unused aws instace and vpcs cleanup

shivakunv · shivakunv · commit 348e3c1e9e7a · 2024-12-17T13:43:24.000+05:30
Signed-off-by: shiva kumar &lt;shivaku@nvidia.com&gt;
diff --git a/.github/workflows/awscleanup.yaml b/.github/workflows/awscleanup.yaml
@@ -0,0 +1,79 @@
+name: Daily AWS Cleanup Bot
+
+# on:
+#   schedule:
+#     - cron: '0 8 * * *'
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+    branches:
+      - awsresourcecleanup
+  push:
+    branches:
+      - awsresourcecleanup
+
+jobs:
+  cleanup:
+    runs-on: linux-amd64-cpu4
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up AWS CLI
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-west-1
+
+      - name: Identify resources running longer than 4 hours
+        id: identify-resources
+        run: |
+          # Find EC2 instances with names ci* running longer than 4 hours
+          running_instances=$(aws ec2 describe-instances \
+            --filters Name=instance-state-name,Values=running Name=tag:Name,Values=ci* \
+            --query "Reservations[*].Instances[?LaunchTime<=\`$(date -u -d '4 hours ago' +%Y-%m-%dT%H:%M:%SZ)\`].InstanceId" \
+            --output text | tr -d '\r' | tr '\n' ' ')
+          echo "Found instances: $running_instances"
+          echo "instances=$running_instances" >> $GITHUB_ENV
+
+          # Find vpcs with names ci*
+          vpcs=$(aws ec2 describe-vpcs \
+            --filters "Name=tag:Name,Values=ci*" \
+            --query "Vpcs[].VpcId" \
+            --output text | tr -d '\r' | tr '\n' ' ')
+          echo "Found VPCs: $vpcs"
+          echo "vpcs=$vpcs" >> $GITHUB_ENV
+
+      - name: Terminate EC2 Instances
+        if: env.instances != ''
+        run: |
+          for instance in $instances; do
+            echo "Terminating instance: $instance"
+            aws ec2 terminate-instances --instance-ids "$instance"
+          done
+
+      - name: Clean up VPCs
+        if: env.vpcs != ''
+        run: |
+          for vpc in $vpcs; do
+            # Check for EC2 instances attached to VPC
+            instances_in_vpc=$(aws ec2 describe-instances \
+              --filters "Name=vpc-id,Values=$vpc" \
+              --query "Reservations[*].Instances[*].InstanceId" \
+              --output text)
+            # if no instance attached delete it
+            if [ -z "$instances_in_vpc" ]; then
+              scripts/awsvpcscleanup.sh $vpc
+            else
+              echo "EC2 instances are still attached to VPC: $vpc. Skipping deletion."
+            fi
+          done
+
+      - name: Post cleanup
+        run: |
+          echo "Cleanup completed."
diff --git a/scripts/awsvpcscleanup.sh b/scripts/awsvpcscleanup.sh
@@ -0,0 +1,117 @@
+#!/bin/bash
+
+if [[ $# -ne 1 ]]; then
+	echo " vpcid required for deletion"
+	exit 1
+fi
+export vpc=$1
+
+echo "Start Deleting  VPC: $vpc resource"
+
+# Delete Internet Gateway
+internet_gateways=$(aws ec2 describe-internet-gateways \
+    --filters Name=attachment.vpc-id,Values=$vpc \
+    --query "InternetGateways[].InternetGatewayId" \
+    --output text | tr -d '\r' | tr '\n' ' ')
+
+for igw in $internet_gateways; do
+    aws ec2 detach-internet-gateway --internet-gateway-id "$igw" --vpc-id "$vpc"
+    aws ec2 delete-internet-gateway --internet-gateway-id "$igw"
+done
+
+# Delete NAT Gateways
+nat_gateways=$(aws ec2 describe-nat-gateways \
+    --filter Name=vpc-id,Values=$vpc \
+    --query "NatGateways[].NatGatewayId" \
+    --output text | tr -d '\r' | tr '\n' ' ')
+for ngw in $nat_gateways; do
+    aws ec2 delete-nat-gateway --nat-gateway-id "$ngw"
+done
+
+# Delete Elastic IPs
+eips=$(aws ec2 describe-addresses \
+  --filters Name=domain,Values=vpc \
+  --query "Addresses[].[AllocationId,Association.VpcId]" \
+  --output text | grep "$vpc" | awk '{print $1}' | tr -d '\r' | tr '\n' ' ')
+for eip in $eips; do
+    aws ec2 release-address --allocation-id "$eip"
+done
+
+# Detach and Delete Security Groups
+security_groups=$(aws ec2 describe-security-groups \
+    --filters Name=vpc-id,Values=$vpc \
+    --query "SecurityGroups[?GroupName!='default'].GroupId" \
+    --output text | tr -d '\r' | tr '\n' ' ')
+for sg in $security_groups; do
+    enis=$(aws ec2 describe-network-interfaces \
+        --filters Name=group-id,Values=$sg \
+        --query "NetworkInterfaces[].NetworkInterfaceId" \
+        --output text | tr -d '\r' | tr '\n' ' ')
+    for eni in $enis; do
+        aws ec2 modify-network-interface-attribute \
+            --network-interface-id "$eni" \
+            --groups "$(aws ec2 describe-security-groups \
+                --query 'SecurityGroups[?GroupName==`default`].GroupId' \
+                --output text)"
+    done
+    aws ec2 delete-security-group --group-id "$sg"
+done
+
+# Delete Route Tables , do not delete Main route table
+route_tables=$(aws ec2 describe-route-tables \
+    --filters Name=vpc-id,Values=$vpc \
+    --query "RouteTables[?Associations[?Main==false]].RouteTableId" \
+    --output text | tr -d '\r' | tr '\n' ' ')
+for rt in $route_tables; do
+    associations=$(aws ec2 describe-route-tables \
+        --route-table-ids "$rt" \
+        --query "RouteTables[0].Associations[].RouteTableAssociationId" \
+        --output text | tr -d '\r' | tr '\n' ' ')
+
+    for assoc in $associations; do
+        aws ec2 disassociate-route-table --association-id "$assoc"
+    done
+    aws ec2 delete-route-table --route-table-id "$rt"
+done
+
+# Delete Subnets
+subnets=$(aws ec2 describe-subnets \
+    --filters Name=vpc-id,Values=$vpc \
+    --query "Subnets[].SubnetId" \
+    --output text | tr -d '\r' | tr '\n' ' ')
+
+for subnet in $subnets; do
+    aws ec2 delete-subnet --subnet-id "$subnet"
+done
+
+# Delete Network Interfaces
+eni_ids=$(aws ec2 describe-network-interfaces \
+    --filters Name=vpc-id,Values=$vpc \
+    --query "NetworkInterfaces[].NetworkInterfaceId" \
+    --output text | tr -d '\r' | tr '\n' ' ')
+for eni in $eni_ids; do
+    aws ec2 delete-network-interface --network-interface-id "$eni"
+done
+
+echo "All resource Deleted for VPC: $vpc , now delete vpc" 
+
+attempts=0
+# try 3 times with 5 minutes interval
+while [ $attempts -lt 3 ]; do
+    echo "Attempting to delete VPC: $vpc (Attempt $((attempts+1)))"
+    if aws ec2 delete-vpc --vpc-id $vpc; then
+        echo "Successfully deleted VPC: $vpc"
+        break
+    else
+        attempts=$((attempts + 1))
+        if [ $attempts -lt 3 ]; then
+            echo "Failed to delete VPC: $vpc. Retrying in 30 seconds..."
+            sleep 30
+        fi
+    fi
+done
+
+if [ $attempts -eq 3 ]; then
+    echo "Failed to delete VPC: $vpc after 3 attempts. Skipping."
+    exit 1
+fi
