"vpc"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"git::https://github.com/prashantgupta123/aws-terraform-modules.git?ref=v1.0.0//aws-terraform-vpc"</span> <span class="nx">cidr_block</span> <span class="p">=</span> <span class="s2">"10.0.0.0/16"</span> <span class="nx">subnet_bits</span> <span class="p">=</span> <span class="mi">8</span> <span class="nx">subnet_group</span> <span class="p">=</span> <span class="p">{</span> <span class="s2">"public"</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">is_public</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">nat_gateway</span> <span class="p">=</span> <span class="kc">false</span> <span class="p">}</span> <span class="s2">"private"</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">is_public</span> <span class="p">=</span> <span class="kc">false</span> <span class="nx">nat_gateway</span> <span class="p">=</span> <span class="kc">true</span> <span class="p">}</span> <span class="s2">"database"</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">is_public</span> <span class="p">=</span> <span class="kc">false</span> <span class="nx">nat_gateway</span> <span class="p">=</span> <span class="kc">false</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> 2. Container-Ready Infrastructure </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">module</span> <span class="s2">"vpc"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"git::https://github.com/prashantgupta123/aws-terraform-modules.git?ref=v1.0.0//aws-terraform-vpc"</span> <span class="nx">cidr_block</span> <span class="p">=</span> <span class="s2">"10.0.0.0/16"</span> <span class="c1"># Enable VPC endpoints for container services</span> <span class="nx">create_vpc_endpoint</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">add_interface</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"ecr.api"</span><span class="p">,</span> <span class="s2">"ecr.dkr"</span><span class="p">,</span> <span class="s2">"logs"</span><span class="p">]</span> <span class="p">}</span> <span class="nx">module</span> <span class="s2">"vpc_endpoints"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"git::https://github.com/prashantgupta123/aws-terraform-modules.git?ref=v1.0.0//aws-terraform-vpc-endpoint"</span> <span class="nx">project_name_prefix</span> <span class="p">=</span> <span class="s2">"container-app"</span> <span class="nx">vpc_id</span> <span class="p">=</span> <span class="nx">module</span><span class="p">.</span><span class="nx">vpc</span><span class="p">.</span><span class="nx">vpc_id</span> <span class="nx">subnet_ids</span> <span class="p">=</span> <span class="nx">module</span><span class="p">.</span><span class="nx">vpc</span><span class="p">.</span><span class="nx">subnet_ids</span><span class="p">[</span><span class="s2">"private"</span><span class="p">]</span> <span class="nx">route_table_ids</span> <span class="p">=</span> <span class="p">[</span><span class="nx">module</span><span class="p">.</span><span class="nx">vpc</span><span class="p">.</span><span class="nx">route_table_id</span><span class="p">[</span><span class="s2">"private"</span><span class="p">]]</span> <span class="nx">add_interface</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"ecr.api"</span><span class="p">,</span> <span class="s2">"ecr.dkr"</span><span class="p">,</span> <span class="s2">"logs"</span><span class="p">,</span> <span class="s2">"secretsmanager"</span><span class="p">]</span> <span class="p">}</span> </code></pre> </div> <h3> 3. Multi-VPC Architecture with Peering </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1"># Main VPC</span> <span class="nx">module</span> <span class="s2">"main_vpc"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"git::https://github.com/prashantgupta123/aws-terraform-modules.git?ref=v1.0.0//aws-terraform-vpc"</span> <span class="nx">cidr_block</span> <span class="p">=</span> <span class="s2">"10.0.0.0/16"</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"main-vpc"</span> <span class="p">}</span> <span class="c1"># Shared Services VPC</span> <span class="nx">module</span> <span class="s2">"shared_vpc"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"git::https://github.com/prashantgupta123/aws-terraform-modules.git?ref=v1.0.0//aws-terraform-vpc"</span> <span class="nx">cidr_block</span> <span class="p">=</span> <span class="s2">"10.1.0.0/16"</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"shared-services-vpc"</span> <span class="p">}</span> <span class="c1"># VPC Peering Connection</span> <span class="nx">module</span> <span class="s2">"vpc_peering"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"git::https://github.com/prashantgupta123/aws-terraform-modules.git?ref=v1.0.0//aws-terraform-vpc-peering"</span> <span class="nx">requester_vpc_id</span> <span class="p">=</span> <span class="nx">module</span><span class="p">.</span><span class="nx">main_vpc</span><span class="p">.</span><span class="nx">vpc_id</span> <span class="nx">accepter_vpc_id</span> <span class="p">=</span> <span class="nx">module</span><span class="p">.</span><span class="nx">shared_vpc</span><span class="p">.</span><span class="nx">vpc_id</span> <span class="nx">auto_accept_peering</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">requester_dns_resolution</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">accepter_dns_resolution</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">create_peering_routes</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">route_table_id</span> <span class="p">=</span> <span class="nx">module</span><span class="p">.</span><span class="nx">main_vpc</span><span class="p">.</span><span class="nx">route_table_id</span><span class="p">[</span><span class="s2">"private"</span><span class="p">]</span> <span class="nx">destination_cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"10.1.0.0/16"</span><span class="p">]</span> <span class="nx">providers</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">this</span> <span class="p">=</span> <span class="nx">aws</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">peer</span> <span class="p">=</span> <span class="nx">aws</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> 🔧 Module Dependencies </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>graph TD A[aws-terraform-vpc] --&gt; B[aws-terraform-vpc-endpoint] A --&gt; C[aws-terraform-vpc-peering] A --&gt; D[Your Application Infrastructure] B --&gt; D C --&gt; D C --&gt; E[Remote VPC] </code></pre> </div> <p>The VPC module should be deployed first, followed by VPC endpoints and other infrastructure components.