We have the previous blogs published to create AMI’s with EC2 tags and ELB tags in the specific region.
The AMI’s copied across the different region helps in the scenarios like Disaster Recovery (DR) setup and also to quickly recover in case failure of EC2 service in the entire region which is in rare case.
You can read more about AMI copy from a blog, published by a Jeff Barr here. Some of the important key scenarios are highlighted:
Few important key points necessary to keep in mind in order to understand this blog:
In this blog-post, by keeping above points in mind, let us take you through the steps involved in automating the copying of AMI to a different region and tag those with the retention date and clean up them based on the retention expiration date (if needed) using AWS Lambda.
The process generally comprises the following steps:
This step is similar to the previous blog, you can refer here.
Now that assume we have created a role and a policy from the previous step, we will have to create the first function that allows us to copy the AMI from the one region to another.
Here’s how the AMI backup script works:
So here’s how you can create your first function. Login to your AWS Management console, Go to Services, and click on Lambda under Compute.
While creating lambda function, make sure to choose the IAM role created earlier (lamda-ec2-ami-role) and have specified sufficient memory and timeout configurations.
This script copies all the AMI’s are being created for that day which does incur charge for the AMI storage. The script can be further customized to copy only the required AMI’s by matching the substring pattern or on the requirement basis.
Having successfully copied the AMI using the previous function, we need to now delete it when not needed anymore/ to avoid keeping the same set of AMI for the long duration. Here’s how the Copied AMI cleanup script works:
Using the same steps as before, create the function (LambdaCleanupCopiedAMI) and refer this sample code.
So, you have 2 working functions that will copy AMI and cleanup those when "DeleteOnCopy" specifies. And now, it’s time to automate using the Event sources feature from Lambda.
This step is similar to the previous blog, you can refer here. The only difference is the scheduling the trigger date-time as below.
We need to run at least once a day both. For doing that, we need to:
Note that the schedule time is shown is in UTC format – something like this:
- Lambda AMI Copy Function scheduled to run at 22:30 UTC or 04.00AM IST and Lambda AMI
- Lambda Copied AMI Cleanup Function scheduled to run at 24:30 UTC or 05.00AM IST every day.
That’s it! We’ve successfully used AWS Lambda to automate AMI copy and cleanups across the regions. We will discuss “How to automate, update copied AMI in the DR launch configuration with the Auto-Scaling group using AWS lambda” in the upcoming blog. Stay tuned….
If you still face any challenge, drop a comment below and we would be more than happy to assist you further.
This blog has been written by Nagarjuna D. N.
Nagarjuna D N is an AWS SysOps Certified, with 3+ years of experience in IT Infrastructure, currently working as a DevOps Engineer at BluePi.
Key areas of interest include Cloud Computing, Databases, Open Source Technologies, Infrastructure-as-a-Code, Data Center Migrations and Server Automation.