AWS - AutoTag Snapshot's from Cloudwatch

Autotag Role

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "cloudtrail:LookupEvents",
                "ec2:CreateTags",
                "ec2:Describe*",
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": [
                "*"
            ],
            "Effect": "Allow",
            "Sid": "CloudWatchCreateSnapshotRole"
        }
    ]
}

Cloudwatch Event Rule

{
  "source": [
    "aws.ec2"
  ],
  "detail-type": [
    "EBS Snapshot Notification"
  ],
  "detail": {
    "event": [
      "createSnapshot"
    ],
    "result": [
      "succeeded"
    ]
  }
}

Lambda Function

import boto3
import json


def lambda_handler(event, context):
    # Get volumeid and snapid from json
    print(event)
    volume_id = str(json.dumps(event['detail']['source']))
    volume_id = volume_id.split('/')[1]
    volume_id = volume_id.replace('"', '')
    snapshot_id = str(json.dumps(event['detail']['snapshot_id']))
    snapshot_id = snapshot_id.split('/')[1]
    snapshot_id = snapshot_id.replace('"', '')
    # Get Tags from VolumeID
    ec2 = boto3.resource('ec2')
    volume = ec2.Volume(volume_id)
    tags = volume.tags
    print(snapshot_id)
    print(tags)
    # apply tags to snapshot
    response = ec2.create_tags(
        Resources=[
            snapshot_id,
        ],
        Tags=tags
    )