AWS Lambda 自動化和 PowerShell

這兩天我都在看如何使用Lambda和Python，可是日常更習慣使用PowerShell來管理各類系統。試試看如何在Lambda裏面使用PowerShell吧。

首先在本地計算機上須要安裝下面三個模塊。

安裝PowerShell Core
https://github.com/powershell/powershell

安裝 the .NET Core Software Development Kit (SDK)
https://www.microsoft.com/net/download

安裝 AWSLambdaPSCore module
Install-Module AWSLambdaPSCore -Scope CurrentUser

安裝好了，在Powershell6的控制檯 裏面執行
New-AWSPowerShellLambda -ScriptName awstag -Template basic

他會自動根據basic的模板建立一個目錄，裏面用一個空白的ps文件，和一個readme文件。這個空白的ps文件自動加載了powershellcore的模塊，若是咱們須要添加其餘的模塊，須要在這裏修改。下面是個人一個測試腳本。這個腳本主要的功能是檢查tag，確保EC2，Volume和Snapshot都有對應的tag，由於每月我須要經過tag來顯示不一樣診所的帳單。另外若是snapshot若是超過60天，順便也自動給我刪除了。

# PowerShell script file to be executed as a AWS Lambda function. 
# 
# When executing in Lambda the following variables will be predefined.
#   $LambdaInput - A PSObject that contains the Lambda function input data.
#   $LambdaContext - An Amazon.Lambda.Core.ILambdaContext object that contains information about the currently running Lambda environment.
#
# The last item in the PowerShell pipeline will be returned as the result of the Lambda function.
#
# To include PowerShell modules with your Lambda function, like the AWSPowerShell.NetCore module, add a "#Requires" statement 
# indicating the module and version.

#Requires -Modules @{ModuleName='AWSPowerShell.NetCore';ModuleVersion='3.3.335.0'}

# Uncomment to send the input event to CloudWatch Logs
# Write-Host (ConvertTo-Json -InputObject $LambdaInput -Compress -Depth 5)

Write-Host "Checking EC2 instance Tags status" -ForegroundColor Yellow

$all=Get-EC2Instance | select -expand instances

$return=$all | Where-Object {$_.tag.key -notcontains "Clinic"}

if($return -ne $null){
$username = "test@abc.com" 
$password = "Passwordtest" | ConvertTo-SecureString -asPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential($username,$password)
$id=$return.InstanceId

Send-MailMessage -From test@abc.com -to test@abc.com -SmtpServer smtp.office365.com -Port 587 -UseSsl -Subject "EC2 instance Tag" -body "$id" -Credential $credential
exit

}
# confirm EC2 instances were tagged

$result=@()
foreach($item in $all){

    $Name=$item.tag | Where-Object {$_.Key -eq 'Name'} | select -ExpandProperty value
    $clinic=$item.tag | Where-Object {$_.Key -eq 'clinic'} | select -ExpandProperty value
    $item | add-member -NotePropertyName Description -NotePropertyValue $name
    $item | add-member -NotePropertyName Clinic -NotePropertyValue $clinic

    $item = $item | select *
    $result+=$item

}

$result | select Description, InstanceId, privateIpaddress, Clinic | Group-Object Clinic

write-host "Updating Volume Tags Status ... " -ForegroundColor Yellow 
#Tag all volumes based on their attached EC2 Clinic Tag

$allvol=Get-EC2Volume | Where-Object {$_.tag.key -notcontains "Clinic"}

foreach($item in $result){
    foreach($item2 in $allvol){

        if ($item2.attachments.instanceid -eq $item.InstanceId){
                $value=$item.Clinic
              New-EC2Tag -Resource $item2.VolumeId -Tag @{Key="Clinic";value=$value} 
           }

        }

}

Write-Host "Updating Snapshot Tags Status..." -ForegroundColor Yellow 
#Tag all snapshots based on the volume Tag
$allvol=Get-EC2Volume 
$filter= New-Object Amazon.EC2.Model.Filter -Property @{Name = "owner-id"; Values ='386115804199' } 
$snapshots=Get-EC2Snapshot -Filter $filter 

$snapshots1= $snapshots | ? {$_.Tag.key -notcontains "Clinic"} 

foreach($i in $snapshots1){
    $volid=$i.VolumeId

    foreach($j in $allvol){

        if($volid -eq $j.Volumeid){

            $value=$j.tag | Where-Object {$_.key -eq 'Clinic'} | select -ExpandProperty value

            $name=$j.Tag | Where-Object {$_.key -eq "Name"} | select -ExpandProperty value

            $snapid=$i.snapshotid
            write-host "--$snapid--"  
            New-EC2Tag -Resource $snapid -Tag @{Key="Clinic";value=$value} 
            New-EC2Tag -Resource $snapid -Tag @{Key="Name";value=$name}

        }
    }

}

write-host "Deleting Snapshots older than over 60 days !" -ForegroundColor Yellow

$date=(get-date).AddDays(-40)

foreach($snapshot in $snapshots){
    $id=$snapshot.snapshotid

    if($snapshot.starttime -lt $date){
        $snapshot
        Remove-EC2Snapshot -SnapshotId $id -Confirm:$false
    }
}

接下來在Powershell6 的控制檯執行，他會自動綁定iam的role，壓縮相關的模塊和執行腳本，而後上傳到Lambda的控制檯。這裏的iam role我是隨便寫的，容許訪問ec2和 cloudwatch log。

Publish-AWSPowerShellLambda -ScriptPath .\awstag.ps1 -name awstag -iamrole 'ec2fullaccess' -Region ap-southeast-2

等個1分鐘，登陸aws 就能夠看見上傳的函數了。

代碼這一塊不像Python能直接看見，直接告訴你太大 無法顯示 可是我能夠直接調用

測試一下試試，顯示成功

去對應的cloudwatch 看看

Done!