I was trying to setup EC2 start/stop/reboot email notification using EventBridge-Lambda-SNS. So when Cloudtrail will detect the API RunInstances/StopInstances/RebootInstances, that will match eventbridge rule condition which invokes lambda function to send a customized email body through sns topic.
Function Code:
import os
import json
import boto3
def lambda_handler(event, context):
EventID = event['detail']['eventID']
Account = event['account']
Timestamp = event['time']
Region = event['region']
InstanceID = event['detail']['requestParameters']['instancesSet']['items'][0]['instanceId']
EventName = event['detail']['eventName']
SourceIP = event['detail']['sourceIPAddress']
InitiatedBy = event['detail']['userIdentity']['arn']
if EventName == 'StopInstances':
msg_status = 'stopped'
elif EventName == 'StartInstances':
msg_status = 'started'
elif EventName == 'TerminateInstances':
msg_status = 'terminated'
body = f'Hi Team, \n\nThis is to inform you that EC2 instance with {InstanceID} is {msg_status}.Please find below information. \n\nEventID = {EventID}, \nAccount = {Account}, \nTimestamp = {Timestamp}, \nRegion = {Region}, \nInstanceID = {InstanceID}, \nEventName = {EventName}, \nSourceIP = {SourceIP}, \nInitiatedBy = {InitiatedBy} \n\nRegards,\nCloud Team'
sns_client = boto3.client('sns')
snsarn = os.environ['snsarn']
res = sns_client.publish(
TopicArn = snsarn,
Subject = f'Alert - {InstanceID} is {msg_status}',
Message = str(body)
)
Then I tested this function by starting/stopping instance and I got expected email body. But apart from this I am getting Lambda invocation output JSON content in email which I don't want.
Expected:
Hi Team,
This is to inform you that EC2 instance with i-0d8219ba97c61c428 is started. Please find below information.
EventID = 9b07afa3-222c-4632-9dc9-bfa145ddb573,
Account = 12345678910,
Timestamp = 2023-08-13T04:49:49Z,
Region = us-east-1,
InstanceID = i-0d8219ba97c61c428,
EventName = StartInstances,
SourceIP = <IP>,
InitiatedBy = arn:aws:iam::12345678910:root
Regards,
Cloud Team
Sample Invocation Output Unexpected:
I am getting another email of below looking content. Here I pasted sample one(copied from documentation), but yes exactly same json structure I receive which I don't want. Please help me how to stop getting this email.
{
"version": "1.0",
"timestamp": "2019-11-14T18:16:05.568Z",
"requestContext": {
"requestId": "e4b46cbf-b738-xmpl-8880-a18cdf61200e",
"functionArn": "arn:aws:lambda:us-east-2:123456789012:function:my-function:$LATEST",
"condition": "RetriesExhausted",
"approximateInvokeCount": 3
},
"requestPayload": {
"ORDER_IDS": [
"9e07af03-ce31-4ff3-xmpl-36dce652cb4f",
"637de236-e7b2-464e-xmpl-baf57f86bb53",
"a81ddca6-2c35-45c7-xmpl-c3a03a31ed15"
]
},
"responseContext": {
"statusCode": 200,
"executedVersion": "$LATEST",
"functionError": "Unhandled"
},
"responsePayload": {
"errorMessage": "RequestId: e4b46cbf-b738-xmpl-8880-a18cdf61200e Process exited before completing request"
}
}
Do you see SNS as target in your lambda function, if you see that, I'd suggest you to remove that SNS from your lambda target and test it again. Comment here, how it goes. Happy to help.