-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathautoComputeOptimizer-template.yml
More file actions
269 lines (260 loc) · 9.26 KB
/
autoComputeOptimizer-template.yml
File metadata and controls
269 lines (260 loc) · 9.26 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
# igarcia 2024-05
# Version 2.3.1
# Automation for Compute Optimizer Recommendations
# Create a Scheduled Lambda with CloudWatch Event to implements Compute Optimizer Recommendations changes on EC2 Instances
# Resources to create: Lambda, CloudWatch Event, IAM Role, SNS Topic
# The AWS Account should be already signed up to AWS Compute Optimizer
# IMPORTANT: The EC2 instances that you want to affect should endure a restart!
# You can Schedule when will the restart occur
# UPDATE
# Now you can override the behaviour per instance with TAGBUSQUEDA's values of ACOO-OVER, ACOO-UNDER, ACOO-BOTH
# Now You can specify exceptions of family, size, or type
AWSTemplateFormatVersion: 2010-09-09
Description: Template to automate the Compute Optimizer Recommendatios changes - v2.3.1
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
-
Label:
default: "Stack Environment"
Parameters:
- TemplateAmbiente
-
Label:
default: "Compute Optimizer Auto-Changes Setup"
Parameters:
- pType
- pExceptions
- pRisk
- pDia
- pHora
- pTagBusqueda
- pTagValor
- pCorreo
ParameterLabels: #Define Friendly Names
TemplateAmbiente:
default: "Value for CloudFormation Resources Env Tag"
pDia:
default: "Day of the week for Maintenance Window (restart)"
pHora:
default: "Time for the Restart in UTC"
pType:
default: "Default Type of Recommendations"
pExceptions:
default: "EC2 Instance type Exceptions"
pRisk:
default: "Tolerable Risk"
pTagBusqueda:
default: "Selection Tag Key, sets the Tag used to identified Instances for Automation of Compute Optimizer"
pTagValor:
default: "Selection Tag Value, sets the Value of the Tag to identified instances"
pCorreo:
default: "E-Mail Address to receive Notifications about changes applied. Leave default value for NO Notifications."
Parameters:
TemplateAmbiente:
Type: String
Description: "Tag Env to set on CloudFormation resources"
Default: Test
MaxLength: 10
MinLength: 2
ConstraintDescription: "Set a simple Tag between 2 and 10 characters long"
pDia:
Type: String
Description: "Day of the week to apply the Recommendation"
Default: "Mon"
AllowedValues: ["Mon","Tue","Wed","Thu","Fri","Sat","Sun"]
pHora:
Type: String
Description: "At what time, in 24 hours UTC time format ##:##, the Change will be applied"
Default: "6:01"
AllowedPattern: "^[0-2]?[0-9]:[0-5][0-9]$"
ConstraintDescription: "Please set a time between 0:00 a 23:59"
pRisk:
Type: Number
Description: "Set the tolerable Risk of the recommendation, 0 No Risk - 5 Very high, Default 2 (Low)"
Default: 2
MaxValue: 5
MinValue: 0
ConstraintDescription: "Please set a value between 0 and 5"
pType:
Type: String
Description: "Default Recommendations to apply, Underprovisioned and/or Overprovisioned"
Default: "Underprovisioned"
AllowedValues: ["Underprovisioned","Overprovisioned","Both"]
ConstraintDescription: "Set the recommendations to apply, you must choose at least one type."
pExceptions:
Type: String
Description: "EC2 Instance Type Exceptions, a list of types, families or sizes. Ex: t2.micro, t3, small"
Default: "nano"
pTagBusqueda:
Type: String
Description: "Tag Key that identify EC2 Instances for automation of Compute Optimizer"
Default: Optimized
MaxLength: 20
MinLength: 1
ConstraintDescription: "Set a simple Tag between 2 and 20 characters long"
pTagValor:
Type: String
Description: "Tag Value to identify EC2 Instances"
Default: Auto
MaxLength: 20
MinLength: 1
ConstraintDescription: "Please set a simple value without spaces"
pCorreo:
Type: String
Description: "E-mail address for Notifications"
Default: "not@notify.me"
MaxLength: 50
MinLength: 5
ConstraintDescription: "Please write a valid e-mail address."
