AWS Lambda for CloudOps

Why CloudOps Engineers Use Lambda#

Lambda is useful for small operational actions that should run without a server:

• Stop idle development instances on a schedule.
• Tag resources after creation.
• React to CloudTrail events such as root account login.
• Process S3 uploads and write metadata.
• Remediate Config or Security Hub findings.

Execution Model#

Event source
  -> Lambda service
    -> Function runtime
      -> CloudWatch Logs
      -> AWS API calls using execution role

Important settings include timeout, memory, execution role, environment variables, and reserved concurrency.

EventBridge Automation#

EventBridge can run Lambda on a schedule or in response to AWS service events.

Common patterns:

• Schedule: rate(1 hour) or cron(0 22 ? * MON-FRI *).
• EC2 state change: react when instances stop or terminate.
• CloudTrail event: alert or remediate risky API calls.
• Health event: start an operational workflow before maintenance.

S3 Event Notifications#

S3 can invoke Lambda when objects are created, deleted, or restored. Use prefix and suffix filters to avoid noisy triggers.

Avoid writing processed output back to the same prefix that triggers the function, or you can create an invocation loop.

Hands-on: Scheduled Lambda to Stop Tagged EC2 Instances#

Goal: Stop lab EC2 instances every evening using Lambda and EventBridge.

1. Tag the instances you want to manage with AutoStop = true.
2. Create an IAM role for Lambda with ec2:DescribeInstances, ec2:StopInstances, and basic CloudWatch Logs permissions.
3. Create a Lambda function with Python 3.x and a 30-second timeout.
4. Add code:

import boto3

ec2 = boto3.client("ec2")

def lambda_handler(event, context):
    response = ec2.describe_instances(
        Filters=[
            {"Name": "tag:AutoStop", "Values": ["true"]},
            {"Name": "instance-state-name", "Values": ["running"]},
        ]
    )
    instance_ids = [
        i["InstanceId"]
        for r in response["Reservations"]
        for i in r["Instances"]
    ]
    if instance_ids:
        ec2.stop_instances(InstanceIds=instance_ids)
    return {"stopped": instance_ids}

5. Test the function manually.
6. Create an EventBridge schedule such as cron(0 20 ? * MON-FRI *) and target the function.
7. Confirm execution logs in CloudWatch Logs.
8. Disable the rule when the lab is complete.

Hands-on: S3 Upload Event to Lambda#

Goal: Trigger a function when a file lands in an S3 bucket.

1. Create an S3 bucket.
2. Create a Lambda function with permission to write logs.
3. Add this test code:

def lambda_handler(event, context):
    for record in event["Records"]:
        bucket = record["s3"]["bucket"]["name"]
        key = record["s3"]["object"]["key"]
        print(f"new object: s3://{bucket}/{key}")
    return {"ok": True}

4. In the bucket, configure an event notification for s3:ObjectCreated:*.
5. Set prefix incoming/ and destination as the Lambda function.
6. Upload a file to incoming/test.txt.
7. Open CloudWatch Logs and confirm the object key is logged.

Troubleshooting Checklist#

• No logs: check whether Lambda was invoked and whether the role can write CloudWatch Logs.
• Access denied: add the missing AWS API permission to the execution role.
• Timeout: increase timeout or optimize calls.
• Duplicate processing: design idempotent functions; asynchronous events can be retried.
• S3 trigger loop: ensure the function does not write output to the same triggering prefix.

What to Learn Next#

1. AWS Monitoring, Auditing & Performance - connect Lambda to alarms and EventBridge
2. Amazon S3 for CloudOps - process object-created events safely
3. AWS Security & Compliance - automate security responses with Lambda