You can track every change made to your AWS account with CloudTrail. Did you know that you can also monitor your AWS account in near real time with custom rules specific for your use case? This post will explain you the details of the implementation that follows.
Unfortunately you can not enforce a tag schema on AWS. But tags are very important e.g. for cost allocation. This lambda function checks if your EC2 instances all have a specific tag (defined in config.json) in near real-time. CloudTrail is used to report EC2 CreateTags, DeleteTags and RunInstances events. The lambda function can be deployed with CloudFormation.
- Create a SNS topic and subscribe to the topic via email (aws-tag-watch will send alerts to this topic)
- download the code https://github.com/widdix/aws-tag-watch/archive/master.zip
- unzip
- run
npm installinside to install Node.js dependencies - edit
config.json - execute
./bundle.shin your terminal - upload
aws-tag-watch.zipto S3 - create a CloudFormation stack based on
template.json
done.