This is Part 2 of a two-part best practice guide covering the advantages of using current generation AWS instance types to ensure you’re not paying more money for lower performance. Part 1 focuses on the performance and cost saving advantages of current gen instances, while Part 2 walks through an example of how AWS Config can be used to automatically find and report instances that are running on outdated types.
While Part 1 of this series gives a high level overview of cost and performance advantages of updating instances to current generation instance types, here we will focus on one of the ways that old instance types can be identified on an ongoing basis.
AWS Config, along with AWS Config Rules, provides a detailed view of the resources deployed within your AWS account and a way to define governance policies to ensure that those resources comply with industry best practices, as well as your company’s internal practices. We will be creating a custom AWS Config rule in this example that uses an AWS Lambda function to evaluate whether the AWS Instances deployed in our cloud are using outdated instance types.
At the end of this exercise, you will have a dashboard item within AWS Config that will quickly show you whether there are any instances in your environment that should be updated. Additionally, (and not covered in this post) AWS Config rule changes can be sent to an AWS SNS topic, then distributed via email, Chat application like Slack, etc. Future blog posts will cover this topic and be linked here when available.
AWS Config must be initially set up before rules can be configured. The AWS-provided guide at the following location can be used to initially enable AWS Config to scan your cloud resources: https://docs.aws.amazon.com/config/latest/developerguide/gs-console.html.
The Lambda function we create will be called by AWS Config when changes to EC2 Instances occur. The function will take in a comma separated list of old instance types to check for as a parameter and mark ‘Non Compliance’ for any instances that are running, or start up fresh, using an instance type in that list.
To create the Lambda function, first browse to the Lambda service in the AWS console. Note that your account must have the correct permissions to create Lambda functions in IAM before you can do this:
Next, select ‘Create function’:
With ‘Author from scratch’ highlighted:
In the editing screen of your new Lambda function, in the ‘Function code’ section, paste the code found in the following Github repository, replacing the code lines written by default in a new function, then click the Save button at the top of the screen:
When this is complete, make note of or copy the function’s ARN, which is located at the top of the screen above the Save button. This will be needed when setting up the AWS Config rule in the next step.
In the AWS Config console, select Rules, then click the ‘Add rule’ button.
Next, select ‘Add custom rule’
This will bring up a dialog box for creating your custom rule:
At this point, your new outdatedInstanceTypes rule will be evaluated against existing EC2 instances in the environment. The rule will be listed as either Compliant or NonCompliant.
Drilling into the rule by name will show a detailed list of EC2 Instances and their compliance state.
It's important to remember that these best practices are not meant to be one-time activities, but ongoing processes. Because of the dynamic and ever-changing nature of the cloud, cost optimization activities should ideally take place continuously. Learn more about how LeanCloud can help you automate the continuous optimization of your cloud environment.