</p> <h2> 🏷️ Tagging Strategy </h2> <p>All modules support consistent tagging:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">common_tags</span> <span class="err">=</span> <span class="p">{</span> <span class="nx">Environment</span> <span class="p">=</span> <span class="s2">"production"</span> <span class="nx">Project</span> <span class="p">=</span> <span class="s2">"my-application"</span> <span class="nx">Owner</span> <span class="p">=</span> <span class="s2">"platform-team"</span> <span class="nx">ManagedBy</span> <span class="p">=</span> <span class="s2">"terraform"</span> <span class="p">}</span> </code></pre> </div> <h2> 🔒 Security Best Practices </h2> <ol> <li> <strong>Network Segmentation</strong>: Use private subnets for application workloads</li> <li> <strong>VPC Endpoints</strong>: Reduce internet traffic with private AWS service access</li> <li> <strong>Flow Logs</strong>: Enable VPC Flow Logs for network monitoring</li> <li> <strong>Least Privilege</strong>: Configure security groups with minimal required access</li> </ol> <h2> 💰 Cost Optimization </h2> <ul> <li>Use Gateway endpoints (S3, DynamoDB) instead of Interface endpoints when possible</li> <li>Consider NAT Gateway placement and data transfer costs</li> <li>Monitor VPC endpoint usage and remove unused endpoints</li> </ul> <h2> 📖 Documentation Links </h2> <ul> <li><a href="https://github.com/prashantgupta123/aws-terraform-modules/blob/main/aws-terraform-vpc/README.md" rel="noopener noreferrer">AWS VPC Module Documentation</a></li> <li><a href="https://github.com/prashantgupta123/aws-terraform-modules/blob/main/aws-terraform-vpc-endpoint/README.md" rel="noopener noreferrer">AWS VPC Endpoint Module Documentation</a></li> <li><a href="https://github.com/prashantgupta123/aws-terraform-modules/blob/main/aws-terraform-vpc-peering/README.md" rel="noopener noreferrer">AWS VPC Peering Module Documentation</a></li> <li><a href="https://docs.aws.amazon.com/vpc/latest/userguide/vpc-security-best-practices.html" rel="noopener noreferrer">AWS VPC Best Practices</a></li> <li><a href="https://docs.aws.amazon.com/vpc/latest/peering/" rel="noopener noreferrer">AWS VPC Peering Guide</a></li> <li><a href="https://registry.terraform.io/providers/hashicorp/aws/latest/docs" rel="noopener noreferrer">Terraform AWS Provider Documentation</a></li> </ul> <h2> 🤝 Contributing </h2> <ol> <li>Fork the repository</li> <li>Create a feature branch</li> <li>Make your changes with appropriate tests</li> <li>Update documentation</li> <li>Submit a pull request</li> </ol> <h2> 📄 Github Link </h2> <p><a href="https://github.com/prashantgupta123/aws-terraform-modules/tree/main" rel="noopener noreferrer">https://github.com/prashantgupta123/aws-terraform-modules/tree/main</a></p> <h2> 🆘 Support </h2> <p>For issues and questions:</p> <ul> <li>Create an issue in the GitHub repository</li> <li>Check existing examples in module directories</li> <li>Review AWS and Terraform documentation</li> </ul> <p><em>These modules are designed to follow AWS Well-Architected Framework principles and Terraform best practices.</em></p> aws terraform automation Prashant Gupta Sun, 28 Dec 2025 15:04:48 +0000 https://dev.to/prashantgupta123/devops-future-task-reminders-3m47 https://dev.to/prashantgupta123/devops-future-task-reminders-3m47 <h2> Future Task Reminders </h2> <p>Node.js/Express dashboard to create and manage task reminders, store them in a MySQL database, and send reminder emails via SMTP when their trigger date/time is reached.</p> <h3> Features </h3> <ul> <li> <strong>Dashboard summary</strong>: See all tasks with counts of <strong>high</strong>, <strong>medium</strong>, and <strong>low</strong> priority.</li> <li> <strong>Task form</strong>: Create a task with <strong>name</strong>, <strong>description</strong>, <strong>priority</strong>, <strong>trigger date/time</strong>, <strong>type</strong>, <strong>execution protection</strong>, and <strong>email recipients</strong>.</li> <li> <strong>Execution Protection</strong>: Control how reminders are sent: <ul> <li> <strong>None</strong> (default): Reminder is sent once when trigger time is reached</li> <li> <strong>Daily</strong>: Reminder is sent daily after trigger time until manually stopped</li> <li> <strong>Weekly</strong>: Reminder is sent weekly after trigger time until manually stopped</li> <li> <strong>Monthly</strong>: Reminder is sent monthly after trigger time until manually stopped</li> </ul> </li> <li> <strong>MySQL persistence</strong>: Tasks are stored in a MySQL table.</li> <li> <strong>SMTP reminders</strong>: Dual schedulers check for due tasks and send emails via SMTP: <ul> <li>Immediate scheduler (<code>REMINDER_CRON</code>): Runs frequently for one-time reminders</li> <li>Daily scheduler (<code>DAILY_CRON</code>): Runs daily for recurring reminders with execution protection</li> </ul> </li> </ul> <h3> UI Screenshots </h3> <ul> <li><strong>Create Account</strong></li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4eyb7yxz8cr5rncu22op.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4eyb7yxz8cr5rncu22op.png" alt="Create Account" width="800" height="604"></a></p> <ul> <li><strong>Login</strong></li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffvx91zfiellkg4vk558j.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffvx91zfiellkg4vk558j.png" alt="Login" width="800" height="456"></a></p> <ul> <li><strong>Task Dashboard</strong></li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnqa078i1knvyo10y5o9b.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnqa078i1knvyo10y5o9b.png" alt="Task Dashboard" width="800" height="602"></a></p> <ul> <li><strong>Task Lists</strong></li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2v8fpbz1ytqfn37qvas6.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2v8fpbz1ytqfn37qvas6.png" alt="Task Lists" width="800" height="561"></a></p> <ul> <li><strong>Email Reminder</strong></li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fot18jvrinbgqgn0z7yfh.