Here is the Step by step guide to do hands-on as per the architecture diagram and the python scirpt we have for Lambda function.
- Go to AWS Lambda → Create a new Lambda function.
- Choose Python 3.x as the runtime.
- Upload the script or paste it in the inline editor.
- Attach IAM Role with the following permissions:
AmazonEC2FullAccess(or custom permissions for listing and deleting snapshots).AmazonSNSFullAccess(to send notifications).AWSLambdaBasicExecutionRole(for logging to CloudWatch).- Or you can just the IAM policy I have provided.
- Set up CloudWatch Logs:
- Enable logging for debugging and monitoring.
- Go to Amazon SNS → Create a new topic.
- Choose type: Standard or FIFO (Standard recommended).
- Add subscribers:
- Email: Receive notifications via email.
- SMS: Get alerts on your phone.
- Lambda: Trigger another Lambda if needed.
- Copy the SNS Topic ARN and replace it in the Python script.
- Manually test the Lambda function:
- Click "Test" in AWS Lambda and check the logs in CloudWatch.
- Verify SNS notifications:
- Ensure you receive emails/SMS alerts when snapshots are deleted.
- Monitor CloudWatch Logs:
- Check if errors occur and debug accordingly.
- Restrict IAM permissions:
- Only allow
ec2:DeleteSnapshoton snapshots owned by your account.
- Only allow
- Enable AWS Config & Cost Explorer:
- Monitor cost savings after running the script for a few days.
- 💰 Cost Savings: Unused EBS snapshots are automatically deleted.
- ⚡ Efficiency: No manual intervention needed.
- 📩 Notifications: You get alerts for every action.