{"id":22477194,"url":"https://github.com/base2services/lambda-cleanup-ebs-ami","last_synced_at":"2026-04-10T15:51:25.436Z","repository":{"id":145345293,"uuid":"94510453","full_name":"base2Services/lambda-cleanup-ebs-ami","owner":"base2Services","description":"Lambda functions to cleanup EBS snapshots and AMIs","archived":false,"fork":false,"pushed_at":"2024-02-21T04:10:33.000Z","size":18,"stargazers_count":0,"open_issues_count":1,"forks_count":2,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-02-01T20:46:17.926Z","etag":null,"topics":["aws","aws-lambda","cleanup","dotnetcore","ebs-snapshots","lambda-functions","orphans","serverless","serverless-framework","snapshot-ebs-volumes"],"latest_commit_sha":null,"homepage":null,"language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/base2Services.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-06-16T06:00:17.000Z","updated_at":"2020-09-04T02:17:11.000Z","dependencies_parsed_at":null,"dependency_job_id":"9f27a480-e714-4adc-8c61-10ce3a31293e","html_url":"https://github.com/base2Services/lambda-cleanup-ebs-ami","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/base2Services%2Flambda-cleanup-ebs-ami","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/base2Services%2Flambda-cleanup-ebs-ami/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/base2Services%2Flambda-cleanup-ebs-ami/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/base2Services%2Flambda-cleanup-ebs-ami/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/base2Services","download_url":"https://codeload.github.com/base2Services/lambda-cleanup-ebs-ami/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245897318,"owners_count":20690455,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-lambda","cleanup","dotnetcore","ebs-snapshots","lambda-functions","orphans","serverless","serverless-framework","snapshot-ebs-volumes"],"created_at":"2024-12-06T14:09:48.836Z","updated_at":"2025-12-30T23:21:44.051Z","avatar_url":"https://github.com/base2Services.png","language":"C#","readme":"## Lambda functions to report and cleanup EBS snapshots and AMIs\n\n1 - build lambda locally\n2 - deploy using built 'Base2.Lambdas.zip' package (manaully for now)\n3 - run the function to generate report. use payload from test/run\nsection of this README to see parameters\n4 - run the function to cleanup orphaned AMI EBS snapshosts \n\n# Requirements\n\n## Build\n\nYou will need docker engine and `zip` utility to build project. Also, build script uses `bash` shell\nIf you have `dotnet` cli locally installed you may use `scripts/build_native.sh`, but docker build is \nrecommended way for automating builds. \n\n```\n$ scripts/build_docker.sh\n  Restoring packages for /project/Base2.Lambdas.csproj...\n  Lock file has not changed. Skipping lock file write. Path: /project/obj/project.assets.json\n  Restore completed in 2.06 sec for /project/Base2.Lambdas.csproj.\n\n  NuGet Config files used:\n      /root/.nuget/NuGet/NuGet.Config\n\n  Feeds used:\n      https://api.nuget.org/v3/index.json\nMicrosoft (R) Build Engine version 15.1.1012.6693\nCopyright (C) Microsoft Corporation. All rights reserved.\n\n  Base2.Lambdas -\u003e /project/bin/Debug/netcoreapp2.1/Base2.Lambdas.dll\n  adding: AWSSDK.AutoScaling.dll (deflated 70%)\n  adding: AWSSDK.Core.dll (deflated 66%)\n  adding: AWSSDK.EC2.dll (deflated 70%)\n  adding: AWSSDK.S3.dll (deflated 63%)\n  adding: Amazon.Lambda.Core.dll (deflated 57%)\n  adding: Amazon.Lambda.Serialization.Json.dll (deflated 56%)\n  adding: Base2.Lambdas.deps.json (deflated 74%)\n  adding: Base2.Lambdas.dll (deflated 55%)\n  adding: Base2.Lambdas.pdb (deflated 40%)\n  adding: Newtonsoft.Json.dll (deflated 60%)\n  adding: System.Collections.NonGeneric.dll (deflated 60%)\n  adding: System.Runtime.Serialization.Primitives.dll (deflated 48%)\n\n```\n\n## Automated deployment\n\nYou will need serverless framework, version `\u003e 1.15` to deploy lambda functions automatically. Use `sls deploy`, \nin comnbination with properly set environment variables:\n\n```\n$ export REGION=ap-southeast-2\n$ export SOURCE_BUCKET=automation.cleanup.base2.services\n$ sls deploy\nServerless: Packaging service...\nServerless: Uploading CloudFormation file to S3...\nServerless: Uploading artifacts...\nServerless: Validating template...\nServerless: Creating Stack...\nServerless: Checking Stack create progress...\n.........................................\nServerless: Stack create finished...\nService Information\nservice: manualawscleanup\nstage: dev\nregion: ap-southeast-2\napi keys:\n  None\nendpoints:\n  None\nfunctions:\n  AMIReport: manualawscleanup-dev-AMIReport\n  AMICleanup: manualawscleanup-dev-AMICleanup\n  EBSReport: manualawscleanup-dev-EBSReport\n  EBSCleanup: manualawscleanup-dev-EBSCleanup\n```\n\n## Lambda configuration\n\nNote that all of configurtion below is now implemented through serverless framework, and thus \n\n### Code Package\n\n`scripts/build_docker.sh` script will create lambda package in root directory called `Base2.Lambdas.zip`.\nThis package is referenced in serverless project as code package.\n\n### Handler\n\nUse following entry points (Lambda function handlers)\n\n- Report generation for EBS - `Base2.Lambdas::Base2.Lambdas.Handlers.EBSReportAndCleanup::UploadEBSReport`\n- Report generation for AMI - `Base2.Lambdas::Base2.Lambdas.Handlers.AMIReportAndCleanup::UploadAMIReport`\n- Cleanup from CSV info for EBS - `Base2.Lambdas::Base2.Lambdas.Handlers.EBSReportAndCleanup::CleanupFromReport`\n- Celanup from CSV info for AMIs - `Base2.Lambdas::Base2.Lambdas.Handlers.AMIReportAndCleanup::DeregisterReportedAMIs`\n\n### IAM Role\n\nIam role configured for lambda should have following policies\n\n- read only access to EC2 service\n- write acces to S3 bucket passed in as argument\n```\n{\n    \"Version\": \"2012-10-17\",\n    \"Statement\": [\n        {\n            \"Sid\": \"Stmt1497509441000\",\n            \"Effect\": \"Allow\",\n            \"Action\": [\n                \"s3:*\"\n            ],\n            \"Resource\": [\n                \"arn:aws:s3:::aws.amis-cleanup.reports.example.com/*\"\n            ]\n        }\n    ]\n}\n```\n- DeleteSnapshot permissions\n\n```\n{\n    \"Version\": \"2012-10-17\",\n    \"Statement\": [\n        {\n            \"Sid\": \"Stmt1497854974000\",\n            \"Effect\": \"Allow\",\n            \"Action\": [\n                \"ec2:DeleteSnapshot\"\n            ],\n            \"Resource\": [\n                \"*\"\n            ]\n        }\n    ]\n}\n```\n- Invoke lambda permission, to invoke itself recursively for long running\ndeletions\n```\n{\n    \"Version\": \"2012-10-17\",\n    \"Statement\": [\n        {\n            \"Sid\": \"Stmt1497921290000\",\n            \"Effect\": \"Allow\",\n            \"Action\": [\n                \"lambda:InvokeAsync\",\n                \"lambda:InvokeFunction\"\n            ],\n            \"Resource\": [\n                \"*\"\n            ]\n        }\n    ]\n}\n```\n\n\n### Timeout\n\nAll of operations can be time consuming, so it's recommended to set all runtimes to 5 minutes\n\n### Runtime\n\nUse C# as runtime\n\n### Memory\n\nThis functions do not require more than 128MB of memory, even when working with ~10k EBS snapshots (highest tested value)\n\n### Other\n\nThere is no VPC configuration required\n\n## Test / Run\n\nBoth report generation and cleanup tasks are accepting location of csv file to write/read\nin event parameters. For report generation there is optional parameter `OnlyAMIOrphans` which default to \n`true`. This parameter determines whether only AMI orphans get reported or ALL EBS snapshots\n(danger zone, as you don't want to delete all snapshots, but you may want to delete some that are not\norphans, thus need for this functionality)\n\ne.g.\n```\n{\n    \"BucketName\":\"aws.amis-cleanup.reports.base2.services\",\n    \"Key\":\"ebs_report_prod.csv\",\n    \"OnlyAMIOrphans\": true\n}\n```","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbase2services%2Flambda-cleanup-ebs-ami","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbase2services%2Flambda-cleanup-ebs-ami","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbase2services%2Flambda-cleanup-ebs-ami/lists"}