Categories

 Automation AWS data rooms Data Storage DevOps DevTools Monitoring Optimization Services TrackIt

Tags
aws AWS EC2 AWS S3 AWS Studio in the Cloud beginners chainlink cloudformation consul cost optimization data data analytics data lake data warehouse Demonstration disaster recovery docker etl github glue Hammerspace hashicorp high availability HP Anyware HPA Tech Retreat 2023 HPTeradici iac in-house IT json lambda live video managed services Media Workflows migration open source reduce cost Remote Serverless solution architecture terraform trackit tutorial vmix well architected Windows Containers workflow overview

Mar. 24, 2022

Jean-Gaël Choppe

Proactively Managing Resources Using AWS Terminator

Focus on TrackIt AWS Terminator
AWS Terminator process

At TrackIt, we are acutely aware of AWS costs; we know things can get expensive if you don’t monitor your resources. That’s why we began tagging our resources with (at the minimum) a simple tag: `TrackitPersistent`. This tag value can be true or false depending on whether we need the resource to be persistent — or not.

We use our tool Tagbot, that is available on the Amazon Marketplace, to track those “not persistent” resources, providing easy visibility to non-essential processing. If you want to know more about tagging & Tagbot you can follow this link: https://aws.amazon.com/blogs/apn/how-better-tagging-can-help-organizations-optimize-expenses-and-improve-roi/.

While this was a good way to start, we wanted to be more proactive and that is where AWSTerminator came into play.

AWSTerminator is an open-source tool, also developed by TrackIt, that will help you and your team manage your resources through tags:

  • It will notify you on Slack about untagged resources
  • It will stop untagged resources
  • It will terminate/delete untagged resources

Here is the description of how it works!

0*Rr 32JfnJteJvOQU
Slack notification example

AWSTerminator comes with a simple CloudFormation template file that will deploy a stack with one behavior (notifystop or terminate), then a lambda will be triggered depending on a given schedule expression. You’ll be able to give the template some parameters to configure the lambda:

  • AwsRegions: A list of regions where you want to execute the AWSTerminator behavior (e.g.: “us-west-1,us-west-2”)
  • SlackWebHook: A webhook url that you can get from a Slack channel
  • PersistentTagKey: The desired tag key (e.g.: “TrackitPersistent”)
  • PersistentTagValue: The desired tag value (e.g.: “True”)
  • LifetimeTagKey: We’ll talk later about this feature
  • DesiredMessage: A simple message that you want to see on the slack notification
  • Behavior: Whether notify, stop or terminate
  • ScheduleExpression: A cron expression to trigger the lambda when you want (e.g.: “cron(0 16 ? * THU *)”)

Persistent Tag

PersistentTagKey and PersistentTagValue parameters will both be taken into consideration to determine if resources are persistent or not.

For example, if I have an EC2 instance tagged with `TrackitPersistent`=`False`, and that `PersistentTagKey`=`TrackitPersistent` and `PersistentTagValue`=`True`, AWSTerminator will detect that this resource shouldn’t be persistent — because the tag key & value doesn’t match. It will then send a notification to Slack or stop/terminate the EC2 instance depending on the tool’s behavior.

LifetimeTag

We discovered that the persistent tag wasn’t quite enough, however; sometimes you want to create a resource just to be able to run a test, for example. In this case, you don’t want your resource to be persistent, so then you’d tag it with `TrackitPersistent`=`False`, but when the lambda is triggered with the terminate behavior your resource will be removed from your AWS account! You’d have to recreate it again in order to continue your tests. This is obviously inconvenient since we don’t want our resources to be destroyed while we are using them…

The LifetimeTagKey is a new feature that will allow you to define when your resource should be expired. Let’s say our DesiredLifetimeTagKey is `TrackitLifetime`. Resources that must have an expiration date could be tagged in 2 different ways:

  • `TrackitLifetime`=`yyyy-mm-dd`
  • `TrackitLifetime`=`x` with `x` a number of days

Note: if the resource targeted doesn’t have a creation date (like an ECS Cluster), the second usage won’t work.

AWSTerminator will then take a look at this tag value and determine whether the resource is expired or not. Resources with the LifetimeTag will always be notified on Slack (notify behavior), but they won’t be stopped/terminated until they are expired.

Resources

Currently, AWSTerminator covers EC2, ECS, Fargate & RDS resources:

1*Esh5bOmta 6 AdWZCwVrUg

AWSTerminator is an open-source project and we would be delighted to have you help us develop the tool.

How to Use AWS Terminator

Requirements

To deploy AWSTerminator, you’ll need an S3 Bucket in order to deploy the Lambda with CloudFormation and the AWS CLI. You’ll also have to clone our Github repository.

Package

Before deploying the stack you’ll have to make a zip of the code:

$ cd aws-clean-untagged-resources

Make sure you’ve installed dependencies, if not you can use the following command:

$ pip3 install — target ./package -r requirements.txt

You’re now able to zip packages (you can skip this step if packages were already zipped):

$ cd package<br>$ zip -r ../../aws-clean-untagged-resources.zip .<br>$ cd ..

Every time you make changes on the code you’ll have to zip your code like the following (including the first time you want to deploy):

$ zip -g ../aws-clean-untagged-resources.zip *.py

If you want more details about these steps you can take a look at the AWS documentation.

Slack Webhook

You’ll also need to create a Slack webhook on your slack workspace (this is not mandatory but the notify behavior won’t work without it). You can follow this Slack guide in order to generate a webhook url for a given Slack channel.

Deploy

To deploy the function, replace the variables in the following commands:

$ aws cloudformation package --template-file template.yml --s3-bucket YOUR_DEPLOYMENT_BUCKET --s3-prefix YOUR_S3_PREFIX --output-template-file output.yaml$ aws cloudformation deploy --template-file output.yaml --stack-name STACK_NAME --capabilities CAPABILITY_NAMED_IAM --parameter-overrides SlackWebHook=YOUR_SLACK_WEBHOOK_URL ScheduleExpression="cron(0 16 ? * THU *)" PersistentTagKey=MY_RESOURCE_TAG_NAME PersistentTagValue=MY_RESOURCE_TAG_VALUE LifetimeTagKey=LIFETIME_TAG_KEY Behavior=notify|stop|terminate AwsRegions=AWS_REGIONS

Destroy

In order to destroy the stack you’ll have to perform the following command:

$ aws cloudformation delete-stack STACK_NAME

Ideal Solution for Organizations Looking to Minimize Expenses by Optimizing their Resources

When combined with a tagging tool like Tagbot, AWS Terminator is an ideal solution for organizations looking to minimize expenses by optimizing the management of their resources on the cloud.

About TrackIt

TrackIt is an Amazon Web Services Advanced Consulting Partner specializing in cloud management, consulting, and software development solutions based in Venice, CA.

TrackIt specializes in Modern Software Development, DevOps, Infrastructure-As-Code, Serverless, CI/CD, and Containerization with specialized expertise in Media & Entertainment workflows, High-Performance Computing environments, and data storage.

TrackIt’s forté is cutting-edge software design with deep expertise in containerization, serverless architectures, and innovative pipeline development. The TrackIt team can help you architect, design, build and deploy a customized solution tailored to your exact requirements.

In addition to providing cloud management, consulting, and modern software development services, TrackIt also provides an open-source AWS cost management tool that allows users to optimize their costs and resources on AWS.