This is Part 2 of a two-part best practice guide covering the advantages of using current generation AWS instance types to ensure you’re not paying more money for lower performance. Part 1 focuses on the performance and cost saving advantages of current gen instances, while Part 2 walks through an example of how AWS Config can be used to automatically find and report instances that are running on outdated types.
Walkthrough – Using AWS Config to Find Previous Generation Instance Types
While Part 1 of this series gives a high level overview of cost and performance advantages of updating instances to current generation instance types, here we will focus on one of the ways that old instance types can be identified on an ongoing basis.
AWS Config, along with AWS Config Rules, provides a detailed view of the resources deployed within your AWS account and a way to define governance policies to ensure that those resources comply with industry best practices, as well as your company’s internal practices. We will be creating a custom AWS Config rule in this example that uses an AWS Lambda function to evaluate whether the AWS Instances deployed in our cloud are using outdated instance types.
At the end of this exercise, you will have a dashboard item within AWS Config that will quickly show you whether there are any instances in your environment that should be updated. Additionally, (and not covered in this post) AWS Config rule changes can be sent to an AWS SNS topic, then distributed via email, Chat application like Slack, etc. Future blog posts will cover this topic and be linked here when available.
Step 1: Enable AWS Config
AWS Config must be initially set up before rules can be configured. The AWS-provided guide at the following location can be used to initially enable AWS Config to scan your cloud resources: https://docs.aws.amazon.com/config/latest/developerguide/gs-console.html.
Step 2: Create a New Lambda Function
The Lambda function we create will be called by AWS Config when changes to EC2 Instances occur. The function will take in a comma separated list of old instance types to check for as a parameter and mark ‘Non Compliance’ for any instances that are running, or start up fresh, using an instance type in that list.
To create the Lambda function, first browse to the Lambda service in the AWS console. Note that your account must have the correct permissions to create Lambda functions in IAM before you can do this:
Next, select ‘Create function’:
With ‘Author from scratch’ highlighted:
- Give your function a name, such as ‘findOutdatedInstanceTypes’
- Select Python 2.7 as the runtime
- For Role:
- If you’ve previously created Lambda functions used by AWS Config, choose an existing Role.
- If not, you can select ‘Create new role from templates(s).’ In the ‘Policy templates’ dropdown, select ‘AWS Config Rules permissions.’ Give your new role a name, such as configRules.
- Select ‘Create function’
In the editing screen of your new Lambda function, in the ‘Function code’ section, paste the code found in the following Github repository, replacing the code lines written by default in a new function, then click the Save button at the top of the screen:
When this is complete, make note of or copy the function’s ARN, which is located at the top of the screen above the Save button. This will be needed when setting up the AWS Config rule in the next step.
Step 3: Create AWS Config Rule
In the AWS Config console, select Rules, then click the ‘Add rule’ button.
Next, select ‘Add custom rule’
This will bring up a dialog box for creating your custom rule:
- For Name, give a descriptive name such as ‘outdatedInstanceTypes’
- A Description is not required, but can be supplied.
- In the AWS Lambda function ARN, paste the ARN copied at the end of Step 2.
- For ‘Trigger type,’ select ‘Configuration changes.’
- For ‘Scope of changes,’ select ‘Resources.’
- In the Resources dropdown, select Instance in the EC2 section.
- In Rule Parameter:
- Key: outdatedInstanceList
- For Value, provide a comma separated list of outdated instance types you would like to check for, such as ‘m1.small,m1.medium,m1.large,’ etc. A list of previous generation instance types is maintained by Amazon here: https://aws.amazon.com/ec2/previous-generation/.
- Click ‘Save’ at the bottom of the page.
Step 4: Review Rule Evaluation
At this point, your new outdatedInstanceTypes rule will be evaluated against existing EC2 instances in the environment. The rule will be listed as either Compliant or NonCompliant.
Drilling into the rule by name will show a detailed list of EC2 Instances and their compliance state.
Take Control of Your Cloud
It’s important to remember that these best practices are not meant to be one-time activities, but ongoing processes. Because of the dynamic and ever-changing nature of the cloud, cost optimization activities should ideally take place continuously. Learn more about how LeanCloud can help you automate the continuous optimization of your cloud environment.