EBS-Optimization

This project contains the CloudFormation templates and Python scripts required to automate the optimization of Elastic Block Storage (EBS volumes) attached and mounted to EC2 Instances after a standard 'lift and shift' migration to AWS.

The project is built with the following assumptions:

• Instances are running in private subnets across two Availability Zones
• Instances are using Rhel7 and Windows operating system
• A mixture of EBS volume types and sizes are used to replicate a common enterprise environment
• Instances have the following agents and/or packages installed:
  • AWS CLIv2
  • Amazon CloudWatch Agent
  • Amazon SSM Agent

Prerequisites

In order to deploy the EBS Optimization solution, the following needs to be in place:

• An AWS Account
• IAM User with Programmatic Access
• IAM Role with AdministratorAccess policy attached to the above IAM User
• AWS CLI installed on your local workstation
• Python installed on your local workstation

EBS-Optimization Lambdas

The Lambda Functions that support the EBS optimization automation perform the following tasks:

• create_ebs_dictionary creates a dictionary of the instance IDs, Availability Zones, EBS volume IDs, EBS volume sizes, EBS volume types, EBS volume IOPS, EBS volume disk usage (percentage), and EBS snapshot IDs
• create_ebs_volumes creates a new EBS volume based on the disk usage of the durrent EBS volume attached to a given instance
• attach_new_volumes attaches the newly created EBS volume to the corresponding instance
• mount_new_volumes sends an SSM Run Command to the instance that mounts the new voluume and copies the data from the existing one
• unmount_old_volume unmounts the previous EBS volume and detaches is from the EC2 instance

Parameters/Variables to configure

In order to provision the EBS Optimization solution in your AWS environment, there are some parameters/variables that you will need to update.

In lambdas/CreateEBSDictionary/lambda_function.py:

• Set the Filters in the get_instance_ids section to the tag key/values for your instances
• In the get_disk_used_percent section, set the Value of path in Dimensions to the path where the original volume is mounted
• In get_snapshot_id section, set the BackupVaultName to your AWS Backup vault
• In get_snapshot_id section, set the 'ByCreatedAfter’ timedelta to the desired number of hours since the most recent snapshot in AWS Backup for the volumes you want to optimize.

In lambdas/AttachNewVolumes/lambda_function.py:

• Set the Filters in the create_new_volume_dictionary section to the tag key/values for your volumes

In cfn-templates/ebs-s3-sns-template.yaml:

• Set the Default email address value in the SysAdminEmail parameter

Steps to deploy

Use the following steps to deploy EBS Optimization in your AWS environment: NOTE: You MUST Complete ALL of the items under the PREREQUISISTES portion of this README file before proceding with these steps.

1. Open a terminal (Linux/MacOS) and navigate to the directory where you want to store the EBS Optimization solution locally.
2. Clone the EBS Optimization solution 'git clone https://github.com/aws-samples/ebs-optimization-blog.git'
3. Update the values for the parameters/variables based on your environment. These values are mentioned in the Parameters/Variables to configure section of this README file
4. Configure ~/.aws/credentials with the access key and secret access key of an IAM user that has AdministrativeAccess to the account where you will provision the solution.

• Alternative Option use the AWS CLI sts API to assume an IAM role with the required permissions.

5. From the root directory of the cloned repository, run the bash script that aligns to the OS type you cloned the repo to:

• linux-ebs-optimization.sh
• mac-ebs-optimization.sh

6. The shell script will:

• Create an EBS optimization S3 bucket and SNS topic (3 Minutes). Monitor the email to confirm subscription to the SNS topic.
• Create the EBS-Optimization Lambdas
• Create step function using above Lambda functions.

7. The shell script will prompt "Would you like to begin optimizing EBS volumes (y/n)?"

• Selecting 'y' will cause the state machine to run against optimization against the volumes that match the criteria specified in the parameters.
• Selecting 'n' will cause the shell script to abort. Removal of 'event-step-function-stack', ebs-optimization-lambda-functions, and ebs-optimization-s3-sns stacks within CloudFormation is required before subsequent execution of the ebs-optimization shell script.

7. The shell script will state "EBS optimization state machine has SUCCEEDED. Next navigate to the Systems Manager console to view the status of the Run Commands for the instances." and then end.
8. Open the AWS Console and navigate to Step Functions > ebs-optimization-state-machine > 'Execution ID'

• Wait for all Commands to complete (this may take some time depending on the amount of data being copied. Current Timeout is set for 12 hours)

9. Navigate to AWS Systems Manager Console to view the status of the Run Commands on the instances.

Confirm Successful Deployment

Once you have successfully deployed the EBS Optimization solution, you should be able to open a shell to an instance and run df -h to see the new volume mounted on the /newvolume directory and the size of the new volume. Your EBS volumes attached to your EC2 instances should now be optimized based on disk usage. Old volumes should show as Available in the EC2 console and can be reattached if there are errors or missing data.

If you receive any errors during the deployment, read them carefully and check that you have correctly completed the Prerequisites and configured the parameters/variables for your environment.

Cleanup

1. Once you have verified data consistency and moved the application to the new mountpoint use the AWS Console to navigate to Lambdas > 'Functions' > unmount-old-ebs-volumes. Run this Lambda function to unmount the volume and remove the mount point. EBS volumes are not deleted.
2. Delete the old EBS volumes once you are confident they are no longer necessary to avoid additional expense.

VPC Infrastructure: vpc.yaml

• VPC with public and private subnets across two Availability Zones
• Internet Gateway with a default route on the public subnets
• NAT Gateways for each private subnet in their corresponding public subnet
• Route tables for each private subnet in their corresponding public subnet

Project Infrastructure: ebs-optimization-resources.yaml

• EC2 Key pair for accessing the EC2 instances over SSH stored in AWS Secrets Manager
• KMS Keys to encrypt EBS volumes, AWS Backup snapshots, and S3
• Security Group for the EC2 instances to allow port 22 from inside the VPC
• EC2 Instance profile to allow use of SSM Session Manager and CloudWatch Metrics
• EC2 Launch Template for RHEL7 instances
  • Includes a bootstrap script for mounting an additional storage volume onto the instances
• S3 Bucket to store EBS volume data
• Five EC2 instances with EBS volumes attached of varying types and sizes
• AWS Backup configured to create daily snapshots of the EBS volumes
• Five Lambda Functions to automate optimization of the EBS volumes
• Step Function Workflow to coordinate the Lambdas

Additional Development

The following tasks can be considered for further development of the solution

1. Develop automated testing to confirm data integrity after syncing
2. Support for multiple data volumes