Actions for AWS EC2
Lucidum allows you to automatically perform the following actions on assets that meet your criteria. You define the criteria for assets by creating a query.
Stop Instance. Stops one or more AWS instances. For details on what happens when you stop an AWS instance, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html#what-happens-stop/.
Start Instance. Starts one or more previously stopped AWS instances. For details on what happens when you start an AWS instance, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html#what-happens-start/.
Tag Instance. Adds a tag (descriptive key: value pair) to one or more AWS instances. For details on tagging, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html.
Untag Instance. Removes a tag (descriptive key: value pair) from one or more AWS instances. For details on tagging, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html.
Stop Instance. You might want to stop an EC2 instance if:
the instance is under-used and the running cost of the instance is high
the instance has a critical vulnerability and requires remediation before it can be back on the network
Start Instance. You might want to start an EC2 instance if:
the instance was stopped for maintenance or updates and can now rejoin the network
Tag Instance. You might want to add a tag to an instance if:
your corporate policy requires tagging and you found an untagged instance
you want to add an additional tag to an instance
To create actions that act upon AWS EC2 assets, you will require an Access Key ID and Access Key Secret for an AWS account that has AWS EC2 Full Access permission.
To create an action in Lucidum, follow these steps:
Choose Action Center from the left pane.
In the Action Center, choose from the action types in the Channels pane.
To create a configuration for the action, click the Manage Configuration button. A configuration provides the connection and authorization information to communicate with the external solution.
Save the configuration.
To create an action, click the Create a new action button. An action specifies the task to execute, the data to include in the action, and how frequently to execute the action.
Save the action.
Lucidum automatically executes the action at the time and recurrence you defined in the action.
You can apply an existing configuration to more than one action. If a configuration already exists, you might be able to re-use the existing configuration and might not need to create a new one.
Configuration for an AWS EC2 Action
Configuration Name. Identifier for the Configuration. This name will appear in the Lucidum Action Center.
Access Key ID (Single Account Access). AWS Access Key ID for an AWS account with read and write access.
Access Key Secret (Single Account Access). AWS Access Key Secret for an AWS account with read and write access.
Create a new action/View Action
Action Type. Select an action from the pulldown options.
Configuration Name. Select an action configuration from the pulldown options.
Action Name. Identifier for the action. This name will appear in the Lucidum Action Center.
Description. Description of the action.
Filters. For new actions, the Add Filter button leads to the New Query page, where you can query for the assets or users that the action will act upon. For existing actions, this field displays the query for this action. The Edit Filter button leads to the New Query page, with the current query already loaded for editing. For details on creating and editing queries in Lucidum, see the section on Building Queries.
Schedule Settings. Define the schedule for the action. Choices are setting a Recurrence by date and time or After Data Ingestion, which happens at least once every 24 hours and can also be triggered manually.
Do not trigger the action unless. Specify the number of results from Filters as a prerequisite for the action.
Output Fields. For each record specified in the Filters field, the Output Fields specifies the columns to include. When creating or editing the query, you can select the display fields in the Query Results page > Edit Column button.
EC2 Action. EC2 action to execute. Choices are START_INSTANCE, STOP_INSTANCE, TAG_INSTANCE, AND UNTAG_INSTANCE.
Tag Key. If you selected TAG_INSTANCE or UNTAG_INSTANCE in the EC2 Action field, specify the key (name) for the tag you want to create or delete.
Tag Value. If you selected TAG_INSTANCE or UNTAG_INSTANCE in the EC2 Action field, specify the value for the tag you want to create or delete.