A production-inspired AWS Lambda function built with Python and boto3 to automatically identify and delete unused Amazon EBS snapshots. The solution helps optimize AWS storage costs by removing snapshots whose associated volumes have been deleted or are no longer attached to an EC2 instance.
- Automatically discovers all EBS snapshots owned by the AWS account.
- Lists all running and stopped EC2 instances.
- Retrieves EBS volume information using the EC2 API.
- Deletes snapshots whose associated volume no longer exists.
- Deletes snapshots whose associated volume is detached from all EC2 instances.
- Supports configurable snapshot retention period.
- Handles AWS API exceptions gracefully.
- Generates detailed execution logs in Amazon CloudWatch.
- Can be scheduled using Amazon EventBridge for automatic execution.
Amazon EventBridge
│
▼
AWS Lambda Function
│
▼
boto3 (EC2 API)
│
┌──────────────┼──────────────┐
▼ ▼ ▼
Describe Describe Describe
Instances Volumes Snapshots
│ │ │
└──────────────┼──────────────┘
│
▼
Validate Snapshot Ownership
│
▼
Delete Unused EBS Snapshots
│
▼
Amazon CloudWatch Logs
aws-ebs-snapshot-cleanup-lambda/
│
├── lambda_function.py
├── requirements.txt
├── iam-policy.json
├── README.md
├── .gitignore
└── LICENSE (Optional)
- AWS Lambda
- Amazon EC2
- Amazon EBS
- Amazon EventBridge
- Amazon CloudWatch
- AWS IAM
- Python 3.14
- boto3
- botocore
- EventBridge triggers the Lambda function on a schedule.
- Lambda retrieves all EC2 instances.
- Lambda retrieves all EBS snapshots owned by the account.
- Lambda checks whether the associated EBS volume exists.
- Lambda verifies whether the volume is attached to an EC2 instance.
- Snapshots associated with deleted or detached volumes are removed.
- Execution logs and cleanup summary are written to CloudWatch.
- AWS Account
- Python 3.14
- boto3
- AWS CLI configured
- IAM Role with EC2 permissions
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeSnapshots",
"ec2:DescribeVolumes",
"ec2:DeleteSnapshot"
],
"Resource": "*"
}
]
}Create a new AWS Lambda function.
Runtime:
Python 3.14
Upload the lambda_function.py source code.
Attach the required IAM Role.
Configure the Lambda handler.
lambda_function.lambda_handler
Create an Amazon EventBridge Rule.
Example Schedule:
rate(1 day)
Monitor execution using CloudWatch Logs.
================================================================================
Starting EBS Snapshot Cleanup
================================================================================
EC2 Instance Inventory
Instance Name : Production-Web
Instance ID : i-0123456789abcdef0
State : running
--------------------------------------------------------------------------------
Snapshot ID : snap-0123456789abcdef
Volume ID : vol-0123456789abcdef
Deleted : Volume no longer exists.
================================================================================
Cleanup Summary
================================================================================
Snapshots Scanned : 12
Deleted : 4
Skipped : 8
Failed : 0
This project helps reduce unnecessary AWS storage costs by automatically removing:
- Snapshots whose associated EBS volume has been deleted.
- Snapshots whose associated EBS volume is detached from any EC2 instance.
- Pagination support for large AWS environments.
- SNS email notifications after cleanup.
- Configurable retention period using Lambda Environment Variables.
- Tag-based snapshot protection.
- Multi-region snapshot cleanup.
- CloudWatch metrics and dashboards.
- Unit testing using moto.
- Infrastructure as Code deployment using Terraform or AWS SAM.
boto3
botocore
Anurag Sahu
If you found this project helpful, consider giving it a ⭐ on GitHub.