In this pattern an Amazon EventBridge rule triggers an AWS Lambda function which deregisters an Amazon Machine Image (AMI), deletes the associated snapshot and moves them to the Recycle Bin for retention.
The template creates all the necessary resources including an Amazon EventBridge Rule that triggers the AWS Lambda function once every day. Additionally, Recycle Bin rules for AMI and EBS Snapshots are created to retain deleted resources matching the resources for a retention period.
The AWS Lambda function automates the expiration of Amazon Machine Images (AMIs) by moving the AMIs and their associated snapshots to Recycle Bin. Recycle Bin is a feature of Amazon Elastic Compute Cloud (EC2) that allows you to retain AMIs that you have de-registered for a specified retention period, providing an opportunity to recover them if needed. To recover the deleted AMI, its associated snapshot should be recovered first. The Lambda function also adds corresponding tags to both, the AMI and the EBS snapshot, before moving them to Recycle Bin.
Learn more about this pattern at Serverless Land Patterns: https://serverlessland.com/patterns/ami-recycle-bin
Important: this application uses various AWS services and there are costs associated with these services after the Free Tier usage - please see the AWS Pricing page for details. You are responsible for any AWS costs incurred. No warranty is implied in this example.
- Create an AWS account if you do not already have one and log in. The IAM user that you use must have sufficient permissions to make necessary AWS service calls and manage AWS resources.
- AWS CLI installed and configured
- Git Installed
- Terraform Installed Required Terraform version >= 4.61.0
An AMI to deregister that has the following Tags:
| Key | Value |
|---|---|
| Expire-After | Date in Zulu format (e.g. 2024-08-30T17:39:00Z) |
| Same value as resource_tag_key in src/variables.tf | Same value as resource_tag_value in src/variables.tf |
- Create a new directory, navigate to that directory in a terminal and clone the GitHub repository:
git clone https://github.com/aws-samples/serverless-patterns - Change directory to the pattern directory:
cd ami-recycle-bin - Bootstrap the input variables in the following file that are used in the Terraform configuration
src/variables.tf - Initialize a new or existing Terraform working directory by downloading required provider plugins and modules
terraform init - Create an execution plan that shows the changes Terraform will make to your infrastructure based on the current configuration files
terraform plan - Apply the changes defined in the Terraform configuration to the infrastructure. Provide the prompts as required
terraform apply
Following is the architectural diagram to demonstrate how the pattern works:
- An Amazon Eventbridge rule is configured to run daily (on a schedule) with AWS Lambda function as a target
- The Lambda function performs the following:
- Verifies that Recycle Bin rules matching the
resource_tag_keyandresource_tag_valueas bootstraped in thevariables.tfexists - Filters AMIs matching the
resource_tag_keyandresource_tag_valueand contains theExpire-Aftertag - Determines whether any of the filtered AMI are expired using the
Expire-Aftertag - Tags the expired AMI with its Snapshot Id and the associated snapshot with the AMI Id if required for recovery
- Deprecates the expired AMI and deletes its associated snapshot
- Verify the the expired AMI and its snapshot is retained in the Recycle Bin after deletion
- Verify the AMI and its snapshot can be recovered after deletion before the retention period ends
Delete the resources
terraform destroy
Copyright 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
SPDX-License-Identifier: MIT-0