Clean process

Cleaning process

The standard automatic cleaning process is performed every night at 23:00 UTC, on those accounts that are enabled and do not have the cleaning process disabled.

The cleaning process is based on modules, for the different providers and services. For now, the services implemented are as follows:

  • AWS / AMIs

The cleaning process is different depending on the type of object; This service-specific process is described below.

A record of each deleted item is saved in the database, which can be consulted from the Clean LOGs.

AWS Cleanup / AMIs

The AWS AMIs cleanup script will only consider those AMIs made by the backup script (those that begin with BKP-), and those with a "KEEP_UNTIL" field as described below. All other AMIs, created manually or that do not meet this pattern, will not be analyzed. In this case, you can see a list of orphan AMIs from the Compliance, in the "AWS orphan AMIs" report.

For the AWS AMIs limipeza process, the following nomenclature is considered:

  • Archived AMI; It is not deleted. If any of these conditions are true:

    • Both the name and the description can contain the text "[ARCHIVED]"
    • Tag "Archived" with value "yes"

  • AMI with specific expiration; It is deleted after the extracted date based on the following fields: *Text "[KEEP_UNTIL:yyyy-mm-dd]" both in the name and in the description

    • Tag "KEEP_UNTIL" with a date value in the same format as the previous period

  • AMI with retention; is deleted after X days after its creation date; This value is obtained from the following values:

    • Tag "Retention"
    • Tag "Backup"

For all other AMIs, only those that begin with "BKP-" are taken into account; These instances will be deleted: * After X days obtained from the "Backup" tag from its creation date * If they do not have the "Backup" tag, they will be considered orphans and are deleted after 60 days.

Before removing an AMI, check if it is being used by any:

  • Launch configuration
  • Launch template
  • EC2 instance

In this case, a warning is generated in the LOGs table and is not deleted.