This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWSTemplateFormatVersion: "2010-09-09" | |
| Description: Subnet IP Monitor | |
| Parameters: | |
| Name: | |
| Type: String | |
| Default: "Subnet-IP-Monitor" | |
| Tag: | |
| Type: String | |
| Description: Subnet Tag to filter | |
| Resources: | |
| Role: | |
| Type: AWS::IAM::Role | |
| Properties: | |
| RoleName: !Ref Name | |
| AssumeRolePolicyDocument: | |
| Version: "2012-10-17" | |
| Statement: | |
| - | |
| Effect: "Allow" | |
| Action: "sts:AssumeRole" | |
| Principal: | |
| Service: "lambda.amazonaws.com" | |
| Function: | |
| Type: AWS::Lambda::Function | |
| Properties: | |
| FunctionName: !Ref Name | |
| Role: !GetAtt Role.Arn | |
| Timeout: 60 | |
| Environment: | |
| Variables: | |
| TAG_KEY: !Ref Tag | |
| Runtime: "python3.7" | |
| Handler: "index.lambda_handler" | |
| Code: | |
| ZipFile: | | |
| import boto3 | |
| import sys | |
| import os | |
| def lambda_handler(event, context): | |
| tag_key = os.environ['TAG_KEY'] | |
| ec2 = boto3.client('ec2') | |
| cloudwatch = boto3.client('cloudwatch') | |
| filters = [ | |
| { | |
| 'Name': 'tag-key', | |
| 'Values': [tag_key] | |
| } | |
| ] | |
| resp = ec2.describe_subnets(Filters=filters) | |
| subnets = resp['Subnets'] | |
| for subnet in subnets: | |
| cloudwatch.put_metric_data( | |
| Namespace='Subnets', | |
| MetricData=[ | |
| { | |
| 'MetricName': 'AvailableIpAddresses', | |
| 'Value': subnet['AvailableIpAddressCount'], | |
| 'Dimensions': [ | |
| { | |
| 'Name': 'SubnetId', | |
| 'Value': subnet['SubnetId'], | |
| }, | |
| { | |
| 'Name': 'VpcId', | |
| 'Value': subnet['VpcId'], | |
| }, | |
| { | |
| 'Name': 'AvailabilityZone', | |
| 'Value': subnet['AvailabilityZone'] | |
| }, | |
| { | |
| 'Name': 'Cluster', | |
| 'Value': tag_key | |
| }, | |
| ] | |
| } | |
| ] | |
| ) | |
| LogGroup: | |
| Type: AWS::Logs::LogGroup | |
| Properties: | |
| RetentionInDays: 3 | |
| LogGroupName: !Join [ "", [ "/aws/lambda/", !Ref Name ] ] | |
| RoleCloudWatchLog: | |
| Type: AWS::IAM::Policy | |
| Properties: | |
| PolicyName: !Join [ "", [ !Ref Name, "-cloudwatch-log" ] ] | |
| PolicyDocument: | |
| Version: "2012-10-17" | |
| Statement: | |
| - | |
| Effect: "Allow" | |
| Action: "logs:CreateLogGroup" | |
| Resource: !Join [ "", [ "arn:aws:logs:", !Ref "AWS::Region", ":", !Ref "AWS::AccountId", ":log-group:", !Ref LogGroup ] ] | |
| - | |
| Effect: "Allow" | |
| Action: | |
| - "logs:CreateLogStream" | |
| - "logs:PutLogEvents" | |
| Resource: !GetAtt LogGroup.Arn | |
| Roles: | |
| - !Ref Role | |
| RoleEc2: | |
| Type: AWS::IAM::Policy | |
| Properties: | |
| PolicyName: !Join [ "", [ !Ref Name, "-ec2" ] ] | |
| PolicyDocument: | |
| Version: "2012-10-17" | |
| Statement: | |
| - | |
| Effect: "Allow" | |
| Action: | |
| - "ec2:DescribeRegions" | |
| - "ec2:DescribeSubnets" | |
| Resource: "*" | |
| Roles: | |
| - !Ref Role | |
| RoleCloudWatchMetric: | |
| Type: AWS::IAM::Policy | |
| Properties: | |
| PolicyName: !Join [ "", [ !Ref Name, "-cloudwatch-metric" ] ] | |
| PolicyDocument: | |
| Version: "2012-10-17" | |
| Statement: | |
| - | |
| Effect: "Allow" | |
| Action: "cloudwatch:PutMetricData" | |
| Resource: "*" | |
| Roles: | |
| - !Ref Role | |
| Event: | |
| Type: AWS::Events::Rule | |
| Properties: | |
| Name: !Ref Name | |
| ScheduleExpression: "rate(5 minutes)" | |
| Targets: | |
| - | |
| Id: "Target-1" | |
| Arn: !GetAtt Function.Arn | |
| EventPermission: | |
| Type: AWS::Lambda::Permission | |
| Properties: | |
| Principal: "events.amazonaws.com" | |
| Action: "lambda:InvokeFunction" | |
| FunctionName: !Ref Function | |
| SourceArn: !GetAtt Event.Arn |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment