Launch a shell script from Lambda in AWS

Question

If I have a bash script sitting in an EC2 instance, is there a way that lambda could trigger it?

The trigger for lambda would be coming from RDS. So a table in mysql gets updated and a specific column in that table gets updated to "Ready", Lambda would have to pull the ID of that row with a "Ready" status and send that ID to the bash script.

Answer 1

Let's assume some things. First, you know how to set up a "trigger" using sns (see here) and how to hang a lambda script off of said trigger. Secondly, you know a little about python (Lambda's syntax offerings are Node, Java, and Python) because this example will be in Python. Additionally, I will not cover how to query a database with mysql. You did not mention whether your RDS instance was MySQL, Postgress, or otherwise. Lastly, you need to understand how to allow permission across AWS resources with IAM roles and policies.

The following script will at least outline the method of firing a script to your instance (you'll have to figure out how to query for relevant information or pass that information into the SNS topic), and then run the shell command on an instance you specify.

import boto3
def lambda_handler(event, context):
     #query RDS to get ID or get from SNS topic
     id = *queryresult*
     command = 'sh /path/to/scriptoninstance' + id
     ssm = boto3.client('ssm')
     ssmresponse = ssm.send_command(InstanceIds=['i-instanceid'], DocumentName='AWS-RunShellScript', Parameters= { 'commands': [command] } ) 

I would probably have two flags for the RDS row. One that says 'ready' and one that says 'identified'. So SNS topic triggers lambda script, lambda script looks for rows with 'ready' = true and 'identified' = false, change 'identified' to true (to make sure other lambda scripts that could be running at the same time aren't going to pick it up), then fire script. If script doesn't run successfully, change 'identified' back to false to make sure your data stays valid.

Answer 2

Using Amazon EC2 Simple Systems Manager, you can configure an SSM document to run a script on an instance, and pass that script a parameter. The Lambda instance would need to run the SSM send-command, targeting the instance by its instance id.

Sample SSM document: run_my_example.json:

{
  "schemaVersion": "1.2",
  "description": "Run shell script to launch.",
  "parameters": {
         "taskId":{
            "type":"String",
            "default":"",
            "description":"(Required) the Id of the task to run",
            "maxChars":16
        }
  },
  "runtimeConfig": {
    "aws:runShellScript": {
      "properties": [
        {
          "id": "0.aws:runShellScript",
          "runCommand": ["run_my_example.sh"]
        }
      ]
    }
  }
}

The above SSM document accepts taskId as a parameter.

Save this document as a JSON file, and call create-document using the AWS CLI:

aws ssm create-document --content file:///tmp/run_my_example.json --name  "run_my_example"

You can review the description of the SSM document by calling describe-document:

aws ssm describe-document --name "run_my_example"

You can specify the taskId parameter and run the command by using the document name with the send-command

aws ssm send-command --instance-ids i-12345678 --document-name "run_my_example" --parameters --taskid=123456

NOTES

• Instances must be running the latest version of the SSM agent.

• You will need to have some logic in the Lambda script to identify the instance ids of the server EG look up the instance id of a specifically tagged instance.