Resources:
TemplateSNS:
Type: AWS::SNS::Topic
Properties:
DisplayName: !Join [ "-", [ "AutoComputeOptimizerTopic", !Ref TemplateAmbiente ] ]
TopicName: !Join [ "-", [ "AutoComputeOptimizerTopic", !Ref TemplateAmbiente ] ]
Subscription:
-
Endpoint: !Ref pCorreo
Protocol: email
Tags:
- Key: Env
Value: !Ref TemplateAmbiente
TemplateRole: #Role for Lambda
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Principal:
Service:
- "lambda.amazonaws.com"
Action:
- "sts:AssumeRole"
Description: Role to execute autoComputeOptimizer
Policies:
-
PolicyName: !Join [ "-", [ "PolicyLambdaExec", !Ref TemplateAmbiente ] ]
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action:
- "logs:CreateLogGroup"
- "logs:CreateLogStream"
- "logs:PutLogEvents"
Resource: "*"
-
PolicyName: !Join [ "-", [ "PolicyLambdaEC2", !Ref TemplateAmbiente ] ]
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action: "ec2:*"
Resource: "*"
-
PolicyName: !Join [ "-", [ "PolicyLambdaComputeOptimizer", !Ref TemplateAmbiente ] ]
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action:
- "compute-optimizer:*"
Resource: "*"
-
PolicyName: !Join [ "-", [ "PolicyLambdaSNS", !Ref TemplateAmbiente ] ]
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action:
- "sns:*"
Resource: !Ref TemplateSNS
-
PolicyName: !Join [ "-", [ "PolicyLambdaKMS", !Ref TemplateAmbiente ] ]
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action:
- "kms:Encrypt"
- "kms:Decrypt"
- "kms:ReEncrypt*"
- "kms:GenerateDataKey*"
- "kms:DescribeKey"
- "kms:CreateGrant"
- "kms:ListGrants"
- "kms:RevokeGrant"
Resource: "*"
RoleName: !Join [ "-", [ "RoleforAutoComputeOptimizer", !Ref TemplateAmbiente ] ]
Tags:
- Key: Env
Value: !Ref TemplateAmbiente
TemplateLambda: #Lambda to implement Recommendations
Type: AWS::Lambda::Function
Properties:
Code:
S3Bucket: !Join [ "-", [ "higher-artifacts", !Ref "AWS::Region" ] ]
S3Key: "solutions/autocomputeoptimizer.zip"
Description: Implements the recommendations of AWS Compute Optimizer by automation
Environment:
Variables:
AMBIENTE: !Ref TemplateAmbiente
RISK: !Ref pRisk
TYPE: !Ref pType
EXCEPTIONS: !Ref pExceptions
TAGBUSQUEDA: !Ref pTagBusqueda
TAGVALOR: !Ref pTagValor
TOPIC: !Ref TemplateSNS
CORREO: !Ref pCorreo
FunctionName: !Join [ "-", [ "AutoComputeOptimizerLambda", !Ref TemplateAmbiente ] ]
Role: !GetAtt TemplateRole.Arn
Timeout: 800
Handler: autocomputeoptimizer.lambda_handler
Runtime: python3.12
MemorySize: 256
Tags:
-
Key: Env
Value: !Ref TemplateAmbiente
TemplateEventLambda: #Event to invoke Lambda
Type: AWS::Events::Rule
Properties:
Description: Invoke Lambda for Compute Optimizer Automation
Name: !Join [ "-", [ "AutoComputeOptimizerEvent", !Ref TemplateAmbiente ] ]
ScheduleExpression: !Join [ "", [ "cron(",!Select [ 1, !Split [ ":", !Ref pHora] ]," ", !Select [ 0, !Split [ ":", !Ref pHora] ], " ? ","* ",!Ref pDia," *)" ] ]
State: ENABLED
Targets:
-
Arn: !GetAtt TemplateLambda.Arn
Id: !Join [ "-", [!Ref TemplateAmbiente, "AutoComputeOptimizerLambda" ] ]
TemplatePermisoEventLambda: #Relaciona permisos del Event con Lambda
Type: AWS::Lambda::Permission
Properties:
FunctionName: !GetAtt TemplateLambda.Arn
Action: "lambda:InvokeFunction"
Principal: events.amazonaws.com
SourceArn: !GetAtt TemplateEventLambda.Arn
Outputs: #Outputs of the Template
FrequencyAutoCO:
Description: Frequency for Auto implement Compute Optimizer recommendations
Value: !Join [ " ", [ "Every", !Ref pDia, "at", !Ref pHora, "UTC" ] ]
Recommendations:
Description: Type of recommendatios to implement automatically
Value: !Ref pType
Exceptions:
Description: EC2 Instance types forbidden to be used
Value: !Ref pExceptions
TolerableRisk:
Description: Tolerable Risk for the Recommendations (0 = very low - 5 = very high)
Value: !Ref pRisk
NotificationsEmail:
Description: Email address for Notifications
Value: !Ref pCorreo