How to Clean Up AWS VPC Resources
When deleting AWS VPCs, dependent network resources are sometimes left behind.
Resoto's cleanup_aws_vpcs plugin can find and delete these orphaned resources, which include:
- AWS VPC Peering Connections
- AWS EC2 Network ACLs
- AWS EC2 Network Interfaces
- AWS ELB
- AWS ALB
- AWS ALB Target Groups
- AWS EC2 Subnets
- AWS EC2 Security Groups
- AWS EC2 Internet Gateways
- AWS EC2 NAT Gateways
- AWS EC2 Route Tables
Prerequisites​
This guide assumes that you have already installed and configured Resoto to collect your AWS resources.
Directions​
-
Execute the following command in Resoto Shell to open the Resoto Worker configuration for editing:
> config edit resoto.worker -
Enable cleanup by modifying the
resotoworkersection of the configuration as follows:resotoworker:
# Enable cleanup of resources
cleanup: true
# Do not actually cleanup resources, just create log messages
cleanup_dry_run: false
# How many cleanup threads to run in parallel
cleanup_pool_size: 16When cleanup is enabled, marked resources will be deleted as a part of the
collect_and_cleanupworkflow, which runs each hour by default.tipSet
cleanup_dry_runtotrueto simulate cleanup without actually deleting resources. -
Update the
plugin_cleanup_aws_vpcssection with the desired target cloud account IDs and setting theenabledproperty totrue:cleanup_aws_vpcs plugin configurationplugin_cleanup_aws_vpcs:
# Dictionary of key cloud with list of account IDs for which the plugin should be active as value
config:
aws:
- '1234567'
- '567890'
# Enable plugin?
enabled: true
The plugin will now run each time Resoto emits the post_cleanup_plan event. The post_cleanup_plan event is emitted in the cleanup phase of the collect_and_cleanup workflow.
Each time the cleanup_aws_vpcs plugin runs, network resources associated with VPCs that have been deleted or marked for cleanup will also be flagged for removal during the next cleanup run.
