aws_ami_cleanup 0.1 → 1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.ruby-version +1 -1
- data/README.md +7 -1
- data/aws_ami_cleanup.gemspec +1 -1
- data/lib/aws_ami_cleanup/cleanup_amis.rb +76 -18
- data/lib/aws_ami_cleanup/commands.rb +17 -5
- data/lib/aws_ami_cleanup/version.rb +1 -1
- metadata +11 -11
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: fdb3d28f7c0eb4b2c6acd19468ff42990802239afed6d39d966bdf9e314af913
|
|
4
|
+
data.tar.gz: aec4c2d2bea2f67e295df587023c300075602037c093063d726e3a9dffe797b0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 00bc9351ee496669abbc4e5c0bb66c6ece7c7ad4f71ea3e1607785fa9f4a2890066d9d94cffc10c5b998cb99afa17ad0bf2535cc305e7655303f40151a668e2e
|
|
7
|
+
data.tar.gz: 3c2741cb1ae825e8ee0e6433914635839415c8365f2fdb5244e8c6a7c5d9fcfb99c8aa83f95a2936ef79a6c058e580d726dd1e36f88efc51441279eaedad374f
|
data/.ruby-version
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
ruby-
|
|
1
|
+
ruby-3.1.2
|
data/README.md
CHANGED
|
@@ -8,6 +8,7 @@ This gem provides the `cleanup_amis` script that allows deregistering unused AMI
|
|
|
8
8
|
- ec2:DeregisterImage
|
|
9
9
|
- ec2:DeleteSnapshot
|
|
10
10
|
- autoscaling:DescribeAutoScalingGroups
|
|
11
|
+
- autoscaling:DescribeLaunchConfigurations
|
|
11
12
|
|
|
12
13
|
Script should be invoked as follows:
|
|
13
14
|
|
|
@@ -17,4 +18,9 @@ cleanup_amis clean_amis --ami_name 'my-ami' --ami_owner 'self'
|
|
|
17
18
|
|
|
18
19
|
Where `ami_owner` can be a combination of AWS account IDs, `self`, `amazon`, and `aws-marketplace`.
|
|
19
20
|
|
|
20
|
-
Additionally you can provide the
|
|
21
|
+
Additionally you can provide the following arguments:
|
|
22
|
+
|
|
23
|
+
- `number_of_amis_to_keep` to specify how many AMIs to keep (default is 3).
|
|
24
|
+
- `region` for the AWS region (default is `us-east-1`).
|
|
25
|
+
- `dry_run` for running without deleting any resources in AWS.
|
|
26
|
+
- `skip_image_under_use_verification` for skipping verification on whether the AMI is being used by any auto scaling group or reserved EC2 instance.
|
data/aws_ami_cleanup.gemspec
CHANGED
|
@@ -26,5 +26,5 @@ Gem::Specification.new do |s|
|
|
|
26
26
|
s.add_runtime_dependency "aws-sdk-ec2", "~> 1"
|
|
27
27
|
s.add_runtime_dependency "aws-sdk-autoscaling", "~> 1"
|
|
28
28
|
s.add_runtime_dependency "thor", "~> 1"
|
|
29
|
-
s.add_development_dependency("
|
|
29
|
+
s.add_development_dependency("debug")
|
|
30
30
|
end
|
|
@@ -7,21 +7,41 @@ module AwsAmiCleanup
|
|
|
7
7
|
class CleanupAmis
|
|
8
8
|
DEFAULT_NUMBER_OF_AMIS_TO_KEEP = 3
|
|
9
9
|
|
|
10
|
-
attr_accessor :region, :number_of_amis_to_keep
|
|
10
|
+
attr_accessor :region, :number_of_amis_to_keep, :skip_image_under_use_verification
|
|
11
11
|
|
|
12
|
-
def initialize(region, number_of_amis_to_keep)
|
|
12
|
+
def initialize(region, number_of_amis_to_keep, skip_image_under_use_verification:, assume_role_for_querying_state:, aws_role_for_querying_state:)
|
|
13
13
|
@region = region
|
|
14
14
|
|
|
15
15
|
@number_of_amis_to_keep = number_of_amis_to_keep || DEFAULT_NUMBER_OF_AMIS_TO_KEEP
|
|
16
16
|
if number_of_amis_to_keep <= 0
|
|
17
17
|
raise 'Number of AMIs to keep must be higher than 0.'
