Automatic Tags for All EKS Nodes on AWS Account Using Lambda, EventBridge, and CloudTrail

By /

Listen to this Post

Automation is a key aspect of managing cloud infrastructure efficiently. On AWS, services like AWS Lambda and EventBridge can be leveraged to automate tasks such as tagging resources. This article explores how to automatically tag EKS nodes using Lambda, EventBridge, and CloudTrail.

You Should Know:

  1. AWS Lambda: AWS Lambda allows you to run code without provisioning or managing servers. You can write business logic in various programming languages like Python, Node.js, or Java.

  2. Amazon EventBridge: EventBridge is a serverless event bus service that enables you to build event-driven applications. It can react to events in your AWS environment and trigger other AWS services.

  3. AWS CloudTrail: CloudTrail records AWS API calls for your account and delivers log files to an Amazon S3 bucket. It helps in auditing and tracking changes made to your AWS resources.

Steps to Automate Tagging for EKS Nodes:

1. Create a Lambda Function:

  • Write a Lambda function in Python to tag EKS nodes. The function will be triggered by EventBridge when a new EKS node is launched.

import boto3

def lambda_handler(event, context):
ec2 = boto3.client('ec2')
instance_id = event['detail']['responseElements']['instancesSet']['items'][0]['instanceId']
ec2.create_tags(
Resources=[instance_id],
Tags=[
{'Key': 'Environment', 'Value': 'Production'},
{'Key': 'Owner', 'Value': 'DevOps'}
]
)
return {
'statusCode': 200,
'body': 'Tags applied successfully'
}

2. Set Up an EventBridge Rule:

  • Create an EventBridge rule to trigger the Lambda function whenever a new EKS node is launched.
aws events put-rule \
--name "TagEKSNodeRule" \
--event-pattern '{"source": ["aws.ec2"], "detail-type": ["AWS API Call via CloudTrail"], "detail": {"eventSource": ["ec2.amazonaws.com"], "eventName": ["RunInstances"]}}' \
--state "ENABLED"

3. Add Permissions to Lambda Function:

  • Grant the necessary permissions to the Lambda function to tag EC2 instances.
aws lambda add-permission \
--function-name "TagEKSNodeFunction" \
--statement-id "EventBridgeInvoke" \
--action "lambda:InvokeFunction" \
--principal "events.amazonaws.com" \
--source-arn "arn:aws:events:region:account-id:rule/TagEKSNodeRule"

4. Test the Setup:

  • Launch a new EKS node and verify that the tags are applied automatically.

What Undercode Say:

Automating resource tagging in AWS using Lambda, EventBridge, and CloudTrail is a powerful way to ensure consistency and compliance across your cloud infrastructure. By following the steps outlined above, you can streamline the process of tagging EKS nodes, reducing manual effort and minimizing errors. This approach can be extended to other AWS resources, making your cloud environment more manageable and secure.

Additional Commands:

  • List EC2 Instances: 
    aws ec2 describe-instances

  • Check CloudTrail Logs:

    aws cloudtrail lookup-events --lookup-attributes AttributeKey=EventName,AttributeValue=RunInstances

  • Update Lambda Function:

    aws lambda update-function-code --function-name TagEKSNodeFunction --zip-file fileb://function.zip

For more detailed information, refer to the original article: Automatic tags for all EKS nodes on AWS account.

References:

Reported By: Darryl Ruggles – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: