| AWSTemplateFormatVersion: "2010-09-09" | |
| Description: Subnet IP Monitor | |
| Parameters: | |
| Name: | |
| Type: String | |
| Default: "Subnet-IP-Monitor" | |
| Tag: | |
| Type: String | |
| Description: Subnet Tag to filter | |
| Resources: | |
| Role: | |
| Type: AWS::IAM::Role | |
| Properties: | |
| RoleName: !Ref Name | |
| AssumeRolePolicyDocument: | |
| Version: "2012-10-17" | |
| Statement: | |
| - | |
| Effect: "Allow" | |
| Action: "sts:AssumeRole" | |
| Principal: | |
| Service: "lambda.amazonaws.com" | |
| Function: | |
| Type: AWS::Lambda::Function | |
| Properties: | |
| FunctionName: !Ref Name | |
| Role: !GetAtt Role.Arn | |
| Timeout: 60 | |
| Environment: | |
| Variables: | |
| TAG_KEY: !Ref Tag | |
| Runtime: "python3.7" | |
| Handler: "index.lambda_handler" | |
| Code: | |
| ZipFile: | | |
| import boto3 | |
| import sys | |
| import os | |
| def lambda_handler(event, context): | |
| tag_key = os.environ['TAG_KEY'] | |
| ec2 = boto3.client('ec2') | |
| cloudwatch = boto3.client('cloudwatch') | |
| filters = [ | |
| { | |
| 'Name': 'tag-key', | |
| 'Values': [tag_key] | |
| } | |
| ] | |
| resp = ec2.describe_subnets(Filters=filters) | |
| subnets = resp['Subnets'] | |
| for subnet in subnets: | |
| cloudwatch.put_metric_data( | |
| Namespace='Subnets', | |
| MetricData=[ | |
| { | |
| 'MetricName': 'AvailableIpAddresses', | |
| 'Value': subnet['AvailableIpAddressCount'], | |
| 'Dimensions': [ | |
| { | |
| 'Name': 'SubnetId', | |
| 'Value': subnet['SubnetId'], | |
| }, | |
| { | |
| 'Name': 'VpcId', | |
| 'Value': subnet['VpcId'], | |
| }, | |
| { | |
| 'Name': 'AvailabilityZone', | |
| 'Value': subnet['AvailabilityZone'] | |
| }, | |
| { | |
| 'Name': 'Cluster', | |
| 'Value': tag_key | |
| }, | |
| ] | |
| } | |
| ] | |
| ) | |
| LogGroup: | |
| Type: AWS::Logs::LogGroup | |
| Properties: | |
| RetentionInDays: 3 | |
| LogGroupName: !Join [ "", [ "/aws/lambda/", !Ref Name ] ] | |
| RoleCloudWatchLog: | |
| Type: AWS::IAM::Policy | |
| Properties: | |
| PolicyName: !Join [ "", [ !Ref Name, "-cloudwatch-log" ] ] | |
| PolicyDocument: | |
| Version: "2012-10-17" | |
| Statement: | |
| - | |
| Effect: "Allow" | |
| Action: "logs:CreateLogGroup" | |
| Resource: !Join [ "", [ "arn:aws:logs:", !Ref "AWS::Region", ":", !Ref "AWS::AccountId", ":log-group:", !Ref LogGroup ] ] | |
| - | |
| Effect: "Allow" | |
| Action: | |
| - "logs:CreateLogStream" | |
| - "logs:PutLogEvents" | |
| Resource: !GetAtt LogGroup.Arn | |
| Roles: | |
| - !Ref Role | |
| RoleEc2: | |
| Type: AWS::IAM::Policy | |
| Properties: | |
| PolicyName: !Join [ "", [ !Ref Name, "-ec2" ] ] | |
| PolicyDocument: | |
| Version: "2012-10-17" | |
| Statement: | |
| - | |
| Effect: "Allow" | |
| Action: | |
| - "ec2:DescribeRegions" | |
| - "ec2:DescribeSubnets" | |
| Resource: "*" | |
| Roles: | |
| - !Ref Role | |
| RoleCloudWatchMetric: | |
| Type: AWS::IAM::Policy | |
| Properties: | |
| PolicyName: !Join [ "", [ !Ref Name, "-cloudwatch-metric" ] ] | |
| PolicyDocument: | |
| Version: "2012-10-17" | |
| Statement: | |
| - | |
| Effect: "Allow" | |
| Action: "cloudwatch:PutMetricData" | |
| Resource: "*" | |
| Roles: | |
| - !Ref Role | |
| Event: | |
| Type: AWS::Events::Rule | |
| Properties: | |
| Name: !Ref Name | |
| ScheduleExpression: "rate(5 minutes)" | |
| Targets: | |
| - | |
| Id: "Target-1" | |
| Arn: !GetAtt Function.Arn | |
| EventPermission: | |
| Type: AWS::Lambda::Permission | |
| Properties: | |
| Principal: "events.amazonaws.com" | |
| Action: "lambda:InvokeFunction" | |
| FunctionName: !Ref Function | |
| SourceArn: !GetAtt Event.Arn |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment