Automatic Tags for All EKS Nodes on AWS Account Using Lambda, EventBridge, and CloudTrail

By /

Listen to this Post

Managing AWS resources efficiently often requires proper tagging, especially for cost allocation and resource tracking. However, manually tagging resources can be error-prone and time-consuming. This article explores how to automate tagging for Elastic Kubernetes Service (EKS) worker nodes using AWS Lambda, EventBridge, and CloudTrail.

How It Works

  1. CloudTrail Logs API Activity – AWS CloudTrail captures all API calls, including EKS node creation.
  2. EventBridge Rule Triggers on Events – An EventBridge rule detects when new EKS nodes are launched.
  3. Lambda Function Applies Tags – A Lambda function processes the event and applies predefined tags automatically.

You Should Know: Practical Implementation

1. Set Up CloudTrail

Ensure CloudTrail is enabled in your AWS account to log management events:

aws cloudtrail create-trail --name AutoTagTrail --s3-bucket-name YOUR_BUCKET_NAME --is-multi-region-trail

2. Create an EventBridge Rule

Define a rule to trigger when an EKS node is created:

{
"source": ["aws.eks"],
"detail-type": ["AWS API Call via CloudTrail"],
"detail": {
"eventSource": ["eks.amazonaws.com"],
"eventName": ["CreateNodegroup"]
}
}

3. Deploy the Lambda Function

Use Python to apply tags dynamically:

import boto3

def lambda_handler(event, context):
eks = boto3.client('eks')
resource_arn = event['detail']['responseElements']['nodegroup']['nodegroupArn']

tags = {
'Environment': 'Production',
'CostCenter': 'DevOps',
'ManagedBy': 'Automation'
}

eks.tag_resource(resourceArn=resource_arn, tags=tags)
return {"status": "Tags applied successfully"}

4. Test & Monitor

Verify the automation by creating an EKS node group and checking tags:

aws eks list-nodegroups --cluster-name YOUR_CLUSTER
aws eks describe-nodegroup --cluster-name YOUR_CLUSTER --nodegroup-name YOUR_NODEGROUP

What Undercode Say

Automating AWS resource tagging ensures consistency and reduces manual effort. This approach can be extended to other AWS services like EC2, RDS, or S3. Key takeaways:
– CloudTrail is essential for tracking AWS API activity.
– EventBridge enables real-time event-driven automation.
– Lambda provides serverless flexibility for custom tagging logic.

For further reading, check the original article:

Automatic tags for all EKS nodes on AWS account

Expected Output:

  • Properly tagged EKS nodes for cost allocation.
  • Reduced manual intervention in resource management.
  • Scalable tagging automation across AWS services.

References:

Reported By: Darryl Ruggles – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: