Skip to content

Commit

Permalink
unused aws instace and vpcs cleanup
Browse files Browse the repository at this point in the history
Signed-off-by: shiva kumar <[email protected]>
  • Loading branch information
shivakunv committed Dec 17, 2024
1 parent f478ba5 commit 348e3c1
Show file tree
Hide file tree
Showing 2 changed files with 196 additions and 0 deletions.
79 changes: 79 additions & 0 deletions .github/workflows/awscleanup.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
name: Daily AWS Cleanup Bot

# on:
# schedule:
# - cron: '0 8 * * *'

on:
pull_request:
types:
- opened
- synchronize
branches:
- awsresourcecleanup
push:
branches:
- awsresourcecleanup

jobs:
cleanup:
runs-on: linux-amd64-cpu4

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Set up AWS CLI
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-west-1

- name: Identify resources running longer than 4 hours
id: identify-resources
run: |
# Find EC2 instances with names ci* running longer than 4 hours
running_instances=$(aws ec2 describe-instances \
--filters Name=instance-state-name,Values=running Name=tag:Name,Values=ci* \
--query "Reservations[*].Instances[?LaunchTime<=\`$(date -u -d '4 hours ago' +%Y-%m-%dT%H:%M:%SZ)\`].InstanceId" \
--output text | tr -d '\r' | tr '\n' ' ')
echo "Found instances: $running_instances"
echo "instances=$running_instances" >> $GITHUB_ENV
# Find vpcs with names ci*
vpcs=$(aws ec2 describe-vpcs \
--filters "Name=tag:Name,Values=ci*" \
--query "Vpcs[].VpcId" \
--output text | tr -d '\r' | tr '\n' ' ')
echo "Found VPCs: $vpcs"
echo "vpcs=$vpcs" >> $GITHUB_ENV
- name: Terminate EC2 Instances
if: env.instances != ''
run: |
for instance in $instances; do
echo "Terminating instance: $instance"
aws ec2 terminate-instances --instance-ids "$instance"
done
- name: Clean up VPCs
if: env.vpcs != ''
run: |
for vpc in $vpcs; do
# Check for EC2 instances attached to VPC
instances_in_vpc=$(aws ec2 describe-instances \
--filters "Name=vpc-id,Values=$vpc" \
--query "Reservations[*].Instances[*].InstanceId" \
--output text)
# if no instance attached delete it
if [ -z "$instances_in_vpc" ]; then
scripts/awsvpcscleanup.sh $vpc
else
echo "EC2 instances are still attached to VPC: $vpc. Skipping deletion."
fi
done
- name: Post cleanup
run: |
echo "Cleanup completed."
117 changes: 117 additions & 0 deletions scripts/awsvpcscleanup.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,117 @@
#!/bin/bash

if [[ $# -ne 1 ]]; then
echo " vpcid required for deletion"
exit 1
fi
export vpc=$1

echo "Start Deleting VPC: $vpc resource"

# Delete Internet Gateway
internet_gateways=$(aws ec2 describe-internet-gateways \
--filters Name=attachment.vpc-id,Values=$vpc \
--query "InternetGateways[].InternetGatewayId" \
--output text | tr -d '\r' | tr '\n' ' ')

for igw in $internet_gateways; do
aws ec2 detach-internet-gateway --internet-gateway-id "$igw" --vpc-id "$vpc"
aws ec2 delete-internet-gateway --internet-gateway-id "$igw"
done

# Delete NAT Gateways
nat_gateways=$(aws ec2 describe-nat-gateways \
--filter Name=vpc-id,Values=$vpc \
--query "NatGateways[].NatGatewayId" \
--output text | tr -d '\r' | tr '\n' ' ')
for ngw in $nat_gateways; do
aws ec2 delete-nat-gateway --nat-gateway-id "$ngw"
done

# Delete Elastic IPs
eips=$(aws ec2 describe-addresses \
--filters Name=domain,Values=vpc \
--query "Addresses[].[AllocationId,Association.VpcId]" \
--output text | grep "$vpc" | awk '{print $1}' | tr -d '\r' | tr '\n' ' ')
for eip in $eips; do
aws ec2 release-address --allocation-id "$eip"
done

# Detach and Delete Security Groups
security_groups=$(aws ec2 describe-security-groups \
--filters Name=vpc-id,Values=$vpc \
--query "SecurityGroups[?GroupName!='default'].GroupId" \
--output text | tr -d '\r' | tr '\n' ' ')
for sg in $security_groups; do
enis=$(aws ec2 describe-network-interfaces \
--filters Name=group-id,Values=$sg \
--query "NetworkInterfaces[].NetworkInterfaceId" \
--output text | tr -d '\r' | tr '\n' ' ')
for eni in $enis; do
aws ec2 modify-network-interface-attribute \
--network-interface-id "$eni" \
--groups "$(aws ec2 describe-security-groups \
--query 'SecurityGroups[?GroupName==`default`].GroupId' \
--output text)"
done
aws ec2 delete-security-group --group-id "$sg"
done

# Delete Route Tables , do not delete Main route table
route_tables=$(aws ec2 describe-route-tables \
--filters Name=vpc-id,Values=$vpc \
--query "RouteTables[?Associations[?Main==false]].RouteTableId" \
--output text | tr -d '\r' | tr '\n' ' ')
for rt in $route_tables; do
associations=$(aws ec2 describe-route-tables \
--route-table-ids "$rt" \
--query "RouteTables[0].Associations[].RouteTableAssociationId" \
--output text | tr -d '\r' | tr '\n' ' ')

for assoc in $associations; do
aws ec2 disassociate-route-table --association-id "$assoc"
done
aws ec2 delete-route-table --route-table-id "$rt"
done

# Delete Subnets
subnets=$(aws ec2 describe-subnets \
--filters Name=vpc-id,Values=$vpc \
--query "Subnets[].SubnetId" \
--output text | tr -d '\r' | tr '\n' ' ')

for subnet in $subnets; do
aws ec2 delete-subnet --subnet-id "$subnet"
done

# Delete Network Interfaces
eni_ids=$(aws ec2 describe-network-interfaces \
--filters Name=vpc-id,Values=$vpc \
--query "NetworkInterfaces[].NetworkInterfaceId" \
--output text | tr -d '\r' | tr '\n' ' ')
for eni in $eni_ids; do
aws ec2 delete-network-interface --network-interface-id "$eni"
done

echo "All resource Deleted for VPC: $vpc , now delete vpc"

attempts=0
# try 3 times with 5 minutes interval
while [ $attempts -lt 3 ]; do
echo "Attempting to delete VPC: $vpc (Attempt $((attempts+1)))"
if aws ec2 delete-vpc --vpc-id $vpc; then
echo "Successfully deleted VPC: $vpc"
break
else
attempts=$((attempts + 1))
if [ $attempts -lt 3 ]; then
echo "Failed to delete VPC: $vpc. Retrying in 30 seconds..."
sleep 30
fi
fi
done

if [ $attempts -eq 3 ]; then
echo "Failed to delete VPC: $vpc after 3 attempts. Skipping."
exit 1
fi

0 comments on commit 348e3c1

Please sign in to comment.