|
|
18
18
|
end
|
|
19
|
+
|
|
20
|
+
@skip_image_under_use_verification = skip_image_under_use_verification
|
|
21
|
+
@assume_role_for_querying_state = assume_role_for_querying_state
|
|
22
|
+
|
|
23
|
+
if @skip_image_under_use_verification && @assume_role_for_querying_state
|
|
24
|
+
raise 'Cannot include skip image under use verification and assume role for querying state options'
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
if @assume_role_for_querying_state
|
|
28
|
+
raise "Must include the IAM role's ARN to assume if using a different role for querying state" if aws_role_for_querying_state.nil?
|
|
29
|
+
@aws_role_for_querying_state = aws_role_for_querying_state
|
|
30
|
+
end
|
|
19
31
|
end
|
|
20
32
|
|
|
21
|
-
def execute!(ami_name:, ami_owner:)
|
|
33
|
+
def execute!(ami_name:, ami_owner:, dry_run:)
|
|
34
|
+
puts "RUNNING IN DRY MODE." if dry_run
|
|
35
|
+
|
|
22
36
|
potential_amis_to_remove = amis(ami_name, ami_owner)
|
|
23
37
|
ami_ids = potential_amis_to_remove.collect(&:image_id)
|
|
24
|
-
|
|
38
|
+
|
|
39
|
+
if skip_image_under_use_verification
|
|
40
|
+
ami_ids_to_remove = ami_ids
|
|
41
|
+
else
|
|
42
|
+
ami_ids_to_remove = ami_ids - amis_in_use
|
|
43
|
+
end
|
|
44
|
+
|
|
25
45
|
potential_amis_to_remove.keep_if {|a| ami_ids_to_remove.include?(a.image_id) }
|
|
26
46
|
|
|
27
47
|
if potential_amis_to_remove.count > number_of_amis_to_keep
|
|
@@ -29,11 +49,18 @@ module AwsAmiCleanup
|
|
|
29
49
|
amis_to_keep = potential_amis_to_remove[0..(number_of_amis_to_keep-1)]
|
|
30
50
|
|
|
31
51
|
puts "Deregistering old AMIs..."
|
|
52
|
+
|
|
32
53
|
amis_to_remove.each do |ami|
|
|
33
54
|
ebs_mappings = ami.block_device_mappings
|
|
34
55
|
puts "Deregistering #{ami.image_id}"
|
|
35
|
-
|
|
36
|
-
|
|
56
|
+
|
|
57
|
+
begin
|
|
58
|
+
ec2_client_for_cleanup.deregister_image(image_id: ami.image_id, dry_run: dry_run)
|
|
59
|
+
rescue Aws::EC2::Errors::DryRunOperation
|
|
60
|
+
# When running in dry mode, EC2 raises this exception if operation would have succeeded, we catch them so the full process can run
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
delete_ami_snapshots(ebs_mappings, dry_run)
|
|
37
64
|
end
|
|
38
65
|
|
|
39
66
|
puts "Currently active AMIs..."
|
|
@@ -47,12 +74,40 @@ module AwsAmiCleanup
|
|
|
47
74
|
|
|
48
75
|
protected
|
|
49
76
|
|
|
50
|
-
def
|
|
77
|
+
def ec2_client_for_query_state
|
|
78
|
+
return @__ec2_client_for_query_state if defined?(@__ec2_client_for_query_state)
|
|
79
|
+
|
|
80
|
+
@__ec2_client_for_query_state =
|
|
81
|
+
if @assume_role_for_querying_state
|
|
82
|
+
role_credentials = Aws::AssumeRoleCredentials.new(
|
|
83
|
+
role_arn: @aws_role_for_querying_state,
|
|
84
|
+
role_session_name: 'ami-cleanup',
|
|
85
|
+
region: region
|
|
86
|
+
)
|
|
87
|
+
Aws::EC2::Client.new(credentials: role_credentials, region: region)
|
|
88
|
+
else
|
|
89
|
+
ec2_client_for_cleanup
|
|
90
|
+
end
|
|
91
|
+
end
|
|
92
|
+
|
|
93
|
+
def ec2_client_for_cleanup
|
|
51
94
|
@__ec2 ||= Aws::EC2::Client.new(region: region)
|
|
52
95
|
end
|
|
53
96
|
|
|
54
97
|
def auto_scaling
|
|
55
|
-
@__auto_scaling
|
|
98
|
+
return @__auto_scaling if defined?(@__auto_scaling)
|
|
99
|
+
|
|
100
|
+
@__auto_scaling =
|
|
101
|
+
if @aws_role_for_querying_state
|
|
102
|
+
role_credentials = Aws::AssumeRoleCredentials.new(
|
|
103
|
+
role_arn: @aws_role_for_querying_state,
|
|
104
|
+
role_session_name: 'ami-cleanup',
|
|
105
|
+
region: region
|
|
106
|
+
)
|
|
107
|
+
Aws::AutoScaling::Client.new(credentials: role_credentials, region: region)
|
|
108
|
+
else
|
|
109
|
+
Aws::AutoScaling::Client.new(region: region)
|
|
110
|
+
end
|
|
56
111
|
end
|
|
57
112
|
|
|
58
113
|
def amis(ami_name, ami_owner)
