Created
September 12, 2020 19:22
-
-
Save chrisdodds/123abc5cffee2b72b2d3f0356c58c8f6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWSTemplateFormatVersion: "2010-09-09" | |
| Description: Subnet IP Monitor | |
| Parameters: | |
| Name: | |
| Type: String | |
| Default: "Subnet-IP-Monitor" | |
| Tag: | |
| Type: String | |
| Description: Subnet Tag to filter | |
| Resources: | |
| Role: | |
| Type: AWS::IAM::Role | |
| Properties: | |
| RoleName: !Ref Name | |
| AssumeRolePolicyDocument: | |
| Version: "2012-10-17" | |
| Statement: | |
| - | |
| Effect: "Allow" | |
| Action: "sts:AssumeRole" | |
| Principal: | |
| Service: "lambda.amazonaws.com" | |
| Function: | |
| Type: AWS::Lambda::Function | |
| Properties: | |
| FunctionName: !Ref Name | |
| Role: !GetAtt Role.Arn | |
| Timeout: 60 | |
| Environment: | |
| Variables: | |
| TAG_KEY: !Ref Tag | |
| Runtime: "python3.7" | |
| Handler: "index.lambda_handler" | |
| Code: | |
| ZipFile: | | |
| import boto3 | |
| import sys | |
| import os | |
| def lambda_handler(event, context): | |
| tag_key = os.environ['TAG_KEY'] | |
| ec2 = boto3.client('ec2') | |
| cloudwatch = boto3.client('cloudwatch') | |
| filters = [ | |
| { | |
| 'Name': 'tag-key', | |
| 'Values': [tag_key] | |
| } | |
| ] | |
| resp = ec2.describe_subnets(Filters=filters) | |
| subnets = resp['Subnets'] | |
| for subnet in subnets: | |
| cloudwatch.put_metric_data( | |
| Namespace='Subnets', | |
| MetricData=[ | |
| { | |
| 'MetricName': 'AvailableIpAddresses', | |
| 'Value': subnet['AvailableIpAddressCount'], | |
| 'Dimensions': [ | |
| { | |
| 'Name': 'SubnetId', | |
| 'Value': subnet['SubnetId'], | |
| }, | |
| { | |
| 'Name': 'VpcId', | |
| 'Value': subnet['VpcId'], | |
| }, | |
| { | |
| 'Name': 'AvailabilityZone', | |
| 'Value': subnet['AvailabilityZone'] | |
| }, | |
| { | |
| 'Name': 'Cluster', | |
| 'Value': tag_key | |
| }, | |
| ] | |
| } | |
| ] | |
| ) | |
| LogGroup: | |
| Type: AWS::Logs::LogGroup | |
| Properties: | |
| RetentionInDays: 3 | |
| LogGroupName: !Join [ "", [ "/aws/lambda/", !Ref Name ] ] | |
| RoleCloudWatchLog: | |
| Type: AWS::IAM::Policy | |
| Properties: | |
| PolicyName: !Join [ "", [ !Ref Name, "-cloudwatch-log" ] ] | |
| PolicyDocument: | |
| Version: "2012-10-17" | |
| Statement: | |
| - | |
| Effect: "Allow" | |
| Action: "logs:CreateLogGroup" | |
| Resource: !Join [ "", [ "arn:aws:logs:", !Ref "AWS::Region", ":", !Ref "AWS::AccountId", ":log-group:", !Ref LogGroup ] ] | |
| - | |
| Effect: "Allow" | |
| Action: | |
| - "logs:CreateLogStream" | |
| - "logs:PutLogEvents" | |
| Resource: !GetAtt LogGroup.Arn | |
| Roles: | |
| - !Ref Role | |
| RoleEc2: | |
| Type: AWS::IAM::Policy | |
| Properties: | |
| PolicyName: !Join [ "", [ !Ref Name, "-ec2" ] ] | |
| PolicyDocument: | |
| Version: "2012-10-17" | |
| Statement: | |
| - | |
| Effect: "Allow" | |
| Action: | |
| - "ec2:DescribeRegions" | |
| - "ec2:DescribeSubnets" | |
| Resource: "*" | |
| Roles: | |
| - !Ref Role | |
| RoleCloudWatchMetric: | |
| Type: AWS::IAM::Policy | |
| Properties: | |
| PolicyName: !Join [ "", [ !Ref Name, "-cloudwatch-metric" ] ] | |
| PolicyDocument: | |
| Version: "2012-10-17" | |
| Statement: | |
| - | |
| Effect: "Allow" | |
| Action: "cloudwatch:PutMetricData" | |
| Resource: "*" | |
| Roles: | |
| - !Ref Role | |
| Event: | |
| Type: AWS::Events::Rule | |
| Properties: | |
| Name: !Ref Name | |
| ScheduleExpression: "rate(5 minutes)" | |
| Targets: | |
| - | |
| Id: "Target-1" | |
| Arn: !GetAtt Function.Arn | |
| EventPermission: | |
| Type: AWS::Lambda::Permission | |
| Properties: | |
| Principal: "events.amazonaws.com" | |
| Action: "lambda:InvokeFunction" | |
| FunctionName: !Ref Function | |
| SourceArn: !GetAtt Event.Arn |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment