AWSConfigRemediation-DeleteUnusedEBSVolume
Description
The AWSConfigRemediation-DeleteUnusedEBSVolume
runbook deletes an
unused Amazon Elastic Block Store (Amazon EBS) volume.
Document type
Automation
Owner
Amazon
Platforms
Linux, macOS, Windows
Parameters
-
AutomationAssumeRole
Type: String
Description: (Required) The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows Systems Manager Automation to perform the actions on your behalf.
-
CreateSnapshot
Type: Boolean
Description: (Optional) If set to
true
, the automation creates a snapshot of the Amazon EBS volume before it is deleted. -
VolumeId
Type: String
Description: (Required) The ID of the Amazon EBS volume that you want to delete.
Required IAM permissions
The AutomationAssumeRole
parameter requires the following actions to
use the runbook successfully.
-
ssm:StartAutomationExecution
-
ssm:GetAutomationExecution
-
ec2:CreateSnapshot
-
ec2:DeleteVolume
-
ec2:DescribeSnapshots
-
ec2:DescribeVolumes
Document Steps
-
aws:executeScript
- Verifies the Amazon EBS volume you specify in theVolumeId
parameter is not in use, and creates a snapshot depending on the value you choose for theCreateSnapshot
parameter. -
aws:branch
- Branches based on the value you chose for theCreateSnapshot
parameter. -
aws:waitForAwsResourceProperty
- Waits for the snapshot to complete. -
aws:executeAwsApi
- Deletes the snapshot if the snapshot creation failed. -
aws:executeAwsApi
- Deletes the Amazon EBS volume you specify in theVolumeId
parameter. -
aws:executeScript
- Verifies the Amazon EBS volume has been deleted.