Notify and remove unused aws ebs volumes using lambda functions

harish aravindanharish aravindan
2 min read

what is it about

Recently came across unused ebs which was increasing the AWS bills. They were redundant from testing and development. To automate the removal process wrote the below lambda function that will scan for unattached volumes, tag for deletion and send an email notification. Then removed after a day.

solution overview

  • scan for unused ebs volume with status if available

    Tag those for deletion
    Add that list to Dynamodb, so we can check back the next day

    Send email notifications on the volumes

    The user will remove the deletion tag if the volume is required
    if the delete tag is available the next day, the volume is deleted
    email summary

deploying the solution

clone the repository https://github.com/uptownaravi/aws-ebs-cleanup.git

We need a lambda function, dymanodb table, sns topic (with email subscription) and IAM roles setup to run this.

First let's create the IAM role using the file iam.json. Edit the account numbers and resource names as required. The file has 3 different inline policies which enable the lamdba function to access ebs, dynamodb and sns

Create the Dynamodb table and SNS topic ( also an email subscribed to that topic to get the summary of the cleanup )

Then create the lambda function using the file cleanupebs.py. Use the execution role as the one created in the first step.

Change the table names and SNS topic arn
https://github.com/uptownaravi/aws-ebs-cleanup/blob/main/cleanupebs.py#L9-L10
with the ones created in the second step

That's it, try a test run to check if the ebs volumes with available status are tagged also check email for the summary.

Add a cron job using EventBridge Scheduler so that the function can be run every day at a specific time.

click on create schedule, give a name and for the schedule pattern

have added here cron (0 10 ? * MON-FRI *) which is 10 AM on from Mon to Friday

add the cron as required ( Flexible time window have selected off ) and click on next

In Target details elect AWS Lambda Invoke and select the function which we created earlier in the Invoke section. No input is required to be passed as the lambda functions.

Click on Next to review the configuration options, click Next again review all the inputs and create a schedule

email summary looks like the below

Please give your comments on how is this solution and what can be improved

0
Subscribe to my newsletter

Read articles from harish aravindan directly inside your inbox. Subscribe to the newsletter, and don't miss out.

AWSAWS ebscleanup

Written by

harish aravindan
harish aravindan

Cloud Engineer providing DevOps solutions on AWS and Kubernetes. Creating and operating Infrastructure and CICD for applications. Serverless Enthusiast | Learning the New