Mar. 24, 2022
At TrackIt, we are acutely aware of AWS costs; we know things can get expensive if you don’t monitor your resources. That’s why we began tagging our resources with (at the minimum) a simple tag: `TrackitPersistent`. This tag value can be true or false depending on whether we need the resource to be persistent — or not.
We use our tool Tagbot, that is available on the Amazon Marketplace, to track those “not persistent” resources, providing easy visibility to non-essential processing. If you want to know more about tagging & Tagbot you can follow this link: https://aws.amazon.com/blogs/apn/how-better-tagging-can-help-organizations-optimize-expenses-and-improve-roi/.
While this was a good way to start, we wanted to be more proactive and that is where AWSTerminator came into play.
AWSTerminator is an open-source tool, also developed by TrackIt, that will help you and your team manage your resources through tags:
Here is the description of how it works!
AWSTerminator comes with a simple CloudFormation template file that will deploy a stack with one behavior (notify, stop or terminate), then a lambda will be triggered depending on a given schedule expression. You’ll be able to give the template some parameters to configure the lambda:
PersistentTagKey and PersistentTagValue parameters will both be taken into consideration to determine if resources are persistent or not.
For example, if I have an EC2 instance tagged with `TrackitPersistent`=`False`, and that `PersistentTagKey`=`TrackitPersistent` and `PersistentTagValue`=`True`, AWSTerminator will detect that this resource shouldn’t be persistent — because the tag key & value doesn’t match. It will then send a notification to Slack or stop/terminate the EC2 instance depending on the tool’s behavior.
We discovered that the persistent tag wasn’t quite enough, however; sometimes you want to create a resource just to be able to run a test, for example. In this case, you don’t want your resource to be persistent, so then you’d tag it with `TrackitPersistent`=`False`, but when the lambda is triggered with the terminate behavior your resource will be removed from your AWS account! You’d have to recreate it again in order to continue your tests. This is obviously inconvenient since we don’t want our resources to be destroyed while we are using them…
The LifetimeTagKey is a new feature that will allow you to define when your resource should be expired. Let’s say our DesiredLifetimeTagKey is `TrackitLifetime`. Resources that must have an expiration date could be tagged in 2 different ways:
Note: if the resource targeted doesn’t have a creation date (like an ECS Cluster), the second usage won’t work.
AWSTerminator will then take a look at this tag value and determine whether the resource is expired or not. Resources with the LifetimeTag will always be notified on Slack (notify behavior), but they won’t be stopped/terminated until they are expired.
Currently, AWSTerminator covers EC2, ECS, Fargate & RDS resources:
AWSTerminator is an open-source project and we would be delighted to have you help us develop the tool.
To deploy AWSTerminator, you’ll need an S3 Bucket in order to deploy the Lambda with CloudFormation and the AWS CLI. You’ll also have to clone our Github repository.
Before deploying the stack you’ll have to make a zip of the code:
$ cd aws-clean-untagged-resources
Make sure you’ve installed dependencies, if not you can use the following command:
$ pip3 install — target ./package -r requirements.txt
You’re now able to zip packages (you can skip this step if packages were already zipped):
$ cd package<br>$ zip -r ../../aws-clean-untagged-resources.zip .<br>$ cd ..
Every time you make changes on the code you’ll have to zip your code like the following (including the first time you want to deploy):
$ zip -g ../aws-clean-untagged-resources.zip *.py
If you want more details about these steps you can take a look at the AWS documentation.
You’ll also need to create a Slack webhook on your slack workspace (this is not mandatory but the notify behavior won’t work without it). You can follow this Slack guide in order to generate a webhook url for a given Slack channel.
To deploy the function, replace the variables in the following commands:
$ aws cloudformation package --template-file template.yml --s3-bucket YOUR_DEPLOYMENT_BUCKET --s3-prefix YOUR_S3_PREFIX --output-template-file output.yaml$ aws cloudformation deploy --template-file output.yaml --stack-name STACK_NAME --capabilities CAPABILITY_NAMED_IAM --parameter-overrides SlackWebHook=YOUR_SLACK_WEBHOOK_URL ScheduleExpression="cron(0 16 ? * THU *)" PersistentTagKey=MY_RESOURCE_TAG_NAME PersistentTagValue=MY_RESOURCE_TAG_VALUE LifetimeTagKey=LIFETIME_TAG_KEY Behavior=notify|stop|terminate AwsRegions=AWS_REGIONS
In order to destroy the stack you’ll have to perform the following command:
$ aws cloudformation delete-stack STACK_NAME
When combined with a tagging tool like Tagbot, AWS Terminator is an ideal solution for organizations looking to minimize expenses by optimizing the management of their resources on the cloud.
TrackIt is an Amazon Web Services Advanced Consulting Partner specializing in cloud management, consulting, and software development solutions based in Venice, CA.
TrackIt specializes in Modern Software Development, DevOps, Infrastructure-As-Code, Serverless, CI/CD, and Containerization with specialized expertise in Media & Entertainment workflows, High-Performance Computing environments, and data storage.
TrackIt’s forté is cutting-edge software design with deep expertise in containerization, serverless architectures, and innovative pipeline development. The TrackIt team can help you architect, design, build and deploy a customized solution tailored to your exact requirements.
In addition to providing cloud management, consulting, and modern software development services, TrackIt also provides an open-source AWS cost management tool that allows users to optimize their costs and resources on AWS.