我有一个CloudFormation脚本,可以为RDS备份创建Lambda函数。如何将CloudFormation模板中的服务器列表传递给lambda函数?现在它们是硬编码的,我认为这不是理想的。
CloudFormation脚本:
{ "AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"ruleName": {
"Description": "Name for CloudWatch Rule.",
"Type": "String"
},
"cronSchedule": {
"Description": "Cron Schedule Expression",
"Type": "String",
"Default": "cron(0 05 * * ? *)"
},
"bucketName" : {
"Description": "S3 Bucket storing the lambda script",
"Type": "String"
},
"lambdaTimeout": {
"Description": "Timeout for Lambda",
"Type": "String",
"Default": "3"
},
"instanceList":{
"Description": "",
"Type": "String"
}
},
"Resources": {
"cloudWatchRule": {
"Type": "AWS::Events::Rule",
"DependsOn": "lambdaFunction",
"Properties": {
"Description": "Cron Schedule",
"Name": {
"Ref": "ruleName"
},
"ScheduleExpression": {
"Ref": "cronSchedule"
},
"State": "ENABLED",
"Targets": [
{
"Arn":{
"Fn::GetAtt": ["lambdaFunction","Arn"]
},
"Id": {
"Ref": "lambdaFunction"
}
}
]
}
},
"lambdaFunction": {
"Type":"AWS::Lambda::Function",
"DependsOn": [
"lambdaRdsBackupRole",
"rdsBackupExecutionPolicy"
],
"Properties":{
"Code": {
"S3Bucket": {
"Ref": "bucketName"
},
"S3Key": "lambdaFunctions/rdsBackup.zip"
},
"Role": {
"Fn::GetAtt": ["lambdaRdsBackupRole", "Arn"]
},
"Handler": "rdsBackup.lambda_handler",
"Environment":{
"Variables": {
"dbInstances": {
"Ref": "instanceList"
}
}
},
"Runtime": "python3.6",
"MemorySize": 128,
"Timeout": {
"Ref": "lambdaTimeout"
}
}
},
"lambdaRdsBackupRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"lambda.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Path": "/"
}
},
"rdsBackupExecutionPolicy": {
"DependsOn": [
"lambdaRdsBackupRole"
],
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyName": "lambdaRdsBackupRolePolicy",
"Roles": [
{
"Ref": "lambdaRdsBackupRole"
}
],
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:*"
},
{
"Effect": "Allow",
"Action": [
"rds:AddTagsToResource",
"rds:DeleteDBSnapshot"
],
"Resource": "arn:aws:rds:*:*"
},
{
"Effect": "Allow",
"Action": [
"rds:ListTagsForResource",
"rds:CreateDBSnapshot"
],
"Resource": "arn:aws:rds:*:*"
},
{
"Effect": "Allow",
"Action": [
"rds:DescribeDBSnapshots"
],
"Resource": "*"
}
]
}
}
}
}
}
我已添加此部分,但我不太确定它是否正确,如果是,我仍然不确定从何处开始:
"Environment":{
"Variables": {
"dbInstances": {
"Ref": "instanceList"
}
}
},
Lambda函数:
import boto3
import datetime
def lambda_handler(event, context):
print("Connecting to RDS")
client = boto3.client('rds')
# Instance to backup
dbInstances = ['testdb', 'testdb2']
for dbInstance in dbInstances:
print("RDS snapshot backups started at %s...\n" % datetime.datetime.now())
for snapshot in client.describe_db_snapshots(DBInstanceIdentifier=dbInstance, MaxRecords=50)['DBSnapshots']:
try:
createTs = snapshot['SnapshotCreateTime'].replace(tzinfo=None)
if createTs < datetime.datetime.now() - datetime.timedelta(days=30):
print("Deleting snapshot id:", snapshot['DBSnapshotIdentifier'])
client.delete_db_snapshot(
DBSnapshotIdentifier=snapshot['DBSnapshotIdentifier']
)
except Exception as e:
print("Error: "+ str(e))
pass
client.create_db_snapshot(
DBInstanceIdentifier=dbInstance,
DBSnapshotIdentifier=dbInstance+'{}'.format(datetime.datetime.now().strftime("%y-%m-%d-%H")),
Tags=[
{
'Key': 'Name',
'Value': 'dbInstance'
},
]
)
答案 0 :(得分:2)
可能有几种方法可以做到这一点。下面列出了一些想到的内容。
1)如果你准备将变量添加到云形成模板中,我会将python脚本内联添加到cloudformation模板中,你可以将数组作为变量传递给模板。 http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html
2)您可以为lambda函数创建环境变量,每次执行它(控制台或命令行)时,都可以使用新的数据库实例更新环境变量。 http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-environment
3)您可以使用类似API Gateway的东西并将其绑定到lambda函数。您可以在POST请求中将数组传递给lambda函数。 http://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started.html
如果不了解您的最终目标,很难推荐其中一个。