This is an open-source tagging solution for AWS. Deploy autotag to lambda and set up CloudTrail and have each of your resources tagged with the resource who created it. It was written by GorillaStack.
- Turn on CloudTrail.
- Create a new Amazon S3 bucket for storing your log files, or specify an existing bucket where you want the log files delivered.
- (Optional and NOT REQUIRED for Autotag) Create a new Amazon SNS topic in order to receive notifications when new log files are delivered.
More documentation on creating a Trail
- Within lambda, press the 'Create a Lambda Function' button
- Press the 'Skip' button to bypass the suggested blueprints
- Enter the lambda function name (e.g. 'autotag')
- Select 'Node.js' as the Runtime
- Upload the latest release's zip file
- Under 'Handler' add 'autotag.handler'
For the complete role's policy, scroll down for the master policy. Read on for finer details on the access permissions required below.
If you install your lambda function and don't plan on tagging resources, at very least you will need these permissions:
- Permissions to save logs for your lambda execution.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:*"
}
]
}- Permissions to retrieve zipped CloudTrail log items from S3.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1442379848000",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"*"
]
}
]
}Actions to allow for all resources:
- S3:
s3:GetBucketTaggings3:PutBucketTagging - EC2:
ec2:CreateTags - ELB:
elasticloadbalancing:AddTags - AutoScaling:
autoscaling:CreateOrUpdateTags - EBS:
ec2:CreateTags(Same as EC2) - VPC:
ec2:CreateTags(Same as EC2) - Subnet:
ec2:CreateTags(Same as EC2) - InternetGateway:
ec2:CreateTags(Same as EC2) - RDS:
rds:AddTagsToResource - EMR:
elasticmapreduce:AddTags - DataPipeline:
datapipeline:AddTags
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:*"
},
{
"Sid": "Stmt1442379848000",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucket",
"s3:GetBucketTagging",
"s3:PutBucketTagging",
"ec2:CreateTags",
"elasticloadbalancing:AddTags",
"autoscaling:CreateOrUpdateTags",
"rds:AddTagsToResource",
"elasticmapreduce:AddTags",
"datapipeline:AddTags"
],
"Resource": [
"*"
]
}
]
}If you have questions, feature requests or bugs to report, please do so on the github repository.
If you are interested in contributing, please get started by forking our github repository and submit pull-requests.
Autotag is implemented in Javascript (ECMAScript 2015 - a.k.a. es6). To make this compatible with lambda and other es5 environments, we use babel to transpile the es6 code to es5. For this reason, you will need to install babel globally to get started:
$ npm install -g babelTo setup babel to listen to the src/ directory and transpile the code to es5, run:
$ babel -d lib --watch src To assist you in packaging and deploying your code to your lambda function, I have provided a script deploy_lambda_code.sh. For this to run, you need the AWS CLI installed and an AWS profile available with sufficient access to deploy code. Edit the script to provide your aws account id, lambda function name and location of the zipfile on your filesystem.
$ bash deploy_lambda_code.shTo assist with running during development without having to deploy to lambda, use the main.js and sample_data.js files we have provided.
$ bash sample_data.sh