Add tags to images and snapshots so we can find them later

jonstacks · jonstacks · commit 4f81c4eaac2e · 2018-11-14T16:35:52.000-06:00
diff --git a/cloudformation/iam.yaml b/cloudformation/iam.yaml
@@ -35,6 +35,8 @@ Resources:
             - "ec2:DescribeVolumes"
             - "ec2:CreateImage"
             - "ec2:CreateSnapshot"
+            - "ec2:DescribeTags"
+            - "ec2:CreateTags"
             Resource: "*"
       - PolicyName: lambda-delete-ebs-backup-policy
         PolicyDocument:
diff --git a/cmd/lambda-ebs-backup/main.go b/cmd/lambda-ebs-backup/main.go
@@ -30,15 +30,18 @@ func HandleRequest(ctx context.Context) error {
 		return err
 	}
 
-	err = backupManager.Search()
-	if err != nil {
+	if err = backupManager.Search(); err != nil {
 		return err
 	}
 
 	if err = backupManager.Backup(); err != nil {
 		return err
 	}
 
+	if err = backupManager.Cleanup(); err != nil {
+		return err
+	}
+
 	return nil
 }
 
diff --git a/pkg/backup/manager.go b/pkg/backup/manager.go
@@ -21,6 +21,8 @@ type ManagerOpts struct {
 	ImageTagKey      string
 	ImageTagValue    string
 	ImageNameTag     string
+	ManagedTagKey    string
+	ManagedTagValue  string
 	RebootOnImageTag string
 
 	DefaultImageNameTemplate *template.Template
@@ -41,6 +43,8 @@ func NewManagerOptsFromConfig(client *ec2.EC2) (*ManagerOpts, error) {
 		ImageTagKey:      config.ImageTagKey(),
 		ImageTagValue:    config.ImageTagValue(),
 		ImageNameTag:     config.ImageNameTag(),
+		ManagedTagKey:    config.ManagedTagKey(),
+		ManagedTagValue:  config.ManagedTagValue(),
 		RebootOnImageTag: config.RebootOnImageTag(),
 		Verbose:          true,
 
@@ -165,12 +169,32 @@ func (m *Manager) backupVolumes() error {
 			if err != nil {
 				m.logf("Error creating snapshot for volume '%s'\n", aws.StringValue(v.VolumeId))
 				errorChan <- err
-			} else {
-				m.logf("Created snapshot '%s' for volume '%s'\n",
+				return
+			}
+
+			m.logf("Created snapshot '%s' for volume '%s'\n",
+				aws.StringValue(snap.SnapshotId),
+				aws.StringValue(v.VolumeId),
+			)
+
+			err = m.addManagmentTags(
+				[]*string{snap.SnapshotId},
+				map[string]string{
+					"lambda-ebs-backup/volume-id": aws.StringValue(v.VolumeId),
+				},
+			)
+
+			if err != nil {
+				m.logf("Error adding management tag to snapshot '%s'(%s)\n",
 					aws.StringValue(snap.SnapshotId),
 					aws.StringValue(v.VolumeId),
 				)
+				errorChan <- err
+				return
 			}
+
+			m.logf("Added management tag for snapshot '%s'\n", aws.StringValue(snap.SnapshotId))
+
 		}(volume)
 	}
 
@@ -222,6 +246,27 @@ func (m *Manager) backupInstances() error {
 				aws.StringValue(i.InstanceId),
 				tags.GetDefault("Name", ""),
 			)
+
+			err = m.addManagmentTags(
+				[]*string{image.ImageId},
+				map[string]string{
+					"lambda-ebs-backup/instance-id": aws.StringValue(i.InstanceId),
+				},
+			)
+
+			if err != nil {
+				m.logf("Error adding management tag for image '%s'(%s)\n",
+					aws.StringValue(image.ImageId),
+					imageName,
+				)
+				errorChan <- err
+				return
+			}
+
+			m.logf("Added management tag for image '%s'(%s)\n",
+				aws.StringValue(image.ImageId),
+				imageName,
+			)
 		}(instance)
 	}
 
@@ -236,6 +281,50 @@ func (m *Manager) backupInstances() error {
 	return nil
 }
 
+// Cleanup cleans up old volume snapshots and images
+func (m *Manager) Cleanup() error {
+	return m.all(
+		[]func() error{
+			m.cleanupSnapshots,
+			m.cleanupImages,
+		},
+	)
+}
+
+func (m *Manager) cleanupSnapshots() error {
+	m.logf("Starting cleanup of old ebs snapshots")
+	return nil
+}
+
+func (m *Manager) cleanupImages() error {
+	m.logf("Starting cleanup of old AMIs")
+	return nil
+}
+
+func (m *Manager) addManagmentTags(resources []*string, extraTags map[string]string) error {
+
+	tags := []*ec2.Tag{
+		&ec2.Tag{
+			Key:   aws.String(m.ManagerOpts.ManagedTagKey),
+			Value: aws.String(m.ManagerOpts.ManagedTagValue),
+		},
+	}
+	if extraTags != nil {
+		for k, v := range extraTags {
+			tags = append(tags, &ec2.Tag{
+				Key:   aws.String(k),
+				Value: aws.String(v),
+			})
+		}
+	}
+
+	_, err := m.client.CreateTags(&ec2.CreateTagsInput{
+		Resources: resources,
+		Tags:      tags,
+	})
+	return err
+}
+
 func (m *Manager) all(funcs []func() error) error {
 	var wg sync.WaitGroup
 	errorChan := make(chan error, 1)
diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -93,3 +93,15 @@ func RebootOnImageTag() string {
 func DefaultRebootOnImage() bool {
 	return envDefaultBool("DEFAULT_REBOOT_ON_IMAGE", true)
 }
+
+// ManagedTagKey will get added to all resources created by the backup so we
+// can search for them later for things like auditing and cleaning up backups
+func ManagedTagKey() string {
+	return envDefault("MANAGED_TAG_KEY", "lambda-ebs-backup/managed")
+}
+
+// ManagedTagValue is the value that corresponds to the ManagedTagKey that gets
+// added to all resources created by backup.
+func ManagedTagValue() string {
+	return envDefault("MANAGED_TAG_VALUE", "true")
+}

Original file line number	Diff line number	Diff line change
`@@ -30,15 +30,18 @@ func HandleRequest(ctx context.Context) error {`
`30`	`30`	`return err`
`31`	`31`	`}`
`32`	`32`
`33`		`- err = backupManager.Search()`
`34`		`- if err != nil {`
	`33`	`+ if err = backupManager.Search(); err != nil {`
`35`	`34`	`return err`
`36`	`35`	`}`
`37`	`36`
`38`	`37`	`if err = backupManager.Backup(); err != nil {`
`39`	`38`	`return err`
`40`	`39`	`}`
`41`	`40`
	`41`	`+ if err = backupManager.Cleanup(); err != nil {`
	`42`	`+ return err`
	`43`	`+ }`
	`44`	`+`
`42`	`45`	`return nil`
`43`	`46`	`}`
`44`	`47`