Delete old snapshots on AWS

2
votes

I created an AWS cloudwatch that will create automatic EBS snapshot everyday. So every day cloudwatch creates a snapshot of yesterday.

Now I want to create something that will delete old snapshots.
I didn't find anything related to it and also AWS support didn't help me with this situation.

Can anyone please help me with the instruction of how to automatically delete aws ec2 EBS Snapshot?

Fo instance, say I want to keep only the last 7 days' backup snapshots, and delete all the rest automatically.

How can I achieve it via aws Lambda or cloudwatch?

Thank!

2
linuxamazon-web-servicesamazon-ec2
Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See What topics can I ask about here in the Help Center. Perhaps Super User or Unix & Linux Stack Exchange would be a better place to ask.jww
Well . part of the su;oton is to right a script. So still it's doesn't count?Dani Banai

2 Answers

0
votes

If you want to continue with the same tools you are currently using, i.e. CloudWatch for running scheduled events, you can also create a CloudWatch event that will trigger a lambda function (or a set of). Using lambda you can write code that will implement what ever logic you choose, for example: Using an AWS SDK, List all snapshots which are +7 days, and delete them.

Useful Links:

Schedule AWS Lambda Functions Using CloudWatch Events

AWS SDK for JS

AWS SDK for Python

Here is a very nice blog post about accomplishing exactly this - Automating Amazon EBS Snapshot Management with AWS Step Functions and Amazon CloudWatch Events

0
votes

The answer about setting up the EBS Snapshot management is great, but if you have a one-time need to get rid of a bunch of old snapshots with little effort, you can use an AWS CLI command.

I had a big AWS EC2 Snapshot cleanup job to do, with tens of thousands of old snapshots to delete. Here is a script I used on a linux vbox. The values you may want to change are called out in "TODO".


    # AWS Snapshot cleanup
    # Delete all snapshots before 2021 that include "SNAPSHOT OF my-env" in the beginning of the description
    # Fortified with aws profile, region, and output parameters for scripts that run more than 12 hours so it can be run again even if the cached credentials are stale.
    # This fixes the error "an error occurred (requestexpired) when calling the describesnapshots operation: request has expired."
    # If your organization uses multi-factor authentication (MFA) be sure you have an active authenticated session when running this script.
    #
    # TODO: replace the description, StartTime, profile, and region with values appropriate to your situation
    #  You can add --dry-run to the delete-snapshot command if you want to do a trial run
    #
    aws --profile prod --region us-east-1 --output text ec2 describe-snapshots --filters Name=description,Values='SNAPSHOT OF my-env*' --query "Snapshots[?(StartTime<='2021-01-01')].[SnapshotId]" | awk \
    '{snapid=$0; \
    print "Delete snapshot: " snapid; \
    system("aws --profile prod --region us-east-1 ec2 delete-snapshot --snapshot-id "snapid)\
    count++; \
    } \
     END { \
     print "Finished at:"; system("date"); \
     print "Total snapshots deleted: " count \
     }'