Open in app

Sign in

Write

Sign in

Efficiently Managing EC2 Instances: Automating Start and Stop Jobs with Amazon EventBridge

Oğuzhan Hızıroğlu
11 min readJun 6, 2024

--

Today, in the IT world, as in other sectors, correct management of resources is of great importance. Today I will look at this issue from the perspective of a Cloud Engineer. Issues such as efficiently managing cloud resources, optimizing performance and reducing costs are the most basic elements that ensure the correct management of resources. Automating our operations in the cloud environment will help us use the resources we have efficiently and economically. At this point, AWS (Amazon Web Services) offers us powerful solutions. In this blog post, I will explain to you practically how to automate the start and stop of Amazon EC2 instances using AWS Lambda, AWS IAM (Identity and Access Management) and Amazon Eventbridge services.

I prepared this blog post inspired by a real-world task. One of our applications was hosted on Amazon EC2. The hours when the application received the heaviest traffic were between 08:00 and 22:00 (UTC +3). In this blog post, I kept the time interval short so that I could quickly observe the results of the architecture I established. Our machine will automatically switch to ‘Stopped’ status at 15:30 UTC on weekdays and will switch to ‘Running’ status again at 16:01 UTC.

Now it’s time to get our hands dirty. As I just stated, in this blog post, I will tell you how to automate the start and stop of Amazon EC2 instances using AWS Lambda, AWS IAM (Identity and Access Management) and Amazon Eventbridge services, with a hands-on approach, the steps of which you can see below. You can easily implement this hands-on in your own environments by changing the necessary fields. The architecture I will implement in this blog post (in this hands-on) is presented below:

Architectural diagram

First, let’s start by creating the IAM policy.

Step — 1: Create an IAM Policy for EC2 Access

First of all, it is necessary to create an IAM Policy that will enable Lambda functions to start and stop EC2 instances to perform these operations (start and stop). I will create the IAM Policy via AWS CLI. For this, I will connect to the AWS environment with the ‘aws configure’ process.

Note: An EC2 is ready in running state for this hands-on.

Step-1
  • To access the AWS environment via a shell, type the ‘aws configure’ command and press ENTER.
Step-2
  • After entering the ‘aws configure’ command, enter the ‘AWS Access Key ID’, ‘AWS Secret Access Key’, ‘Default region name’ and ‘Default output format’ information into the terminal.
Step-3
  • I created AWS IAM policy by typing the command below. This IAM policy allow users or roles to gain authority to start and stop instances. Type this command containing the policy into the AWS CLI and press ENTER.
aws iam create-policy \
--policy-name EC2StartStopPolicy \
--policy-document '{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:StartInstances",
        "ec2:StopInstances"
      ],
      "Resource": "*"
    }
  ]
}' \
--region "eu-central-1"
Step-4
  • In the image, you see that I have successfully created the IAM policy named ‘EC2StartStopPolicy’ using AWS CLI and viewed th details of the policy.
Step-5

Step — 2: Create an IAM Role for Lambda

  • I created AWS IAM role by typing the command below. This IAM role gives the Lambda service the authority to start and stop EC2 instances. Type this command containing the role into the AWS CLI and press ENTER.
aws iam create-role \
--role-name LambdaEC2StartStopRole \
--assume-role-policy-document '{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}' \
--region "eu-central-1"
Step-6
  • In the image, you can see that I have successfully created the IAM role named ‘LambdaEC2StartStopRole’ using AWS CLI and the role has the authority to start and stop EC2 instances of the Lambda service.
Step-7

Step — 3: Attach the Policy to the Role

  • Finally, attach the previously created policy to role.
  • Run the AWS CLI command below to attach the policy called ‘EC2StartStopPolicy’ to the role named ‘LambdaEC2StartStopRole’.
aws iam attach-role-policy \
--role-name LambdaEC2StartStopRole \
--policy-arn "arn:aws:iam::aws:policy/EC2StartStopPolicy" \
--region "eu-central-1"
Step-8

Step — 4: Creation of Lambda Functions

  • Type ‘Lambda’ in the search bar and open the ‘Lambda’ service.
Step-9
  • Click on ‘Create function’ button.
Step-10
  • Select the ‘Author from scratch’ option.
  • In the ‘Basic information’ section, write the name of the Lambda function you want to create in the ‘Function name’ field. I enter my function’s name as ‘startEC2Instance’ in the ‘Function name’ field.
  • In the ‘Runtime’ section, select the programming language in which the Lambda function is written. (I wrote it in Python language.). Therefore, I chose ‘Python 3.8’ in this section.
  • In the ‘Architecture’ section, select ‘x86_64’ option.
Step-11
  • Since I will be selecting the IAM role I created previously, I selected the ‘Using an existing role’ option in the ‘Execution role’ section.
  • If you remember, the name of the IAM role I created before was ‘LambdaEC2StartStopRole’. That’s why I chose this role in the ‘Existing role’ section.
  • Click on ‘Create function’ button.
Step-12
  • Successfully created the function startEC2Instance.
  • Scroll down & Go to ‘Code’ section.
Step-13
  • In the ‘Code’ section, place Python code that defines an AWS Lambda function to launch (start) a specific EC2 instance.

Note: When using the Python code here, do not forget to write the Instance ID of your own instance in the code.

  • After writing your code, click on ‘Deploy’ button.
import boto3

def lambda_handler(event, context):
    ec2 = boto3.client('ec2', region_name='eu-central-1')
    instances = ['i-0c1427070333fddf3']
    
    # Start the instance
    ec2.start_instances(InstanceIds=instances)
    print(f'Started instances: {instances}')
Step-14
  • Successfully updated the function ‘startEC2Instance’.
  • Click on ‘Three lines (hamburger)’ button.
Step-15
  • Click on ‘Functions’.
Step-16
  • Click on ‘Create function’ button.
Step-17
  • Select the ‘Author from scratch’ option.
  • In the ‘Basic information’ section, write the name of the Lambda function you want to create in the ‘Function name’ field. I enter my function’s name as ‘stopEC2Instance’ in the ‘Function name’ field.
  • In the ‘Runtime’ section, select the programming language in which the Lambda function is written. (I wrote it in Python language.). Therefore, I chose ‘Python 3.8’ in this section.
  • In the ‘Architecture’ section, select ‘x86_64’ option.
Step-18
  • Since I will be selecting the IAM role I created previously, I selected the ‘Using an existing role’ option in the ‘Execution role’ section.
  • If you remember, the name of the IAM role I created before was ‘LambdaEC2StartStopRole’. That’s why I chose this role in the ‘Existing role’ section.
  • Click on ‘Create function’ button.
Step-19
  • Successfully created the function ‘stopEC2Instance’.
  • Scroll down & Go to ‘Code’ section.
Step-20
  • In the ‘Code’ section, place Python code that defines an AWS Lambda function to stop a specific EC2 instance.

Note: When using the Python code here, do not forget to write the Instance ID of your own instance in the code.

  • After writing your code, click on ‘Deploy’ button.
import boto3

def lambda_handler(event, context):
    ec2 = boto3.client('ec2', region_name='eu-central-1')
    instances = ['i-0c1427070333fddf3']
    
    # Stop the instance
    ec2.stop_instances(InstanceIds=instances)
    print(f'Stopped instances: {instances}')
Step-21
  • Successfully updated the function ‘stopEC2Instance’.
Step-22
  • Go to AWS CLI to create Amazon EventBridge Rules.

Step — 5: Creating Amazon EvenBridge Rules

  • Run the command shown below via the AWS CLI to create an AWS EventBridge rule named ‘stopDemoEC2Instance’. This rule is scheduled to run at 15:30 (UTC) every weekday (Monday, Tuesday, Wednesday, Thursday, and Friday). (You can use this rule to stop the instance at a pre-programmed time. You can make your own adjustments by making the necessary changes in the code block.)
aws events put-rule \
--name "stopDemoEC2Instance" \
--schedule-expression "cron(30 15 ? * MON-FRI *)" \
--state "ENABLED" \
--region "eu-central-1"
Step-23
  • Run the command shown below via the AWS CLI to create an AWS EventBridge rule named ‘startDemoEC2Instance’. This rule is scheduled to run at 16:01 (UTC) every weekday (Monday, Tuesday, Wednesday, Thursday, and Friday). (You can use this rule to start the instance at a pre-programmed time. You can make your own adjustments by making the necessary changes in the code block.)
aws events put-rule \
--name "startDemoEC2Instance" \
--schedule-expression "cron(01 16 ? * MON-FRI *)" \
--state "ENABLED" \
--region "eu-central-1"
Step-24
  • Let’s add a target with the following command to trigger the ‘stopEC2Instance’ function (Please do not forget to write your own account ID in the command when using this command.):
aws events put-targets --rule "stopDemoEC2Instance" \
--targets "Id"="1","Arn"="arn:aws:lambda:eu-central-1:371553575031:function:stopEC2Instance" \
--region "eu-central-1"
Step-25
  • Let’s add a target with the following command to trigger the ‘startEC2Instance’ function (Please do not forget to write your own account ID in the command when using this command.):
aws events put-targets --rule "startDemoEC2Instance" \
--targets "Id"="1","Arn"="arn:aws:lambda:eu-central-1:371553575031:function:startEC2Instance" \
--region "eu-central-1"
Step-26

Step — 6: Adding Triggers to Lambda Functions

  • Go to the AWS Management Console to add triggers to Lambda functions.
  • Click on ‘Three lines (hamburger)’ button.
Step-27
  • Click on ‘Functions’.
Step-28
  • Go into the function called ‘startEC2Instance’.
Step-29
  • Click on ‘Add trigger’ button.
Step-30
  • Select the ‘EventBridge’ service in the ‘Trigger configuration’ section.
  • Then select ‘Existing rules’ in the ‘Rule’ section.
  • In the ‘Existing rules’ section, select the rule named ‘startDemoEC2Instance’ that we created previously.
  • Click on ‘Add’ button.
Step-31
  • The trigger ‘startDemoEC2Instance’ was successfully added to function ‘startEC2Instance’. The function is now receiving events from the trigger.
  • Click on ‘Functions’.
Step-32
  • Go into the function called ‘stopEC2Instance’.
Step-33
  • Click on ‘Add trigger’ button.
Step-34
  • Select the ‘EventBridge’ service in the ‘Trigger configuration’ section.
  • Then select ‘Existing rules’ in the ‘Rule’ section.
  • In the ‘Existing rules’ section, select the rule named ‘stopDemoEC2Instance’ that we created previously.
  • Click on ‘Add’ button.
Step-35
  • The trigger ‘stopDemoEC2Instance’ was successfully added to function ‘stopEC2Instance’. The function is now receiving events from the trigger.
Step-36
  • Now let’s just watch the transactions that will occur automatically on our EC2 instance. We don’t need to do anything.

Note: We have now completed the necessary steps to start or stop a specific EC2 instance on the day and time we want. This monitoring activity is carried out to observe whether our transactions are successful or not.

  • Go to the EC2 Dashboard. Open the ‘Instances’ tab.
Step-37
  • The instance is in ‘Running’ state. Let’s observe together what will happen to the instance when the time we schedule for the instance to stop automatically comes.
  • This demonstration was held in Turkey in UTC +3 time zone. In the previous steps, we took steps to ensure that the EC2 instance stopped at 15:30 UTC. As you can see, EC2 instance went into ‘stopping’ state at 18:31 according to UTC +3 time zone. So at 15:31 UTC. This means that the automatic system we have established works without any problems.
Step-38
  • EC2 Instance is in ‘Stopped’ state.
Step-39
  • This demonstration was held in Turkey at UTC +3 time zone. In the previous steps, we took steps to ensure that the EC2 instance is started at 16:01 UTC. As you can see, the EC2 instance went into ‘Pending’ state to start at 19:02 UTC +3 time zone. So at 16:02 UTC. This means that the automatic system we have installed works smoothly.
Step-40
  • EC2 Instance is in ‘Running’ state.
Step-41

Conclusion

By following the steps in this blog post, you can save both time and money by automating the starting and stopping of your EC2 instances. The architecture in which I use Amazon EventBridge, AWS IAM and AWS Lambda services ensures seamless management of your instances in the cloud. Implementing this type of automation in your cloud environment not only optimizes performance but also provides you with a solid framework for managing your infrastructure. You can apply such a solid framework to your other resources as well.

See you in the following blog posts. I hope this blog post will be useful to you.

Oğuzhan Selçuk HIZIROĞLU

AWS Ambassador | AWS Golden Jacket Winner | AWS Champion Authorized Instructor | AWS AAI Community Difference Maker Award Winner

Eventbridge
Lambda
Amazon Web Services
AWS
Automation

--

--

Oğuzhan Hızıroğlu

Written by Oğuzhan Hızıroğlu

88 Followers

AWS Ambassador | AWS Golden Jacket (13 X AWS) | AWS AAI Community Difference Maker Award Winner | Champion AWS Authorized Instructor (AAI) | SysOps A.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams