Automated Cleanup of Unused AWS Cloud Formation Resources Using AWS Resource Tags and Lambda Functions
Automated Cleanup of Unused AWS Cloud Formation Resources Using AWS Resource Tags and Lambda Functions
Volume 10, Issue 1, January – 2025 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165 https://doi.org/10.5281/zenodo.14885967
Automated Cleanup of Unused AWS Cloud
Formation Resources Using AWS Resource
Tags and Lambda Functions
Prudhveer Reddy Kankar
DevOps Engineer
Publication Date: 2025/02/18
Abstract: The AWS cloud platform has experienced rapid growth due to its expanding features and support for on-demand
access to compute, storage, networking, and virtualization. AWS CloudFormation is a service that enables developers and
busi- nesses to create, provision, and manage a collection of related AWS and third-party resources in an orderly and
predictable manner. AWS CodePipeline can be utilized to deploy AWS CloudFormation stacks, enhancing continuous
integration and continuous delivery (CI/CD) capabilities. Companies often use multiple AWS accounts for different
environments and deploy resources across them. As part of the CI/CD process, a central AWS account is used to deploy
CloudFormation stacks to other accounts using AWS CodePipeline. However, when an application is no longer needed,
there is no straightforward way to use the centralized account to delete the unused CloudFormation resources. While
CloudFormation stacks can be updated and modified from the central account using AWS CodePipeline, deleting them
remains a challenge. This paper discusses an approach to address this issue using CloudFormation tags and AWS Lambda.
Keywords: AWS Code Pipeline, AWS Lambda, CI/CD, Cloud Resource Management, Tags, Automation, AWS Cleanup Processes,
Software Development Processes.
How to Cite: Prudhveer Reddy Kankar. (2025). Automated Cleanup of Unused AWS Cloud Formation Resources Using AWS
Resource Tags and Lambda Functions. International Journal of Innovative Science and Research Technology,
10(1), 2563-2564. https://doi.org/10.5281/zenodo.14885967.
I. INTRODUCTION II. METHODOLOGY
AWS CodePipeline is a native AWS service widely CloudFormation templates are JSON or YAML files
used in CI/CD processes. It allows the deployment of AWS that define all the resources required by an application. AWS
Cloud- Formation stacks across multiple AWS accounts from resources can be tagged using custom key-value pairs. This
a single centralized account. Companies typically use method suggests using CloudFormation tags to identify and
different AWS accounts for various environments, such as delete deployed stacks. A custom tag with the application
development, infrastructure, testing, and production. AWS name should be added to the CloudFormation stack template.
CodePipeline can be connected to a source, such as GitHub, A Lambda function needs to be created in the central account
containing the AWS CloudFormation template and its with the following functionality: the function should connect
associated resources. Whenever a change is made to the to the CloudFormation client in all the accounts where the
source, AWS Code- Pipeline automatically updates the CloudFormation resources have been deployed using the STS
CloudFormation resources in multiple accounts. In real-life assume role functionality. It should be able to take the
production scenarios, these stacks can deploy a significant applica- tion name as input, search for all the CloudFormation
number of resources, such as ECS, VPC, and S3, which are stacks in the AWS accounts using boto3 that have that
cost-intensive. While creating and updating CloudFormation particular application name as a tag, identify the specific
resources using CodePipeline is straightforward, deleting the stack, and delete it as necessary.
resources when they are no longer needed is not. This paper
presents an approach to delete CloudFormation stacks using In [2], researchers discuss the integration of AWS
CloudFormation tags. Lambda with CI/CD pipelines for automating resource
management tasks, which further validates the proposed
According to [1], tagging AWS resources is considered methodology.
one of the best practices for efficient resource management,
which aligns closely with the automated cleanup process
described in this paper.
IJISRT25JAN1657 www.ijisrt.com 2563
Volume 10, Issue 1, January – 2025 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165 https://doi.org/10.5281/zenodo.14885967
III. IMPLEMENTATION includes handling partial deletions and ensuring
idempotency.
