serverless.yml

# Name of our service
service: daily-instance-snapshot

# The required version of serverless we have to be using for this to work
frameworkVersion: ">=2.0.0"

# See: https://www.serverless.com/framework/docs/deprecations/#CONFIG_VALIDATION_MODE_DEFAULT
configValidationMode: error

##############################
# Our service provider and runtime/region definitions
##############################
provider:
  name: aws                       # Which provider to use
  stage: ${opt:stage, 'dev'}      # Which stage to deploy to
  runtime: python3.9              # Which Lambda runtime to use
  logRetentionInDays: 30          # How many days we want to maintain logs in CloudWatch
  region: 'us-east-1'             # Which AWS region to deploy in, eu-west-1 by default, but overridable
  memorySize: 128                 # In megabytes, 128 minimum in 64MB increments
  timeout: 300                    # In seconds
  versionFunctions:  true         # We want to version our functions so we can revert if we need to
  environment:
    DEFAULT_RETENTION_TIME: "7"                  # This is the number of days by default to store AMIs for
    LIMIT_TO_REGIONS: ""                         # Use this to limit what region(s) you'd like this lambda to scan.  Comma-delimited, by default scan all regions.  Put in eg: "eu-west-1" here
    DRY_RUN: "false"                             # If this env variable is set to true it will only print what it would do, not actually do it
    KEY_TO_TAG_ON: "AWSAutomatedDailySnapshots"  # This is the key we will scan for to detect if this script is managing a snapshot, by default this is "AWSAutomatedDailySnapshots".  Warning: the first version of this plugin had this value at: FarleysBackupInstanceRotater but it has since changed.  Please go manually delete any AMIs with the old name
  # deploymentBucket:
  #   name: set-me-to-an-existing-bucket  # Name of an existing bucket to use, if not specified then will be created by serverless
  iam:
    role:
      statements:
        # We must be able to do what this script needs to do...
        - Effect: Allow
          Action:
            - ec2:CreateImage
            - ec2:CreateSnapshot
            - ec2:CreateTags
            - ec2:DeleteSnapshot
            - ec2:DeregisterImage
            - ec2:DescribeImages
            - ec2:DescribeInstances
            - ec2:DescribeSnapshots
            - ec2:DescribeVolumes
          Resource: "*"


##############################
# Our function definition
##############################
functions:
  execute_handler:
    description: This does a snapshot of all our instances we want to be manually backed up to AMIs and attempts to delete expired volumes
    handler: handler.lambda_handler
    events:
      - schedule:
          description: Once a day for AMI backups
          rate: rate(1 day)
          enabled: true

##############################
package:
  patterns:
    - "!requirements.txt"
    - "!*.png"