通过 lambda 访问所有 ec2 跨区域
[英]access all ec2 cross region via lambda
问题描述
I have lambda function for auto Ami backup is possible to execute lambda across the region for take automatic backup of all my EC2 working on account.
我有用于自动 Ami 备份的 lambda 功能,可以在整个区域执行 lambda 以自动备份我所有的 EC2 工作帐户。
One lambda function execution for all ec2 across region跨区域为所有 ec2 执行一个 lambda 函数
var aws = require('aws-sdk');
aws.config.region = 'us-east-1','ap-south-1','eu-central-1';
var ec2 = new aws.EC2();
var now = new Date();
date = now.toISOString().substring(0, 10)
hours = now.getHours()
minutes = now.getMinutes()
exports.handler = function(event, context) {
var instanceparams = {
Filters: [{
Name: 'tag:Backup',
Values: [
'yes'
]
}]
}
ec2.describeInstances(instanceparams, function(err, data) {
if (err) console.log(err, err.stack);
else {
for (var i in data.Reservations) {
for (var j in data.Reservations[i].Instances) {
instanceid = data.Reservations[i].Instances[j].InstanceId;
nametag = data.Reservations[i].Instances[j].Tags
for (var k in data.Reservations[i].Instances[j].Tags) {
if (data.Reservations[i].Instances[j].Tags[k].Key == 'Name') {
name = data.Reservations[i].Instances[j].Tags[k].Value;
}
}
console.log("Creating AMIs of the Instance: ", name);
var imageparams = {
InstanceId: instanceid,
Name: name + "_" + date + "_" + hours + "-" + minutes,
NoReboot: true
}
ec2.createImage(imageparams, function(err, data) {
if (err) console.log(err, err.stack);
else {
image = data.ImageId;
console.log(image);
var tagparams = {
Resources: [image],
Tags: [{
Key: 'DeleteOn',
Value: 'yes'
}]
};
ec2.createTags(tagparams, function(err, data) {
if (err) console.log(err, err.stack);
else console.log("Tags added to the created AMIs");
});
}
});
}
}
}
});
}
where aws.config.region is for region config..it's working for current(in which lambda deploy) region其中 aws.config.region 用于区域配置..它适用于当前(其中 lambda 部署)区域
3 个解决方案
解决方案1
1 已采纳 2018-09-11 04:35:04
This line:这一行:
var ec2 = new aws.EC2();
connects to the Amazon EC2 service in the region where the Lambda function is running.连接到运行 Lambda 函数的区域中的 Amazon EC2 服务。
You can modify it to connect to another region:您可以修改它以连接到另一个区域:
var ec2 = new AWS.EC2({apiVersion: '2006-03-01', region: 'us-west-2'});
Thus, your program could loop through a list of regions (from ec2.describeRegions ), creating a new EC2 client for the given region, then running the code you already have.因此,您的程序可以遍历区域列表(来自ec2.describeRegions ),为给定区域创建一个新的 EC2 客户端,然后运行您已有的代码。
See: Setting the AWS Region - AWS SDK for JavaScript请参阅: 设置 AWS 区域 - 适用于 JavaScript 的 AWS 开发工具包
解决方案2
0 2018-09-11 06:09:51
In your Lambda Role, you need to add a policy which gives the Lambda function necessary permissions to access the EC2 on different accounts, typically you can add ARN's of EC2 instances you wan't access to or you can specify "*" which gives permissions to all instances.在您的 Lambda 角色中,您需要添加一个策略,该策略为 Lambda 函数提供访问不同账户上的 EC2 所需的权限,通常您可以添加您不想访问的 EC2 实例的 ARN,或者您可以指定“*”以授予权限到所有实例。
Also on other accounts where EC2 instances are running you need to add IAM policy which gives access to your Lambda Role, note that you need to provide Lambda role ARN,同样在运行 EC2 实例的其他账户上,您需要添加 IAM 策略以访问您的 Lambda 角色,请注意,您需要提供 Lambda 角色 ARN,
In this way your Lambda role will have policy to access EC2 and cross account EC2 will have policy which grant's access to Lambda role.通过这种方式,您的 Lambda 角色将具有访问 EC2 的策略,并且跨账户 EC2 将具有授予对 Lambda 角色的访问权限的策略。
Without this in place you might need to do heavy lifting of configuring IP's of each EC2 in each account.如果没有这一点,您可能需要在每个帐户中配置每个 EC2 的 IP 的繁重工作。
Yes and you also need to point EC2 object to a region where the instance is running,是的,您还需要将 EC2 对象指向运行实例的区域,
解决方案3
0 2020-08-28 07:47:40
任何代码(包括 Lambda 函数)都可以创建连接到不同区域的客户端。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.