DEV Community

Eliminate unused (available) EBS using AWS Lambda and CloudWatch Events

In this occasion we share an AWS Lambda that checks if the EBS are available in an AWS region and with CloudWatch events we call upon to eliminate EBS volume. However, it is also possible to add a tag for EBS volume that is available, and it does not require to be deleted.

Definitions

AWS Lambda “Lambda is a compute service that lets you run code without provisioning or managing servers. Lambda runs your code on a high-availability compute infrastructure and performs all of the administration of the compute resources, including server and operating system maintenance, capacity provisioning and automatic scaling, code monitoring and logging. With Lambda, you can run code for virtually any type of application or backend service.” 1

AWS Elastic Block Store (EBS) “provides block level storage volumes for use with EC2 instances. EBS volumes behave like raw, unformatted block devices.” 2

CloudWatch Events “delivers a near real-time stream of system events that describe changes in Amazon Web Services (AWS) resources. Using simple rules that you can quickly set up, you can match events and route them to one or more target functions or streams.” 3

Warning

We recommend that you execute this configuration first in a controlled environment for tests or sandbox.

Using the next repository
https://github.com/vperezpereira/ebs-delete

  1. In an AWS account using CloudShell download the git repository and execute the following commands. git clone https://github.com/vperezpereira/ebs-delete.git

Image description

sam build
Image description
Image description

sam deploy --guided
Image description

If an error like this occurs using the last command:

“Error: Failed to create changeset for the stack: ebs-ireland, ex: Waiter ChangeSetCreateComplete failed: Waiter encountered a terminal failure state: For expression "Status" we matched expected path: "FAILED" Status: FAILED. Reason: Requires capabilities : [CAPABILITY_NAMED_IAM]”

Execute the following command:
sam deploy --capabilities CAPABILITY_NAMED_IAM
Image description

In this point, SAM will require confirmation for deployment

  1. An AWS Lambda with the code that executes revision and deletes EBS volume.
  2. A S3 Bucket where the deleted EBS volume is stored.
  3. Finally, the permissions necessary for deployment.

Image description

Result of deploy
Image description

The configuration of creating the CloudWatch events rule is not added to the template because we think that it will depend on the requirements of each individual.

  1. Creating CloudWatch events Rule. For this demo, we add a Rule each 5 minutes that calls upon that AWS Lambda: ebs-ireland-EBSDelete Image description

We activate and finish the rule creation.
Image description

We validate that AWS Lambda has the correct environments, you can also modify them, or add a tag on EBS volume that you wish to protect from elimination.

Image description

For a demo, we created two EBS volumes available.
Image description

Then the result is that the eliminated EBS volume goes to the S3 Bucket and then we review the file log.
Image description

The file indicates that EBS volumes ID were eliminated.
Image description

Discussion (0)