Delete Orphaned AMI-Related Snapshots
By : Josh -
I recently worked with a client where there were a number of Amazon EC2 AMIs where not all of the disk volumes were set to delete on termination. This caused quite a few snapshots to become orphaned when the associated AMI was deleted. This was discovered when there were hundreds of snapshots and no active snapshot plan.
To fix this issue, I wrote a script that will loop through all snapshots that have been created as part of a AMI and deleting them if that AMI no longer exists.
Note that this process should be used with a process to set all volumes to delete on termination to prevent future orphans.
This script requires the EC2 command line tools.
Note that you should be 100% comfortable with this script before running it as it will delete snapshots. On the other hand, they are only snapshots, it will not delete EC2 instances.
#!/bin/bash
images=$(ec2-describe-images | awk '/IMAGE/ {print $2}')
invalid_count=0
valid_count=0
IFS='
'
for snapshot in $(ec2-describe-snapshots)
do
snapshotid=$(echo ${snapshot} | sed -n 's/.*\(snap-[a-z0-9]\{4,8\}\).*/\1/p')
amiid=$(echo ${snapshot} | sed -n 's/.*\(ami-[a-z0-9]\{4,8\}\).*/\1/p')
if [ -z ${amiid} ]
then
# not related to AMI
continue;
fi
valid=$(echo ${images} | egrep -c ${amiid})
if [ "${valid}" -gt 0 ]
then
valid_count=$((valid_count+1))
else
echo "Deleting orphaned snapshot ${snapshotid} which belongs to non-existent AMI ${amiid}"
invalid_count=$((invalid_count+1))
ec2-delete-snapshot ${snapshotid}
fi
done
unset IFS
echo "Valid snapshots: ${valid_count}"
echo "Invalid snapshots: ${invalid_count}"
exit 0;
Let me know if you find any issues.
– josh
Hi, very useful script– thank you. Note that snapshot ideas are now longer I think than when you wrote this script. To get this to work, I needed to modify the sed command to look for a longer numeric. Some of our latest snapshot ids are now up to 17 numerical characters now e.g. “snap-04340bca1d41104db”
Hi Josh,
I saw this script. My requirement is to delete the snapshots which does not show the AMI. I want to delete the snapshots which dont have AMI exists on AWS. Will this script work?.
Hi Paul,
Yes, that is what this script does. Based on RB’s comment, I need to update the script to work with the longer snapshot IDs that have recently become standard in AWS. I will get the script updated shortly.
Thanks,
Josh
I’ve posted an updated script to delete orphan snapshots here:
https://github.com/itsecureadmin/cloud-utilities/blob/master/bin/aws-snapshot-audit.sh
Let me know how it works for you. All IDs should support very long IDs.
Thanks,
Josh
Hi,
How can i delete the orphan Snapshot from the AWS dashboard not using the command line?
Thanks for your help
Thanks
Hi Sumit,
Using the AWS Dashboard, I would go through this process:
1. for each snapshot that exists
2. check the snapshot description to see which AMI it is associated with (if any)
3. if it is associated with an AMI, check to see if that AMI exists
4. if the AMI that the snapshot was associated with does not exist
5. this is an orphan snapshot that you may want to delete
Using the command line is so much faster and more accurate than using the dashboard so I recommend using the command line whenever possible.
Any time you have a manual process, you introduce increased potential for error.
Thanks,
Josh
The git address you mentioned is wrong. This is the correct address I guess:
https://github.com/itsecureadmin/cloud-utilities/blob/master/bin/aws-snapshot-audit.sh
Thanks for the assist, Pooja.
Hello josh,
I have orphaned snapshots which were created from AMI of instances. I have deregister the AMI and snapshots were still in my account. I tried to run you script but it dint delete those snapshots whose AMIs were not existing.
I even tried to terminate the instance and then run script. it dint work for me and give valid and invalid snapshots as 0.
——–
++ echo ‘SNAPSHOTS Created by CreateImage(i-0a07bxxxxxc58a7) for ami-047xxxxeb2f50 from vol-078xxxxxb5da61 False 734xxxx822 100% snap-04eb3xxxxx4bd5e21 2018-09-19T02:35:10.000Z completed vol-078dxxxxx8b5da61 8’
++ sed -n ‘s/.*\(ami-[a-z0-9]\+\).*/\1/p’
+ amiid=
+ ‘[‘ -z ‘]’
—————–
can you please guide me?
Hi DB,
I have sent you an email with a request for more information.
Thanks,
Josh
Hello Josh,
I am creating daily backups of AMI and deleting de-register the 3 days older backup’s using scripts. The older AMI gets de-registered but the snapshots attached to them don’t get deleted.
Can you help me in this.
Hi Amol,
This problem is usually due to the EC2 instance(s) that you are taking the AMI image from not having the EBS volumes set to terminate on delete, which causes the snapshots to remain when you delete the AMI.
The solution that I use is to run a script to ensure that all volumes are set to terminate on delete, and then run another script to delete orphan snapshots that have been previously been associated with an AMI.
I have a set of scripts here that I use:
https://github.com/itsecureadmin/cloud-utilities