Automatically Stopping EC2s with Lambda

An Advanced Approach using Python Boto3 Script to Stop EC2s on a Schedule with a Lambda Function

Published in

Women in Technology

6 min readMay 24, 2023

Welcome back! I am so glad you are here. In this article we will continue to discuss how to stop EC2s with Python by using a few more of AWS Services: Lambda & EventBridge.

A little background //

Lambda is an AWS serverless compute service which allows developers to run code without provisioning or managing servers. Lambda is the perfect compute service for application scenarios that need to scale up rapidly, or scale down to zero when not in demand.

EventBridge can be used to trigger Lambda functions. You can create a custom schedule or pattern. EventBridge makes it easier to automate based on the needs of your development teams. It’s the best way to ensure EC2s aren’t forgotten about.

Our objective is based off of a real life scenario I referred to in my previous article https://medium.com/womenintechnology/stopping-ec2s-with-python-boto3-3b1ac511fd6d:

A DevOps engineering team often uses a development lab to test releases of their application. Management is concerned about the rising costs of the development lab and would like to save money by stopping (for this example) three EC2 instances after all the engineers are clocked out. We want to ensure that only Development instances are stopped to make sure nothing in Production is accidentally stopped.

We successfully learned we could stop EC2s using a Python Boto3 Script. However, it would mean someone would need to be there to run the script. Wouldn’t it be nice to create a rule and feel confident that you left work early and your team will save money? In today’s working environment, we are all looking to find balance and everyone loves when the budget is managed. Let’s see if we can create a script inside Lambda to help.

Objective //

Create Python Boto3 script inside Lambda Function to create a schedule to stop Development EC2s at a set time. An example would be 7pm.

To follow along with this project you will need //

Access to AWS
An Configured AWS Cloud9 with Boto3
An Optional GitHub Account
Attention to Details

Creating EC2’s //

Working in AWS Cloud9, on a new branch, let’s open up our WK14_Create_Instance.py script and run it to create 3 EC2s. When we created our EC2 previously, we manually edited our EC2’s Keys & Tags. Today, we are updating our script to include our ‘Tags’ when we run our script.

    KeyName= 'COMPLEXWK14',
    TagSpecifications=[
            {
                'ResourceType': 'instance',
                'Tags': [{'Key': 'Name','Value': 'Linux Server'},
                {'Key': 'Env','Value': 'Dev'}]
                          },
                      ],
                      )

We can open up one of our newly created EC2s and verify that in fact our Key is set to Env and our Value is set to Dev.

Updated WK14_Create_Instance_Quick.py:

import boto3

ec2 = boto3.resource ('ec2')

instance = ec2.create_instances(
    ImageId = 'ami-0889a44b331db0194',
    MinCount = 3,
    MaxCount = 3, 
    InstanceType = 't2.micro',
#ADD IN PAIRKEY NAME & TAG SPECIFICATIONS    
    KeyName= 'COMPLEXWK14',
    TagSpecifications=[
            {
                'ResourceType': 'instance',
                'Tags': [{'Key': 'Name','Value': 'Linux Server'},
                {'Key': 'Env','Value': 'Dev'}]
                          },
                      ],
                      )
print(instance)

Creating IAM Policy //

Before we can have Lambda trigger our automatic stop to our Dev EC2s, we need to create an IAM Policy. In the AWS Search Bar, type IAM and follow the steps below to create the policy that will allow Lambda to preform our desired EC2 Event. Under IAM, select Policies from left-hand menu.

Step 1 Specify Permissions:

Add JSON Script to the Policy editor

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": "arn:aws:logs:*:*:*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ec2:Start*",
                "ec2:Stop*",
                "ec2:Describe*"
            ],
            "Resource": "*"
        }
    ]
}

Step 2 Review and Create:

Name your Policy Lambda-Stop-EC2
Select Create policy

Creating a New Role//

From the left-hand menu in IAM, choose Roles
Select Create role

Leave on AWS service
Select Lambda
Select Next

Add our Customer Managed Role we created
Select Next at the bottom to continue

Enter Role Name Lambda-Stop-EC2

Add Key: Env & Value: Dev
Select Create Role

Creating Lambda Function To Stop EC2 Instances//

This is where we will be creating our Lambda function to stop the EC2s we generated from Cloud9.

Navigate to Lambda in you AWS console
Select Create Function
Author: from scratch
Name Function: Lambda-Stop-EC2
Runtime to Python 3.7 or higher
Change default execution role to use an existing role; select the one created (In this case it is Lambda-Stop-EC2)
Select Create Function

After a successful creation, you will be able to edit the Code Source. Enter the script below and then Deploy to save. Here we pulled from our original script but created a new script by using a defined lambda_handler.

import json
import boto3

ec2 = boto3.resource('ec2', region_name='us-east-1')

def lambda_handler(event, context):
    instances = ec2.instances.filter(Filters=[{'Name': 'instance-state-name', 'Values': ['running']},{'Name': 'tag:Env','Values':['Dev']}])
    for instance in instances:
        id=instance.id
        ec2.instances.filter(InstanceIds=[id]).stop()
        print("Instance ID is stopped"+instance.id)

    return "success"