AMI and EBS cleanup
Overview
This runbook explains how to use the AMI and EBS cleanup pipeline to identify and remove unused Amazon Machine Images (AMIs) and unattached EBS volumes in Modernisation Platform environments.
The goal is to reduce costs and keep environments clean by automatically deleting resources that are no longer needed.
The cleanup runs in two phases:
- Preview (dry run) — lists candidates for deletion and produces a summary and CSV reports.
- Live (deletion) — deregisters unused AMIs, deletes associated snapshots, and removes unattached EBS volumes.
When to use this runbook
Run this workflow when:
- You want to audit old or unused AMIs and volumes.
- You want to safely delete aged resources to reduce storage costs.
Prerequisites
- The target environment/s must already exist under GitHub Environments in the Modernisation Platform Environments repository, with appropriate approvers configured to authorize the cleanup workflow before it runs.
How to trigger the cleanup
Go to the Modernisation Platform Environments repository in GitHub.
Select the Actions tab.
Choose Cloud Clean Up AMI and EBS in the left-hand list.
Click Run workflow (top right).
Provide input values, see example below:
| Input | Description | Example |
|——–|————–|———-|
| application | Application short name | cooker |
| environments | environment | development,test,preproduction |
| cleanup_type | Choose what to clean: ami, ebs, or both (default) | both |
- Click Run workflow to start the job.
Phase 1 – Preview (dry run)
- Scans for AMIs and EBS volumes owned by the account.
- Applies age filters:
- Default: AMIs ≥ 3 months old, EBS ≥ 1 month old.
- Default: AMIs ≥ 3 months old, EBS ≥ 1 month old.
- Excludes:
- AMIs referenced in Terraform (
ami = "..."orami_name = "..."). - AMIs in use by running instances.
- AMIs or snapshots tagged
AwsBackup,Retain=true, orBackup=true.
- AMIs referenced in Terraform (
- Generates reports and a cleanup summary in Github actions showing ami, snapshots and ebs candidates to be deleted.
Phase 2 – Live (deletion)
- Runs after the dry run and requires approval from the team before execution.
- Uses the same filters to confirm candidates.
- Deregisters unused AMIs and deletes their associated snapshots.
- Performs a snapshot fallback pass to remove any orphaned AMI snapshots.
- Deletes unattached EBS volumes older than the threshold.
- Produces updated CSV reports and summary showing what was deleted or skipped.
Safety and rollback
- AMI deregistration does not affect running EC2 instances.
- Snapshots are deleted only if the corresponding AMI was deleted.
- EBS volumes that are attached are never deleted.
- AMIs or snapshots with
AwsBackup,Retain=true, orBackup=truetags are always preserved. - All candidate commands are written to artifact files before execution for traceability.
References
- EBS cleanup script
Support
For questions or issues, please contact the Modernisation Platform team using the #ask-modernisation-platform slack channel.