Skip to main content

How to Clean Up Expired Resources

A resource can be tagged with an expiration tag that instructs Fix Inventory to clean it up after it has reached a certain age. This can serve as a safety net for when a CI job fails or the IaC tool aborts halfway through its run, or even as the primary means of managing resource lifecycles.

Fix Inventory's cleanup-expired infrastructure app can find and delete expired resources.

Prerequisites​

This guide assumes that you have already installed and configured Fix Inventory to collect your cloud resources.

Directions​

  1. Execute the following command in Fix Inventory Shell to open the Fix Inventory Worker configuration for editing:

    > config edit fix.worker

  2. Enable cleanup by modifying the fixworker section of the configuration as follows:

    fixworker:
      # Enable cleanup of resources
      cleanup: true
      # Do not actually cleanup resources, just create log messages
      cleanup_dry_run: false
      # How many cleanup threads to run in parallel
      cleanup_pool_size: 16

    When cleanup is enabled, marked resources will be deleted as a part of the collect_and_cleanup workflow, which runs each hour by default.

    tip

    Set cleanup_dry_run to true to simulate cleanup without actually deleting resources.

  3. Use the app install command to install the cleanup-expired app:

    > app install cleanup-expired

  4. Run the app using the app run command:

    > app run cleanup-expired
    tip

    Add the optional --dry-run flag to see what commands the app would perform, without actually executing them.

    note

    Items tagged with expiration: never will not be flagged for cleanup.

  5. Create an event-based job to run the app automatically:

    > jobs create --name "Clean Up Expired Resources" --wait-for-event cleanup_plan 'app run cleanup-expired'
    info

    The cleanup-expired infrastructure app will now run each time Fix Inventory emits the cleanup_plan event. The post_cleanup_plan event is emitted in the cleanup phase of the collect_and_cleanup workflow.

Each time the cleanup-expired infrastructure app runs, expired resources will be flagged for removal during the next cleanup run.

info

A resource's expiration time can be defined either with an ISO 8601 timestamp or time delta:

Tag NameDescriptionExample
fix:expiresISO 8601 timestamp2022-09-21T10:40:11+00:00
fix:expiration or expirationTime delta from resource creation time24h

Please see the Resource Expiration for more information about expiration tags.

tip

If you would like to apply expiration tags to existing resources, How to Find Untagged Resources describes how to find untagged resources.

How to Clean Up Untagged Resources describes how to clean up untagged resources, which can be helpful in enforcing tagging policies.

Further Reading​