I have been using AWS for a while now. I always have the difficulty tracking AWS resources and how they are interconnected. Obviously, I am using Terraform but still, there is always ad-hoc operations that cut down my visibility.
Since I have been charged multiple times for resources/services that are present but not used by me.
Unused services include resources that are not pointing to other services but present in the AWS environment.
Tools suggestions are also welcome.
There are a few ways to approach deleting unused resources, perhaps tagging items that are part of some trusted or known group, as some have suggested here and then manually monitoring for resources that isn’t tagged appropriately.
You could then extend this to a python script that you run every so often to ID and delete these resources.
However, there are other (potentially less intensive) options.
1) AWS already provide a way for us to monitor our resources, identify unused ones and terminate them with CloudWatch alarms. You can start by configuring some alarming based on some set of checks that you might already be doing manually. Once you are comfortable that the alarming is accurate, you can add a termination step to the chain.
2) Alternatively, our friends at Netflix made this chill tool called JanitorMonkey to monitor and delete unused Instances, EBS Volumes, EBS Snapshots and Autoscaling groups. It is part of the original so-called “Simian Army” open source pack from Netflix and written in Java. Even thought it’s a few years old now, this thing is highly configurable and well worth a look.
Both options here allow you to configure warnings and business rules that fit your needs. Additionally, using CloudWatch might also be a good opportunity to learn more about AWS logs and anomaly identification.
If you wish to do it purely with AWS provided tools, try this:
After you have all of your resources tagged, use AWS Budgets to monitor and tracked down changes in you spend and get alerts when it crosses the budget threshold you define.
Also, create and periodically review some reports within the AWS Costs Explorer to find daily changes in region spend / service spend / etc.
Using a strict and meaningful tagging scheme helps maintain a healthy account with less money going to waste.
I created such a tool, it is called AWS Inventory and eventually, it will cover all available resources in your account. While it is still a work in progress, should be very easy to add the items you might be missing just by adding the API name to a list.
The tool is just a single HTML file that uses aws-sdk.js to query all the different list... and describe... APIs of CORS-enabled services.
The project is MIT license and open source at https://github.com/devops-israel/aws-inventory.
That would be one way of doing, using just the AWS console.
I have been using TotalCloud for many other things but this is very easily possible on the platform. It seems to be free for now. I have been using it with two large AWS accounts for 3 months now.
It shows everything in a single view with visual topological view which makes it fairly easy to understand the relationships between resources/services. The grouping can definitely help you find the resources as needed.