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fot18jvrinbgqgn0z7yfh.png" alt="Email Reminder" width="800" height="543"></a></p> <h3> Prerequisites </h3> <ul> <li>Node.js (LTS recommended)</li> <li>MySQL server</li> <li>SMTP credentials (can be from any provider that supports SMTP)</li> </ul> <h3> 1. Clone and install </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cd </span>future-task-reminders npm <span class="nb">install</span> </code></pre> </div> <h3> 2. Create the MySQL database </h3> <p>In MySQL:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">DATABASE</span> <span class="n">task_reminders</span> <span class="nb">CHARACTER</span> <span class="k">SET</span> <span class="n">utf8mb4</span> <span class="k">COLLATE</span> <span class="n">utf8mb4_unicode_ci</span><span class="p">;</span> </code></pre> </div> <p>You do <strong>not</strong> need to manually create the <code>tasks</code> table; it will be created automatically on server start via <code>initializeSchema()</code>.</p> <h3> 3. Environment variables </h3> <p>Create a <code>.env</code> file in the project root, for example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">PORT</span><span class="o">=</span>3000 <span class="c"># MySQL</span> <span class="nv">DB_HOST</span><span class="o">=</span>localhost <span class="nv">DB_PORT</span><span class="o">=</span>3306 <span class="nv">DB_USER</span><span class="o">=</span>root <span class="nv">DB_PASSWORD</span><span class="o">=</span>your_db_password <span class="nv">DB_NAME</span><span class="o">=</span>task_reminders <span class="c"># SMTP</span> <span class="nv">SMTP_HOST</span><span class="o">=</span>smtp.your-email-provider.com <span class="nv">SMTP_PORT</span><span class="o">=</span>587 <span class="nv">SMTP_SECURE</span><span class="o">=</span><span class="nb">false </span><span class="nv">SMTP_USER</span><span class="o">=</span>your_smtp_username <span class="nv">SMTP_PASS</span><span class="o">=</span>your_smtp_password <span class="nv">SMTP_FROM</span><span class="o">=</span><span class="s2">"Task Reminders &lt;no-reply@example.com&gt;"</span> <span class="c"># Reminder check schedule (cron expression, default is every minute)</span> <span class="c"># This scheduler handles immediate reminders for tasks with execution_protection='none'</span> <span class="nv">REMINDER_CRON</span><span class="o">=</span><span class="k">*</span>/1 <span class="k">*</span> <span class="k">*</span> <span class="k">*</span> <span class="k">*</span> <span class="c"># Daily reminder check schedule (cron expression, default is 9 AM daily)</span> <span class="c"># This scheduler handles recurring reminders for tasks with execution_protection='daily' or 'weekly'</span> <span class="nv">DAILY_CRON</span><span class="o">=</span>0 9 <span class="k">*</span> <span class="k">*</span> <span class="k">*</span> <span class="c"># Session secret</span> <span class="nv">SESSION_SECRET</span><span class="o">=</span>change_me_for_production </code></pre> </div> <h3> 4. Run the app </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm start </code></pre> </div> <p>Then open <code>http://localhost:3000</code> in your browser.</p> <h3> 5. Usage </h3> <ul> <li> <strong>Create tasks</strong> from the form on the dashboard with the following fields: <ul> <li> <strong>Task Name</strong>: Name of the task</li> <li> <strong>Description</strong>: Optional description</li> <li> <strong>Priority</strong>: High, Medium, or Low</li> <li> <strong>Trigger Date &amp; Time</strong>: When the reminder should be sent</li> <li> <strong>Task Type</strong>: Public (visible to all) or Private (visible only to creator)</li> <li> <strong>Execution Protection</strong>: </li> <li> <strong>None</strong>: Send reminder once when trigger time is reached</li> <li> <strong>Daily</strong>: Send reminder daily after trigger time (continues until changed to 'none')</li> <li> <strong>Weekly</strong>: Send reminder weekly after trigger time (continues until changed to 'none')</li> <li> <strong>Monthly</strong>: Send reminder monthly after trigger time (continues until changed to 'none')</li> <li> <strong>Email Recipients</strong>: Comma-separated list of email addresses</li> </ul> </li> <li> <strong>View all tasks</strong> in the table, including their priority, trigger time, execution protection status, recipients, and whether the reminder email has been sent.</li> <li> <strong>Edit tasks</strong> to update any field, including changing execution protection to stop recurring reminders.</li> <li> <strong>Duplicate tasks</strong> to create new tasks based on existing ones.</li> <li>The <strong>schedulers</strong> run at the intervals specified by <code>REMINDER_CRON</code> and <code>DAILY_CRON</code>: <ul> <li>Tasks with <code>execution_protection='none'</code> are sent once when <code>trigger_at &lt;= NOW()</code> and <code>is_reminded = 0</code> </li> <li>Tasks with <code>execution_protection='daily'</code> are sent daily after trigger time (if <code>last_reminded_at</code> is NULL or more than 1 day ago)</li> <li>Tasks with <code>execution_protection='weekly'</code> are sent weekly after trigger time (if <code>last_reminded_at</code> is NULL or more than 1 week ago)</li> <li>Tasks with <code>execution_protection='monthly'</code> are sent monthly after trigger time (if <code>last_reminded_at</code> is NULL or more than 1 month ago)</li> <li>Tasks are prioritized by execution protection (daily &gt; weekly &gt; monthly &gt; none), then by priority</li> </ul> </li> </ul> <h3> 6. Production deployment checklist </h3> <ul> <li> <strong>Environment variables</strong> <ul> <li>Set strong values for <code>SESSION_SECRET</code>, DB password, and SMTP credentials.</li> <li>Use a production MySQL instance (managed service or your own server).</li> <li>Point <code>DB_HOST</code> to the production DB host.</li> <li>Configure <code>REMINDER_CRON</code> for immediate reminders (e.g., <code>*/1 * * * *</code> for every minute).</li> <li>Configure <code>DAILY_CRON</code> for recurring reminders (e.g., <code>0 9 * * *</code> for 9 AM daily).</li> </ul> </li> <li> <strong>Security</strong> <ul> <li>Serve the app behind HTTPS (e.g. with Nginx/Traefik or a cloud load balancer).</li> <li>Restrict MySQL and SMTP access to trusted networks only.</li> <li>Rotate SMTP and DB credentials regularly.</li> </ul> </li> <li> <strong>App runtime</strong> <ul> <li>Run with <code>NODE_ENV=production</code>.</li> <li>Use a process manager (e.g. <code>pm2</code>) or a container orchestration platform (Docker/Kubernetes) for restarts and health checks.</li> </ul> </li> <li> <strong>Email</strong> <ul> <li>Ensure your SMTP provider is configured for production (SPF/DKIM/DMARC) so reminder emails don’t land in spam.</li> </ul> </li> <li> <strong>Backups &amp; monitoring</strong> <ul> <li>Enable regular backups for the <code>task_reminders</code> database.