Skip to content

Instantly share code, notes, and snippets.

@chrisdodds
Created September 12, 2020 19:22
Show Gist options
  • Save chrisdodds/123abc5cffee2b72b2d3f0356c58c8f6 to your computer and use it in GitHub Desktop.
Save chrisdodds/123abc5cffee2b72b2d3f0356c58c8f6 to your computer and use it in GitHub Desktop.
AWSTemplateFormatVersion: "2010-09-09"
Description: Subnet IP Monitor
Parameters:
Name:
Type: String
Default: "Subnet-IP-Monitor"
Tag:
Type: String
Description: Subnet Tag to filter
Resources:
Role:
Type: AWS::IAM::Role
Properties:
RoleName: !Ref Name
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action: "sts:AssumeRole"
Principal:
Service: "lambda.amazonaws.com"
Function:
Type: AWS::Lambda::Function
Properties:
FunctionName: !Ref Name
Role: !GetAtt Role.Arn
Timeout: 60
Environment:
Variables:
TAG_KEY: !Ref Tag
Runtime: "python3.7"
Handler: "index.lambda_handler"
Code:
ZipFile: |
import boto3
import sys
import os
def lambda_handler(event, context):
tag_key = os.environ['TAG_KEY']
ec2 = boto3.client('ec2')
cloudwatch = boto3.client('cloudwatch')
filters = [
{
'Name': 'tag-key',
'Values': [tag_key]
}
]
resp = ec2.describe_subnets(Filters=filters)
subnets = resp['Subnets']
for subnet in subnets:
cloudwatch.put_metric_data(
Namespace='Subnets',
MetricData=[
{
'MetricName': 'AvailableIpAddresses',
'Value': subnet['AvailableIpAddressCount'],
'Dimensions': [
{
'Name': 'SubnetId',
'Value': subnet['SubnetId'],
},
{
'Name': 'VpcId',
'Value': subnet['VpcId'],
},
{
'Name': 'AvailabilityZone',
'Value': subnet['AvailabilityZone']
},
{
'Name': 'Cluster',
'Value': tag_key
},
]
}
]
)
LogGroup:
Type: AWS::Logs::LogGroup
Properties:
RetentionInDays: 3
LogGroupName: !Join [ "", [ "/aws/lambda/", !Ref Name ] ]
RoleCloudWatchLog:
Type: AWS::IAM::Policy
Properties:
PolicyName: !Join [ "", [ !Ref Name, "-cloudwatch-log" ] ]
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action: "logs:CreateLogGroup"
Resource: !Join [ "", [ "arn:aws:logs:", !Ref "AWS::Region", ":", !Ref "AWS::AccountId", ":log-group:", !Ref LogGroup ] ]
-
Effect: "Allow"
Action:
- "logs:CreateLogStream"
- "logs:PutLogEvents"
Resource: !GetAtt LogGroup.Arn
Roles:
- !Ref Role
RoleEc2:
Type: AWS::IAM::Policy
Properties:
PolicyName: !Join [ "", [ !Ref Name, "-ec2" ] ]
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action:
- "ec2:DescribeRegions"
- "ec2:DescribeSubnets"
Resource: "*"
Roles:
- !Ref Role
RoleCloudWatchMetric:
Type: AWS::IAM::Policy
Properties:
PolicyName: !Join [ "", [ !Ref Name, "-cloudwatch-metric" ] ]
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action: "cloudwatch:PutMetricData"
Resource: "*"
Roles:
- !Ref Role
Event:
Type: AWS::Events::Rule
Properties:
Name: !Ref Name
ScheduleExpression: "rate(5 minutes)"
Targets:
-
Id: "Target-1"
Arn: !GetAtt Function.Arn
EventPermission:
Type: AWS::Lambda::Permission
Properties:
Principal: "events.amazonaws.com"
Action: "lambda:InvokeFunction"
FunctionName: !Ref Function
SourceArn: !GetAtt Event.Arn
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment