Skip to main content

How to Clean Up AWS CloudWatch Alarms

When deleting EC2 instances, CloudWatch alarms are sometimes left behind.

Fix Inventory's cleanup_aws_alarms plugin can find and delete these orphaned alarms.


This guide assumes that you have already installed and configured Fix Inventory to collect your AWS resources.


  1. Execute the following command in Fix Inventory Shell to open the Fix Inventory Worker configuration for editing:

    > config edit fix.worker
  2. Enable cleanup by modifying the fixworker section of the configuration as follows:

    # Enable cleanup of resources
    cleanup: true
    # Do not actually cleanup resources, just create log messages
    cleanup_dry_run: false
    # How many cleanup threads to run in parallel
    cleanup_pool_size: 16

    When cleanup is enabled, marked resources will be deleted as a part of the collect_and_cleanup workflow, which runs each hour by default.


    Set cleanup_dry_run to true to simulate cleanup without actually deleting resources.

  3. Update the plugin_cleanup_aws_alarms section with the desired target cloud account IDs and setting the enabled property to true:

    cleanup_aws_alarms plugin configuration
    # Dictionary of key cloud with list of account IDs for which the plugin should be active as value
    - '1234567'
    - '567890'
    # Enable plugin?
    enabled: true

The plugin will now run each time Fix Inventory emits the post_cleanup_plan event. The post_cleanup_plan event is emitted in the cleanup phase of the collect_and_cleanup workflow.

Each time the cleanup_aws_alarms plugin runs, orphaned CloudWatch alarms will be flagged for removal during the next cleanup run.

Further Reading