</li> <li>Add basic monitoring/alerts for app errors and DB health.</li> </ul> </li> </ul> <h3> 7. Docker build &amp; run </h3> <p>A simple <code>Dockerfile</code> is included to run the app in a container.</p> <h4> Build </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker build <span class="nt">-t</span> future-task-reminders <span class="nb">.</span> </code></pre> </div> <h4> Run (with external MySQL) </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker run <span class="nt">-d</span> <span class="se">\</span> <span class="nt">--name</span> future-task-reminders <span class="se">\</span> <span class="nt">-p</span> 3000:3000 <span class="se">\</span> <span class="nt">-e</span> <span class="nv">NODE_ENV</span><span class="o">=</span>production <span class="se">\</span> <span class="nt">-e</span> <span class="nv">PORT</span><span class="o">=</span>3000 <span class="se">\</span> <span class="nt">-e</span> <span class="nv">DB_HOST</span><span class="o">=</span>your-mysql-host <span class="se">\</span> <span class="nt">-e</span> <span class="nv">DB_PORT</span><span class="o">=</span>3306 <span class="se">\</span> <span class="nt">-e</span> <span class="nv">DB_USER</span><span class="o">=</span>your_db_user <span class="se">\</span> <span class="nt">-e</span> <span class="nv">DB_PASSWORD</span><span class="o">=</span>your_db_password <span class="se">\</span> <span class="nt">-e</span> <span class="nv">DB_NAME</span><span class="o">=</span>task_reminders <span class="se">\</span> <span class="nt">-e</span> <span class="nv">SMTP_HOST</span><span class="o">=</span>smtp.your-email-provider.com <span class="se">\</span> <span class="nt">-e</span> <span class="nv">SMTP_PORT</span><span class="o">=</span>587 <span class="se">\</span> <span class="nt">-e</span> <span class="nv">SMTP_SECURE</span><span class="o">=</span><span class="nb">false</span> <span class="se">\</span> <span class="nt">-e</span> <span class="nv">SMTP_USER</span><span class="o">=</span>your_smtp_username <span class="se">\</span> <span class="nt">-e</span> <span class="nv">SMTP_PASS</span><span class="o">=</span>your_smtp_password <span class="se">\</span> <span class="nt">-e</span> <span class="nv">SMTP_FROM</span><span class="o">=</span><span class="s2">"Task Reminders &lt;no-reply@example.com&gt;"</span> <span class="se">\</span> <span class="nt">-e</span> <span class="nv">REMINDER_CRON</span><span class="o">=</span><span class="s2">"*/1 * * * *"</span> <span class="se">\</span> <span class="nt">-e</span> <span class="nv">DAILY_CRON</span><span class="o">=</span><span class="s2">"0 9 * * *"</span> <span class="se">\</span> <span class="nt">-e</span> <span class="nv">SESSION_SECRET</span><span class="o">=</span><span class="s2">"your_strong_random_secret"</span> <span class="se">\</span> future-task-reminders </code></pre> </div> <p>Then access the app at <code>http://localhost:3000</code>.</p> <h4> Run with Docker Compose </h4> <p>A <code>docker-compose.yml</code> file is included for easier deployment with MySQL:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker-compose up <span class="nt">-d</span> </code></pre> </div> <p>This will start both the MySQL database and the application. Make sure to update the environment variables in <code>docker-compose.yml</code> with your actual SMTP credentials and other configuration before running.</p> <p>The compose file includes:</p> <ul> <li>MySQL 8.0 database service</li> <li>Application service with all required environment variables</li> <li>Automatic volume persistence for database data</li> </ul> <h2> GitHub Link </h2> <p><a href="https://github.com/prashantgupta123/future-task-reminders/tree/main" rel="noopener noreferrer">https://github.com/prashantgupta123/future-task-reminders/tree/main</a></p> aws devops automation Prashant Gupta Sun, 28 Dec 2025 14:58:24 +0000 https://dev.to/prashantgupta123/unauthenticated-apis-report-177f https://dev.to/prashantgupta123/unauthenticated-apis-report-177f <h2> Unauthenticated APIs Report </h2> <p>A security automation tool that scans API endpoints to identify unauthenticated access vulnerabilities. This tool tests various HTTP methods and authentication schemes to detect APIs that may be exposing data without proper authentication.</p> <h2> Overview </h2> <p>This solution automatically tests API endpoints for authentication bypass vulnerabilities by:</p> <ul> <li>Testing multiple HTTP methods (GET, POST, PUT, DELETE)</li> <li>Attempting access without authentication headers</li> <li>Testing with invalid authentication tokens</li> <li>Generating comprehensive security reports</li> </ul> <h2> Features </h2> <ul> <li> <strong>Multi-Method Testing</strong>: Tests GET, POST, PUT, DELETE methods</li> <li> <strong>Authentication Bypass Detection</strong>: Identifies APIs accessible without proper auth</li> <li> <strong>Token Validation</strong>: Tests with various authentication schemes (Bearer, Basic)</li> <li> <strong>Automated Reporting</strong>: Generates detailed security reports</li> <li> <strong>Email Notifications</strong>: Sends alerts for security findings</li> <li> <strong>Concurrent Processing</strong>: Multi-threaded scanning for efficiency</li> </ul> <h2> Prerequisites </h2> <ul> <li>Python 3.13+</li> <li>Required Python packages (see requirements.txt)</li> <li>Network access to target APIs</li> <li>Email configuration for notifications</li> </ul> <h2> Installation </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Navigate to the solution directory</span> <span class="nb">cd </span>unauthenticated-apis-report <span class="c"># Install dependencies</span> pip <span class="nb">install</span> <span class="nt">-r</span> requirements.txt </code></pre> </div> <h2> Configuration </h2> <h3> API List Configuration </h3> <p>Create <code>unauthenticated-api.json</code> with your API endpoints:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"data"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"https://api.example.com/v1/users"</span><span class="p">,</span><span class="w"> </span><span class="s2">"https://api.example.com/v1/orders"</span><span class="p">,</span><span class="w"> </span><span class="s2">"https://api.example.com/v1/admin"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> Notification Setup </h3> <p>Configure email notifications in the <code>Notification</code> module for security alerts.</p> <h2> Usage </h2> <h3> Basic Scan </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>python unauthenticated-api.py </code></pre> </div> <h3> Key Functions </h3> <ul> <li> <code>get_api_list()</code>: Loads API endpoints from configuration</li> <li> <code>check_authentication(api_url)</code>: Tests authentication for a specific endpoint</li> <li> <code>get_api_authentication()</code>: Performs individual authentication tests</li> <li> <code>generate_password()</code>: Creates random tokens for testing</li> </ul> <h2> Security Testing Methods </h2> <h3> 1. No Authentication Headers </h3> <p>Tests if APIs respond successfully without any authentication.</p> <h3> 2. Invalid Token Testing </h3> <p>Tests with randomly generated tokens to identify weak validation.</p> <h3> 3. Authentication Scheme Testing </h3> <ul> <li>Bearer token validation</li> <li>Basic authentication testing</li> <li>Custom authorization headers</li> </ul> <h3> 4. HTTP Method Testing </h3> <p>Tests all common HTTP methods for each endpoint.</p> <h2> Report Output </h2> <p>The tool generates detailed reports, including:</p> <ul> <li>Request/response details</li> <li>Authentication status</li> <li>Vulnerability findings</li> <li>Remediation recommendations</li> </ul> <h2> Security Considerations </h2> <ul> <li> <strong>Ethical Use</strong>: Only scan APIs you own or have permission to test</li> <li> <strong>Rate Limiting</strong>: Implement delays to avoid overwhelming target systems</li> <li> <strong>Credential Security</strong>: Never use real credentials in testing</li> <li> <strong>Network Security</strong>: Run from secure, authorized networks only</li> </ul> <h2> Integration </h2> <h3> CI/CD Pipeline </h3> <p>Integrate into security scanning workflows:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Add to pipeline</span> python unauthenticated-api.py <span class="nt">--output-format</span> json </code></pre> </div> <h3> Monitoring </h3> <p>Set up regular scans to monitor for new vulnerabilities.</p> <h2> Troubleshooting </h2> <h3> Common Issues </h3> <ul> <li> <strong>Connection Timeouts</strong>: Increase timeout values for slow APIs</li> <li> <strong>Rate Limiting</strong>: Add delays between requests</li> <li> <strong>SSL Errors</strong>: Configure proper certificate validation</li> </ul> <h3> Debug Mode </h3> <p>Enable verbose logging for detailed troubleshooting.</p> <h2> Contributing </h2> <ol> <li>Add new authentication schemes to test</li> <li>Enhance reporting capabilities</li> <li>Improve error handling</li> <li>Add support for additional HTTP methods</li> </ol> <h2> GitHub Link </h2> <p><a href="https://github.com/prashantgupta123/devops-automation/tree/main/unauthenticated-apis-report" rel="noopener noreferrer">https://github.com/prashantgupta123/devops-automation/tree/main/unauthenticated-apis-report</a></p> <h2> Security Notice </h2> <p>This tool is designed for authorized security testing only. Ensure you have proper permission before scanning any APIs. Unauthorized testing may violate terms of service or applicable laws.</p> backend api authentication Prashant Gupta Sun, 28 Dec 2025 14:52:03 +0000 https://dev.to/prashantgupta123/npm-vulnerability-report-6o https://dev.to/prashantgupta123/npm-vulnerability-report-6o <h2> NPM Vulnerability Report </h2> <p>An automated security scanning tool that identifies frontend applications in GitHub repositories and performs npm audit to detect vulnerabilities in Node.js dependencies.</p> <h2> Overview </h2> <p>This solution scans multiple GitHub repositories to identify frontend applications (those containing <code>package.json</code>) and automatically runs npm audit to generate vulnerability reports. Results are organized by project and repository for easy review and remediation.</p> <h2> Features </h2> <ul> <li> <strong>Multi-Repository Scanning</strong>: Processes multiple GitHub repositories from a configuration file</li> <li> <strong>Frontend Detection</strong>: Automatically identifies repositories containing Node.js/npm projects</li> <li> <strong>Automated Vulnerability Scanning</strong>: Runs <code>npm audit</code> using Docker containers</li> <li> <strong>Organized Reporting</strong>: Generates structured audit reports per project and repository</li> <li> <strong>Branch Support</strong>: Checks both <code>master</code> and <code>main</code> branches</li> <li> <strong>Email Notifications</strong>: Sends scan results via email (requires Notification module)</li> </ul> <h2> Prerequisites </h2> <ul> <li>Python 3.13+</li> <li>Docker installed and running</li> <li>Git command line tools</li> <li>GitHub token (optional, for higher API rate limits)</li> <li>Node.js Docker image (<code>node:24-alpine</code>)</li> </ul> <h2> Setup </h2> <h3> 1. Environment Configuration </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Set GitHub token for API access (optional but recommended)</span> <span class="nb">export </span><span class="nv">GITHUB_TOKEN</span><span class="o">=</span><span class="s2">"your_github_token_here"</span> </code></pre> </div> <h3> 2. Repository Configuration </h3> <p>Create <code>repositories.json</code> with your project structure:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"project-name"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"repositories"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"https://github.com/owner/frontend-repo.git"</span><span class="p">,</span><span class="w"> </span><span class="s2">"https://github.com/owner/another-repo.git"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"another-project"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"repositories"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"https://github.com/org/web-app.git"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> 3. Dependencies </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Install required Python packages</span> pip <span class="nb">install </span>requests </code></pre> </div> <h2> Usage </h2> <h3> Basic Scan </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>python github-repositories-scan.py </code></pre> </div> <h3> Output Structure </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>npm-vulnerability-report/ ├── projects/ │ ├── project-name/ │ │ ├── frontend-repo_npm-audit.json │ │ └── another-repo_npm-audit.json │ └── another-project/ │ └── web-app_npm-audit.json ├── screenshots/ │ ├── email-report-sample.png │ ├── vulnerability-dashboard.png │ └── scan-results.png ├── repositories.json └── github-repositories-scan.py </code></pre> </div> <h2> How