aws lambda python function to reboot ec2 instances not working

1
votes

I have a Lambda function to reboot instances:

import boto3
region = 'us-east-1'
instances = ['i-xxxxxxxxxxxxxxxxxxxxxxxxxx']
ec2 = boto3.client('ec2', region_name=region)

def lambda_handler(event, context):
    response = ec2.reboot_instances(
        InstanceIds=[
        'i-xxxxxxxxxxxxxxxxxxxxxx',
    ],
    )
    print(response)

It just refuses to work.

The response when I trigger it:

{'ResponseMetadata': {'RequestId': '12994c92-98ab-4b62-bc10-a0e0b4881aaa', 'HTTPStatusCode': 200, 'HTTPHeaders': {'x-amzn-requestid': '12994c92-98ab-4b62-bc10-a0e0b4881aaa', 'content-type': 'text/xml;charset=UTF-8', 'content-length': '231', 'date': 'Sun, 30 Aug 2020 15:44:40 GMT', 'server': 'AmazonEC2'}, 'RetryAttempts': 0}}

The interesting part: if I change ec2.reboot_instances to ec2.start_instances then it works.

So I am trying to find out why would a reboot command be refused and a start/stop command be accepted?

Note: I included the permission in IAM to reboot instances. The instance is a linux openvpn server AMI bundle

1
pythonamazon-ec2aws-lambdareboot
Are you sure its not working? Check CloudTrail to see if the API action is firedChris Williams
So you've got 200 response can you kindly check the server started time with below command > uptime after invoking the lambda again?Prashanna
So you've got 200 response can you kindly check the server started time with below command > uptime after invoking the lambda again?Prashanna
You say that it works with start_instances() -- does that mean the instance was in a Stopped state? How are you confirming whether the reboot worked -- I don't think it appears in the system status, you would need to connect to the instance to know if it is working.John Rotenstein
@ChrisWilliams Thanks for your reply. Created a cloudtrail log, but it doesn't log any action.Kuitogu67

1 Answers

1
votes

I have used the same code as you, just one step more for you to check: Add the "RebootInstances" access right in your IAM account assigned for Lambda. If you created IAM policy following the documentation, it will be like:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource": "arn:aws:logs:*:*:*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "ec2:Start*",
        "ec2:Stop*",
        "ec2:Reboot*"   // <-----Add this
      ],
      "Resource": "*"
    }
  ]
}