Skip to content
/ lambda-ec2-shutdown Public

Automated EC2 governance workflow using AWS Lambda to safely stop non-production instances based on tags, with audit logging and API-triggered control.

0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

iamwillsoto/lambda-ec2-shutdown

BranchesTags

Repository files navigation

EC2 Auto-Shutdown System

Tag-Based Automation • API Trigger • DynamoDB Logging • CI/CD Deployment

Overview

This repository implements a production-ready EC2 auto-shutdown system designed to reduce AWS costs, enforce governance, and provide safe manual control mechanisms for operators.

The system evolved incrementally from a simple scheduled Lambda function into a fully automated CloudOps workflow with environment isolation, audit logging, and CI/CD-driven deployments. The architecture mirrors patterns used in real-world AWS production environments.

Architecture

High-Level Flow

EC2 Instances
→ Amazon EventBridge (scheduled trigger)
→ AWS Lambda (shutdown logic)
→ Tag-based filtering and optional API override
→ Amazon DynamoDB (audit logging)

Optional deployment flow:
GitHub Actions → CI/CD → Environment-specific stacks (Beta / Production)

Core Capabilities

Automated EC2 Shutdown

A Lambda function automatically stops EC2 instances on a defined schedule using Amazon EventBridge. This removes the need for manual intervention and helps eliminate unnecessary compute spend.

Tag-Based Governance

Shutdown behavior is controlled using EC2 instance tags. Only instances matching required tags are eligible for shutdown, preventing accidental disruption of protected or production workloads.

Example tags:

  • AutoShutdown = True
  • Environment = Dev

This enables safe, fine-grained control across shared AWS accounts.

Manual API Trigger (Override)

An HTTP endpoint is exposed through Amazon API Gateway, allowing operators to manually trigger shutdowns without accessing the AWS Console.

Example request:

GET /shutdown?key=Environment&value=Dev

This is useful for incident response, testing, or ad-hoc cost control.

Environment Isolation (Beta / Production)

Separate pipelines and stacks are maintained for beta and production environments. This ensures:

Safe testing of changes

No impact to production resources

Predictable deployments

Environment isolation is enforced through CI/CD workflows and environment-specific configuration.

Audit Logging with DynamoDB

Every shutdown action is logged to DynamoDB with structured metadata, including:

EC2 instance ID

Matched tags

Trigger source (scheduled or API)

Timestamp

This provides full traceability for operational actions and supports auditing, troubleshooting, and compliance requirements.

CI/CD Automation

GitHub Actions is used to automate deployments:

Package and zip Lambda code

Upload artifacts to Amazon S3

Deploy CloudFormation stacks

Promote changes from beta to production

This makes the deployment process repeatable, version-controlled, and environment-aware.

AWS Services Used

AWS Lambda

Amazon EC2

Amazon EventBridge

Amazon API Gateway

Amazon DynamoDB

Amazon S3

AWS IAM

GitHub Actions

Common Use Cases

Reduce AWS spend by stopping idle EC2 instances

Enforce tag-based infrastructure policies

Enable safe manual shutdowns for DevOps teams

Maintain audit trails for compliance and governance

About

Automated EC2 governance workflow using AWS Lambda to safely stop non-production instances based on tags, with audit logging and API-triggered control.

Topics

aws lambda automation ec2 governance cloud-operations

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages