what is it about
Recently came across unused ebs which was increasing the AWS bills. They were redundant from testing and development. To automate the removal process wrote the below lambda function that will scan for unattached volumes, tag for deletion and send an email notification. Then removed after a day.
solution overview
scan for unused ebs volume with status if available
Tag those for deletion
Add that list to Dynamodb, so we can check back the next day
Send email notifications on the volumes
The user will remove the deletion tag if the volume is required
if the delete tag is available the next day, the volume is deleted
email summary
Deploying the solution
clone the repository https://github.com/uptownaravi/aws-ebs-cleanup.git
We need a lambda function, dymanodb table, sns topic (with email subscription) and IAM roles setup to run this.
First let's create the IAM role using the file iam.json. Edit the account numbers and resource names as required. The file has 3 different inline policies which enable the lamdba function to access ebs, dynamodb and sns
Create the Dynamodb table and SNS topic ( also an email subscribed to that topic to get the summary of the cleanup )
Then create the lambda function using the file cleanupebs.py
Use the execution role as the one created in the first step.
Change the table names and SNS topic arn
https://github.com/uptownaravi/aws-ebs-cleanup/blob/main/cleanupebs.py#L9-L10
with the ones created in the second step
That's it, try a test run to check if the ebs volumes with available status are tagged also check email for the summary.
adding periodic trigger to the lambda function
Add a cron job using EventBridge Scheduler so that the function can be run every day at a specific time.
click on create schedule, give a name and for the schedule pattern
have added here cron (0 10 ? * MON-FRI *) which is 10 AM on from Mon to Friday
add the cron as required ( Flexible time window have selected off ) and click on next
In Target details elect AWS Lambda Invoke and select the function which we created earlier in the Invoke section. No input is required to be passed as the lambda functions.
Click on Next to review the configuration options, click Next again review all the inputs and create a schedule
email summary looks like the below
Please give your comments about this solution and what can be improved
Top comments (0)