AWS Lambda Function in Python to List EC2 Instances as Text File on Amazon S3 Bucket
In Amazon AWS Lambda tutorial, I want to show how can a Lambda serverless developer can list all EC2 instances into a text file and save this text file on a Amazon S3 bucket using Python on Lambda inline code editor. Of course, for security considerations AWS developer should attach required policies to the Lambda function role. Otherwise, the lambda serverless function will not be able to query Amazon EC2 instances and create a text file on Amazon S3 bucket.
AWS developers can get the list of EC2 instances filtering by a criteria. I will share how this filter criteria is applied. This query for Amazon EC2 instances will return Lambda developers an array of instance names.
It is easy to turn list of instances as an array object into a string value using json.dumps().
Using Python code as I share in this AWS tutorial, it is possible to save this EC2 instances list in a text file.
First of all create your AWS Lambda function.
I used Python 3.6 as runtime.
Below AWS programmers can find the Python source codes for this sample AWS Lambda function
AWS developers can test above Python code by copy and paste method using inline code editor.
Lambda function codes in Python used to list AWS EC2 instances and store the output as text file on an Amazon S3 bucket
If you execute the Lambda function without modifying the execution role and attached required AWS IAM policies, your lamba function will probably throw following error after you save and test your function:
An error occurred (UnauthorizedOperation) when calling the DescribeInstances o peration: You are not authorized to perform this operation
To attach a policy, you need to switch to Amazon IAM service. But before you launch AWS IAM service, note the name of the execution role you have created or selected in your Lambda function page.
Then launch IAM Management Console. On the console, select Roles and filter your execution role of the AWS Lambda function you have recently created.
On Permissions tab, it is possible to Attach policies
I attached AmazonEC2ReadOnlyAccess policy which provides required permissions to reach to EC2 service and query all EC2 instances and describe each EC2 instance.
If your requirement is to list EC2 instances according to their states like listing all running or active AWS EC2 instances, or listing all stopped instances, etc you can modify the filters.
AWS Lambda developers can see that during filters declaration, I provided instance-state-name as a filter criteria but passed "*" to display all instance states excluding none of the instances actually.
You can refer to AWS documentation for a list of instance states.
Possible EC2 instance states: pending, running, shutting-down, terminated, stopping, stopped
Simply replace * with running to get the list of EC2 instances which are running at the Lambda function execution time
After the EC2 instance list is fetched and converted into a string with JSON.DUMPS() method, we can place this list into a text file and put it on an AWS S3 bucket.
In order to create or modify a text file on an Amazon S3 bucket, Lambda programmers can use "object().put()" in boto3 library.
Of course, AWS developer should grant required permissions to write to related Amazon S3 bucket.
Otherwise an error similar to followings might occur:
An error occurred (AllAccessDisabled) when calling the PutObject operation: All access to this object has been disabled or Read-only file system error
Again using IAM Management Console, AWS developer can attach AmazonS3FullAccess policy name to the Lambda execution role that is selected on related serverless Lambda function definition page. This will resolve error preventing to reach Amazon S3 bucket to create a text file on it.