|
|
@@ -60,7 +115,7 @@ module AwsAmiCleanup
|
|
|
60
115
|
|
|
61
116
|
# Cannot lookup by Name tag because that's only available from the owner account.
|
|
62
117
|
describe_images_params = { owners: [ ami_owner ] }
|
|
63
|
-
all_images_from_owner =
|
|
118
|
+
all_images_from_owner = ec2_client_for_query_state.describe_images(describe_images_params).images
|
|
64
119
|
name_matching_images = all_images_from_owner.filter {|i| i.name.match?(ami_name) }
|
|
65
120
|
|
|
66
121
|
@__amis = sort_by_created_at(name_matching_images)
|
|
@@ -80,11 +135,11 @@ module AwsAmiCleanup
|
|
|
80
135
|
launch_template_ids = autoscaling_groups.reject {|asg| asg.launch_template.nil? }
|
|
81
136
|
.collect {|asg| asg.launch_template.launch_template_id }
|
|
82
137
|
launch_template_ids.each do |launch_template_id|
|
|
83
|
-
image_ids <<
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
138
|
+
image_ids << ec2_client_for_query_state.describe_launch_template_versions(launch_template_id: launch_template_id, max_results: 1)
|
|
139
|
+
.launch_template_versions
|
|
140
|
+
.first
|
|
141
|
+
.launch_template_data
|
|
142
|
+
.image_id
|
|
88
143
|
end
|
|
89
144
|
|
|
90
145
|
# Find AMIs used by auto scaling groups with launch configurations
|
|
@@ -94,21 +149,24 @@ module AwsAmiCleanup
|
|
|
94
149
|
image_ids += launch_configurations.map(&:image_id)
|
|
95
150
|
|
|
96
151
|
# Finally, find AMIs used by instances not belonging to auto scaling groups
|
|
97
|
-
ec2_reservations =
|
|
152
|
+
ec2_reservations = ec2_client_for_query_state.describe_instances
|
|
98
153
|
image_ids += ec2_reservations.reservations.collect {|res| res.instances.map(&:image_id) }.flatten
|
|
99
154
|
|
|
100
155
|
image_ids.flatten
|
|
101
156
|
end
|
|
102
157
|
|
|
103
|
-
def delete_ami_snapshots(ebs_mappings)
|
|
158
|
+
def delete_ami_snapshots(ebs_mappings, dry_run)
|
|
104
159
|
ebs_mappings.each do |ebs_mapping|
|
|
105
160
|
# Skip ephimeral block devices
|
|
106
161
|
next if ebs_mapping.ebs.nil? || ebs_mapping.ebs.snapshot_id.nil?
|
|
107
162
|
|
|
108
163
|
snapshot_id = ebs_mapping.ebs.snapshot_id
|
|
109
164
|
puts "Deleting snapshot #{snapshot_id}"
|
|
110
|
-
|
|
111
|
-
|
|
165
|
+
begin
|
|
166
|
+
ec2_client_for_cleanup.delete_snapshot(snapshot_id: snapshot_id, dry_run: dry_run)
|
|
167
|
+
rescue Aws::EC2::Errors::DryRunOperation
|
|
168
|
+
# When running in dry mode, EC2 raises this exception if operation would have succeeded, we catch them so the full process can run
|
|
169
|
+
end
|
|
112
170
|
end
|
|
113
171
|
end
|
|
114
172
|
end
|
|
@@ -5,18 +5,30 @@ module AwsAmiCleanup
|
|
|
5
5
|
desc "clean_amis", "delete unused AMIs owned by ami_owner with ami_name name"
|
|
6
6
|
option :ami_name, required: true
|
|
7
7
|
option :ami_owner, required: true
|
|
8
|
-
option :number_of_amis_to_keep, required:
|
|
8
|
+
option :number_of_amis_to_keep, required: true
|
|
9
|
+
option :assume_role_for_querying_state, type: :boolean, required: false
|
|
10
|
+
option :aws_role_for_querying_state, required: false
|
|
11
|
+
option :dry_run, type: :boolean, required: false
|
|
9
12
|
option :region, required: false
|
|
13
|
+
option :skip_verification, type: :boolean, required: false
|
|
10
14
|
def clean_amis
|
|
11
|
-
cleanup_amis = AwsAmiCleanup::CleanupAmis.new(
|
|
15
|
+
cleanup_amis = AwsAmiCleanup::CleanupAmis.new(
|
|
16
|
+
region,
|
|
17
|
+
options[:number_of_amis_to_keep]&.to_i,
|
|
18
|
+
skip_image_under_use_verification: options[:skip_verification],
|
|
19
|
+
assume_role_for_querying_state: options[:assume_role_for_querying_state],
|
|
20
|
+
aws_role_for_querying_state: options[:aws_role_for_querying_state]
|
|
21
|
+
)
|
|
12
22
|
|
|
13
|
-
cleanup_amis.execute!(ami_name: options[:ami_name],
|
|
23
|
+
cleanup_amis.execute!(ami_name: options[:ami_name],
|
|
24
|
+
ami_owner: options[:ami_owner],
|
|
25
|
+
dry_run: options[:dry_run])
|
|
14
26
|
end
|
|
15
27
|
|
|
16
28
|
desc "console", "interactive session"
|
|
17
29
|
def console
|
|
18
|
-
require '
|
|
19
|
-
|
|
30
|
+
require 'debug'
|
|
31
|
+
debugger
|
|
20
32
|
end
|
|
21
33
|
|
|
22
34
|
protected
|
metadata
CHANGED
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aws_ami_cleanup
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: '
|
|
4
|
+
version: '1.1'
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Diego Marcet
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
11
|
date: 2021-02-19 00:00:00.000000000 Z
|
|
@@ -53,20 +53,20 @@ dependencies:
|
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
54
|
version: '1'
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
|
-
name:
|
|
56
|
+
name: debug
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
58
58
|
requirements:
|
|
59
|
-
- - "
|
|
59
|
+
- - ">="
|
|
60
60
|
- !ruby/object:Gem::Version
|
|
61
|
-
version: '
|
|
61
|
+
version: '0'
|
|
62
62
|
type: :development
|
|
63
63
|
prerelease: false
|
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
65
65
|
requirements:
|
|
66
|
-
- - "
|
|
66
|
+
- - ">="
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
|
-
version: '
|
|
69
|
-
description:
|
|
68
|
+
version: '0'
|
|
69
|
+
description:
|
|
70
70
|
email: diego@controlshiftlabs.com
|
|
71
71
|
executables:
|
|
72
72
|
- cleanup_amis
|
|
@@ -88,7 +88,7 @@ homepage: http://github.com/controlshift/aws_ami_cleanup
|
|
|
88
88
|
licenses:
|
|
89
89
|
- MIT
|
|
90
90
|
metadata: {}
|
|
91
|
-
post_install_message:
|
|
91
|
+
post_install_message:
|
|
92
92
|
rdoc_options: []
|
|
93
93
|
require_paths:
|
|
94
94
|
- lib
|
|
@@ -103,8 +103,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
103
103
|
- !ruby/object:Gem::Version
|
|
104
104
|
version: '0'
|
|
105
105
|
requirements: []
|
|
106
|
-
rubygems_version: 3.
|
|
107
|
-
signing_key:
|
|
106
|
+
rubygems_version: 3.3.19
|
|
107
|
+
signing_key:
|
|
108
108
|
specification_version: 4
|
|
109
109
|
summary: Script for deleting obsolete AMIs
|
|
110
110
|
test_files: []
|