Skip to main content

How to Clean Up AWS CloudWatch Alarms

When deleting EC2 instances, AWS CloudWatch instance alarms are sometimes left behind.

Fix Inventory's cleanup-aws-alarms infrastructure app can find and delete these orphaned alarms.

Prerequisites​

This guide assumes that you have already installed and configured Fix Inventory to collect your AWS resources.

Directions​

  1. Execute the following command in Fix Inventory Shell to open the Fix Inventory Worker configuration for editing:

    > config edit fix.worker

  2. Enable cleanup by modifying the fixworker section of the configuration as follows:

    fixworker:
      # Enable cleanup of resources
      cleanup: true
      # Do not actually cleanup resources, just create log messages
      cleanup_dry_run: false
      # How many cleanup threads to run in parallel
      cleanup_pool_size: 16

    When cleanup is enabled, marked resources will be deleted as a part of the collect_and_cleanup workflow, which runs each hour by default.

    tip

    Set cleanup_dry_run to true to simulate cleanup without actually deleting resources.

  3. Use the app install command to install the cleanup-aws-alarms app:

    > app install cleanup-aws-alarms
    info

    Fix Inventory will create a default config fix.apps.cleanup_aws_alarms.

  4. Execute the following command in Fix Inventory Shell to open the infrastructure app configuration for editing:

    > config edit fix.apps.cleanup_aws_alarms

  5. Update the configuration with the desired target cloud account IDs:

    cleanup_aws_alarms configuration
    clouds_and_accounts:
      aws:
        - '1234567'
        - '567890'

  6. Run the app using the app run command:

    > app run cleanup-aws-alarms
    tip

    Add the optional --dry-run flag to see what commands the app would perform, without actually executing them.

    note

    Items tagged with expiration: never will not be flagged for cleanup.

  7. Create an event-based job to run the app automatically:

    > jobs create --name "Clean Up AWS Alarms" --wait-for-event cleanup_plan 'app run cleanup-aws-alarms'
    info

    The cleanup-aws-alarms infrastructure app will now run each time Fix Inventory emits the cleanup_plan event. The post_cleanup_plan event is emitted in the cleanup phase of the collect_and_cleanup workflow.

Each time the cleanup-aws-alarms infrastructure app runs, orphaned CloudWatch alarms will be flagged for removal during the next cleanup run.

Further Reading​