Remove unused EBS volumes

Having old unused EBS volumes laying around is costly and potentially unsafe, but how to know if they can be deleted?

Find unused volumes

Volumes not currently attached to an EC2 instance are available in AWS lingo. Look in the AWS console or use the CLI like so:

        
# auth might vary, this uses a profile in ~/.aws/credentials
aws ec2 describe-volumes \
--profile my-profile \
--region eu-north-1 \
--filters Name=status,Values=available \
--query 'Volumes[].{ID:VolumeId,State:State}' \
--output table
        
        
----------------------------------------
|            DescribeVolumes           |
+------------------------+-------------+
|           ID           |    State    |
+------------------------+-------------+
|  vol-0b7614e452dee66d8 |  available  |
+------------------------+-------------+
        
    

But is it safe to delete?

Maybe your colleague (or yourself from two weeks ago) still needs it? To answer that you would like to know the history of the volume; who created it, who detached it and so on.

For that you need to look in AWS CloudTrail. For the last 90 days you can query it directly like below. Probably it was more then 90 days ago and you wish you had used Narratrail.

        
aws cloudtrail lookup-events \
--profile my-profile \
--region eu-north-1 \
--lookup-attributes 'AttributeKey=EventName,AttributeValue=DetachVolume' \
--query 'Events[?Resources[?ResourceName==`vol-0b7614e452dee66d8`]].CloudTrailEvent' \
--output text | jq .eventTime,.userIdentity
        
        
"2021-07-10T14:13:12Z"
"arn:aws:iam::123456789123:forgetful-joe"
        
    

Alright, so forgetful-joe detached the volume at 2021-07-10 14:13:12. We can now kindly remind him to clean up or delete it, or just do it ourselves.

How does Narratrail help?

If you had been running Narratrail you could've simply searched for 0b7614e452dee66d8 in Slack and seen this directly!