Skip to main content
Version: 3.9.0

How to Clean Up AWS CloudWatch Alarms

When deleting EC2 instances, CloudWatch alarms are sometimes left behind.

Resoto's cleanup_aws_alarms plugin can find and delete these orphaned alarms.


This guide assumes that you have already installed and configured Resoto to collect your AWS resources.


  1. Execute the following command in Resoto Shell to open the Resoto Worker configuration for editing:

    > config edit resoto.worker
  2. Enable cleanup by modifying the resotoworker section of the configuration as follows:

    # Enable cleanup of resources
    cleanup: true
    # Do not actually cleanup resources, just create log messages
    cleanup_dry_run: false
    # How many cleanup threads to run in parallel
    cleanup_pool_size: 16

    When cleanup is enabled, marked resources will be deleted as a part of the collect_and_cleanup workflow, which runs each hour by default.


    Set cleanup_dry_run to true to simulate cleanup without actually deleting resources.

  3. Update the plugin_cleanup_aws_alarms section with the desired target cloud account IDs and setting the enabled property to true:

    cleanup_aws_alarms plugin configuration
    # Dictionary of key cloud with list of account IDs for which the plugin should be active as value
    - '1234567'
    - '567890'
    # Enable plugin?
    enabled: true

The plugin will now run each time Resoto emits the post_cleanup_plan event. The post_cleanup_plan event is emitted in the cleanup phase of the collect_and_cleanup workflow.

Each time the cleanup_aws_alarms plugin runs, orphaned CloudWatch alarms will be flagged for removal during the next cleanup run.

Further Reading

Contact Us

Have feedback or need help? Don’t be shy—we’d love to hear from you!




Some Engineering Inc.