How to Manage AWS IAM User Permissions with AWS CLI
Learn to update AWS IAM permissions and manage groups using the AWS CLI. Simplify your AWS management with these essential commands.
Patrick Londa
Author
Jan 4, 2022
•
5
min read
Share this post
If you're using AWS without regularly checking for and removing unattached AWS resources, you may be incurring unnecessary costs. Amazon charges based on the entire pool of resources you have access to, not just based on which resources are actively in use. Performing periodic checks on your resources during and after development is essential to good AWS hygiene and can help lower overhead.
The three resources most likely to be overlooked are EBS volumes, ENIs, and NAT gateways. Here are three quick checks you can perform to ensure you're not swimming in excess resources, along with instructions on removing any extra resources you may uncover while performing these checks.
It’s important to note that you’ll need to run each check for as many regions as you are running in or have run resources in. Ok, let’s dive in.
Finding and Removing All Unattached EBS Volumes
Blink Automation: Detect Unattached EBS Volumes and Delete Them
In the navigation panel on the left side of the screen, under Elastic Block Store, select Volumes.
This page lists all of your EBS volumes. Look in the State column, which will show the status of each volume.
If the status of an EBS volume is listed as Available, then the volume isn't currently attached.
Select an unused volume, select Actions, then Delete Volume.
The console will ask for confirmation. If you're sure that you don't need this volume, click Delete.
Note that it is not possible to delete an attached volume. If your AWS services are running as expected and it's possible to delete a volume, that volume likely should be deleted.
Finding and Removing All Unattached ENI Volumes
Blink Automation: Find EC2 Instances with More than One ENI Volume and Send Email
Here are the eleven steps to manually find and remove any unused NAT gateways and release any Elastic IPs associated with them.
Open the AWS VPC console.
In the navigation panel on the left side of the screen, click on NAT Gateways. This page lists all of your NAT gateways.
Click on a specific "NAT Gateway ID" and scroll down to the "Monitoring" section to view its usage over the last 7 days.
Any gateways with average "BytesOutToDestination" of zero over the last 7 days can be considered unused and subject to removal.
Click on the Details tab for any available NAT gateways. Note the name of the EIP associated with the NAT gateway you wish to delete, as you may be able to release the EIP after deleting the NAT gateway.
Click the radio button for the NAT Gateway you wish to delete, then click Actions, and Delete NAT gateway.
A confirmation box will appear. Type delete, and then click Delete.
If you will not need the Elastic IP associated with that NAT Gateway, you can safely release that EIP, further saving resources.
To release the EIP associated with the now-deleted NAT Gateway, click Elastic IPs.
Select the Elastic IP you wish to release, and then click Actions, Release Elastic IP addresses.
A confirmation dialog box will appear. Click Release.
Alternatively, you can release the EIP through the command line. There are four different ways to release an elastic IP address using the command line, depending on your setup. If you're using AWS CLI and EC2-Classic, open your terminal and use the command:
If you run resources in multiple regions, then running each of these checks multiple times on a regular basis might seem impractical or inefficient. When you create a free Blink account, you can schedule these resource checks using pre-built automations. Check multiple regions and multiple resource types in a few clicks.