AWS Cloud Operations Blog
Smart Budgeting Using Lambda and Service Catalog
If you have a lot of development activity in your organization, it’s important to keep track of your non-production AWS accounts.
If these accounts aren’t monitored closely, you might easily end up exceeding your budget.
In this blog post, I demonstrate how you can use the AWS Budgets alert in conjunction with AWS Lambda and AWS Service Catalog to automate management of your IT budget for non-production environments.
Workflow
For this example, I have created a billing alarm to notify me when the cost for a sandbox account overshoots the forecast by 30 percent. The billing alarm is tied to an Amazon SNS Topic which is subscribed by a Lambda function. This ensures that when the billing alert occurs, the IT administrator gets notified via SNS about the possibility of an overage. At the same time, the Lambda function calls the AWS Service Catalog API to enforce the template constraint to freeze all EC2 instance creation to only the t2.medium type.
Create the SNS topic and subscription
In the SNS console, choose Create topic and enter appropriate values for the Topic name (such as BudgetAlert) and Display name (Budget-Alert).
Choose Create topic. Select the topic and view the details.
Next, choose Create subscription.
For Protocol, choose Email. Enter the email address where notifications should be sent and choose Create subscription.
An email is sent to confirm the SNS topic subscription. In the email, open the SubscribeURL link to complete the subscription. Note the SNS topic Amazon Resource Name (ARN) because it’s used later by the Lambda function.
For more information, see Create a Topic in the Amazon SNS Developer Guide.
Create the Lambda function
In the Lambda console, choose Functions, Create a Lambda function. Choose Blank Function and on the Configure trigger page, choose Next.
On the next page, enter the following values:
· Runtime: Python 2.7
· Code entry type: Inline
· Role: Create a custom role (takes you to another page). Call the role service-catalog-lambda-<region>-role
For the policy document, enter the following policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"servicecatalog:*",
"s3:*",
"cloudformation:ValidateTemplate",
"iam:GetRole"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:*",
"Effect": "Allow"
}
]
}
On the Configure function page, choose Next. Review the configuration settings before choosing Create function.
You can also follow the instructions here:
https://github.com/awslabs/aws-service-catalog-enforce-template-constraints/
Budget alert
Create the AWS Budgets alert and add the IT administrator’s email to notify the administrator when the forecasted budget is greater than the percentage that you choose (in our example, it’s 30 %). Add the SNS Topic ARN and Verify. You should see “Verified” next to the topic ARN.
For more information on how to create AWS budgets, you can refer the AWS Budgets Update blog post.
After the alert condition is met, the IT administrator will receive an email from AWS Budgets similar to the sample that follows:
{ "Subject" : "Budget Notification: Test is in Alarm State",
"Message" : "AWS Budget Notification\n\nDear AWS Customer,\n\nYou requested that we notify you when your Actual Cost for your budget \"BudgetAlert\" is greater than $50000. Your Actual Cost for this budget is now $50393. You can find further details below and by accessing your AWS Budgets dashboard.\n\nBudget
}
The Lambda function also gets triggered. It looks for all portfolios in the Service Catalog, looks for InstanceType template constraints, and it changes the constraint to “t2.medium or small only.” The following example shows how the updated constraint looks after the Lambda function has successfully run.
Summary
In this post, I’ve demonstrated an easy way to keep track of your non-prod accounts budget, while you are also focused on continuous development.
About the Author
Tapodipta Ghosh is a Solutions Architect focusing on AWS Marketplace. Tapo is passionate about cloud computing and loves helping customers on-board their products into AWS Marketplace.