How I Automated My AWS Cleanup to Avoid Surprise Bills đŸ§č

Hemanth GangulaHemanth Gangula
6 min read

Are you a student or beginner working on AWS, or maybe someone who wants to avoid surprise bills from AWS when you're not even using it? Well, let me tell you a little story. A few weeks ago, I found myself in a small panic: I hadn’t logged into AWS for a week, and when I checked my bill, I saw a $5 charge. 💀 Sure, $5 isn’t a huge amount, but why was I being charged for stuff I wasn’t even using?

Turns out, I’d left a bunch of services running in the background - some old EC2 instances, S3 buckets, Lambda functions from previous projects it. It’s easy to forget to turn off or clean up services, especially when you're juggling multiple projects. AWS doesn't care if you're not using those services; if they're running, you're being charged.

I decided that enough was enough. This is my personal AWS account used for practice, and I didn’t want to waste money just because I forgot to clean up. So, I wrote a Python script that automatically cleans up all AWS resources in my account. With this script, I can start fresh after every project, run only the services I need, and sleep easy knowing I won’t get any surprise bills. 🙌

What Does the Script Do?

In a nutshell, this script removes everything from your AWS account. Once you run it, the script will:

  • 🚀 Terminate EC2 instances EBS Volumes, Security Groups

  • đŸȘŁ Delete S3 buckets (and their contents)

  • đŸ’» Remove Lambda functions

  • đŸ› ïž Clean up IAM users, roles, and policies

  • đŸ’Ÿ Wipe out RDS instances, DynamoDB tables, and CloudFormation stacks

It’s designed for personal accounts where you’re learning, experimenting, and testing different AWS services. It’s not meant for production use. This script is my little way of keeping my AWS account clean and my billing low.

Note: Don’t run this script at your internship or job unless you want to be the one who accidentally wipes out the entire company’s cloud infrastructure. 😅 You’ve been warned!

Step-by-Step Guide to Running the Cleanup Script

Now, let’s get down to how you can run this script and keep your AWS account fresh as new. If you’ve ever created an IAM user or configured credentials before, this will be a breeze. Even if not, don’t worry I’ve broken it down for you.

1. Create an IAM User with Programmatic Access

You’ll need an IAM user with the right permissions to delete resources across your AWS account. Here's how to set it up:

  • Log in to your AWS Console and go to IAM.

  • Click on Add User and give it a name (something like aws-cleaner works).

  • Select Programmatic access to generate an Access Key ID and Secret Access Key, which you'll use to run the script. and we can add it in the credentials as environment variables keep in a side

This user will act as the executioner for your AWS resources. đŸ”„

2. Add the Inline Policy

Once you’ve created the IAM user, it won’t have permissions by default. You need to add an inline policy that grants it the ability to delete stuff. Here's how to do it:

  • Go to IAM, select your new user, and navigate to the Permissions tab.

  • Click Add inline policy.

  • Paste the JSON policy available in the GitHub repo into the JSON editor.

  • Save the policy.

This policy tells AWS, "Hey, let this user delete everything, from EC2 instances to RDS databases."

3. Install Python and Boto3

You’ll need Python and Boto3 (AWS SDK for Python) installed locally to run the script. Here's how to set them up:

  • First, make sure you have Python 3 installed. If not, you can download it from here.

  • Once Python is installed, open a terminal and install Boto3 by running:

      pip install boto3

4. Configure Your AWS Credentials

Before you can run the script, you’ll need to configure your AWS credentials. This is where you provide the script access to your AWS account.

  • Open your terminal and run the following command to edit your credentials file:

      nano ~/.aws/credentials

  • Add your access key and secret access key (generated when you created your IAM user) in the following format or replace the default keys and you access key and secret access key:

      [default]
  aws_access_key_id = YOUR_ACCESS_KEY
  aws_secret_access_key = YOUR_SECRET_KEY

This gives the script permission to access and modify resources in your AWS account.

5. Run the Cleanup Script đŸ§č

You’re now ready to run the script. Here’s what you need to do:

  1. Clone the repository from GitHub to your local machine:

     git clone https://github.com/HemanthGangula/aws-account-cleanup.git
 cd aws-account-cleanup

  2. Run the Python script by specifying your region and username:

     python3 aws_cleanup_script.py <region_name> <username>

For example:

python3 aws_account_cleaner.py us-east-1 aws-cleaner

The script will go through and terminate/delete any active or stopped services in your AWS account. It’s that simple!

Important Reminders (And a Few Fun Warnings) 😅

  1. Do Not Use in Production: Seriously, this script is designed for personal accounts, where you're free to experiment. Don’t even think about using this in production without testing thoroughly. You’ll wipe out everything, and there’s no “undo” button!

  2. Not For Your Internship or Job: If you're an intern or junior developer at a company, do not try this script on their AWS account. Unless you want to be the next legend for wiping out the entire infrastructure on your first day! 😂

  3. Backup Important Data: Once resources are deleted, they're gone forever. Make sure you’ve backed up anything you want to keep. I’ve had friends who’ve accidentally wiped out databases and cried over it. Don’t be that friend.

Customize the Script to Your Needs

Currently, the script cleans up the following AWS services: EC2, S3, Lambda, IAM, RDS, DynamoDB, CloudFormation, SNS, Cloud9, and CloudWatch. If I need to expand this in the future, I’ll add more services. If you want to include other services, feel free to modify the script and update the inline policy accordingly. And hey, if you're feeling generous, don’t forget to raise a PR! 😄

You can modify it to add additional services or exclude specific ones. It’s all in Python, so if you know what you’re doing, go wild.

The inline policy can also be customised if you need different permissions or want to run things more safely.

Conclusion

AWS billing can be unpredictable if you’re not actively managing your resources, especially for beginners who might forget to turn things off. This script is your go-to solution for automating the cleanup process, ensuring that nothing is left behind to surprise you on your next bill.

So, if you’re a student, a beginner, or just someone who loves experimenting with AWS, give this script a shot. But remember: use it responsibly, and don’t try this in any production or work environments unless you're ready for the consequences!

Happy cleaning! đŸ§Œ

0
Subscribe to my newsletter

Read articles from Hemanth Gangula directly inside your inbox. Subscribe to the newsletter, and don't miss out.

aws account cleanAWS#AWSPricing #CloudCosts #AWSBudgeting #CostOptimization #PricingOptions #AWSBilling #SavingsPlans #ReservedInstances #SpotInstances #CloudFinance Devops

Written by

Hemanth Gangula
Hemanth Gangula

🚀 Passionate about cloud and DevOps, I'm a technical writer at Hasnode, dedicated to crafting insightful blogs on cutting-edge topics in cloud computing and DevOps methodologies. Actively seeking opportunities in the DevOps domain, I bring a blend of expertise in AWS, Docker, CI/CD pipelines, and Kubernetes, coupled with a knack for automation and innovation. With a strong foundation in shell scripting and GitHub collaboration, I aspire to contribute effectively to forward-thinking teams, revolutionizing development pipelines with my skills and drive for excellence. #DevOps #AWS #Docker #CI/CD #Kubernetes #CloudComputing #TechnicalWriter