/aws-amicleaner

Cleanup your old unused ami and related snapshots

Primary LanguagePythonMIT LicenseMIT

aws-amicleaner

Cleanup your old unused ami and related snapshots

Travis CI codecov.io pypi

Description

This tool enables you to clean your custom Amazon Machine Images (AMI) and related EBS Snapshots.

You can either run in fetch and clean mode where the tool will retrieve all your private AMIs and EC2 instances, exclude AMIs being holded by your EC2 instances (it can be useful if you use autoscaling, and so on ...). It applies a filter based on their names or tags and a number of previous AMIs you want to keep. You can also check and delete EBS snapshots left orphaned by manual deletion of AMIs.

It can simply remove AMIs with a list of provided ids.

Prerequisites

This tool assumes your AWS credentials are in your environment, either with AWS credentials variables :

export AWS_DEFAULT_REGION='your region'
export AWS_ACCESS_KEY_ID='with token Access ID'
export AWS_SECRET_ACCESS_KEY='with token AWS Secret'

or with awscli :

export AWS_PROFILE=profile-name

Minimum AWS IAM permissions

To run the script properly, your aws user must have at least these permissions in iam:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1458638250000",
            "Effect": "Allow",
            "Action": [
                "ec2:DeleteSnapshot",
                "ec2:DeregisterImage",
                "ec2:DescribeImages",
                "ec2:DescribeInstances",
                "ec2:DescribeSnapshots",
                "autoscaling:DescribeAutoScalingGroups",
                "autoscaling:DescribeLaunchConfigurations"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

Installation

amicleaner is available on pypi and can be installed on your system with pip

From pypi

[sudo] pip install aws-amicleaner

From source

You can also clone or download from github the source and install with pip

cd aws-amicleaner/
pip install [--user] -e .

Usage

Getting help

amicleaner --help

Fetch and clean

Print report of groups and amis to be cleaned

amicleaner --full-report

Keep previous number of AMIs

amicleaner --full-report --keep-previous 10

Regroup by name or tags

amicleaner --mapping-key tags --mapping-values role env

Exclude amis based on tag values

amicleaner --mapping-key tags --mapping-values role env -excluded-mapping-values prod

Skip confirmation, can be useful for automation

amicleaner -f --keep-previous 2

Activate orphan snapshots checking

amicleaner --check-orphans

Delete a list of AMIs

amicleaner --from-ids ami-abcdef01 ami-abcdef02

See this blog article for more information.