Identifying Stale EBS Snapshots
In this example, we'll create a Lambda function that identifies EBS snapshots that are no longer associated with any active EC2 instance and deletes them to save on storage costs.
Description:
The Lambda function fetches all EBS snapshots owned by the same account ('self') and also retrieves a list of active EC2 instances (running and stopped). For each snapshot, it checks if the associated volume (if exists) is not associated with any active instance. If it finds a stale snapshot, it deletes it, effectively optimizing storage costs.
Demo:
Step 1: Launch an EC2 instance and with it comes an EBS volume attached by default.
All the data collected from the instance is stored in the volume.
Step 2: Create a snapshot out of the volume. (a "snapshot" is like taking a picture of your data at a specific point in time. It's a copy of your data stored in a way that you can go back to it later if needed.)
Step 3: Create a function in the Lambda service.
Step 4: Paste the code (python) in the code section. This code is available in the GitHub account of Abhishek Veeramalla (aws-devops-zero-to-hero/day-18/ebs_stale_snapshosts.py at main 路 iam-veeramalla/aws-devops-zero-to-hero 路 GitHub)
Step 5: Go to the configure section and attach appropriate IAM policies to the role. Create a new policy. The policy permissions will include:
1) Describe snapshot 2) Delete snapshot 3) Describe instance 4) Describe volumes
(Following the principle of least privilege!)
Step 6: Test the code and check if the snapshot got deleted or not. (It won't if you didn't terminate the instance first!!!)
By running the program, we could delete unnecessary snapshots, optimizing storage costs by keeping only the essential ones. It's like cleaning up old photos to save space in the cloud 馃槑馃