Let's assume some things. First, you know how to set up a "trigger" using sns (see here) and how to hang a lambda script off of said trigger. Secondly, you know a little about python (Lambda's syntax offerings are Node, Java, and Python) because this example will be in Python. Additionally, I will not cover how to query a database with mysql. You did not mention whether your RDS instance was MySQL, Postgress, or otherwise. Lastly, you need to understand how to allow permission across AWS resources with IAM roles and policies.

The following script will at least outline the method of firing a script to your instance (you'll have to figure out how to query for relevant information or pass that information into the SNS topic), and then run the shell command on an instance you specify.

import boto3
def lambda_handler(event, context):
     #query RDS to get ID or get from SNS topic
     id = *queryresult*
     command = 'sh /path/to/scriptoninstance' + id
     ssm = boto3.client('ssm')
     ssmresponse = ssm.send_command(InstanceIds=['i-instanceid'], DocumentName='AWS-RunShellScript', Parameters= { 'commands': [command] } ) 

I would probably have two flags for the RDS row. One that says 'ready' and one that says 'identified'. So SNS topic triggers lambda script, lambda script looks for rows with 'ready' = true and 'identified' = false, change 'identified' to true (to make sure other lambda scripts that could be running at the same time aren't going to pick it up), then fire script. If script doesn't run successfully, change 'identified' back to false to make sure your data stays valid.

I think you could use the new EC2 Run Command feature to accomplish this.

There are few things to consider one of them is:

• Security. As of today lambda can't run in VPC. Which means your EC2 has to have a wide open inbound security group.

I would suggest take a look at the messaging queue (say SQS ). This would solve a lot of headache.

That's how it might work:

• Lambda. Get message; send to SQS
• EC2. Cron job that gets trigger N number of minutes. pull message from sqs; process message.

Using Amazon EC2 Simple Systems Manager, you can configure an SSM document to run a script on an instance, and pass that script a parameter. The Lambda instance would need to run the SSM send-command, targeting the instance by its instance id.

Sample SSM document: run_my_example.json:

{
  "schemaVersion": "1.2",
  "description": "Run shell script to launch.",
  "parameters": {
         "taskId":{
            "type":"String",
            "default":"",
            "description":"(Required) the Id of the task to run",
            "maxChars":16
        }
  },
  "runtimeConfig": {
    "aws:runShellScript": {
      "properties": [
        {
          "id": "0.aws:runShellScript",
          "runCommand": ["run_my_example.sh"]
        }
      ]
    }
  }
}

The above SSM document accepts taskId as a parameter.

Save this document as a JSON file, and call create-document using the AWS CLI:

aws ssm create-document --content file:///tmp/run_my_example.json --name  "run_my_example"

You can review the description of the SSM document by calling describe-document:

aws ssm describe-document --name "run_my_example"

You can specify the taskId parameter and run the command by using the document name with the send-command

aws ssm send-command --instance-ids i-12345678 --document-name "run_my_example" --parameters --taskid=123456

NOTES

• Instances must be running the latest version of the SSM agent.

• You will need to have some logic in the Lambda script to identify the instance ids of the server EG look up the instance id of a specifically tagged instance.