AWS Cloud Operations & Migrations Blog

Using Amazon CloudWatch metrics to monitor time to expiration for Reserved Instances | Amazon Web Services

This post shows you how to monitor the days remaining for Amazon EC2 Reserved Instances. The solution uses a custom Amazon CloudWatch metric published via an AWS Lambda function. It creates a CloudWatch alarm and an Amazon Simple Notification Service (Amazon SNS) topic for notification when the alarm exceeds the user-defined threshold.

CloudWatch allows you to monitor CloudWatch custom metrics (Amazon EC2 Reserved Instance days remaining) to deliver better insights into your resources and provide you with notifications when the defined threshold you configure is breached.

Solution overview

The following solution enables users to receive an email notification when the Amazon EC2 Reserved Instance has fewer days remaining than a specified threshold. This solution uses CloudWatch, Amazon SNS, Amazon EventBridge, AWS CloudFormation, and Lambda.

The following diagram illustrates the architecture in this post:

Figure 1: Solution overview

Figure 1. Solution overview

  1. CloudFormation deploys the EventBridge rule, Amazon SNS topic, CloudWatch alarm, and Lambda Invocation Permission.
  2. EventBridge invokes the Lambda function on the user-defined cadence.
  3. Lambda adds a custom metric (RI Days remaining) to CloudWatch metrics when invoked.
  4. CloudWatch alarm sends a notification to Amazon SNS when in the alarm state.
  5. Amazon SNS emails the user that the Amazon EC2 Reserved Instance is less than the user-defined parameter.

The following is the Lambda function and CloudFormation template that we use in this example. Note that this sample isn’t for production use. Refer to the documentation for Lambda here and CloudFormation here for more information on these services.

The CloudFormation template in this post is available here.

The Lambda code in this post is available here.


You must have the following:

  • An AWS account with AWS Identity and Access Management (IAM) permissions to access CloudWatch, EventBridge, Lambda, and Amazon SNS.
  • IAM permissions for CloudFormation to deploy the template.
  • An IAM role created for the Lambda function with least privilege access to CloudWatch and EventBridge.

When testing, make sure that you deploy this solution into an AWS account with an active Amazon EC2 Reserved Instance.

Solution deployment

1. Creating the Lambda function

Navigate to the Lambda console, select Create function, provide a name for the function, and change the Runtime to Python 3.9. Under Change default execution role, select Use an existing role and select the role that you created for the Lambda function, then select Create function.

Figure 2: Create Lambda function

Figure 2: Create Lambda function

Figure 3. Lambda function permission

The Lambda function publishes the days remaining for each Amazon EC2 Reserved Instance to a CloudWatch metric namespace AWS/ReservedInstances.

Figure 4: Lambda function code

Figure 4. Lambda function code

Copy the Function ARN and navigate to the Step 2 CloudFormation console.

Figure 5: Lambda function ARN

Figure 5. Lambda function ARN

2. CloudFormation template deployment

The solution uses a CloudFormation template to deploy the CloudWatch alarm, Amazon SNS topic, and EventBridge rule.

Figure 6: CloudFormation template

Figure 6. CloudFormation template

Navigate to the CloudFormation console, select the Create stack dropdown, and select with new resources (standard). Upload the CloudFormation template and select Next. Provide a stack name, update the Parameters fields as outlined, then follow the Next screen and create the stack.

Figure 7: CloudFormation parameters

Figure 7. CloudFormation parameters

3. Confirming the CloudFormation stack deployment

To confirm resource creation, go to the Resources tab under CloudFormation > Stacks, and select the Physical ID link for EventBridge and CloudWatch alarm.

Figure 8: CloudFormation Resources

Figure 8. CloudFormation Resources

The default EventBridge rule invokes the Lambda function every day at 13:00:00 UTC. Update the configuration, select Edit and change the fine-grained Cron expression schedule, or select the option to a schedule that runs at a regular interval.

