A simple approach to delete AWS resources with Ansible

Networking, Cloud & Automation
3 min readAug 25, 2021

Are you afraid of looking at your AWS Billing & Cost Management dashboard?

In this fourth and last part of this post series, we describe how we can delete all the AWS infrastructure resources — we previously created with Ansible — when we no longer need them, and therefore to stop paying for them.

This is a four-part blog post series that covers:

  1. Use-case description
  2. Automating Infrastructure Provisioning
  3. Delivering an Application Deployment Environment
  4. Releasing Cloud resources
original artwork Gary Chan

Closing the gates of cloud resource utilization

As discussed in How to consistently run temporary workloads on AWS and save money, automating the life cycle of your cloud-based infrastructure can translate into big time savings.

There are different ways to delete all the resources we create to keep our bill under control. The approach we cover here is one alternative that works well for AWS. As you read this post, you will notice how important is to label AWS resources with one or more tags.

The goal is to eliminate the AWS resources we are no longer using, without accidentally deleting more than we should. Other Cloud Providers make this task simpler, but that’s a topic for a different post.

Below are the tasks we went through to set up our environment:

  1. Create SSH Key Pair
  2. Create VPC
  3. Create Security Group
  4. Create Subnet
  5. Create Internet Gateway
  6. Create Route Table
  7. Provision EC2 Instance

Now, in order to delete these resources, we can invert the order of operation and change the desired state to absent instead. Let’s look at this.

Delete EC2 instance

Probably the most important resource we need to clean up is the virtual machine (VM) we created. We use the same Ansible module as before (ec2_instance), but instead of the default state of present, we choose absent. This a pattern you will see in the next tasks as well.

We identify the VM by its name and the tag(s) we used to label all the resources for this exercise (Environment).

Delete EC2 instance(s)

Seach VPC

To delete networking resources, we need to provide the ID of the VPC they are part of. You can get the VPC ID with the Ansible module ec2_vpc_net_info. It returns the VPC information of every VPC labeled with our tag (Environment). We store this data into the variable all_vpcs.

Get VPC deltails

Route Table

With the VPC ID at hand, we follow again the same pattern as before for the next couple of steps, where we use the same Ansible module we used to provision a resource, to delete it by switching the state to absent.

Delete Route Table

Internet Gateway

Delete Internet Gateway

Subnet

Delete Subnet

Security Group

To delete a Security Group, you need to provide its ID. You can use the Ansible module ec2_group_info first to get the Security Group ID, and then module ec2_group to delete it.

Delete Security Group

Delete VPC

With all its resources deleted, you can now remove the VPC.

Delete VPC

SSH Key Pair

Last, but not least, you can remove the SSH Key Pair generated to connect to the VM.

Delete SSH Key Pair

Execution

To run these steps, use the ansible-playbook command pointing to delete-EC2-testbed.yml (repository). By default, it will only remove the VM and leave the rest of logical resources in place to re-use them on the next run. To delete these as well, you need to set the variable delete as true, like in the example below.

ansible-playbook delete-EC2-testbed.yml -v --extra-vars "delete=true"

Conclusions

You can now rinse and repeat. Next time you need the resources, you can run the create playbook and then clean up the environment with the delete playbook again.

Thank you very much for reading this far. This blog series turned out to be longer than I expected. I hope it was helpful to you.

--

--

Networking, Cloud & Automation

Proud dad working at Red Hat (CCIE, CCDE). Sharing content I create about: networking, automation, programming, golang, ipv6, and open source software.