EBS volumes remain the preferred way to store high-availability data in your AWS environment. EBS snapshots provide backup, and, along with AMI images to create new volumes, give your data the means to scale exponentially – but so can your costs.
In this post, we’re going to look at EBS snapshots in particular and how we can delete orphaned snapshots to clean and optimize your EBS volumes. With this “cloud hygiene” in place, you can be sure that forgotten EBS snapshots aren’t slowly draining your cloud budget.
EBS snapshots and lifecycle management
In general, you want to create snapshots that are critical to your backup and with a reasonable policy to delete (or archive) older snapshots that are not needed anymore. AWS uses the term “incremental” to describe the creation of newer snapshots based off of the same volume.
There are some important items to keep in mind when creating a policy for your EBS snapshots:
- There are two ways to manage your snapshots: manually or via Amazon Data Lifecycle Manager which is AWS’s way to automate EBS snapshot lifecycles.
- Deleting a snapshot has no effect on the volume. Deleting a volume has no effect on the snapshots made from it.
A well-maintained EBS volume should have:
- Snapshots that are created automatically on a regular cadence
- Some of kind of lifecycle policy to delete older snapshots
- A process for finding and removing orphaned snapshots
While most application teams have the first two items when managing EBS volumes, very few have a process in place to remove orphaned snapshots that may slip through the cracks of the team’s lifecycle policies.
Opportunity
When you delete an EBS volume, any existing snapshots of the volume remain. These are called “orphaned” snapshots. As long as these orphaned snapshots are not used for other purposes, they can safely be deleted to cut costs.
When deleting EC2 instances or EBS volumes, it is easy to forget about their backups. EBS snapshots cost $0.05/GB per month, so maintaining orphaned snapshots can accrue unnecessary costs.
Orphaned snapshots can be removed if you use EC2 Data Lifecycle Manager (DLM) to create backups of your EC2 instances. DLM will not automatically delete orphaned snapshots for you.
How to fix it: DIY instructions
The process to remove orphaned snapshots comprises the following steps:
- ID orphaned snapshots
- Once identified, delete orphaned snapshots
- Confirm successful deletion and delete reference files
If you haven’t set up AWS CLI already, install and configure AWS CLI first.
How to remove orphaned snapshots:
- Identify orphaned snapshots by cross-checking snapshots and volumes, using the following checklist:
- Check if the referenced volume has been deleted.
- Note: Snapshots copied across regions have the volume ID set to
vol-ffffffff
, losing the link to the source volume. If this is the case, check if there are tags referring to the source volume.
- Note: Snapshots copied across regions have the volume ID set to
- Check the description and make sure it doesn’t belong to an AMI (Amazon Machine Image). For AMI snapshots, the description looks like this:
Created by CreateImage(i-004a9e4a62ea16553) for ami-0613b7b4e438ebdf0
- Check for application-specific tags. If your company uses application-specific processes involving snapshots, check for appropriate tags and naming conventions to identify their purpose.
- Check that the snapshot is older than three months. You can adjust the timespan to your needs.
- Check that the snapshot hasn’t been used in the last three months to restore a volume.
- Check if the referenced volume has been deleted.
Once identified, delete unused, orphaned snapshots.
Deleting orphaned snapshots via the console involves cross-checking resources with matching identifiers and is prone to user error. We recommended deleting orphaned snapshots using the AWS CLI and the following Linux console commands:
comm -23 <(aws ec2 describe-snapshots --owner-ids self --query 'Snapshots[?StartTime<=`REFERENCE_DATE` && !starts_with(Description, `Created by CreateImage`) && !starts_with(Description, `This snapshot is created by the AWS Backup service`)].VolumeId' --output text | tr '\t' '\n' | sort | uniq) <(aws ec2 describe-volumes --query 'Volumes[*].VolumeId' --output text | tr '\t' '\n' | sort | uniq) > volumes.txt
This command will create a file called
volumes.txt
. This file will:- Include all of the volume IDs from snapshots created before the reference date (where the volume no longer exists) and will filter out snapshots created for AMIs or by AWS Backup.
aws ec2 describe-snapshots --query "Snapshots[*].SnapshotId" --filters Name=volume-id,Values="$(awk '{print $1}' volumes.txt | paste -s -d, -)" --output text | tr '\t' '\n' | sort | uniq > snapshots_candidates.txt
Expected Output: This command will save all the snapshot IDs with the volume IDs found in
volumes.txt
into the filesnapshots_candidates.txt
.comm -12 snapshots_candidates.txt snapshots_used.txt > snapshots_to_delete.txt
Expected Output: This command will create the intersection of the two lists, i.e. all the snapshots older than the reference date, where the volume has been deleted, and which haven’t been used to restore volumes since the reference date.
Because the AWS CLI does not provide a command to bulk-delete orphaned snapshots. You can create a bash script to call the API for each snapshot ID, as follows:
- Create a file called
delete_snapshots.sh
and copy the following commands:
file="snapshots_to_delete.txt" cat $file | tr -d '\r' | while read -r line; do aws ec2 delete-snapshot --dry-run --snapshot-id $line echo "Snapshot $line deleted" done
- Execute the command:
sh delete_snapshots.sh
- Confirm successful deletion and delete reference files
The dry-run parameter in delete_snapshots.sh
will check if the delete commands have succeeded. If there are no errors in the console output, remove the --dry-run
parameter and re-run the command.
rm snapshots_used.txt snapshots_candidates.txt volumes.txt
This will delete the reference files created above.
Results
With our guide above, your team can create a script to delete orphaned EBS snapshots in an account. After running the script, you can be sure that you are not paying for orphaned EBS snapshots that do not serve any development or archival purposes.
We highly recommend your team implements this orphaned snapshot policy in all AWS accounts where your company is running EBS storage volumes.
Sounds like a daunting task? That’s where our tool, CloudFix can help. After connecting your AWS account, CloudFix continuously:
- Monitors and reviews advisories with AWS
- Scans your AWS accounts using our full library of optimizations
- Fixes problems simply & safely
Learn more about how CloudFix automates this and other AWS advisories.