Periodically start / stop Sakura's cloud server with AWS Lambda + CloudWatch Events

Overview

We sometimes create a server on Sakura's cloud for verification purposes, but it is troublesome to start and stop it manually every day. It would be nice if it starts automatically every morning at the beginning of work and stops after the end of work. I searched for such a service (timer in Nifkura), but I couldn't find it. Sakura's service is cheap, so I think it's enough to have one VPS for regular processing execution, but I still want to make it serverless. So, let's implement it with Lambda + CloudWatch Events using AWS! I thought. (I think you can do it with Cloud Functions + Cloud Scheduler with GCP or Azure Functions + TimerTrigger with Azure, but I haven't tried it.)

script

I would like to write the script in Python. When I looked it up, a library called saklient was introduced in here. When I checked it, it worked, so I will use it. There is a description of Beta, and it seems that it has not been updated for several years, so is that annoying? I would like to notify Slack of the execution result with an Incoming Webhook.

Whole code

Enabled to deploy in bulk with Terraform. It is published below.

https://github.com/shztki/lambda-sakuracloud-startstop

The usage is described in the README. This time, information such as the access key will be entered in the environment variable of Lambda, so I want to encrypt it anyway. However, even if you pass kms_key_arn to ʻaws_lambda_function, the value of variables in ʻenvironment will not be encrypted. Normally, after deploying, "Environment variables on the client side" in here You must go to the AWS console and manually select "Enable helpers for encryption in transit" to "encrypt" as described in "To encrypt." This is very dangerous if you forget it, and it can be seen by someone before you manually encrypt it. Anyway, when the deployment is completed, I want the environment variable to be in the encrypted value ... This is a painstaking measure, but this time I prepared a shell script called kms.sh and passed it encrypted with the AWS CLI to variables.

data "external" "slack_webhook_url" {
  program = ["bash", "kms.sh"]

  query = {
    key_id    = module.kms_key.key_arn
    plaintext = var.slack_webhook_url
  }
}
#!/bin/bash

set -e

eval "$(jq -r '@sh "KEY_ID=\(.key_id) PLAINTEXT=\(.plaintext)"')"

result=$(aws kms encrypt --key-id $KEY_ID --plaintext $PLAINTEXT --query CiphertextBlob --output text)

jq -n --arg result "$result" '{"result":$result}'

image

The following is posted daily to Slack:

slack01.png

from now on

I wonder if I should add a process that excludes holidays ... what should I do?

Finally

I'm wondering if AWS will operate Sakura's cloud, but please forgive me because it's a multi-cloud era. I think the monthly cost will be cheaper than one VPS (although the exact location is unknown). Have a nice cloud life of Sakura!

Recommended Posts

Periodically start / stop Sakura's cloud server with AWS Lambda + CloudWatch Events
Try automating Start / Stop for EC2 instances with AWS Lambda
Stop EC2 for specified time + start with Lambda (python)
Manage your Amazon CloudWatch loggroup retention with AWS Lambda
Achieve automatic shutdown of EC2 instances with Lambda + CloudWatch Events
AWS Lambda with PyTorch [Lambda import]
Set CloudWatch Events in AWS Lambda function (WebAPI) deployed via zappa
[AWS] Create API with API Gateway + Lambda
Using Lambda with AWS Amplify with Go
Notify HipChat with AWS Lambda (Python)
Easy server monitoring with AWS Lambda (Python) and result notification in Slack