Automatically Execute Bulk Operations for EC2 Service
Table of Contents
Description
This playbook will help you to execute different operations over the EC2 service.
The supported operations are:
1. Snapshot - delete, ls, encrypt
2. SecurityGroup - delete
3. Vpc - create_flow_log
4. ec2 - find-load-balancers
assetIds (REQUIRED)
It can be all, or comma_separated EC2 instance ids.
regions (OPTIONAL)
If region is provided, it gives load balancers from provided region else gives load balancers from default region.
It uses the exact AWS authentication fallback mechanism.
If there is no profile, it uses credentials from the AWS environment variables.
If credentials do not exist in environment variables, it falls back to the local ~/.aws configuration.
After authentication via AWS API, the script execution will run on the same AWS account of those credentials defined in fallbacks 1-3 (see above).
This playbook also supports automatic spin and run spin of EC2 assets using predefined AMI configurations, with options to dynamically retrieve configuration data from AWS Parameter Store. This helps ensure consistent environment setup across multiple EC2 instances and regions. The automation flow simplifies management tasks, reduces manual errors, and enhances operational efficiency. You can quickly spin up environments, manage flow logs, and handle snapshots or security groups in a repeatable and reliable manner.
Playbook steps:
actionParams property to the script. Prerequisites
2. Python v3.6 or higher, and the
boto3 package installed:
pip install boto3
Notes
This script leverages AWS API and Boto3 documentation:
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/s3.html
Supported Actions
Snapshot
-
delete, ls, encrypt
actionParams
-
KmsKeyId(OPTIONAL)
The KMS key to use for encryption. If not specified, your default KMS key for Amazon EBS is used.
SecurityGroup
-
delete
Vpc
-
create_flow_log
actionParams:
-
DeliverLogsPermissionArn(REQUIRED)
The ARN of the IAM role that allows EC2 to publish flow logs to CloudWatch Logs.
-
LogGroupName(OPTIONAL)
The name of the CloudWatch Logs group where flow logs will be published.
Supported Actions
Execution Example 1
python3 EC2Helper.py --profile <aws_profile> --type <ec2_service_type> --action <action> --actionParmas <params> --assetIds <comma_separated_assets>
Execution Example 2
python3 EC2Helper.py --type snapshot --action delete --assetIds "snap-1,snap-2" --dryRun True
Parameter Usage
-
logLevel— The logging level (optional). Default:Info:
-
profile— The AWS profile to use.
-
type— The EC2 asset type (e.g.,instance,snapshot,security-group).
-
action— The EC2 action to execute (e.g.,snapshot-delete,sg-delete).
-
actionParmas— Dictionary of action parameters (e.g.,{ \"key1\":\"val1\" }).
-
assetIds— Comma-separated list of asset IDs.
Frequently Asked Questions (FAQ)
How do I perform an automatic spin of EC2 instances using this playbook?
EC2Helper.py script with the appropriate EC2 asset type and action parameters. Define your AMI and other configuration details in AWS Parameter Store or as part of your command. This allows you to automate EC2 instance creation and management.
What is the correct way to run spin actions with predefined AMI configurations?
EC2Helper.py script with the proper EC2 service type and action. This ensures your automatic spin process consistently deploys instances.
How can I retrieve configuration parameters from AWS Parameter Store for use in this playbook?
actionParams. Define keys for items such as AMI IDs, security settings, or flow log configurations. Using Parameter Store enables dynamic and flexible automatic spin and run spin operations.
What are the prerequisites for running snapshot encryption actions?
Ensure Python 3.6+ and boto3 are installed, and valid AWS credentials are configured. When running snapshot encryption, include an optional KmsKeyId in your actionParams. You can automate encryption and use values like the KMS key or AMI ID retrieved from AWS Parameter Store.
Which EC2 asset types are supported by this playbook?
The playbook supports several EC2 asset types, including snapshot, security group, VPC (for flow logs), and EC2 load balancers. These capabilities help automate common AWS operations such as automatic spin or run spin of EC2 resources, integrating with predefined AMI configurations and dynamic parameters from AWS Parameter Store.
How do I configure flow logs when creating a new VPC?
create_flow_log action with the required DeliverLogsPermissionArn. Optionally specify a LogGroupName. You can also manage flow log settings dynamically via AWS Parameter Store and integrate them into an automatic spin or run spin process for consistent VPC configurations.
What AWS authentication methods does the playbook support?
~/.aws configuration. This ensures flexible and secure execution of all operations — including automatic spin, run spin with AMI setups, and parameter retrieval from AWS Parameter Store.
Can I use this playbook to manage Security Groups across multiple regions?
delete action for Security Groups, you can specify regions or rely on defaults. This is helpful for maintaining consistent network security as part of broader automatic spin or run spin processes. AWS Parameter Store can be used to manage region-specific parameters or AMI configurations. 
