Cleanup Unused AMI Images and Snapshots That Are Older Than 30 Days
The following script helps in cleaning up the Amazon Machine Images (AMIs) and their associated Snapshots, which have not been used for the last 30 days.
Code
Here is the JavaScript code that accomplishes this task.
const AWS = require("aws-sdk"); AWS.config.update({region: 'us-west-1'}); const ec2 = new AWS.EC2(); async function fetchImages () { const reqParams = { Filters: [ { Name: "is-public", Values: ["false"] } ] }; const data = await ec2.describeImages(reqParams).promise(); const oldImages = data.Images.filter( image => new Date(image.CreationDate).getTime() < (Date.now() - 30*24*60*60*1000) ) return oldImages; } async function deleteImages(images) { const unpromisedDeletes = images.map(async (image) => { const reqParam= { ImageId : image.ImageId }; await ec2.deregisterImage(reqParam).promise(); const snapshotReqParams = { SnapshotId: image.BlockDeviceMappings[0].Ebs.SnapshotId }; return await ec2.deleteSnapshot(snapshotReqParams).promise(); }) const results = await Promise.all(unpromisedDeletes); return results; } fetchImages().then(images => deleteImages(images)) .then(res => console.log("Deleted ", res.length )) .catch(err => console.log(err.message));
Detailed Code Explanation
- We first initialize the SDK and EC2 client.
- The
fetchImagesfunction is to retrieve all private images, and then we filter through them to find the ‘old’ images. - We define old here as created more than 30 days ago.
- Next, in the
deleteImagesfunction, we iterate over these old images. - For each image, we deregister that AMI using the
deregisterImagemethod. - After deregistering the image, we delete its associated snapshot using the
deleteSnapshotmethod. - This process is repeated for all the images we have gathered and deleted.
- Lastly, it logs the number of deleted images.
Expected Output
The expected output of the code block would be a simple statement logging the number of images deleted.
Here is an example of the output:
"Deleted ", 3
Considerations & Caveats
- This script will deregister AMIs and delete associated snapshots non-discriminately if they are older than 30 days.
- Make sure any images or snapshots you wish to keep are manually backed up or excluded from the search parameters.
- Working with AMIs whose snapshots are from encrypted volumes may require additional IAM permissions or throw errors.
- Ensure the code is run in the correct region to access the appropriate resources.
Required IAM permissions and example policy
This script requires the following IAM permissions:
- ec2:DescribeImages
- ec2:DeregisterImage
- ec2:DeleteSnapshot
Here is an example of an IAM policy granting these permissions:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "ec2:DescribeImages", "ec2:DeregisterImage", "ec2:DeleteSnapshot" ], "Resource": "*" } ] }
FAQ
-
What does filtering by 'is-public' do?
- The filter for 'is-public' set to 'false' limits the images returned to only those owned by the account running the script.
-
Is it possible to change the duration determining 'old images'?
- Yes, by changing the value multiplying
24*60*60*1000in thefetchImagesfunction, you can set the duration based on your needs.
- Yes, by changing the value multiplying
-
What will happen if an old AMI is in use when the script runs?
- AMIs currently in use or attached to a running instance won't be affected when deregistered. A deregistered AMI remains available for use until its associated instances are terminated.
-
Can I run this script in any AWS region?
- Yes, but you must make sure to set the 'region' in the AWS Config object to the correct region where your resources exist.