sureshvenkey · sureshvenkey · Oct 6, 2019 · Oct 7, 2019 · Oct 7, 2019 · Oct 8, 2019
diff --git a/README.md b/README.md
@@ -20,15 +20,16 @@ C:\Users\venkatraj\Desktop\boto3>
 ### Code  
 Code Name | Description
 ----------|-------------
-delete_ec2_unused_vol.py | Deletes unused volumes i.e. volume unassigned with any ec2 instance with no tags.
-inventory_ec2_instances_and_volumes.py | Creates a inventory in the form of csv file in the current location for ec2 instances and volumes for a specified region.
+del_unused_vol.py | Deletes unused volumes for a specific region i.e. volume unassigned with any ec2 instance with no tags.
+del_unused_vol_region.py | Deletes unused volumes  for all region i.e. volume unassigned with any ec2 instance with no tags.
+inventory_ec2_vol_sg.py | Creates a inventory in the form of csv file in the current location for ec2 instances, volumes and security group for a specified region.
 list_ec2_volumes_with_boto3_filters.py | How to use boto3 filter for tags
 list_ec2_volumes_with_default_filters.py | How to use default filter for tags, helpfull in deleting volumes where key=value pair not matching tags.
 tag_ec2_vol_csv.py | Tag volumes based on csv input file, csv file format, "Volume_ID","Key","Value" The script check whether same key=value pair available in in volume tags and tages volumes. If same key is available with change in value, then the script modifies the tag. 
 
 ### License
 GNU General Public License v3.0  
-Mail: sureshvenkey@gmail.com  
-Website: www.sureshvenkey.com
+Mail Me: sureshvenkey@gmail.com  
+Website: www.venkatraj.in
 
 
diff --git a/delete_ec2_unused_vol.py → del_unused_vol.py b/delete_ec2_unused_vol.py → del_unused_vol.py
diff --git a/del_unused_vol_region.py b/del_unused_vol_region.py
@@ -0,0 +1,24 @@
+'''
+Delete available and untagged volumes from all region using python filter
+Created on 02-Oct-2019
+
+@author: venkatraj
+'''
+import boto3
+from pprint import pprint
+sess=boto3.session.Session(profile_name="default")
+ec2_cli=sess.client(service_name="ec2", region_name="ap-south-1") # Used for waiters and list regions
+for each_region in [region['RegionName'] for region in ec2_cli.describe_regions()['Regions']]:
+    ec2_res=sess.resource(service_name="ec2", region_name=each_region)
+    ec2_cli=sess.client(service_name="ec2", region_name=each_region)
+    print ("Checking for "+each_region)
+    #Delete available and untagged volumes
+    for each_ec2_vol in ec2_res.volumes.all():
+        if each_ec2_vol.state == 'available' and each_ec2_vol.tags == None:
+            ec2_res.Volume(each_ec2_vol.id).delete()
+            try:
+                waiter = ec2_cli.get_waiter('volume_deleted')
+                waiter.wait(VolumeIds=[each_ec2_vol.id])
+                print ("\n"+ each_ec2_vol.id +" volume deleted")
+            except Exception as e:
+                print (e) 
diff --git a/inventory_ec2_instances_and_volumes.py → inventory_ec2_vol_sg.py b/inventory_ec2_instances_and_volumes.py → inventory_ec2_vol_sg.py
@@ -1,5 +1,5 @@
 '''
-Creates inventory file ec2 instances and volumes in current working
+Creates inventory file ec2 instances, volumes & security group in current working
 directory. file name as follows ec2_instances_inv.csv, ec2_volumes_inv.csv
 Created on 02-Oct-2019
 
@@ -20,7 +20,7 @@
 for each_in in ec2_re.instances.all():
     csv_w.writerow([S_No,each_in.ami_launch_index, each_in.architecture, each_in.block_device_mappings, each_in.capacity_reservation_id, each_in.capacity_reservation_specification, each_in.classic_address, each_in.client_token, each_in.cpu_options, each_in.ebs_optimized, each_in.elastic_gpu_associations, each_in.elastic_inference_accelerator_associations, each_in.ena_support, each_in.hibernation_options, each_in.hypervisor, each_in.iam_instance_profile, each_in.id, each_in.image, each_in.image_id, each_in.instance_id, each_in.instance_lifecycle, each_in.instance_type, each_in.kernel_id, each_in.key_name, each_in.key_pair, each_in.launch_time, each_in.licenses, each_in.meta, each_in.monitoring, each_in.network_interfaces, each_in.network_interfaces_attribute, each_in.placement, each_in.placement_group, each_in.platform, each_in.private_dns_name, each_in.private_ip_address, each_in.product_codes, each_in.public_dns_name, each_in.public_ip_address, each_in.ramdisk_id, each_in.root_device_name, each_in.root_device_type, each_in.security_groups, each_in.source_dest_check, each_in.spot_instance_request_id, each_in.sriov_net_support, each_in.state, each_in.state_reason, each_in.state_transition_reason, each_in.subnet, each_in.subnet_id, each_in.tags, each_in.virtualization_type, each_in.volumes, each_in.vpc, each_in.vpc_addresses, each_in.vpc_id])
     S_No=S_No+1
-print ("Inventory file created - ec2_instances_inv.csv")
+print ("EC2 Inventory file created - ec2_instances_inv.csv")
 ec2invfile.close()
 
 vol_header_csv=['S_No', 'attachments', 'availability_zone', 'create_time', 'encrypted', 'id', 'iops', 'kms_key_id', 'meta', 'size', 'snapshot_id', 'snapshots', 'state', 'tags', 'volume_id', 'volume_type']
@@ -31,5 +31,16 @@
 for each_ec2_vol in ec2_re.volumes.all():
     csv_w.writerow([S_No, each_ec2_vol.attachments, each_ec2_vol.availability_zone, each_ec2_vol.create_time, each_ec2_vol.encrypted, each_ec2_vol.id, each_ec2_vol.iops, each_ec2_vol.kms_key_id, each_ec2_vol.meta, each_ec2_vol.size, each_ec2_vol.snapshot_id, each_ec2_vol.snapshots, each_ec2_vol.state, each_ec2_vol.tags, each_ec2_vol.volume_id, each_ec2_vol.volume_type])
     S_No=S_No+1
-print ("Inventory file created - ec2_volumes_inv.csv")
+print ("Volume Inventory file created - ec2_volumes_inv.csv")
 volinvfile.close()
+
+sg_header_csv=['S_No', 'security_group_id', 'description', 'group_id', 'group_name', 'ip_permissions', 'ip_permissions_egress', 'owner_id', 'tags', 'vpc_id']
+S_No=1
+sginvfile=open("ec2_sg_inv.csv","w", newline='')
+csv_w=csv.writer(sginvfile)
+csv_w.writerow(sg_header_csv)
+for each_ec2_sg in ec2_re.security_groups.all():
+    csv_w.writerow([S_No, each_ec2_sg.id, each_ec2_sg.description, each_ec2_sg.group_id, each_ec2_sg.group_name, each_ec2_sg.ip_permissions, each_ec2_sg.ip_permissions_egress, each_ec2_sg.owner_id, each_ec2_sg.tags, each_ec2_sg.vpc_id])
+    S_No=S_No+1
+print ("Security Group Inventory file created - ec2_sg_inv.csv")
+sginvfile.close()
diff --git a/lambda/README.md b/lambda/README.md
@@ -0,0 +1,33 @@
+
+## Automation with lambda & boto3
+### Getting Started
+boto3 is a python module that allows you to automat aws services, which can be used with aws lambda to create a serverless application. Here we are going to create a function to send mail alert (using sns/can also be done with ses) if the ec2 instance is stopped. sns creation is simple just by creating a topic and subscription and getting verified.
+### Procedure for executing lambda  
+
+1. Create a IAM role for lambda ( here lambda is the Trusted entitie) with two policies attached to it "AmazonEC2FullAccess" and "AmazonSNSFullAccess". Here we have given full access, you can restrict if you wish. 
+2. Create a lambda function by specifying the function name, runtime(python 3.7).
+3. Mention the code in function code section.
+3. Select the appropriate IAM role for your function, which we have created now. You can also increase the timeout value in basic section if required, by default it is 3 seconds.
+4. Once you have done save the function. 
+5. From cloudwatch ceate a "Event Pattern" event source by specifying the filtering criteria, example  
+Service Name: EC2  
+Event Type: EC2 Instance State-change Notification  
+Specific state(s): stopped  
+Any instance: Yes  
+6. Select the created function to crecive the events from event source by selection it from Traget.
+7. We are done we are about to receive the mail if the ec2 state is stopped.
+
+
+
+
+Code Name | Description
+----------|-------------
+email_ec2_status.py | Sends mail alert if an instance is reached to stopped state.
+
+
+### License
+GNU General Public License v3.0  
+Mail Me: sureshvenkey@gmail.com  
+Website: www.sureshvenkey.com
+
+
diff --git a/lambda/email_ec2_status.py b/lambda/email_ec2_status.py
@@ -0,0 +1,21 @@
+import json
+import boto3
+
+def lambda_handler(event, context):
+    # TODO implement
+
+    ec2_res=boto3.resource(service_name="ec2", region_name="ap-south-1")
+    sns_cli=boto3.client(service_name="sns", region_name="ap-south-1")
+    #print("Received event: " + json.dumps(event['detail']['instance-id'], indent=2))
+    instance_name = event['detail']['instance-id']
+    message = instance_name + " Instance is in stopped state"
+    print(message)
+    sns_cli.publish(TargetArn="arn:XXX:XXX:XXXXXXX:XXXXXXXXX:XXXXXXXXXXXXXXXXXXX",
+    Message=message,
+    Subject="Ec2 Instance State")
+
+
+    return {
+        'statusCode': 200,
+        'body': json.dumps('Hello from Lambda!')
+    }