How to Clean Up Untagged Resources
Resource tags are an essential tool in finding and tracking an organization's cloud resources, but tags are only useful if applied consistently.
> config edit resoto.worker
Enable cleanup by modifying the
resotoworkersection of the configuration as follows:
# Enable cleanup of resources
# Do not actually cleanup resources, just create log messages
# How many cleanup threads to run in parallel
When cleanup is enabled, marked resources will be deleted as a part of the
collect_and_cleanupworkflow, which runs each hour by default.tip
trueto simulate cleanup without actually deleting resources.
plugin_cleanup_untaggedsection with the desired target AWS account IDs and setting the
true:cleanup_untagged plugin configuration
# Enable plugin?
# Configuration for the plugin
name: 'Example Account'
cleanup_untaggedplugin configuration has the following subsections:
defaultspecifies the default age of a resource before mandatory tags are enforced. For example, if
ageis set to
2h, there is a 2-hour grace period to add the required tags after resource creation.
tagslists tags that must exist on every resource kind listed in the
kindslists resource kind for which tags listed in
accountscontains a dictionary of cloud and account IDs for which tags will be enforced. For each account, a name is defined and the age defined in
defaultcan optionally be overridden.
Each time the
cleanup_untagged plugin runs, resources for which the specified tag requirements are not met will be flagged for removal during the next cleanup run.