Cleanup your old unused ami and related snapshots
This project is not under active maintenance but still active. Consider using the official AWS-supported Amazon Data Lifecycle Manager.
This tool enables you to clean your custom Amazon Machine Images (AMI) and related EBS Snapshots.
You can either run in fetch and clean
mode where the tool will
retrieve all your private AMIs and EC2 instances, exclude AMIs being
holded by your EC2 instances (it can be useful if you use autoscaling,
and so on ...). It applies a filter based on their names or tags
and a number of previous AMIs you want to keep. You can also check and
delete EBS snapshots left orphaned by manual deletion of AMIs.
It can simply remove AMIs with a list of provided ids.
- awscli
- python 2.7 or 3+
- python pip
This tool assumes your AWS credentials are in your environment, either with AWS credentials variables :
export AWS_DEFAULT_REGION='your region'
export AWS_ACCESS_KEY_ID='with token Access ID'
export AWS_SECRET_ACCESS_KEY='with token AWS Secret'
or with awscli
:
export AWS_PROFILE=profile-name
To run the script properly, your aws
user must have at least these
permissions in iam
:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1458638250000",
"Effect": "Allow",
"Action": [
"ec2:DeleteSnapshot",
"ec2:DeregisterImage",
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeSnapshots",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeLaunchConfigurations"
],
"Resource": [
"*"
]
}
]
}
amicleaner is available on pypi and can be installed on your system with pip
[sudo] pip install aws-amicleaner
You can also clone or download from github the source and install with pip
cd aws-amicleaner/
pip install [--user] -e .
amicleaner --help
Print report of groups and amis to be cleaned
amicleaner --full-report
Keep previous number of AMIs
amicleaner --full-report --keep-previous 10
Regroup by name or tags
amicleaner --mapping-key tags --mapping-values role env
Exclude amis based on tag values
amicleaner --mapping-key tags --mapping-values role env -excluded-mapping-values prod
Skip confirmation, can be useful for automation
amicleaner -f --keep-previous 2
amicleaner --check-orphans
amicleaner --from-ids ami-abcdef01 ami-abcdef02
See this blog article for more information.