Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lambda Function not detecting EC2 Instances #114

Closed
ASmink opened this issue May 17, 2016 · 3 comments
Closed

Lambda Function not detecting EC2 Instances #114

ASmink opened this issue May 17, 2016 · 3 comments
Assignees
@kapilt
Milestone
2016-05-28

Comments

@ASmink
Copy link

ASmink commented May 17, 2016

Hi

I have created a simple policy that creates a lambda function that runs every 5 minutes to shut down any EC2 Instances with no Owner tag.

The Policy passes validation and when I do a dryrun it logs that I have 11 Instances of which 3 of them does not have an Owner tag but when I do the official run it creates the lambda function and the function runs every 5 minutes as it should but it is logging that there are 0 EC2 Instances.

Policy:

policies:
  - name: ec2-tag-compliance-test
    resource: ec2
    mode:
      type: periodic
      events:
      - running
      schedule: "rate(5 minutes)"
    comment: |
       Stop instances that do not follow tagging policy
    filters:
      - tag:Owner: absent
    actions:
      - stop

Dry Run and Log:
custodian run --dryrun -c policies/policy_stop_ec2_with_no_owner.yml --region eu-west-1 -s out

2016-05-17 07:46:52,591: custodian.output:INFO Storing output with <DirectoryOutput to dir:out/ec2-tag-compliance-test>
2016-05-17 07:46:52,591: custodian.policy:INFO Running policy ec2-tag-compliance-test
2016-05-17 07:46:52,592: c7n.cache:INFO Using cache file /home/ec2-user/.cache/cloud-custodian.cache
2016-05-17 07:46:52,592: custodian.resources.ec2:INFO Querying ec2 instances with []
2016-05-17 07:46:52,943: custodian.resources.ec2:INFO Filtered from 11 to 3 ec2
2016-05-17 07:46:52,944: custodian.policy:INFO policy: ec2-tag-compliance-test resource:ec2 has count:3 time:0.35

Run and Log:
custodian run -c policies/policy_stop_ec2_with_no_owner.yml --region eu-west-1 --assume "<ROLE>" -s out

2016-05-17 07:47:07,098: custodian.output:INFO Storing output with <DirectoryOutput to dir:out/ec2-tag-compliance-test>
2016-05-17 07:47:07,098: custodian.policy:INFO Provisioning policy lambda ec2-tag-compliance-test
2016-05-17 07:47:07,601: custodian.lambda:INFO Publishing custodian policy lambda function custodian-ec2-tag-compliance-test

Lambda Log:

[INFO]  2016-05-17T07:52:39.765Z    Running policy ec2-tag-compliance-test 
[INFO]  2016-05-17T07:52:39.765Z    Querying ec2 instances with [] 
[DEBUG] 2016-05-17T07:52:40.800Z    Found 0 instances on 0 reservations 
[INFO]  2016-05-17T07:52:40.801Z    Filtered from 0 to 0 ec2 
[INFO]  2016-05-17T07:52:40.802Z    policy: ec2-tag-compliance-test resource:ec2 has count:0 time:1.04 
[DEBUG] 2016-05-17T07:52:40.802Z    metric:ResourceCount Count:0 policy:ec2-tag-compliance-test restype:ec2 scope:policy

The role I give to the lambda function has full access to lambda and ec2.
@kapilt kapilt added this to the 2016-05-28 milestone May 17, 2016
@kapilt kapilt added the bug label May 17, 2016
@kapilt kapilt self-assigned this May 17, 2016
@kapilt
Copy link
Collaborator

kapilt commented May 17, 2016

Thanks for the bug report. It looks like our lambda configs have a region hard-code.

@kapilt
Copy link
Collaborator

kapilt commented May 17, 2016

fix for this will be in my next pull request

@kapilt
Copy link
Collaborator

kapilt commented May 17, 2016

fixed in #115, will be in next release.

@kapilt kapilt closed this as completed May 17, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kapilt kapilt

Labels
None yet
Projects
None yet
Milestone
2016-05-28
Development

No branches or pull requests
2 participants
@kapilt @ASmink