It Works </h2> <ol> <li> <strong>Repository Discovery</strong>: Reads project configuration from <code>repositories.json</code> </li> <li> <strong>Frontend Detection</strong>: Uses GitHub API to check for <code>package.json</code> and <code>package-lock.json</code> </li> <li> <strong>Repository Cloning</strong>: Temporarily clones repositories containing frontend code</li> <li> <strong>Dependency Installation</strong>: Runs <code>npm install</code> if <code>package-lock.json</code> is missing</li> <li> <strong>Vulnerability Scanning</strong>: Executes <code>npm audit --json</code> in Docker container</li> <li> <strong>Report Generation</strong>: Saves audit results as JSON files organized by project</li> <li> <strong>Cleanup</strong>: Removes temporary files and directories</li> </ol> <h2> Configuration Options </h2> <h3> Docker Image </h3> <p>Default: <code>node:24-alpine</code></p> <ul> <li>Modify <code>docker_image</code> variable in the script for different Node.js versions</li> </ul> <h3> Branch Detection </h3> <p>Default: <code>['master', 'main']</code></p> <ul> <li>Add additional branches to the <code>branches</code> list as needed</li> </ul> <h3> API Endpoints </h3> <ul> <li>GitHub API: <code>https://api.github.com</code> </li> <li>Supports public repositories by default</li> <li>Private repositories require a valid GitHub token</li> </ul> <h2> Security Considerations </h2> <ul> <li> <strong>Token Management</strong>: Store GitHub tokens securely using environment variables</li> <li> <strong>Docker Security</strong>: Ensure Docker daemon is properly secured</li> <li> <strong>Temporary Files</strong>: Script automatically cleans up cloned repositories</li> <li> <strong>API Rate Limits</strong>: Use GitHub token to avoid rate limiting</li> </ul> <h2> Troubleshooting </h2> <h3> Common Issues </h3> <p><strong>No GitHub Token Warning</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>No GitHub token found. API calls will be rate-limited. </code></pre> </div> <ul> <li>Set <code>GITHUB_TOKEN</code> environment variable for higher API limits</li> </ul> <p><strong>Docker Permission Errors</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>docker: permission denied </code></pre> </div> <ul> <li>Ensure the user is in the Docker group or runs with appropriate permissions</li> </ul> <p><strong>Git Clone Failures</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Git clone failed: authentication required </code></pre> </div> <ul> <li>Verify repository URLs and access permissions</li> <li>Check if repositories are public or require authentication</li> </ul> <p><strong>Missing package.json</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>package.json not found in cloned repo </code></pre> </div> <ul> <li>Repository may not be a frontend application</li> <li>Check if package.json exists in a different branch or subdirectory</li> </ul> <h2> Integration </h2> <h3> CI/CD Pipeline Integration </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Example Jenkins/GitHub Actions step</span> - name: Run NPM Vulnerability Scan run: | <span class="nb">export </span><span class="nv">GITHUB_TOKEN</span><span class="o">=</span><span class="k">${</span><span class="p">{ secrets.GITHUB_TOKEN </span><span class="k">}</span><span class="o">}</span> python github-repositories-scan.py </code></pre> </div> <h3> Automated Reporting </h3> <p>The script includes email notification capability through the <code>Notification</code> module—Configure email settings to receive scan results automatically.</p> <h2> Screenshots </h2> <h3> Email Vulnerability Report Sample </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fla785iw11y6irw6q9ak7.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fla785iw11y6irw6q9ak7.png" alt="Email NPM Vulnerability Report" width="800" height="535"></a></p> <h3> Scan Results </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzkct98405ggtnqxevbc2.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzkct98405ggtnqxevbc2.png" alt="NPM Scan Results" width="800" height="770"></a></p> <h2> Output Format </h2> <p>Audit results are saved as JSON files containing:</p> <ul> <li>Vulnerability details and severity levels</li> <li>Affected packages and versions</li> <li>Recommended fixes and updates</li> <li>Dependency tree information</li> </ul> <h2> Contributing </h2> <ol> <li>Follow the established directory structure</li> <li>Update this README for any new features</li> <li>Test with sample repositories before deployment</li> <li>Ensure Docker compatibility across environments</li> </ol> <h2> GitHub Link </h2> <p><a href="https://github.com/prashantgupta123/devops-automation/tree/main/npm-vulnerability-report" rel="noopener noreferrer">https://github.com/prashantgupta123/devops-automation/tree/main/npm-vulnerability-report</a></p> <p><strong>Security Note</strong>: This tool performs automated vulnerability scanning. Always review audit results and apply security patches promptly. Never commit actual GitHub tokens or sensitive credentials to version control.</p> npm vulnerabilities monitoring Prashant Gupta Sun, 28 Dec 2025 14:44:48 +0000 https://dev.to/prashantgupta123/aws-orphan-alarms-report-generation-1pnf https://dev.to/prashantgupta123/aws-orphan-alarms-report-generation-1pnf <h2> AWS Orphan Alarms Report Generation </h2> <p>This Jenkins pipeline automates the process of generating an AWS Orphan Alarms report using Python scripts and AWS services. <br> The pipeline includes stages for setting up the build environment, pulling the Git repository, downloading artifacts from an S3 bucket, executing a Python script, and handling post-build actions.</p> <h2> Pipeline Configuration </h2> <h3> Options </h3> <ul> <li> <strong>Build Discarder</strong>: Keeps the last 5 builds and artifacts.</li> <li> <strong>Timestamps</strong>: Adds timestamps to the build log.</li> </ul> <h3> Environment Variables </h3> <ul> <li> <strong>DEFAULT_ENV</strong>: Default environment name.</li> <li> <strong>DEFAULT_BRANCH</strong>: Default Git branch name.</li> <li> <strong>GIT_URL</strong>: Git repository URL.</li> <li> <strong>GIT_PATH</strong>: Git repository path.</li> <li> <strong>REGION_NAME</strong>: AWS region name.</li> <li> <strong>REPOSITORY_NUMBER</strong>: AWS account repository number.</li> <li> <strong>PROJECT_NAME</strong>: Name of the project.</li> <li> <strong>SNS_TOPIC_NAME</strong>: SNS topic for alerts.</li> <li> <strong>S3_BUCKET_NAME</strong>: S3 bucket for configuration.</li> <li> <strong>S3_BUCKET_PATH</strong>: Path to the configuration file in S3.</li> </ul> <h3> Triggers </h3> <p>The pipeline is triggered weekly on Monday at 10:30 AM using a cron expression.</p> <h2> Pipeline Stages </h2> <ol> <li> <strong>Setting Build</strong>: Configures build details, including display name and description.</li> <li> <strong>Cleaning the Workspace</strong>: Cleans the Jenkins workspace.</li> <li> <strong>Pulling the Repository</strong>: Pulls the Git repository with the specified branch.</li> <li> <strong>Download Artifacts from S3</strong>: Downloads artifacts from the specified S3 bucket and path.</li> <li> <strong>Execute Python Script</strong>: Sets up a Python virtual environment, installs dependencies, and executes the main Python script (<code>main.py</code>).</li> <li> <strong>Post-Build (Failure)</strong>: Sends an SNS notification in case of build failure.</li> </ol> <h2> Python Script (<code>main.py</code>) </h2> <p>The Python script is responsible for generating an AWS Resource Utilization report. It uses the <code>boto3</code> library to interact with AWS services, retrieves metrics for EC2 instances and RDS databases, and creates an Excel report with the obtained data.</p> <h3> Dependencies </h3> <ul> <li>boto3</li> <li>XlsxWriter</li> <li>PyYAML</li> </ul> <h2> Report Structure </h2> <p>The generated Excel report includes below services alarms:</p> <ol> <li> <strong>EC2</strong> </li> <li><strong>RDS</strong></li> <li><strong>Load Balancer</strong></li> <li><strong>Target Group</strong></li> <li><strong>ECS Cluster</strong></li> <li><strong>ECS Services</strong></li> <li><strong>Lambda</strong></li> <li><strong>SQS</strong></li> </ol> <p>Thresholds for highlighting values in the report are configured in the pipeline based on specified service thresholds.</p> <h2> Usage </h2> <ol> <li>Configure Jenkins with the necessary plugins and settings.</li> <li>Create a new pipeline job in Jenkins.</li> <li>Copy and paste the provided pipeline script into the job configuration.</li> <li>Configure the required parameters and environment variables in the Jenkins job.</li> <li>Save the job configuration and trigger the pipeline manually or wait for the scheduled cron job to run.</li> </ol> <p>The generated Excel report will be available in the Jenkins workspace.</p> <p>Feel free to customize the pipeline script and Python script according to your specific requirements and AWS environment.</p> <h2> GitHub Link </h2> <p><a href="https://github.com/prashantgupta123/devops-automation/tree/main/aws-cw-orphan-alarms" rel="noopener noreferrer">https://github.com/prashantgupta123/devops-automation/tree/main/aws-cw-orphan-alarms</a></p> aws alarm monitoring Prashant Gupta Sun, 28 Dec 2025 14:41:22 +0000 https://dev.to/prashantgupta123/aws-backup-failed-monitoring-1kem https://dev.to/prashantgupta123/aws-backup-failed-monitoring-1kem <h2> AWS Backup Failed Monitoring </h2> <p>Automated monitoring solution for AWS Backup jobs that identifies failed backup operations and sends detailed reports via email. This tool helps maintain backup compliance by proactively alerting on backup failures.</p> <h2> Overview </h2> <p>This solution monitors AWS Backup jobs over a configurable time period, identifies failed backup operations, and generates Excel reports with detailed failure information. It integrates with AWS Secrets Manager for secure email configuration and supports multiple AWS authentication methods.</p> <h2> Key Features </h2> <ul> <li> <strong>Failed Backup Detection</strong>: Automatically identifies backup jobs that have failed within the last 7 days</li> <li> <strong>Detailed Reporting</strong>: Generates Excel reports with backup plan names, resource details, and failure information</li> <li> <strong>Email Notifications</strong>: Sends automated email alerts with attached Excel reports</li> <li> <strong>Multi-Account Support</strong>: Works with AWS profiles, assumed roles, and access keys</li> <li> <strong>Jenkins Integration</strong>: Includes Jenkinsfile for automated scheduling</li> <li> <strong>Secure Configuration</strong>: Uses AWS Secrets Manager for email credentials</li> </ul> <h2> Prerequisites </h2> <ul> <li>Python 3.x</li> <li>AWS CLI configured or appropriate AWS credentials</li> <li>AWS Backup service with backup plans configured</li> <li>AWS Secrets Manager secret for email configuration</li> <li>Required IAM permissions (see <code>iam_policy.json</code>)</li> </ul> <h2> Installation </h2> <ol> <li>Clone the repository and navigate to the solution directory: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cd </span>devops-automation/aws-backup-failed-monitoring </code></pre> </div> <ol> <li>Install required dependencies: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install</span> <span class="nt">-r</span> requirements.txt </code></pre> </div> <ol> <li>Configure your AWS credentials and email settings in <code>inputs.yml</code> </li> </ol> <h2> Configuration </h2> <h3> AWS Authentication </h3> <p>Configure one of the following authentication methods in <code>inputs.yml</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># Option 1: AWS Profile</span> <span class="na">profile_name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">your-profile-name"</span> <span class="c1"># Option 2: Assumed Role</span> <span class="na">role_arn</span><span class="pi">:</span> <span class="s2">"</span><span class="s">arn:aws:iam::123456789012:role/BackupMonitoringRole"</span> <span class="c1"># Option 3: Access Keys (not recommended for production)</span> <span class="na">access_key</span><span class="pi">:</span> <span class="s2">"</span><span class="s">your-access-key"</span> <span class="na">secret_key</span><span class="pi">:</span> <span class="s2">"</span><span class="s">your-secret-key"</span> <span class="na">session_token</span><span class="pi">:</span> <span class="s2">"</span><span class="s">your-session-token"</span> <span class="c1"># Optional</span> </code></pre> </div> <h3> Email Configuration </h3> <p>Set up email notifications:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">Email</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">secret_manager</span><span class="pi">:</span> <span class="s2">"</span><span class="s">your-smtp-secret-name"</span> <span class="na">details</span><span class="pi">:</span> <span class="na">subject_prefix</span><span class="pi">:</span> <span class="s2">"</span><span class="s">AWS</span><span class="nv"> </span><span class="s">Backup</span><span class="nv"> </span><span class="s">Alert"</span> <span class="na">to</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">admin@example.com"</span> <span class="na">cc</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">devops@example.com"</span> </code></pre> </div> <h3> AWS Secrets Manager </h3> <p>Create a secret in AWS Secrets Manager with the following structure:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"SMTP_HOST"</span><span class="p">:</span><span class="w"> </span><span class="s2">"smtp.example.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"SMTP_PORT"</span><span class="p">:</span><span class="w"> </span><span class="s2">"587"</span><span class="p">,</span><span class="w"> </span><span class="nl">"SMTP_USERNAME"</span><span class="p">:</span><span class="w"> </span><span class="s2">"your-username"</span><span class="p">,</span><span class="w"> </span><span class="nl">"SMTP_PASSWORD"</span><span class="p">:</span><span class="w"> </span><span class="s2">"your-password"</span><span class="p">,</span><span class="w"> </span><span class="nl">"EMAIL_FROM"</span><span class="p">:</span><span class="w"> </span><span class="s2">"alerts@example.com"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> Usage </h2> <h3> Manual Execution </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>python main.py </code></pre> </div> <h3> Jenkins Pipeline </h3> <p>The included <code>Jenkinsfile</code> provides automated scheduling:</p> <ul> <li>Runs weekly on Mondays at 5:00 AM</li> <li>Includes failure notifications via SNS</li> <li>Configurable environment variables</li> </ul> <h3> Shell Script Execution </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>bash script.sh </code></pre> </div> <h2> IAM Permissions </h2> <p>The solution requires the following AWS permissions (see <code>iam_policy.json</code>):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2012-10-17"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Statement"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"backup:ListBackupJobs"</span><span class="p">,</span><span class="w"> </span><span class="s2">"backup:GetBackupPlan"</span><span class="p">,</span><span class="w"> </span><span class="s2">"backup:ListTags"</span><span class="p">,</span><span class="w"> </span><span class="s2">"backup:GetBackupPlanFromJSON"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Additional permissions needed:</p> <ul> <li> <code>secretsmanager:GetSecretValue</code> for email configuration</li> <li> <code>sts:AssumeRole</code> if using role assumption</li> </ul> <h2> Output </h2> <p>The solution generates:</p> <ol> <li> <p><strong>Excel Report</strong>: <code>backup_jobs.xlsx</code> containing:</p> <ul> <li>Backup Plan Name</li> <li>Resource Name and Type</li> <li>Resource ARN</li> <li>Job ID</li> <li>Start Time</li> <li>Job State</li> </ul> </li> <li><p><strong>Email Notification</strong>: HTML email with attached Excel report</p></li> <li><p><strong>Console Logs</strong>: Detailed logging of the monitoring process</p></li> </ol> <h2> File Structure </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>aws-backup-failed-monitoring/ ├── main.py # Main monitoring script ├── AWSSession.py # AWS session management ├── Notification.py # Email notification handler ├── inputs.yml # Configuration file ├── requirements.txt # Python dependencies ├── iam_policy.json # Required IAM permissions ├── Jenkinsfile # Jenkins pipeline configuration ├── script.sh # Shell execution script ├── .gitignore # Git ignore rules └── README.md # This documentation </code></pre> </div> <h2> Monitoring Logic </h2> <ol> <li> <strong>Time Range</strong>: Monitors backup jobs from the last 7 days</li> <li> <strong>Job States</strong>: Identifies jobs with 'FAILED' status</li> <li> <strong>Validation</strong>: Verifies backup plan existence before reporting</li> <li> <strong>Reporting</strong>: Generates detailed Excel reports for failed jobs</li> <li> <strong>Notification</strong>: Sends email alerts when failures are detected</li> </ol> <h2> Troubleshooting </h2> <h3> Common Issues </h3> <ol> <li> <strong>Missing Dependencies</strong>: Ensure all packages in <code>requirements.txt</code> are installed</li> <li> <strong>AWS Permissions</strong>: Verify IAM permissions match <code>iam_policy.json</code> </li> <li> <strong>Email Configuration</strong>: Check AWS Secrets Manager secret format</li> <li> <strong>Authentication</strong>: Ensure AWS credentials are properly configured</li> </ol> <h3> Logging </h3> <p>The solution provides detailed logging to help with troubleshooting:</p> <ul> <li>INFO level: General operation status</li> <li>ERROR level: Specific error details and exceptions</li> </ul> <h2> Security Considerations </h2> <ul> <li> <strong>Credentials</strong>: Never commit AWS credentials to version control</li> <li> <strong>Secrets Manager</strong>: Use AWS Secrets Manager for email credentials</li> <li> <strong>IAM Roles</strong>: Prefer IAM roles over access keys for authentication</li> <li> <strong>Least Privilege</strong>: Apply minimal required permissions</li> </ul> <h2> Jenkins Integration </h2> <p>The included Jenkins pipeline:</p> <ul> <li>Schedules weekly execution</li> <li>Provides build history management</li> <li>Includes failure notifications</li> <li>Supports environment-specific configuration</li> </ul> <h2> Contributing </h2> <p>When modifying this solution:</p> <ol> <li>Test in non-production environments first</li> <li>Update documentation for any configuration changes</li> <li>Follow existing code structure and naming conventions</li> <li>Ensure security best practices are maintained</li> </ol> <h2> Support </h2> <p>For issues or questions:</p> <ol> <li>Check the troubleshooting section</li> <li>Review AWS CloudTrail logs for API call details</li> <li>Verify IAM permissions and AWS service limits</li> <li>Contact the DevOps team for assistance</li> </ol> <h2> GitHub Link </h2> <p><a href="https://github.com/prashantgupta123/devops-automation/tree/main/aws-backup-failed-monitoring" rel="noopener noreferrer">https://github.com/prashantgupta123/devops-automation/tree/main/aws-backup-failed-monitoring</a></p> <p><strong>Note</strong>: This tool monitors AWS Backup jobs and requires appropriate AWS permissions. Always test in non-production environments and ensure compliance with your organization's security policies and procedures.</p> aws backup monitoring