rem ========================================================= rem rem Creates Lambda function to update child resources from rem parent resource tags based on sync_tag_keys array. rem rem Supports ec2 volume, snapshot, eni, eip rem rem Cloudwatch Event Rule is created to trigger function when rem ec2 tag updates occur. rem rem SNS topic is created to send email notification on tag rem update. rem rem ========================================================= rem ========================================================= rem Update the following variables to match your environment rem ========================================================= set AWS_PROFILE=MY-AWS-PROFILE set AWS_DEFAULT_REGION=us-east-1 set aws_accountid=000000000000 set aws_notifyemail=ME@EMAIL.COM set aws_functiontest_instanceid=i-00000000000000000 set aws_nameprefix=synctags set aws_synctagkeys=[\"Name\", \"BillingCode\", \"Application\", \"Environment\"] rem ========================================================= rem Install and configure virtual environment for python rem https://docs.python.org/3/tutorial/venv.html rem rem Optional, recommended but not required. rem ========================================================= pip install virtualenv virtualenv .env rem Activate python virtual environment in WIN .env\Scripts\activate.bat rem LINUX/OSX: use "source .env/bin/activate" rem ========================================================= rem Install CDK app dependencies rem ========================================================= pip install -r requirements.txt rem ========================================================= rem Install CDK CLI dependencies in AWS environment rem https://docs.aws.amazon.com/cdk/latest/guide/tools.html rem rem Creates CDKToolkit stack. rem ========================================================= cdk bootstrap rem ========================================================= rem Install CDK app rem rem See https://docs.aws.amazon.com/cdk/latest/guide/tools.html for rem more cdk cli command options rem ========================================================= rem List local CDK apps cdk ls rem Deploy aws-synctags app to AWS cdk deploy aws-synctags rem ========================================================= rem Call function with test event to test match and no rem match conditions. Review Cloutwatch LogGroup\LogStream rem ========================================================= rem Deactivate python virtual environment in WIN .env\Scripts\deactivate.bat rem LINUX/OSX: use "deactivate" rem NoMatch - should receive "info: no matching changed tags" in log stream aws lambda invoke --function-name %aws_nameprefix%-event-handler --payload "{ \"version\": \"0\", \"id\": \"bddcf1d6-0251-35a1-aab0-adc1fb47c11c\", \"detail-type\": \"Tag Change on Resource\", \"source\": \"aws.tag\", \"account\": \"%aws_accountid%\", \"time\": \"2018-09-18T20:41:38Z\", \"region\": \"%AWS_DEFAULT_REGION%\", \"resources\": [ \"arn:aws:ec2:%AWS_DEFAULT_REGION%:%aws_accountid%:instance/%aws_functiontest_instanceid%\" ], \"detail\": { \"changed-tag-keys\": [ \"a-new-key\", \"an-updated-key\", \"a-deleted-key\" ], \"service\": \"ec2\", \"resource-type\": \"instance\", \"version\": 3, \"tags\": { \"a-new-key\": \"tag-value-on-new-key-just-added\", \"an-updated-key\": \"tag-value-was-just-changed\", \"an-unchanged-key\": \"tag-value-still-the-same\" } }}" out rem Match - will receive notification email and "success: updated child resource tags for instance" in log stream aws lambda invoke --function-name %aws_nameprefix%-event-handler --payload "{ \"version\": \"0\", \"id\": \"bddcf1d6-0251-35a1-aab0-adc1fb47c11c\", \"detail-type\": \"Tag Change on Resource\", \"source\": \"aws.tag\", \"account\": \"%aws_accountid%\", \"time\": \"2018-09-18T20:41:38Z\", \"region\": \"%AWS_DEFAULT_REGION%\", \"resources\": [ \"arn:aws:ec2:%AWS_DEFAULT_REGION%:%aws_accountid%:instance/%aws_functiontest_instanceid%\" ], \"detail\": { \"changed-tag-keys\": [ \"BillingCode\", \"an-updated-key\", \"a-deleted-key\" ], \"service\": \"ec2\", \"resource-type\": \"instance\", \"version\": 3, \"tags\": { \"a-new-key\": \"tag-value-on-new-key-just-added\", \"an-updated-key\": \"tag-value-was-just-changed\", \"an-unchanged-key\": \"tag-value-still-the-same\" } }}" out rem ========================================================= rem Create test events for console testing of Lambda function rem https://aws.amazon.com/blogs/compute/improved-testing-on-the-aws-lambda-console/ rem ========================================================= rem MatchTestEvent echo { > matchtestevent.tmp echo "version": "0", >> matchtestevent.tmp echo "id": "bddcf1d6-0251-35a1-aab0-adc1fb47c11c", >> matchtestevent.tmp echo "detail-type": "Tag Change on Resource", >> matchtestevent.tmp echo "source": "aws.tag", >> matchtestevent.tmp echo "account": "%aws_accountid%", >> matchtestevent.tmp echo "time": "2018-09-18T20:41:38Z", >> matchtestevent.tmp echo "region": "%AWS_DEFAULT_REGION%", >> matchtestevent.tmp echo "resources": ["arn:aws:ec2:%AWS_DEFAULT_REGION%:%aws_accountid%:instance/%aws_functiontest_instanceid%" ], >> matchtestevent.tmp echo "detail": { >> matchtestevent.tmp echo "changed-tag-keys": [ "BillingCode", "an-updated-key", "a-deleted-key" ], >> matchtestevent.tmp echo "service": "ec2", >> matchtestevent.tmp echo "resource-type": "instance", >> matchtestevent.tmp echo "version": 3, >> matchtestevent.tmp echo "tags": { "a-new-key": "tag-value-on-new-key-just-added", "an-updated-key": "tag-value-was-just-changed", "an-unchanged-key": "tag-value-still-the-same" } >> matchtestevent.tmp echo } >> matchtestevent.tmp echo } >> matchtestevent.tmp notepad matchtestevent.tmp rem NoMatchTestEvent echo { > nomatchtestevent.tmp echo "version": "0", >> nomatchtestevent.tmp echo "id": "bddcf1d6-0251-35a1-aab0-adc1fb47c11c", >> nomatchtestevent.tmp echo "detail-type": "Tag Change on Resource", >> nomatchtestevent.tmp echo "source": "aws.tag", >> nomatchtestevent.tmp echo "account": "%aws_accountid%", >> nomatchtestevent.tmp echo "time": "2018-09-18T20:41:38Z", >> nomatchtestevent.tmp echo "region": "%AWS_DEFAULT_REGION%", >> nomatchtestevent.tmp echo "resources": [ "arn:aws:ec2:%AWS_DEFAULT_REGION%:%aws_accountid%:instance/%aws_functiontest_instanceid%" ], >> nomatchtestevent.tmp echo "detail": { >> nomatchtestevent.tmp echo "changed-tag-keys": ["a-new-key", "an-updated-key", "a-deleted-key" ], >> nomatchtestevent.tmp echo "service": "ec2", >> nomatchtestevent.tmp echo "resource-type": "instance", >> nomatchtestevent.tmp echo "version": 3, >> nomatchtestevent.tmp echo "tags": { "a-new-key": "tag-value-on-new-key-just-added", "an-updated-key": "tag-value-was-just-changed", "an-unchanged-key": "tag-value-still-the-same" } >> nomatchtestevent.tmp echo } >> nomatchtestevent.tmp echo } >> nomatchtestevent.tmp notepad nomatchtestevent.tmp rem ========================================================= rem Remove stack and resources rem ========================================================= cdk destroy aws-synctags