Skip to content
This repository has been archived by the owner on Aug 22, 2023. It is now read-only.
/ aws-redhat-unsubscription-lambda Public archive

This is an AWS lambda function that will automatically unsubscribe EC2 instances running on RHEL once they are being terminated.

License

Apache-2.0 license
3 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

dbsystel/aws-redhat-unsubscription-lambda

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
cdk
cdk
 
 
lambda
lambda
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

aws-redhat-unsubscription-lambda

This is an AWS Lambda function that will automatically unsubscribe EC2 instances running RHEL once they are being terminated.

For now, you can use this function if you manually create a CloudWatch event rule and an IAM role as described in the requirements. In the future, there will be a full CDK app that you can use to automatically deploy the Lambda function with the CloudWatch event rule and the IAM role. Once the CDK app exists, the only manual task will be to add the RedHat credentials to SSM.

Requirements

  • Your RedHat credentials need to be stored in SSM as follows:
    • The username has to be a String named redhat-subscription-username.
    • The password has to be a SecureString named redhat-subscription-password.
  • A CloudWatch event rule with the following event pattern is necessary: 
    {
  "detail-type": [
    "EC2 Instance State-change Notification"
  ],
  "source": [
    "aws.ec2"
  ],
  "detail": {
    "state": [
      "terminated"
    ]
  }
}
  • An IAM role that has the AWSLambdaBasicExecutionRole policy and an inline policy with permissions similar to the following example: 
    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": "logs:*",
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": "ec2:DescribeTags",
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "ssm:Describe*",
                "ssm:Get*",
                "ssm:List*"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}
    Please adapt the permissions according to your individal AWS account structure - for example, if you want the Lambda to only operate on a certain CloudFormation stack or a certain SSM scope!
  • The instances to be handled by the Lambda are tagged with the subscription UUID in the tag RedHatRegistrationUuid.

Setup

  • Create the CloudWatch event rule and the IAM role as described in the requirements.
  • Create the Lambda function in whichever way you want to do it - for example, you can zip the files of the subfolder lambda and use that zip file.
  • Associate the Lambda function with the previously created IAM role.
  • Link the previously created CloudWatch event rule as the Lambda function's trigger.
  • Now every EC2 instance tagged with RedHatRegistrationUuid should be handle by the Lambda.

Troubleshooting

  • The Lambda function logs to CloudWatch, so you can read the logs there.
  • Feel free to add more output to the Lambda function in your account - for example, if you want to output the full event that was received you can add print(json.dumps(event)) to the beginning of the function.

About

This is an AWS lambda function that will automatically unsubscribe EC2 instances running on RHEL once they are being terminated.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

3 stars

Watchers

13 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages