Lambda Function Creation in AWS Cloud9

This section provides a high-level overview of portions of the code within the snapshot function. If you’re interested in looking at the full solution, it can be found on GitHub at: https://github.com/BruceCutler/snapshot_lambda

Navigate to your Cloud9 developer environment and click “Create Lambda Function”. After giving your function a name, you are presented with a variety of blueprints. I chose to use the ‘hello-world-python’ blueprint with Python2.7 runtime, leaving the trigger as blank. Make sure that you select your newly created IAM role during the function creation process as shown below:

Image 3: AWS Lambda function setup

Once the function loads, you’ll probably want to get rid of the pre-populated code, leaving just the lambda_handler function definition statement as shown in Image 4:

Image 4: Blank Lambda Function Handler

The boto3 library is the Amazon SDK for Python, allowing developers to create software that makes use of AWS resources. I make sure to import the library at the top of my code, along with other libraries that will come in useful later in the function. Line 9 below (see Image 5) creates a connection to the low-level client representing EC2, which provides a variety of functions to interface with EC2 objects.

Image 5: Initial Imports and EC2 Connection Creation using boto3

The first step in determining which volumes to snapshot is to gather a list of relevant EC2 instances. This is done by calling the describe_instances function using our EC2 client connection (see line 16 in Image 6). Notice that I can apply filters to my search, narrowing down the result to instances that are either in a running or stopped state.

The describe_instances function from the boto3 library returns a list of instance reservations. A single reservation can contain more than one instance, so I loop through these reservations and store each instance as an item in a list:

Image 6: Searching for reservations and collecting instances

Next up is the createSnapshots function (Image 7), which uses helper functions to identify relevant volumes, generate expiration dates, create the snapshots and tag them with the identified expiration date. Here’s a quick explanation of each helper function:

expirationDate: Returns a date on which to expire a new snapshot based on a tag associated with the EC2 instance. In my example, I choose to retain snapshots for production instances for 30 days and all other snapshots for 5 days.

getInstanceVolumes: Returns the EBS volumes for each EC2 instance

addTagsToSnapshot: Adds an ‘Expiration’ tag to the newly created snapshot with the value calculated from the expirationDate function

These helper functions have been excluded from my code samples, but can be found in the full solution on GitHub as noted above:

Image 7: createSnapshots function

The following outlines the cleanupSnapshots function (Image 8), which gathers information on snapshots owned by a particular account and reads the expiration tag using the checkExpiration function (not shown). If the expiration date has passed, the snapshot is deleted from the account:

Image 8: cleanupSnapshots function

Back in the lambda_handler function (Image 9), the createSnapshots and cleanupSnapshots functions are called within their own try blocks to capture execution errors accordingly: