AWS Made Easy

How to safely delete orphaned AWS EBS snapshots to reduce cloud costs

Delete orphaned and unused snapshots to save on your AWS EBS costs

EBS volumes remain the preferred way to store high-availability data in your AWS environment. EBS snapshots provide backup, and, along with AMI images to create new volumes, give your data the means to scale exponentially – but so can your costs.

In this post, we’re going to look at EBS snapshots in particular and how we can delete orphaned snapshots to clean and optimize your EBS volumes. With this “cloud hygiene” in place, you can be sure that forgotten EBS snapshots aren’t slowly draining your cloud budget.

EBS snapshots and lifecycle management

In general, you want to create snapshots that are critical to your backup and with a reasonable policy to delete (or archive) older snapshots that are not needed anymore. AWS uses the term “incremental” to describe the creation of newer snapshots based off of the same volume.

There are some important items to keep in mind when creating a policy for your EBS snapshots:

  • There are two ways to manage your snapshots: manually or via Amazon Data Lifecycle Manager which is AWS’s way to automate EBS snapshot lifecycles.
  • Deleting a snapshot has no effect on the volume. Deleting a volume has no effect on the snapshots made from it.

A well-maintained EBS volume should have:

  1. Snapshots that are created automatically on a regular cadence
  2. Some of kind of lifecycle policy to delete older snapshots
  3. A process for finding and removing orphaned snapshots

While most application teams have the first two items when managing EBS volumes, very few have a process in place to remove orphaned snapshots that may slip through the cracks of the team’s lifecycle policies.

Opportunity

When you delete an EBS volume, any existing snapshots of the volume remain. These are called “orphaned” snapshots. As long as these orphaned snapshots are not used for other purposes, they can safely be deleted to cut costs.

When deleting EC2 instances or EBS volumes, it is easy to forget about their backups. EBS snapshots cost $0.05/GB per month, so maintaining orphaned snapshots can accrue unnecessary costs.

Orphaned snapshots can be removed if you use EC2 Data Lifecycle Manager (DLM) to create backups of your EC2 instances. DLM will not automatically delete orphaned snapshots for you.

How to fix it: DIY instructions

The process to remove orphaned snapshots comprises the following steps:

  1. ID orphaned snapshots
  2. Once identified, delete orphaned snapshots
  3. Confirm successful deletion and delete reference files

If you haven’t set up AWS CLI already, install and configure AWS CLI first.

How to remove orphaned snapshots:

  1. Identify orphaned snapshots by cross-checking snapshots and volumes, using the following checklist:
    • Check if the referenced volume has been deleted.
      • Note: Snapshots copied across regions have the volume ID set to vol-ffffffff, losing the link to the source volume. If this is the case, check if there are tags referring to the source volume.
    • Check the description and make sure it doesn’t belong to an AMI (Amazon Machine Image). For AMI snapshots, the description looks like this: Created by CreateImage(i-004a9e4a62ea16553) for ami-0613b7b4e438ebdf0
    • Check for application-specific tags. If your company uses application-specific processes involving snapshots, check for appropriate tags and naming conventions to identify their purpose.
    • Check that the snapshot is older than three months. You can adjust the timespan to your needs.
    • Check that the snapshot hasn’t been used in the last three months to restore a volume.
  1. Once identified, delete unused, orphaned snapshots.

    Deleting orphaned snapshots via the console involves cross-checking resources with matching identifiers and is prone to user error. We recommended deleting orphaned snapshots using the AWS CLI and the following Linux console commands:

    comm -23 <(aws ec2 describe-snapshots --owner-ids self --query 'Snapshots[?StartTime<=`REFERENCE_DATE` && !starts_with(Description, `Created by CreateImage`) && !starts_with(Description, `This snapshot is created by the AWS Backup service`)].VolumeId' --output text | tr '\t' '\n' | sort | uniq) <(aws ec2 describe-volumes --query 'Volumes[*].VolumeId' --output text | tr '\t' '\n' | sort | uniq) > volumes.txt

    This command will create a file called volumes.txt. This file will:

    • Include all of the volume IDs from snapshots created before the reference date (where the volume no longer exists) and will filter out snapshots created for AMIs or by AWS Backup.
    aws ec2 describe-snapshots --query "Snapshots[*].SnapshotId" --filters Name=volume-id,Values="$(awk '{print $1}' volumes.txt | paste -s -d, -)" --output text | tr '\t' '\n' | sort | uniq > snapshots_candidates.txt

    Expected Output: This command will save all the snapshot IDs with the volume IDs found in volumes.txt into the file snapshots_candidates.txt.

    comm -12 snapshots_candidates.txt snapshots_used.txt > snapshots_to_delete.txt

    Expected Output: This command will create the intersection of the two lists, i.e. all the snapshots older than the reference date, where the volume has been deleted, and which haven’t been used to restore volumes since the reference date.

    Because the AWS CLI does not provide a command to bulk-delete orphaned snapshots. You can create a bash script to call the API for each snapshot ID, as follows:

    • Create a file called delete_snapshots.sh and copy the following commands:
    file="snapshots_to_delete.txt"
    cat $file | tr -d '\r' | while read -r line;
    do
    aws ec2 delete-snapshot --dry-run --snapshot-id $line
    echo "Snapshot $line deleted"
    done
    • Execute the command:
    sh delete_snapshots.sh
  2. Confirm successful deletion and delete reference files
  3. The dry-run parameter in delete_snapshots.sh will check if the delete commands have succeeded. If there are no errors in the console output, remove the --dry-run parameter and re-run the command.

    rm snapshots_used.txt snapshots_candidates.txt volumes.txt

    This will delete the reference files created above.

Results

With our guide above, your team can create a script to delete orphaned EBS snapshots in an account. After running the script, you can be sure that you are not paying for orphaned EBS snapshots that do not serve any development or archival purposes. 

We highly recommend your team implements this orphaned snapshot policy in all AWS accounts where your company is running EBS storage volumes. 

Sounds like a daunting task? That’s where our tool, CloudFix can help. After connecting your AWS account, CloudFix continuously:

  1. Monitors and reviews advisories with AWS
  2. Scans your AWS accounts using our full library of optimizations
  3. Fixes problems simply & safely 

Learn more about how CloudFix automates this and other AWS advisories.

Email
Twitter
Facebook
LinkedIn

Leave a Reply

Your email address will not be published.