0
我有一個爲RDS備份創建Lambda函數的CloudFormation腳本。我如何將CloudFormation模板中的服務器列表傳遞給lambda函數?現在他們是硬編碼的,我不認爲這是理想的。CloudFormation:傳遞列表到Lambda函數
CloudFormation腳本:
{ "AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"ruleName": {
"Description": "Name for CloudWatch Rule.",
"Type": "String"
},
"cronSchedule": {
"Description": "Cron Schedule Expression",
"Type": "String",
"Default": "cron(0 05 * * ? *)"
},
"bucketName" : {
"Description": "S3 Bucket storing the lambda script",
"Type": "String"
},
"lambdaTimeout": {
"Description": "Timeout for Lambda",
"Type": "String",
"Default": "3"
},
"instanceList":{
"Description": "",
"Type": "String"
}
},
"Resources": {
"cloudWatchRule": {
"Type": "AWS::Events::Rule",
"DependsOn": "lambdaFunction",
"Properties": {
"Description": "Cron Schedule",
"Name": {
"Ref": "ruleName"
},
"ScheduleExpression": {
"Ref": "cronSchedule"
},
"State": "ENABLED",
"Targets": [
{
"Arn":{
"Fn::GetAtt": ["lambdaFunction","Arn"]
},
"Id": {
"Ref": "lambdaFunction"
}
}
]
}
},
"lambdaFunction": {
"Type":"AWS::Lambda::Function",
"DependsOn": [
"lambdaRdsBackupRole",
"rdsBackupExecutionPolicy"
],
"Properties":{
"Code": {
"S3Bucket": {
"Ref": "bucketName"
},
"S3Key": "lambdaFunctions/rdsBackup.zip"
},
"Role": {
"Fn::GetAtt": ["lambdaRdsBackupRole", "Arn"]
},
"Handler": "rdsBackup.lambda_handler",
"Environment":{
"Variables": {
"dbInstances": {
"Ref": "instanceList"
}
}
},
"Runtime": "python3.6",
"MemorySize": 128,
"Timeout": {
"Ref": "lambdaTimeout"
}
}
},
"lambdaRdsBackupRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"lambda.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Path": "/"
}
},
"rdsBackupExecutionPolicy": {
"DependsOn": [
"lambdaRdsBackupRole"
],
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyName": "lambdaRdsBackupRolePolicy",
"Roles": [
{
"Ref": "lambdaRdsBackupRole"
}
],
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:*"
},
{
"Effect": "Allow",
"Action": [
"rds:AddTagsToResource",
"rds:DeleteDBSnapshot"
],
"Resource": "arn:aws:rds:*:*"
},
{
"Effect": "Allow",
"Action": [
"rds:ListTagsForResource",
"rds:CreateDBSnapshot"
],
"Resource": "arn:aws:rds:*:*"
},
{
"Effect": "Allow",
"Action": [
"rds:DescribeDBSnapshots"
],
"Resource": "*"
}
]
}
}
}
}
}
我加入這部分,但我不能肯定它是否是正確的,如果是我還不太知道從哪裏何去何從:
"Environment":{
"Variables": {
"dbInstances": {
"Ref": "instanceList"
}
}
},
lambda函數:
import boto3
import datetime
def lambda_handler(event, context):
print("Connecting to RDS")
client = boto3.client('rds')
# Instance to backup
dbInstances = ['testdb', 'testdb2']
for dbInstance in dbInstances:
print("RDS snapshot backups started at %s...\n" % datetime.datetime.now())
for snapshot in client.describe_db_snapshots(DBInstanceIdentifier=dbInstance, MaxRecords=50)['DBSnapshots']:
try:
createTs = snapshot['SnapshotCreateTime'].replace(tzinfo=None)
if createTs < datetime.datetime.now() - datetime.timedelta(days=30):
print("Deleting snapshot id:", snapshot['DBSnapshotIdentifier'])
client.delete_db_snapshot(
DBSnapshotIdentifier=snapshot['DBSnapshotIdentifier']
)
except Exception as e:
print("Error: "+ str(e))
pass
client.create_db_snapshot(
DBInstanceIdentifier=dbInstance,
DBSnapshotIdentifier=dbInstance+'{}'.format(datetime.datetime.now().strftime("%y-%m-%d-%H")),
Tags=[
{
'Key': 'Name',
'Value': 'dbInstance'
},
]
)