AWSTemplateFormatVersion: "2010-09-09" | |
Description: Subnet IP Monitor | |
Parameters: | |
Name: | |
Type: String | |
Default: "Subnet-IP-Monitor" | |
Tag: | |
Type: String | |
Description: Subnet Tag to filter | |
Resources: | |
Role: | |
Type: AWS::IAM::Role | |
Properties: | |
RoleName: !Ref Name | |
AssumeRolePolicyDocument: | |
Version: "2012-10-17" | |
Statement: | |
- | |
Effect: "Allow" | |
Action: "sts:AssumeRole" | |
Principal: | |
Service: "lambda.amazonaws.com" | |
Function: | |
Type: AWS::Lambda::Function | |
Properties: | |
FunctionName: !Ref Name | |
Role: !GetAtt Role.Arn | |
Timeout: 60 | |
Environment: | |
Variables: | |
TAG_KEY: !Ref Tag | |
Runtime: "python3.7" | |
Handler: "index.lambda_handler" | |
Code: | |
ZipFile: | | |
import boto3 | |
import sys | |
import os | |
def lambda_handler(event, context): | |
tag_key = os.environ['TAG_KEY'] | |
ec2 = boto3.client('ec2') | |
cloudwatch = boto3.client('cloudwatch') | |
filters = [ | |
{ | |
'Name': 'tag-key', | |
'Values': [tag_key] | |
} | |
] | |
resp = ec2.describe_subnets(Filters=filters) | |
subnets = resp['Subnets'] | |
for subnet in subnets: | |
cloudwatch.put_metric_data( | |
Namespace='Subnets', | |
MetricData=[ | |
{ | |
'MetricName': 'AvailableIpAddresses', | |
'Value': subnet['AvailableIpAddressCount'], | |
'Dimensions': [ | |
{ | |
'Name': 'SubnetId', | |
'Value': subnet['SubnetId'], | |
}, | |
{ | |
'Name': 'VpcId', | |
'Value': subnet['VpcId'], | |
}, | |
{ | |
'Name': 'AvailabilityZone', | |
'Value': subnet['AvailabilityZone'] | |
}, | |
{ | |
'Name': 'Cluster', | |
'Value': tag_key | |
}, | |
] | |
} | |
] | |
) | |
LogGroup: | |
Type: AWS::Logs::LogGroup | |
Properties: | |
RetentionInDays: 3 | |
LogGroupName: !Join [ "", [ "/aws/lambda/", !Ref Name ] ] | |
RoleCloudWatchLog: | |
Type: AWS::IAM::Policy | |
Properties: | |
PolicyName: !Join [ "", [ !Ref Name, "-cloudwatch-log" ] ] | |
PolicyDocument: | |
Version: "2012-10-17" | |
Statement: | |
- | |
Effect: "Allow" | |
Action: "logs:CreateLogGroup" | |
Resource: !Join [ "", [ "arn:aws:logs:", !Ref "AWS::Region", ":", !Ref "AWS::AccountId", ":log-group:", !Ref LogGroup ] ] | |
- | |
Effect: "Allow" | |
Action: | |
- "logs:CreateLogStream" | |
- "logs:PutLogEvents" | |
Resource: !GetAtt LogGroup.Arn | |
Roles: | |
- !Ref Role | |
RoleEc2: | |
Type: AWS::IAM::Policy | |
Properties: | |
PolicyName: !Join [ "", [ !Ref Name, "-ec2" ] ] | |
PolicyDocument: | |
Version: "2012-10-17" | |
Statement: | |
- | |
Effect: "Allow" | |
Action: | |
- "ec2:DescribeRegions" | |
- "ec2:DescribeSubnets" | |
Resource: "*" | |
Roles: | |
- !Ref Role | |
RoleCloudWatchMetric: | |
Type: AWS::IAM::Policy | |
Properties: | |
PolicyName: !Join [ "", [ !Ref Name, "-cloudwatch-metric" ] ] | |
PolicyDocument: | |
Version: "2012-10-17" | |
Statement: | |
- | |
Effect: "Allow" | |
Action: "cloudwatch:PutMetricData" | |
Resource: "*" | |
Roles: | |
- !Ref Role | |
Event: | |
Type: AWS::Events::Rule | |
Properties: | |
Name: !Ref Name | |
ScheduleExpression: "rate(5 minutes)" | |
Targets: | |
- | |
Id: "Target-1" | |
Arn: !GetAtt Function.Arn | |
EventPermission: | |
Type: AWS::Lambda::Permission | |
Properties: | |
Principal: "events.amazonaws.com" | |
Action: "lambda:InvokeFunction" | |
FunctionName: !Ref Function | |
SourceArn: !GetAtt Event.Arn |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment