This is architecture of my Tier 3 application In that i use 2 load balancers ,vpc ,subnets,RDS Database

create VPC 3-tier

provide Internet gatway to that VPC

Create 6 Subnets 3 subnets for 1a Zone and 3 1b Zone

we need toroute it all trafic transfer to internet gatway so then subnet get converted to public then we want NET configuration

Go to route table -> create route table

for which subnet we want to do that web 1a and web-1b

now we can say that the web-1a and web-1b are public subnet

we need to add NAT-GATEways for connectivity

create NATGATEWAY with subnet web-1a and allocate elastic ip

similarly for nat-1b natgatway we need to create

we need to route after that private routing table for 1a

edit route add

similarly create 1 more route table for 1b

similarly subnet associate with the route table 1b

NOw Create RDS

for create table we need to create subnet group in RDS lets create that

now create Database

Choose a database creation method-> standard create

select Engin mysql then all as it is

select templates -> free tier

Availability and durability -> single-AZ DB Instance

setting add name :database-1

credentials setting->

in next section

storage -> make default

connectivity-> computer resourse make default

vpc-> tier-3 (vpc-03b87cd5f22c3239a)

all make as it is

Existing VPC security groups -> db-sg

Availability Zone -> any or ap-south-1a

other as it is create database

• now launch frontend virtual machine and backend virtual machine

create EC2 instance -> launch instance -> name -> web server ->amazon linux ->Instance type ->Key pair (login) -> i all ready create so i select it

Network settings

VPC — required -> tier3 -> subnet -> web-1a ->Auto-assign public IP->enable -> Common security groups -> web -sg

launch instance

similarly one more instance we need to create for application server

create instance -> all simiar only changes in above

now connect to web server

now we want to connect web-1a to app-1a

launch instance -> web server → then create file vim sanket_mum.pem -> put pem key in that file -> save ->

create your terraform setup install

1. Install Terraform on Windows
   Manual Install
   1. Go to: https://developer.hashicorp.com/terraform/downloads
   2. Download the Windows (64-bit) ZIP file.
   3. Extract it to a folder (e.g., C:\Terraform).
   4. Add that folder to your System PATH:
   o Search for “Environment Variables” → Edit system environment variables →
   Environment Variables
   o Under “System Variables” → find Path → click Edit → Add C:\Terraform
   Then open CMD window and run:
   terraform -version
   2. Install AWS CLI on Windows
   Official Installer (recommended)
   1. Download the installer:
   https://awscli.amazonaws.com/AWSCLIV2.msi
   2. Run the .msi file and follow the prompts.
   3. Open CMD and Verify it:
   aws — version
   Expected output:
   aws-cli/2.x.x Python/3.x.x Windows/x86_64
   3. Install Visual Studio Code (VS Code)
   From Microsoft’s official site
   1. Go to: https://code.visualstudio.com/
   2. Click Download for Windows and run the installer.

now create main.tf

# Define the AWS provider and region

provider “aws” {

region = “ap-south-1” # Mumbai region

}

# — — AWS Security Group Resource — -

# Resource to create a security group named “Project-SG”

resource “aws_security_group” “Project-SG” {

name = “Project-SG”

description = “Open 22, 80, 443, 8080, 9000, 3000”

# Define ingress rules (Inbound traffic)

# Uses a ‘for’ loop to create separate ingress blocks for each port

ingress = [

for port in [22, 80, 443, 8080, 9000, 3000] : {

description = “TLS from VPC” # Note: This description is used in the image, but typically describes the source.

from_port = port

to_port = port

protocol = “tcp”

# Allows traffic from anywhere (0.0.0.0/0)

cidr_blocks = [“0.0.0.0/0”]

ipv6_cidr_blocks = []

prefix_list_ids = []

security_groups = []

self = false

}

]

# Define egress rules (Outbound traffic)

egress {

from_port = 0 # All ports

to_port = 0 # All ports

protocol = “-1” # All protocols

# Allows all outbound traffic to anywhere (0.0.0.0/0)

cidr_blocks = [“0.0.0.0/0”]

}

tags = {

Name = “Project-SG”

}

}

# — — AWS EC2 Instance Resource — -

# Resource to create an EC2 instance named “web”

resource “aws_instance” “web” {

# Note: The AMI ID provided (ami-0f918f7e67a3323f0) is typically a regional Amazon Linux 2 AMI

ami = “ami-03695d52f0d883f65”

instance_type = “t2.large”

# Reference the ID of the Security Group created above

vpc_security_group_ids = [aws_security_group.Project-SG.id]

# Specify a path to a script file (e.g., for bootstrap/setup)

# You would need to create a file named ‘script.sh’ in the same directory

user_data = templatefile(“./script.sh”,{})

# Root volume configuration

root_block_device {

volume_size = 30 # Sets the root EBS volume size to 30 GB

}

tags = {

Name = “Jenkins-Project”

}

}

create Script .sh

#!/bin/bash

# Set -e ensures that the script will exit immediately if a command exits with a non-zero status

set -e

# — — 1. Install Java 17 (Temurin) — -

echo “ — — Stage 1: Installing Java 17 (Temurin) — -”

# Update local package index

sudo apt update -y

# Install prerequisite packages for downloading keys

sudo apt install -y wget apt-transport-https gnupg lsb-release

# Download and add the Adoptium GPG key

wget -O — https://packages.adoptium.net/artifactory/api/gpg/Key/public | sudo tee /etc/apt/keyrings/adoptium.asc

# Add the Adoptium repository to the system’s sources list

echo “deb [signed-by=/etc/apt/keyrings/adoptium.asc] https://packages.adoptium.net/artifactory/deb/ $(awk -F= ‘/VERSION_CODENAME/{print $2}’ /etc/os-release) main” | sudo tee /etc/apt/sources.list.d/adoptium.list

# Re-update package index to include Adoptium packages

sudo apt update -y

# Install Temurin-17 JDK

sudo apt install temurin-17-jdk -y

# Verify Java installation

/usr/bin/java — version

# — — 2. Install Jenkins — -

echo “ — — Stage 2: Installing Jenkins — -”

# Download and install the Jenkins GPG key

curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | sudo tee /usr/share/keyrings/jenkins-keyring.asc > /dev/null

# Add the Jenkins repository to the sources list

echo “deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] https://pkg.jenkins.io/debian-stable binary/” | sudo tee /etc/apt/sources.list.d/jenkins.list > /dev/null

# Update package index

sudo apt-get update -y

# Install Jenkins

sudo apt-get install jenkins -y

# Enable and start Jenkins service

sudo systemctl enable jenkins

sudo systemctl start jenkins

# — — 3. Install Docker — -

echo “ — — Stage 3: Installing Docker — -”

sudo apt-get update -y

sudo apt-get install docker.io -y

# Enable and start Docker service

sudo systemctl enable docker

sudo systemctl start docker

# Add the current user (e.g., ‘ubuntu’) and jenkins user to the docker group

# This allows them to run docker commands without sudo

USERNAME=$(whoami)

sudo usermod -aG docker $${USERNAME}

sudo usermod -aG docker jenkins

# Allow access to the Docker socket for the initial setup (security risk, but common in labs)

sudo chmod 666 /var/run/docker.sock

# — — 4. Setup SonarQube (using Docker) — -

echo “ — — Stage 4: Starting SonarQube via Docker — -”

# Note: SonarQube requires at least a t2.medium instance type and may need JVM memory tuning.

# Run SonarQube in the background on port 9000

docker run -d — name sonar -p 9000:9000 sonarqube:lts-community || echo “ERROR: A SonarQube failed to start — check Docker logs.”

# — — 5. Install Trivy (Vulnerability Scanner) — -

echo “ — — Stage 5: Installing Trivy — -”

# Install prerequisite packages for Trivy

sudo apt-get install -y wget apt-transport-https gnupg lsb-release

# Download and add the Trivy GPG key

wget -qO — https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg — dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null

# Add the Trivy repository to the sources list

echo “deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main” | sudo tee /etc/apt/sources.list.d/trivy.list > /dev/null

# Update package index

sudo apt-get update

# Install Trivy

sudo apt-get install trivy -y

echo “ — — — — — — — — — — — — — — — — — — — — — — — — — — — — “

echo “Deployment Complete.”

echo “Services running:”

echo “ — Jenkins on port 8080”

echo “ — SonarQube on port 9000”

echo “Initial Setup Instructions:”

echo “1. Wait for all services to start (up to 5 minutes).”

echo “2. Access Jenkins at: http://<YOUR_EC2_PUBLIC_IP>:8080”

echo “3. Access SonarQube at: http://<YOUR_EC2_PUBLIC_IP>:9000”

echo “4. Retrieve the Jenkins admin password: sudo cat /var/lib/jenkins/secrets/initialAdminPassword”

echo “5. Note: The chmod 666 /var/run/docker.sock command has been used for simplicity. In production, use tighter IAM/sudo rules.”

echo “ — — — — — — — — — — — — — — — — — — — — — — — — — — — — “

command

#terraform init

#terraform validate

#terraform plan

#terraform apply

my Ec2 Instance Create through that

http://13.233.162.114:8080/

68287a3cdbd947a2b87d2d523b7489c8

http://13.233.162.114:9000/

username:admin

password:admin

1. Install Required Jenkins Plugins

Steps:

1. Open Jenkins Dashboard
2. Go to Manage Jenkins
3. Click Plugins
4. Open the Available plugins tab
5. Search and select the following plugins:

Plugins to Install:

• SonarQube Scanner
• Docker
• Docker Commons
• Docker Pipeline
• Docker API
• Docker Build Step
• Docker Compose Build Step
• Docker Slaves
• NodeJS
• Eclipse Temurin Installer
• Pipeline Stage View

1. Click Install
2. After installation, select Restart Jenkins once installation is complete
3. Wait for Jenkins to restart
4. Sign in again

2. Configure Tools in Jenkins

Steps:

1. Go to Manage Jenkins
2. Click System Configuration
3. Open Tools

3. Configure JDK (Java)

• Section: JDK installations
• Name: jdk17
• ⚠️ This name must match the name used in the Jenkins pipeline
• Check: Install automatically
• Version: 17.0.11+9 (Eclipse Temurin)
• Click Save

4. Configure Git

• Section: Git installations
• Select Install automatically
• No name change required
• Jenkins will handle Git automatically

5. Configure SonarQube Scanner

• Section: SonarQube Scanner installations
• Name: sonar-scanner
• ⚠️ Use the same name in the Jenkins pipeline
• Check: Install automatically
• Click Save

6. Configure NodeJS

• Section: NodeJS installations
• Name: node23
• Version: 23.0.0
• Check: Install automatically
• Click Save

7. Configure Docker

• Section: Docker installations
• Name: docker
• Check: Install automatically
• Click Save

8. Establish Connectivity Between Jenkins and SonarQube

Create SonarQube Token

1. Open SonarQube Dashboard
2. Go to Administration
3. Click Security
4. Select Users / Tokens
5. Create a new token:

• Token Name: token

1. Click Generate
2. Copy the token (very important)

Add SonarQube Token in Jenkins Credentials

Steps:

1. Go to Jenkins Dashboard
2. Click Manage Jenkins
3. Open Credentials
4. Select System
5. Click Global credentials (unrestricted)
6. Click Add Credentials

Credential Details:

• Kind: Secret Text
• Secret: (Paste SonarQube token here)
• ID: Sonar-token
• Description: SonarQube Token

1. Click Save

✅ This token will be used by Jenkins to authenticate with SonarQube.

similarly create Add docker credentials

2. Create Webhook in SonarQube

Purpose:

Webhook allows SonarQube to notify Jenkins about analysis results (Quality Gate status).

Steps:

1. Open SonarQube Dashboard
2. Go to Administration
3. Click Configuration
4. Select Webhooks
5. Click Create

Webhook Details:

• Name: jenkins
• URL (URI):

http://<JENKINS-IP>:8080/sonarqube-webhook/

📌 Example:

http://192.168.1.10:8080/sonarqube-webhook/

1. Click Create

Add SonarQube Server in Jenkins (System Configuration)

Steps:

1. Open Jenkins Dashboard
2. Go to Manage Jenkins
3. Click System
4. Scroll down to SonarQube Servers
5. Click Add SonarQube Server

SonarQube Server Configuration:

• Name: sonar-server
  (Use the same name in your Jenkins pipeline)
• Server URL:

http://<SONARQUBE-IP>:9000

pipeline{
agent any
tools{
jdk ‘jdk17’
nodejs ‘node23’
}
environment {
SCANNER_HOME=tool ‘sonar-scanner’
}
stages {
stage(‘clean workspace’){
steps{
cleanWs()
}
}
stage(‘Checkout from Git’){
steps{
git branch: ‘main’, url: ‘https://github.com/Cloud-with-Prashant/Jenkins-Project.git’
}
}
stage(“Sonarqube Analysis “){
steps{
withSonarQubeEnv('sonar-server') {
sh ‘’’ $SCANNER_HOME/bin/sonar-scanner -Dsonar.projectName=Swiggy \
-Dsonar.projectKey=Swiggy ‘’’
}
}
}
stage(“quality gate”){
steps {
script {
waitForQualityGate abortPipeline: false, credentialsId: ‘Sonar-token’
}
}
}
stage(‘Install Dependencies’) {
steps {
sh “npm install”
}
}

stage(‘TRIVY FS SCAN’) {
steps {
sh “trivy fs . > trivyfs.txt”
}
}
stage(“Docker Build & Push”){
steps{
script{
withDockerRegistry(credentialsId: ‘docker-creds’, toolName: ‘docker’){
sh “docker build -t swiggy .”
sh “docker tag swiggy sanketbhavsar19/swiggy:latest “
sh “docker push sanketbhavsar19/swiggy:latest “
}
}
}
}
stage(“TRIVY”){
steps{
sh “trivy image sanketbhavsar19/swiggy:latest > trivy.txt”
}
}
stage(‘Deploy to container’){
steps{
sh ‘docker run -d — name swiggy -p 3000:3000 sanketbhavsar19/swiggy:latest’
}
}
}
}

🏗️ 1. Network Setup (VPC)

Create VPC

• CIDR: 10.0.0.0/16

Create Subnets

Create 2 subnet

tier3–1a-private 10.0.2.0/24

tier3–1a-public 10.0.1.0/24

Route tables

tier3-public-RT connect to subnet in explicit subnet association

similarly for tier3-private-RT

create internet gatway

Attached to vpc

💻 EC2 Setup (Application Layer)

• AMI: Amzon Linux
• Instance type: t2.micro

Subnet: Public Subnet

• Security Group:
• SSH (22) → Your IP
• Backend (5000) → Anywhere
• Frontend (80 / 5173) → Anywhere

launch ec2 instance ->

sudo -i run the command

Update System Packages

sudo apt update

sudo apt upgrade -y

Step 3: Install Node.js and npm

curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash -

sudo apt install -y nodejs

node — version # Verify installation

npm –version

Step 4: Update Environment Variables

Update your .env file on EC2:

DB_USER=postgres

DB_PASSWORD=your_rds_password

DB_HOST=your-rds-endpoint.c9akciq32.us-east-1.rds.amazonaws.com

DB_PORT=5432

DB_NAME=student_apps

VITE_API_URL=http://your-ec2-public-ip:5000


Get your RDS Endpoint from AWS Console → RDS → Your Database

Step 5: Create Database Tables

Connect to your RDS instance:

psql -h your-rds-endpoint.amazonaws.com -U postgres -d postgres

put password that we set on creating RDS enter to postgres database

now we create table

CREATE DATABASE student_app;

\c student_app

CREATE TABLE student_applications (

id UUID PRIMARY KEY DEFAULT gen_random_uuid(),

first_name TEXT NOT NULL,

last_name TEXT NOT NULL,

email TEXT NOT NULL,

phone TEXT NOT NULL,

date_of_birth DATE NOT NULL,

address TEXT NOT NULL,

city TEXT NOT NULL,

state TEXT NOT NULL,

zip_code TEXT NOT NULL,

country TEXT NOT NULL DEFAULT ‘United States’,

program_of_interest TEXT NOT NULL,

previous_education TEXT NOT NULL,

gpa NUMERIC(3,2),

test_scores TEXT,

extracurricular_activities TEXT,

personal_statement TEXT NOT NULL,

application_status TEXT NOT NULL DEFAULT ‘pending’,

submitted_at TIMESTAMPTZ DEFAULT now(),

updated_at TIMESTAMPTZ DEFAULT now(),

created_at TIMESTAMPTZ DEFAULT now()

);

Now create INDEX

CREATE INDEX idx_student_applications_status ON student_applications(application_status);

CREATE INDEX idx_student_applications_submitted_at ON student_applications(submitted_at DESC);

student_app=> \q

sudo npm install

sudo npm run build

sudo apt install httpd

sudo apt install nginx

check nginx install or not

http://public-ip

8. Configure Security Groups

For RDS Security Group:

• Allow inbound traffic on port 5432 from your EC2 instance’s security group

For EC2 Security Group:

• Allow inbound SSH (port 22) from your IP
• Allow inbound HTTP (port 80) — optional, for production use
• Allow inbound on port 5000 (backend) from anywhere or specific IPs
• Allow inbound on port 5173 (frontend dev) from your IP

#sudo vi /etc/systemd/system/student-app-frontend.service

create this file in above location and put this content on that position

10. Build and Serve Frontend

# Build React app

#npm run build

# Install a simple HTTP server for production

npm install -g serve

# Create frontend service

#sudo vi /etc/systemd/system/student-app-frontend.service

Paste this:

[Unit]

Description=Student Application Portal Frontend

After=network.target

[Service]

Type=simple

User=ec2-user

WorkingDirectory=/home/ec2-user/student-app

ExecStart=/usr/bin/serve -s /home/ec2-user/student-app/dist -l 80

Restart=always

RestartSec=10

[Install]

WantedBy=multi-user.target

Enable and start:

#sudo systemctl daemon-reload

#sudo systemctl enable student-app-frontend

#sudo systemctl daemon-reload sudo systemctl daemon-reload

Create Similar for Backend

9. Create systemd Services for Auto-Start

Create backend service:

sudo vi /etc/systemd/system/student-app-backend.service

Paste this:

[Unit]

Description=Student Application Portal Backend

After=network.target

[Service]

Type=simple

User=ec2-user

WorkingDirectory=/home/ec2-user/student-app

EnvironmentFile=/home/ec2-user/student-app/.env

ExecStart=/usr/bin/node /home/ec2-user/student-app/server.js

Restart=always

RestartSec=10

[Install]

WantedBy=multi-user.target

Save and enable:

sudo systemctl daemon-reload

#sudo systemctl enable student-app-backend

#sudo systemctl start student-app-backend

11. Verify Services Status

#sudo systemctl status student-app-backend

#sudo systemctl status student-app-frontend

1. ⚙️ Initial Setup: Networking and EC2 Instance

Before deploying the automation, we need a target EC2 instance and a foundational network.

That is a fantastic, detailed project! The steps you’ve outlined for setting up the VPC components, IAM role, EC2 instance, and the two versions of the Lambda function (single and multiple instance control) are complete and technically accurate.

To turn this into a high-quality Medium post, you need to structure the content, add context, make the instructions clearer, and use compelling headings and formatting.

Here is a corrected, structured, and polished version of your project write-up, ready for Medium publication.

🚀 Automating EC2 Instance Start/Stop using AWS Lambda and EventBridge

This guide provides a comprehensive, step-by-step walkthrough on how to create a serverless solution using AWS Lambda and Amazon EventBridge to automatically start and stop one or more EC2 instances. This is a powerful way to reduce cloud costs by ensuring your non-production instances only run when needed.

1. ⚙️ Initial Setup: Networking and EC2 Instance

Before deploying the automation, we need a target EC2 instance and a foundational network.

A. VPC and Subnet Configuration

1. VPC: Ensure you have a Virtual Private Cloud (VPC) set up (you can use the default or a custom one).

subnet 1

• Subnet Creation:
• Navigate to VPC > Subnets.
• Create a new subnet.
• Subnet Name: Test-Public-Subnet
• IPv4 Subnet CIDR Block: 10.1.1.0/24

Route Table Association:

• Create a 2nd Route Table (or use an existing public one).
• Ensure the new subnet (Test-Public-Subnet) is explicitly associated with this Route Table, which should have a route to the internet via an Internet Gateway.

Launch an Ec2 Instance

That is a fantastic, detailed project! The steps you’ve outlined for setting up the VPC components, IAM role, EC2 instance, and the two versions of the Lambda function (single and multiple instance control) are complete and technically accurate.

To turn this into a high-quality Medium post, you need to structure the content, add context, make the instructions clearer, and use compelling headings and formatting.

Here is a corrected, structured, and polished version of your project write-up, ready for Medium publication.

🚀 Automating EC2 Instance Start/Stop using AWS Lambda and EventBridge

This guide provides a comprehensive, step-by-step walkthrough on how to create a serverless solution using AWS Lambda and Amazon EventBridge to automatically start and stop one or more EC2 instances. This is a powerful way to reduce cloud costs by ensuring your non-production instances only run when needed.

1. ⚙️ Initial Setup: Networking and EC2 Instance

Before deploying the automation, we need a target EC2 instance and a foundational network.

A. VPC and Subnet Configuration

1. VPC: Ensure you have a Virtual Private Cloud (VPC) set up (you can use the default or a custom one).
2. Subnet Creation:

• Navigate to VPC > Subnets.
• Create a new subnet.
• Subnet Name: Test-Public-Subnet
• IPv4 Subnet CIDR Block: 10.1.1.0/24

1. Route Table Association:

Create a 2nd Route Table (or use an existing public one).

• Ensure the new subnet (Test-Public-Subnet) is explicitly associated with this Route Table, which should have a route to the internet via an Internet Gateway.

B. Launching the Target EC2 Instance

1. Launch a new EC2 instance.
2. In the Network Settings, choose the VPC and the new subnet: Test-Public-Subnet.
3. Key Pair: Select “Proceed without a key pair” for simplicity, as we will not be SSH-ing into it for this project.
4. Launch the instance and note its Instance ID (e.g., i-07f408988e04154a1). This ID is crucial for the Lambda function.

🛡️ Creating the IAM Role (Permissions)

The AWS Lambda function needs permission to interact with your EC2 instances. We will create a specific IAM Policy and Role for this purpose.

Create RoleB. Create the IAM Role for Lambda

1. Go to IAM > Roles and click Create role.
2. Trusted Entity Type: Select AWS service.
3. Use Case: Select Lambda.
4. Permissions:

• Search for and select your newly created policy: EC2_StartStop_Policy.
• If you previously added the default AmazonEC2FullAccess policy, remove it.

1. Name the Role (e.g., Lambda_Ec2_Start_Stop_Role).

Now Create Policy

Choose JSON

{
“Version”: “2012–10–17”,
“Statement”: [
{
“Action”: [
“ec2:StartInstances”,
“ec2:StopInstances”,
“ec2:DescribeInstances”
],
“Effect”: “Allow”,
“Resource”: “*”
}
]
}

click to -> Lambda_Ec2_Start_Stop -> click Attach policies -> Select Ec2_Lambda

add permissions

Goto Lambda

. ☁️ Deploying the AWS Lambda Function

Now we write the Python code that will do the heavy lifting. We will start with a function for a single instance and then improve it for multiple instances.

Create Function

import boto3

def lambda_handler(event, context):

ec2 = boto3.client(‘ec2’, region_name=’ap-south-1') # change to your region

instance_id = ‘i-07f408988e04154a1’ # ← replace with your actual ID

action = event.get(‘action’, ‘’).lower()

if action == ‘start’:

response = ec2.start_instances(InstanceIds=[instance_id])

print(f”Starting instance: {instance_id}”)

return {“status”: “starting”, “instance”: instance_id}

elif action == ‘stop’:

response = ec2.stop_instances(InstanceIds=[instance_id])

print(f”Stopping instance: {instance_id}”)

return {“status”: “stopping”, “instance”: instance_id}

else:

print(“Invalid action! Use ‘start’ or ‘stop’”)

return {“status”: “error”, “message”: “Invalid action! Use ‘start’ or ‘stop’”}

Put this code in lambda_function.py

click on -> deploy

increase the time out to 30sec

we want to start and stop with Ec2 Instance ID

Now we Test Our code so click on Test->Create New Test Event

put Ec2 Instance -> Instance id in our code -> Line NO 5

click -> deploy

click -> Test

now want to control multiple EC2 instances with a single Lambda function, let’s extend your code to handle a list of instance IDs instead of just one.

import boto3

def lambda_handler(event, context):

# Initialize EC2 client

ec2 = boto3.client(‘ec2’, region_name=’ap-south-1') # Change to your region

# List of instance IDs you want to manage

instance_ids = event.get(‘instance_ids’, [])

# Get action from event input

action = event.get(‘action’, ‘’).lower()

if action == ‘start’:

response = ec2.start_instances(InstanceIds=instance_ids)

print(f”Starting instances: {instance_ids}”)

return {“status”: “starting”, “instances”: instance_ids}

elif action == ‘stop’:

response = ec2.stop_instances(InstanceIds=instance_ids)

print(f”Stopping instances: {instance_ids}”)

return {“status”: “stopping”, “instances”: instance_ids}

else:

print(“Invalid action! Use ‘start’ or ‘stop’”)

return {“status”: “error”, “message”: “Invalid action! Use ‘start’ or ‘stop’”}

{

create new Test Event

“action”: “start”,

“instance_ids”: [“i-07f408988e04154a1”, “i-093c83c1dced25e92”]

}

⏰ Creating the Scheduler (Amazon EventBridge)

To run this function automatically on a schedule (e.g., stopping instances at 7 PM and starting them at 7 AM), we use EventBridge (formerly CloudWatch Events).

1. Go to Amazon EventBridge > Rules/Schedules.
2. Click Create schedule.
3. Schedule Name: Daily_EC2_Stop
4. Schedule Pattern: Select Recurring schedule.
5. Schedule Type: Choose Cron-based schedule for precise timing.

• Example Cron (Stopping at 7:00 PM UTC/IST): 0 19 ? * * *
• Example Cron (Starting at 7:00 AM UTC/IST): 0 7 ? * * *
• Crucial: Cron expressions are in UTC. Adjust the hour accordingly for your local time zone.

1. Target: Select AWS Lambda API as the target.
2. Function: Select your EC2_Manager Lambda function.
3. Configure Input: Select Constant (JSON text) and paste the JSON input for the action (e.g., for stopping):
4. JSON

• { "action": "stop", "instance_ids": ["i-07f408988e04154a1", "i-093c83c1dced25e92"] }

1. Click Next and Create Schedule.

Repeat the process for the Daily_EC2_Start schedule, changing the Cron expression and the "action" in the JSON input to "start".

✅ Conclusion

You have successfully created a robust, serverless solution that uses AWS Lambda and Amazon EventBridge to manage your EC2 instances on a schedule. This is a fundamental and highly effective cloud cost-optimization technique!

🤝 Follow My Work

If you found this tutorial helpful and want to see more cloud automation projects, please consider following me on LinkedIn!

PlatformLink/Action🔗 LinkedInFollow Me on LinkedIn!