2022年9月14日 星期三

AWS CLI -- 第三步 EC2 定時自動開關機

 

 3.1創立 IAM 角色

開一個給lamda用的role
aws iam create-role --role-name lambda-ex --assume-role-policy-document '{"Version": "2012-10-17","Statement": [{ "Effect": "Allow", "Principal": {"Service": "lambda.amazonaws.com"}, "Action": "sts:AssumeRole"}]}'
arn:aws:iam::1234:role/lambda-ex 
 
創立一個json (定義ec2開關機權限)
vi policy.json 
{ 
"Version": "2012-10-17",
"Statement":
[
{
"Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ],
"Resource": "arn:aws:logs:*:*:*" },
{
"Effect": "Allow", "Action": [ "ec2:Start*", "ec2:Stop*" ], "Resource": "*"
}
]
}
 創立一個policy 
aws iam create-policy --policy-name ec2-start-stop-policy --policy-document file://policy.json 
 arn:aws:iam::1234:policy/ec2-start-stop-policy
新增這個policy到role裡
aws iam attach-role-policy --role-name lambda-ex --policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
aws iam attach-role-policy --role-name lambda-ex --policy-arn  arn:aws:iam::1234:policy/ec2-start-stop-policy
記下他的ARN

3.2 新增lamda 函式

vi start.py

 

import boto3

region = 'ap-northeast-1'

instances = ['i-1234']

 

def handler (event, context):

    ec2 = boto3.client('ec2', region_name=region)

    ec2.start_instances(InstanceIds=instances)

    print('started your instances: ' + str(instances))

 

vi stop.py

 

import boto3

region = 'ap-northeast-1'

instances = ['i-1234']

 

def handler (event, context):

    ec2 = boto3.client('ec2', region_name=region)

    ec2.stop_instances (InstanceIds=instances)

    print('stopped your instances: ' + str(instances)) 

 

zip start.zip start.py 

zip stop.zip stop.py 

 

 
 使用3.1的ARN
aws lambda create-function --function-name start_function \
--zip-file fileb://start.zip --handler start.handler --runtime python3.7 \
--role arn:aws:iam::1234:role/lambda-ex 
 aws lambda create-function --function-name stop_function \
--zip-file fileb://stop.zip --handler stop.handler --runtime python3.7 \
--role arn:aws:iam::1234:role/lambda-ex 
 

3.3 新增排程

 1-5 早上八點開機
aws events put-rule --name "start_function" --schedule-expression "cron(0 0 ? * MON-FRI *)" 
  1-5 下午六點關機
 aws events put-rule --name "stop_function" --schedule-expression "cron(0 10 ? * MON-FRI *)" 
 

沒有留言:

張貼留言