Whenever an application is no longer needed, the Resource Dependencies: Some resources may have de-
application name can be passed to the Lambda function, pendencies that need to be carefully managed during
which will delete all the stacks in all the accounts. This deletion to avoid breaking other services. Using the
approach helps reduce the cost of unused resources, DependsOn at- tribute in CloudFormation can help
especially when an application is deployed to a large number manage these dependencies.
of accounts, eliminating the need to manually delete the Security Considerations: Ensuring that the Lambda
stacks. function and associated resources are secure and follow
best practices for AWS security is vital. This includes
In my experience, we faced a similar challenge of encrypting sensitive data and using secure
managing and deleting unused AWS CloudFormation communication channels [5].
resources across multiple AWS accounts. We implemented
the proposed solu- tion using CloudFormation tags and AWS V. RELATED WORK
Lambda. Here is a step-by-step overview of our
implementation: Several studies and implementations have explored the
use of AWS CloudFormation, AWS CodePipeline, and AWS
Tagging CloudFormation Stacks: We added a custom tag Lambda for managing cloud resources. These resources pro-
with the application name to each CloudFormation stack vide valuable insights into the capabilities and best practices
template deployed across various AWS accounts. for using AWS services in CI/CD processes. For instance, [6]
Creating the Lambda Function: We developed a Lambda discusses best practices for managing AWS resources in a
function in the central AWS account. This function multi-account environment, which supports the techniques
connects to the CloudFormation client in all the accounts detailed in this paper.
using the STS assumed role functionality.
Searching and Deleting Stacks: The Lambda function VI. CONCLUSION
takes the application name as input, searches for all the
CloudFormation stacks with that tag using boto3, This paper presents a method to clean up unused AWS
identifies the specific stacks, and deletes them as CloudFormation resources in AWS accounts using
necessary. CloudFormation tags and AWS Lambda. By leveraging
Automating the Process: We automated the process by custom tags and a centralized Lambda function, companies
integrating the Lambda function with our CI/CD pipeline. can efficiently manage and delete unused resources, thereby
Whenever an application is no longer needed, the reducing costs and improving resource management.
application name is passed to the Lambda function, which
then deletes all the related stacks in all the accounts. REFERENCES
This implementation has significantly reduced the cost [1]. AWS Documentation. "Tagging AWS Resources."
of unused resources and improved our resource management Available:
efficiency. Research findings in [3] emphasize the https://docs.aws.amazon.com/general/latest/gr/aws_ta
importance of automation in reducing operational costs in gging.html, Accessed: Jan. 23, 2021.
cloud environments, which aligns with our results. [2]. S. S. Gill, I. Chana, M. Singh, and R. Buyya,
"Efficient Management and Allocation of Resources
IV. POTENTIAL CHALLENGES in Serverless," IEEE Transactions on Cloud
Computing, vol. 7, no. 4, pp. 1006-1019, 2019.
Implementing this Solution Comes with its Own Set of [3]. S. S. Gill, I. Chana, and R. Buyya, "Modeling and
Challenges: Optimization of Performance and Cost of Serverless
Computing," IEEE Transactions on Cloud
Rate Limiting and Throttling: AWS services have rate Computing, vol. 9, no. 3, pp. 964-977, 2021.
limits that can cause throttling issues when making a large [4]. AWS Documentation. "Error Retries and Exponential
number of API calls in a short period. This can be Backoff in
mitigated by implementing exponential backoff and retry AWS."Available:https://docs.aws.amazon.com/gener
mechanisms [4]. al/latest/gr/api-retries.html, Accessed: Jan. 23, 2021.
Cross-Account Permissions: Ensuring that the Lambda [5]. J. Li, L. Yu, J. Zhang, and Z. Li, "A Survey of Security
function has the necessary permissions to assume roles in Cloud Computing," IEEE Access, vol. 6, pp. 64724-
and perform actions across multiple AWS accounts can 64736, 2019.
be com- plex. Proper IAM role configurations and trust [6]. M. Ali, A. R. Butt, and M. F. Younis, "Resource
relationships are essential. Management and Allocation in Multi-Cloud
Error Handling and Logging: Robust error handling and Environments: A Survey," IEEE Access, vol. 8, pp.
logging mechanisms are crucial to identify and 23524-23542, 2020.
troubleshoot issues during the deletion process. This