Figure 9: EventBridge rule - schedule pattern

Figure 9. EventBridge rule – schedule pattern

The solution uses a default alarm threshold of 30. When the remaining days of the Amazon EC2 Reserved Instance are less than 30, the CloudWatch alarm will trigger. Change the threshold by selecting Edit from the Action dropdown, update the value under Define the threshold value, and select Update alarm.

Figure 10: CloudWatch alarm - conditions

Figure 10. CloudWatch alarm – conditions

4. Confirming the Amazon SNS topic subscription

Amazon SNS sends a confirmation email to the notifier email specified in the CloudFormation template. Select Confirm Subscription to receive alarm trigger notifications. It may take up to 15 minutes for the email to be received. If you don’t receive the email, then go into the Amazon SNS topic and select Request confirmation.

Figure 11: SNS topic confirmation email

Figure 11. SNS topic confirmation email

5. Testing the Lambda function

After you deploy the CloudFormation template, you can test the Lambda function.

Navigate to the Lambda console and select the Lambda function you created. To create a new test event, select the Test dropdown, select Configure test event, provide an Event name, and select Save once finished. After you create the test event, select Test, and the Lambda function will return Execution results (Reserved instance id, Reserved instance End date, and Days remaining).

Figure 12: Lambda function execution log

Figure 12. Lambda function execution log

The Lambda function creates and publishes the days remaining for each Amazon EC2 Reserved Instance to a custom CloudWatch metric namespace AWS/ReservedInstances.

6. Checking the CloudWatch custom metric

To verify the custom metric, go to the CloudWatch page and select All Metrics under the Metrics tab. Under All Metrics, select the namespace AWS/ReservedInstances, and then select the metric Reserved Instance Id.

Figure 13: CloudWatch metrics

Figure 13. CloudWatch metrics

Select a Reserved Instance Id in your list to check the custom metric pushed from the Lambda function.

Figure 14: CloudWatch metric - RI days remaining

Figure 14. CloudWatch metric – RI days remaining

The graph shows the days remaining for the active Amazon EC2 Reserved Instance selected from the metrics list. The CloudWatch alarm configured will check if this custom metric is less than the user-defined threshold. When the custom metric falls below the threshold, the CloudWatch alarm will trigger an Amazon SNS email notification to the email address defined in the Amazon SNS topic.

7. Testing the CloudWatch alarm

Test the execution by selecting All Alarms, under the Alarms dropdown, selecting the created CloudWatch alarm and selecting Edit, under the Actions dropdown. From the specify metric and conditions page, change the threshold value to something greater than the Amazon EC2 Reserved Instance’s current days remaining (i.e. 500), then select Update alarm. Within 10-15 minutes, the CloudWatch alarm should go into the Alarm state and trigger an Amazon SNS notification to the email provided.

Figure 15: CloudWatch in alarm state

Figure 15. CloudWatch in alarm state

Figure 16: SNS email notification

Figure 16. SNS email notification

Cleaning up

To avoid future charges, remove the resources that you created.

  • Remove the deployed Lambda function
  • Delete the CloudFormation stack when deploying from the CloudFormation template
  • Remove the Amazon SNS topic and any subscriptions
  • Confirm EventBridge rule deletion


In this post, I showed you how to set up an end-to-end pipeline for monitoring the days remaining of your Amazon EC2 Reserved Instance using Lambda and CloudFormation. I also showed you how to create a CloudWatch alarm and associate that with an Amazon SNS topic for notifications. For more information, see Using Amazon CloudWatch alarms in the Amazon CloudWatch User Guide.

Share questions or feedback in the comments section. We also encourage you to continue exploring CloudWatch monitoring and custom metrics, and to test more use cases in the documentation.

About the author:

Greg Gooden

Greg Gooden, an Enterprise Support Lead for Amazon Web Services in the Worldwide Public Sector, excels in guiding customers to achieve operational excellence. Utilizing AWS best practices and the AWS Well-Architected Framework, he expertly designs, deploys, and troubleshoots enterprise-scale solutions built on AWS to ensure optimal performance.