kamgaurav
kamgaurav
/ SnapshotWithLambda.ps1
Created
December 20, 2018 21:19
Snapshot management with Lambda & Step Functions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $NewIAMPolicy1 = New-IAMPolicy -PolicyName 'Policy-EBSSnapshot' -PolicyDocument (Get-Content -Raw Policy-EBSSnapshot.json) -Description 'Policy to take Snapshot of EBS volumes.' | |
| $NewIAMRole1 = New-IAMRole -AssumeRolePolicyDocument (Get-Content -raw AssumeRolePolicy-Lambda.json) -RoleName "Role-EBS-Snapshot" -Description 'Allows Lambda Function to call AWS services on your behalf.' | |
| Register-IAMRolePolicy -RoleName "Role-EBS-Snapshot" -PolicyArn $NewIAMPolicy1.arn | |
| $NewIAMPolicy2 = New-IAMPolicy -PolicyName 'Policy-LambdaInvoke' -PolicyDocument (Get-Content -Raw Policy-LambdaInvoke.json) -Description 'Policy to Invoke Lambda Function.' | |
| $NewIAMRole2 = New-IAMRole -AssumeRolePolicyDocument (Get-Content -raw AssumeRolePolicy-StepFunction.json) -RoleName "Role-Lambda-Invoke" -Description 'Allows Step Function to call AWS services on your behalf.' | |
| Register-IAMRolePolicy -RoleName "Role-Lambda-Invoke" -PolicyArn $NewIAMPolicy2.arn | |
| $NewIAMPolicy3 = New-IAMPolicy -PolicyName 'Policy |
kamgaurav
/ Policy-EBSSnapshot.json
Last active
December 20, 2018 22:07
Policy to take Snapshot of EBS volumes.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "VisualEditor0", | |
| "Effect": "Allow", | |
| "Action": [ | |
| "ec2:DeleteSnapshot", | |
| "ec2:CreateTags", | |
| "ec2:CreateSnapshot" |
kamgaurav
/ AssumeRolePolicy-Lambda.json
Created
December 20, 2018 21:51
Allows Lambda Function to call AWS services on your behalf.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Principal": { | |
| "Service": "lambda.amazonaws.com" | |
| }, | |
| "Action": "sts:AssumeRole" | |
| } |
kamgaurav
/ Policy-LambdaInvoke.json
Last active
December 21, 2018 06:41
Policy to Invoke Lambda Function.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version":"2012-10-17", | |
| "Statement":[ | |
| { | |
| "Effect":"Allow", | |
| "Action":[ | |
| "lambda:InvokeFunction" | |
| ], | |
| "Resource":[ | |
| "arn:aws:lambda:eu-west-1:527359538786:function:Create-EBSSnapshot", |
kamgaurav
/ AssumeRolePolicy-StepFunction.json
Created
December 20, 2018 21:53
Allows Step Function to call AWS services on your behalf.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Principal": { | |
| "Service": "states.amazonaws.com" | |
| }, | |
| "Action": "sts:AssumeRole" | |
| } |
kamgaurav
/ Policy-StateMachineInvoke.json
Last active
December 21, 2018 06:41
Policy to Invoke Step Function.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Action": [ | |
| "states:StartExecution" | |
| ], | |
| "Resource": [ | |
| "arn:aws:states:eu-west-1:527359538786:stateMachine:StateMachine-ManageSnapshot" |
kamgaurav
/ AssumeRolePolicy-CloudWatchRule.json
Created
December 20, 2018 21:55
Allows CloudWatch to call AWS services on your behalf.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Principal": { | |
| "Service": "events.amazonaws.com" | |
| }, | |
| "Action": "sts:AssumeRole" | |
| } |
kamgaurav
/ StateMachineDefinition.json
Last active
December 21, 2018 06:43
Step Function State Machine Definition
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "StartAt": "Create-EBSSnapshot", | |
| "States": { | |
| "Create-EBSSnapshot": { | |
| "Type": "Task", | |
| "Resource": "arn:aws:lambda:eu-west-1:527359538786:function:Create-EBSSnapshot", | |
| "Next": "Remove-EBSSnapshot" | |
| }, | |
| "Remove-EBSSnapshot": { | |
| "Type": "Task", |
kamgaurav
/ Create-EBSSnapshot.ps1
Last active
December 20, 2018 22:09
Lambda Function to create EBS Snapshot
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -Modules @{ModuleName='AWSPowerShell.NetCore';ModuleVersion='3.3.365.0'} | |
| $Type = 'Daily' | |
| Get-EC2Volume -Filter @{Name = "tag:BackupEnabled"; Values = "True"} | | |
| ForEach-Object { | |
| If ($_.Attachment) { | |
| $Device = $_.Attachment[0].Device |
kamgaurav
/ Remove-EBSSnapshot.ps1
Last active
December 20, 2018 22:11
Remove EBS Snapshot with Lambda Function
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -Modules @{ModuleName='AWSPowerShell.NetCore';ModuleVersion='3.3.365.0'} | |
| $RetentionDays = 14 | |
| $Snapshots = Get-EC2Snapshot -Filter @{Name = "tag:BackupType"; Values = "Daily"} | |
| ForEach ($Snapshot in $Snapshots) { | |
| $Retention = ([DateTime]::Now).AddDays(-$RetentionDays) | |
| if ([DateTime]::Compare($Retention, $Snapshot.StartTime) -gt 0) { | |
| Remove-EC2Snapshot -SnapshotId $snapshot.SnapshotId -Force |
OlderNewer