AWS Cloud Operations & Migrations Blog
Using Amazon CloudWatch metrics to monitor time to expiration for Reserved Instances | Amazon Web Services
This post shows you how to monitor the days remaining for Amazon EC2 Reserved Instances. The solution uses a custom Amazon CloudWatch metric published via an AWS Lambda function. It creates a CloudWatch alarm and an Amazon Simple Notification Service (Amazon SNS) topic for notification when the alarm exceeds the user-defined threshold.
CloudWatch allows you to monitor CloudWatch custom metrics (Amazon EC2 Reserved Instance days remaining) to deliver better insights into your resources and provide you with notifications when the defined threshold you configure is breached.
The following solution enables users to receive an email notification when the Amazon EC2 Reserved Instance has fewer days remaining than a specified threshold. This solution uses CloudWatch, Amazon SNS, Amazon EventBridge, AWS CloudFormation, and Lambda.
The following diagram illustrates the architecture in this post:
- CloudFormation deploys the EventBridge rule, Amazon SNS topic, CloudWatch alarm, and Lambda Invocation Permission.
- EventBridge invokes the Lambda function on the user-defined cadence.
- Lambda adds a custom metric (RI Days remaining) to CloudWatch metrics when invoked.
- CloudWatch alarm sends a notification to Amazon SNS when in the alarm state.
- Amazon SNS emails the user that the Amazon EC2 Reserved Instance is less than the user-defined parameter.
The following is the Lambda function and CloudFormation template that we use in this example. Note that this sample isn’t for production use. Refer to the documentation for Lambda here and CloudFormation here for more information on these services.
The CloudFormation template in this post is available here.
The Lambda code in this post is available here.
You must have the following:
- An AWS account with AWS Identity and Access Management (IAM) permissions to access CloudWatch, EventBridge, Lambda, and Amazon SNS.
- IAM permissions for CloudFormation to deploy the template.
- An IAM role created for the Lambda function with least privilege access to CloudWatch and EventBridge.
When testing, make sure that you deploy this solution into an AWS account with an active Amazon EC2 Reserved Instance.
1. Creating the Lambda function
Navigate to the Lambda console, select Create function, provide a name for the function, and change the Runtime to Python 3.9. Under Change default execution role, select Use an existing role and select the role that you created for the Lambda function, then select Create function.
The Lambda function publishes the days remaining for each Amazon EC2 Reserved Instance to a CloudWatch metric namespace AWS/ReservedInstances.
Copy the Function ARN and navigate to the Step 2 CloudFormation console.
2. CloudFormation template deployment
The solution uses a CloudFormation template to deploy the CloudWatch alarm, Amazon SNS topic, and EventBridge rule.
Navigate to the CloudFormation console, select the Create stack dropdown, and select with new resources (standard). Upload the CloudFormation template and select Next. Provide a stack name, update the Parameters fields as outlined, then follow the Next screen and create the stack.
3. Confirming the CloudFormation stack deployment
To confirm resource creation, go to the Resources tab under CloudFormation > Stacks, and select the Physical ID link for EventBridge and CloudWatch alarm.
The default EventBridge rule invokes the Lambda function every day at 13:00:00 UTC. Update the configuration, select Edit and change the fine-grained Cron expression schedule, or select the option to a schedule that runs at a regular interval.
The solution uses a default alarm threshold of 30. When the remaining days of the Amazon EC2 Reserved Instance are less than 30, the CloudWatch alarm will trigger. Change the threshold by selecting Edit from the Action dropdown, update the value under Define the threshold value, and select Update alarm.
4. Confirming the Amazon SNS topic subscription
Amazon SNS sends a confirmation email to the notifier email specified in the CloudFormation template. Select Confirm Subscription to receive alarm trigger notifications. It may take up to 15 minutes for the email to be received. If you don’t receive the email, then go into the Amazon SNS topic and select Request confirmation.
5. Testing the Lambda function
After you deploy the CloudFormation template, you can test the Lambda function.
Navigate to the Lambda console and select the Lambda function you created. To create a new test event, select the Test dropdown, select Configure test event, provide an Event name, and select Save once finished. After you create the test event, select Test, and the Lambda function will return Execution results (Reserved instance id, Reserved instance End date, and Days remaining).
The Lambda function creates and publishes the days remaining for each Amazon EC2 Reserved Instance to a custom CloudWatch metric namespace AWS/ReservedInstances.
6. Checking the CloudWatch custom metric
To verify the custom metric, go to the CloudWatch page and select All Metrics under the Metrics tab. Under All Metrics, select the namespace AWS/ReservedInstances, and then select the metric Reserved Instance Id.
Select a Reserved Instance Id in your list to check the custom metric pushed from the Lambda function.
The graph shows the days remaining for the active Amazon EC2 Reserved Instance selected from the metrics list. The CloudWatch alarm configured will check if this custom metric is less than the user-defined threshold. When the custom metric falls below the threshold, the CloudWatch alarm will trigger an Amazon SNS email notification to the email address defined in the Amazon SNS topic.
7. Testing the CloudWatch alarm
Test the execution by selecting All Alarms, under the Alarms dropdown, selecting the created CloudWatch alarm and selecting Edit, under the Actions dropdown. From the specify metric and conditions page, change the threshold value to something greater than the Amazon EC2 Reserved Instance’s current days remaining (i.e. 500), then select Update alarm. Within 10-15 minutes, the CloudWatch alarm should go into the Alarm state and trigger an Amazon SNS notification to the email provided.
To avoid future charges, remove the resources that you created.
- Remove the deployed Lambda function
- Delete the CloudFormation stack when deploying from the CloudFormation template
- Remove the Amazon SNS topic and any subscriptions
- Confirm EventBridge rule deletion
In this post, I showed you how to set up an end-to-end pipeline for monitoring the days remaining of your Amazon EC2 Reserved Instance using Lambda and CloudFormation. I also showed you how to create a CloudWatch alarm and associate that with an Amazon SNS topic for notifications. For more information, see Using Amazon CloudWatch alarms in the Amazon CloudWatch User Guide.
Share questions or feedback in the comments section. We also encourage you to continue exploring CloudWatch monitoring and custom metrics, and to test more use cases in the documentation.
About the author: