Added a CloudFormation template.

Author: kcantrel

Management-Utilities/auto_set_fsxn_auto_grow/README.md

@@ -8,7 +8,7 @@ CloudWatch event to trigger the Lambda function whenever a volume is created. Wi
 combination it ensures that all volumes are effectively created with the auto size mode
 set up the way you want for all volumes.
 
-Note that a CloudWatch event is not created when a volume is create directly from the
+Note that a CloudWatch event is not created when a volume is created directly from the
 ONTAP side, either using the ONTAP CLI, System Manager, or REST API. So, it is assumed
 if you are creating them that way, that you will set them with the auto size mode set
 the way you want.
@@ -19,14 +19,17 @@ AWS allows a Lambda function to run within a VPC, it will not have access to the
 even if normally from that subnet it is running in would. Therefore, you will have to set up
 VPC endpoints for the AWS services that the Lambda function will need to communicate with.
 This includes:
-- FSx for ONTAP
+- FSx
 - AWS Secrets Manager
 - DynamoDB if you are using it to store the secrets table
-Instructions on how to set up these endpoints are provided below.
+
+These endpoints are created for you if you use the CloudFormation template provided in this
+repository. If you are setting up the Lambda function manually, you will have to create
+these endpoints yourself.
 
 The way this script authenticates to the FSx for ONTAP management endpoint is by using
 the credentials stored in AWS Secrets Manager. Since it can manage multiple FSxN file
-systems a table is used to specify which secret to use for each file system. This `scretsTable`
+systems a table is used to specify which secret to use for each file system. This `secretsTable`
 can either be stored in a DynamoDB table, or just hard coded in the source code of the
 Lambda function. The schema for the `secretsTable` is as follows:
 ```json
@@ -48,21 +51,21 @@ Where the values associated with each key are as follows:
 
 ## Deployment
 There are two ways to deploy this script. The first way to is use the CloudFormation
-template provided in the cloudformation.yaml file. The second way is to following the
-steps in the "Manual Setup" second below.
+template provided in the cloudformation.yaml file. The second way is to follow the
+steps in the "Manual Setup" section below.
 
 ### CloudFormation Deployment
 Copy the `cloudformation.yaml` file to your local machine. Then, go to the CloudFormation
 service in the AWS console, and click on "Create stack." Select the "Upload a template file"
-option, and upload the `cloudformation.yaml` file. Click "Next."
+option and upload the `cloudformation.yaml` file. Click "Next."
 
 On the next page, give the stack a name. Note that this name is used as a suffix to most of the resources it creates
-so you might want to keep is short, but meaningful. After the stack name you will need to fill in the following parameters:
+so you might want to keep it short, but meaningful. After the stack name you will need to fill in the following parameters:
 
 | Parameter Name | Description |
 |:--------------|:------------|
 | subNetIds| List the subnets that you want the Lambda function to run in. They must have connectivity to the FSxN file systems management endpoints. |
-| vpcId | The VPC that contains the subnets. This is only used if you having this CloudFormation template create the AWS service VPC endpoints. |
+| vpcId | The VPC that contains the subnets. This is only used if you are having this CloudFormation template create the AWS service VPC endpoints. |
 | securityGroupIds | The security group that the Lambda function will use. This security group should allow access to the AWS service endpoints and the FSx for ONTAP management endpoint over TCP port 443. |
 | dynamoDbSecretsTableName | The name of the DynamoDB table that contains the `secretsTable` described above. This value is optional, but if not set, the table commented out in the code will have to be updated to provide the needed information.|
 | dynamoDbRegion| The region where the DynamoDB table is located. |
@@ -73,17 +76,22 @@ so you might want to keep is short, but meaningful. After the stack name you wil
 | createFSxEndpoint| If set to `true` a FSx VPC endpoint will be created. |
 | createDynamoDbEndpoint| If set to `true` a DynamoDB VPC endpoint will be created. |
 | routeTableIds| Since the DynamoDB endpoint is a `Gateway` type, routing tables have to be updated to use it. Set this parameter to any route table IDs you want updated. |
-| endpointSecurityGroupIds| The security group that the VPC endpoints will use. This security group should allow access to the AWS service the endpoint from the Lambda function over port 443. Since the Lambda function will have the security group specified above assigned to it, it can be used as a network `source` for this security group. |
+| endpointSecurityGroupIds| The security group that the VPC endpoints will use. This security group should allow access to the AWS service the endpoints from the Lambda function over port 443. Since the Lambda function will have the security group specified above assigned to it, it can be used as a network `source` for this security group. |
 | autoSizeMode| The auto size mode you want to set the volume to. Valid values are: `grow`, `grow_shrink`, and `off`. |
 | growThresholdPrecentage| The percentage of the volume that must be used before a volume will grow. |
 | maxGrowSizePercentage| The maximum size the volume can auto grow to expressed in terms of a percentage of the initial volume size. |
 | shrinkThresholdPrecentage| The percentage of the volume that must be used before a volume will shrink. |
 | minShrinkSizePercentage| The minimum size the volume can auto shrink to expressed in terms of a percentage of the initial volume size. |
-| maxWaitTime| The maximum time, in seconds, the script will wait for the volume to be created before it will give up and exits. This can happen if a lot of volumes are created at the same time. |
+| maxWaitTime| The maximum time, in seconds, that the script will wait for the volume to be created before it will give up and exit. This can happen if a lot of volumes are created at the same time. |
 
-Once you have filled in these parameters, click `Next`. On the next page you must accept that this script can, and does, create roles. Click `Next`. Finally, on the last page, you can review the stack and click `Submit`.
+Once you have filled in these parameters, click `Next`. On the next page you must accept that this
+script can, and does, create roles. Click `Next`. Finally, on the last page, you can review the stack and click `Submit`.
 
-After the stack is created and everything should be setup. To test, simply create a volume in the AWS console and check that auto size mode from the ONTAP CLI. If it isn't set, check the CloudWatch logs for the Lambda function to see what went wrong. You can quickly go to the correct Lambda function by clicking on the Resources tab with in the CloudFormation stack, and clicking on the link to the Lambda function.
+After the stack has been created everything should be ready. To test, simply create a volume in the
+AWS console and check from the ONTAP CLI that auto size mode appropriately. If it isn't set, check the CloudWatch
+logs for the Lambda function to see what went wrong. You can quickly go to the correct Lambda
+function by clicking on the Resources tab within the CloudFormation stack and clicking on the
+link to the Lambda function.
 
 ### Manual Setup
 If for some reason you can't run the CloudFormation template, here are the steps you can use to manually setup the service:
@@ -105,30 +113,30 @@ The Lambda function doesn't leverage that many AWS services, so only a few permi
 | Allow:secretsmanager:GetSecretValue | \<ARNs_OF_SECRETS_WITHIN_SECRETS_MANAGER> | This is required so the Lambda function can get the credentials for the FSxN file system. |
 | Allow:dynamodb:Scan | \<ARN_OF_DYNAMODB_TABLE> | This is optional, depending on if you put your `secretsTable` in a DynamoDB table. |
 | Allow:fsx:DescribeFileSystems<BR>Allow:fsx:DescribeVolumes | * | You can't limit the scope of these APIs. They are required to get information regarding the file system and volumes. |
-| Allow:ec2:CreateNetworkInterface<BR>Allow:ec2:DeleteNetworkInterface<BR>Allow:ec2:DescribeNetworkInterfaces | * | Since the Lambda function is going to run within your VPC, it has to be able to create a network interface to communicate with the FSxn file system endpoint. |
+| Allow:ec2:CreateNetworkInterface<BR>Allow:ec2:DeleteNetworkInterface<BR>Allow:ec2:DescribeNetworkInterfaces | * | Since the Lambda function is going to run within your VPC, it has to be able to create a network interface to communicate with the FSxN file system endpoints. |
 
 #### Create AWS Endpoints
 Since the Lambda function will be configured to run within a VPC that can communicate with the FSxN
 file systems, so it can issue API calls against them, there will need to be AWS endpoints so
-the Lambda function can also access some of the AWS service. If you have a Transit Gateway setup
+the Lambda function can also access some of the AWS services. If you have a Transit Gateway setup
 that allows access to the Internet, you may not have to create these endpoints, otherwise, the
 following endpoints will need to be created, and attached to the VPC and subnets that the Lambda
 function will run in:
 
 - FSx
 - SecretsManager
-- DynamoDB - You only need this one if you are going to store you `secrtsTable` in DynamoDB. It is recommended that this be a `Gateway` type endpoint, but if you set it up that way you will also have to update the routing tables to use it.
+- DynamoDB - You only need this one if you are going to store your `secretsTable` in DynamoDB. It is recommended that this be a `Gateway` type endpoint. However, if you do that you will also have to update the routing tables associated with the subnets that the Lambda function is deployed on in order for the Lambda function to be able to use it.
 
 #### Create the Lambda Function
 Create a Lambda function with the following parameters:
 
 - Authored from scratch.
-- Uses the Python runtime.
+- Use the Python runtime.
 - Set the permissions to the role created above.
 - Enable VPC. Found under the Advanced Settings.
     - Attached to the VPC that can communicate with the FSxN file systems.
     - Attached to the Subnets that can communicate with the FSxN file systems.
-    - Attached a security group that allows access from any IP within the two subnets over port 443.
+    - Attached to a security group that allows access from any IP within the two subnets over port 443.
 
 After you create the function, you will be able to insert the code included with this 
 sample into the code box. Once you have inserted the code, modify the definitions
@@ -140,7 +148,7 @@ is a dictionary with the following keys:
     - passwordKey - The name of the key in the secret that contains the password.
 
     **NOTE:** Instead of defining the secretsTable in the script, you can define
-dynamodbSecretsTableName and dynamodbRegion and the script will read in the
+dynamoDbSecretsTableName and dynamoDbRegion and the script will read in the
 secretsTable information from the specified DynamoDB table. The table should have
 the same fields as the `secretsTable` defined above.
 
@@ -149,10 +157,10 @@ the same fields as the `secretsTable` defined above.
     - grow - The volume will automatically grow when it reaches the grow threshold.
     - grow_shrink - The volume will automatically grow, and shrink when it reaches the shrink threshold.
     - off - The volume will not automatically grow or shrink.
-- growThresholdPercentage - The percentage of the volume that must be used before the volume will grow.
-- maxGrowSizePercentage - The maximum size the volume can auto grow to expressed in terms of a percentage of the volume size. The default is 200%.
-- shrinkThresholdPercentage - The percentage of the volume that must be used before the volume will shrink.
-- minShrinkSizePercentage - The minimum size the volume can auto shrink to expressed in terms of a percentage of the volume size. The default is 50%.
+- growThresholdPercentage - The percentage of the volume that must be in use before the volume will grow.
+- maxGrowSizePercentage - The maximum size the volume can auto grow to, expressed in terms of a percentage of the initial volume size.
+- shrinkThresholdPercentage - The percentage of the volume that must be in use before the volume will shrink.
+- minShrinkSizePercentage - The minimum size the volume can auto shrink to, expressed in terms of a percentage of the initial volume size.
 - maxWaitTime - The maximum time, in seconds, the script will wait for the volume to be created before it will give up and exit.
 
 **NOTE:** Do not delete the variables or set them to None or empty strings, as the script will not run properly if done so.