In the fast-paced world of cloud infrastructure, managing costs effectively is crucial. One common problem many organizations face is lingering costs from forgotten or unused resources. This often happens when EC2 instances, EBS volumes, and snapshots are left running or stored without termination, resulting in unnecessary charges. To combat this, automating stale resource deletion can lead to significant cost savings. In this post, we’ll create an automated Lambda function to delete unused snapshots and manage forgotten resources effectively.

The Problem: Lingering Costs from Forgotten Resources

AWS provides flexibility and scalability, which can lead to inefficiencies if not carefully monitored. When forgotten, resources such as snapshots, EBS volumes, and EC2 instances can accumulate costs over time. Manually identifying and deleting these resources is tedious and prone to errors. Thus, the need for automation arises.

The Solution: Automated Snapshot Cleanup with Lambda

AWS Lambda offers a serverless solution to automate snapshot cleanup. By using a Lambda function, you can periodically scan for unused snapshots and delete them. This automation saves time and money, reducing the risk of accumulating costs from idle resources.

Step-by-Step Guide: Creating and Deploying the Lambda Function

Creating the Initial Snapshot

Before diving into automation, ensure your EC2 instances and EBS volumes are properly snapshotted. This allows recovery in case the deletion affects critical data.

  1. Log in to AWS Management Console.
  2. Navigate to EC2 > Snapshots and create a snapshot of the target EBS volume.
  3. Your Lambda function will manage this snapshot, removing old or unused snapshots.

Developing the Lambda Function Code

Here’s an essential Lambda function written in Python to automate the deletion of stale snapshots:

import boto3

from datetime import datetime, timezone

def lambda_handler(event, context):

    ec2 = boto3.client(‘ec2’)

    snapshots = ec2.describe_snapshots(OwnerIds=[‘self’])[‘Snapshots’]

    

    for snapshot in snapshots:

        # Get snapshot creation date

        create_time = snapshot[‘StartTime’]

        # Calculate age of the snapshot

        age = (datetime.now(timezone.utc) – create_time).days

        

        # Set condition to delete snapshots older than 30 days

        if age > 30:

            print(f”Deleting snapshot: {snapshot[‘SnapshotId’]} (age: {age} days)”)

            ec2.delete_snapshot(SnapshotId=snapshot[‘SnapshotId’])

    return “Snapshot cleanup completed.”

This function checks all snapshots owned by your account, calculates their age, and deletes any snapshot older than 30 days.

Configuring IAM Permissions

The Lambda function needs appropriate permissions to interact with EC2 snapshots. Here’s how to configure the IAM role:

  1. Go to IAM in AWS Console and create a new role.
  2. Assign the AWSLambdaBasicExecutionRole policy to allow Lambda to write logs.
  3. Attach the AmazonEC2FullAccess policy to give the Lambda function access to EC2 resources.

Ensure that this role is attached to your Lambda function during its creation.

Testing the Lambda Function

Once your Lambda function is deployed, test it to ensure it works as expected:

  1. Navigate to the Lambda function in the AWS Console.
  2. Create a test event and execute the function.
  3. Check the logs in CloudWatch to verify if the function identified and deleted the correct snapshots.

Verifying the Solution: Terminating the EC2 Instance

Once you confirm that your snapshots are automatically being cleaned up, review and terminate any unnecessary EC2 instances and associated EBS volumes to further reduce costs. This ensures that you are not paying for idle resources.

Additional Considerations: Automation with CloudWatch or EventBridge

To make the solution even more cost-efficient, you can automate the execution of this Lambda function using Amazon CloudWatch or AWS EventBridge.

  • CloudWatch: Set up a CloudWatch rule to trigger the Lambda function periodically, such as daily or weekly, depending on how often your environment changes.
  • EventBridge: For more advanced automation, use EventBridge to trigger the function based on specific resource events, such as snapshot creation or EC2 termination.

Cost-Conscious Automation: CloudWatch Implementation

  1. Open CloudWatch in the AWS Management Console.
  2. Navigate to Rules and create a new rule.
  3. Under Event Source, choose Schedule and define the frequency for Lambda execution.
  4. Under Targets, select your Lambda function.

This setup ensures that the Lambda function runs periodically without manual intervention, reducing your AWS costs by preventing resource sprawl.

Conclusion: Proactive Cost Management in AWS

Automating stale resource deletion using AWS Lambda is a powerful way to maintain cost efficiency in your cloud environment. By implementing snapshot cleanup and scheduling it with CloudWatch or EventBridge, you reduce operational overhead and prevent unnecessary charges from forgotten resources. Regularly reviewing your infrastructure and automating critical tasks ensures that your AWS environment remains cost-efficient and well-maintained.

References

Using the AWS Parameter and Secrets Lambda extension to cache parameters and secrets

Optimize Cost by Automating the Start/Stop of Resources in Non-Production Environments