Unused AMIs

Amazon Machine Images (AMIs) are templates that contain the software configuration required to launch EC2 instances. While AMIs themselves don't have a direct hourly cost, they incur storage charges through their associated EBS snapshots.

The Problem

Organizations often accumulate AMIs over time due to:

• Automated backup processes creating images before deployments
• Legacy application versions preserved "just in case"
• Development and testing images that are no longer needed
• CI/CD pipelines generating images that are never cleaned up

These unused AMIs continue to incur EBS snapshot storage costs even when they're never used to launch instances.

Detection Method

Starting May 2024, AWS provides a LastLaunchedTime attribute that tracks when an AMI was last used to launch an EC2 instance. unusd.cloud leverages this feature to identify:

1. Never-used AMIs - AMIs created more than 90 days ago that have never been used to launch an instance
2. Stale AMIs - AMIs that haven't been used to launch an instance in the last 90 days

What We Flag

• AMIs owned by your account in the "available" state
• AMIs older than 90 days that have never been used (LastLaunchedTime is null)
• AMIs where the last launch was more than 90 days ago

Potential Savings

AMI storage costs are calculated based on the underlying EBS snapshots:

• EBS Snapshot pricing: ~$0.05 per GB-month (varies by region)
• Multiple snapshots per AMI: One snapshot per block device mapping

For example, a 100 GB AMI costs approximately $5/month in storage fees.

Cleanup Recommendations

Before deregistering an AMI, consider:

1. Check if it's being used as a base image - Other AMIs or Launch Templates might reference it
2. Verify no Auto Scaling Groups depend on it - Check ASG launch configurations
3. Confirm no EC2 Image Builder pipelines use it - Review your image pipelines
4. Document the AMI details - Save the AMI name and configuration for reference

How to Clean Up

Using AWS Console

1. Navigate to EC2 > AMIs
2. Select the unused AMI
3. Choose Actions > Deregister AMI
4. Optionally select "Delete associated snapshots" to also remove the underlying snapshots

Using AWS CLI

# Deregister the AMI
aws ec2 deregister-image --image-id ami-0abcdef1234567890 --region us-east-1

# Delete associated snapshots (optional - check they're not used by other AMIs)
aws ec2 delete-snapshot --snapshot-id snap-0abcdef1234567890 --region us-east-1

Using AWS CLI with automatic snapshot deletion

# Deregister AMI and delete associated snapshots in one command
aws ec2 deregister-image \
    --image-id ami-0abcdef1234567890 \
    --region us-east-1 \
    --delete-associated-snapshots

Note: Snapshots shared with other AMIs will not be deleted even if --delete-associated-snapshots is specified.

Exception Handling

To exclude an AMI from detection, add the configured exception tag to the AMI:

aws ec2 create-tags \
    --resources ami-0abcdef1234567890 \
    --tags Key=unusd,Value=true \
    --region us-east-1

Required Permissions

This feature uses the following IAM permission (already included in the standard spoke role):

- ec2:DescribeImages

This permission is covered by ec2:Describe* in the unusd.cloud spoke role.

Related Resources

• AWS Documentation: Deregister an AMI
• AWS Blog: EC2 simplifies visibility into your active AMIs