> Expert > Backup and Restore Agents > Virtualization > Virtual Server Agent > Amazon EC2 > Troubleshooting

Automated AMI and EBS Snapshot Cleanup for Amazon EC2

Updated

The Commvault software uses Amazon EBS snapshots and EBS-based Amazon Machine Images (AMIs) to protect your Amazon EC2 instances and associated EBS volumes. In certain conditions, changes made to your Amazon EC2 compute environment or to your Commvault EC2 protection can result in orphaned AMIs or EBS snapshots in your account. To reduce charges to your AWS account, every 6 hours, the Commvault software checks your AWS accounts for orphaned AMIs and EBS snapshots and deletes them.

Conditions That Can Cause Orphaned Resources

The following conditions can result in orphaned resources (AMIs, EBS snapshots) in your accounts:

  • A protected Amazon EC2 instance is terminated from the Amazon EC2 management console, SDK, or API.

  • A protected Amazon EC2 instance is removed (excluded) from a Commvault VM group that has existing backups.

  • A Commvault Amazon EC2 VM group is deleted.

  • The Commvault Amazon EC2 backup type is changed from streaming to IntelliSnap.

Considerations

  • Orphaned resource cleanup does not apply to IntelliSnap backups, only to streaming backups.

  • Orphaned resource cleanup does not apply to other AWS workloads (Amazon Aurora, Amazon DocumentDB, Amazon RDS, and so on), only to Amazon EC2.

  • Orphaned resource cleanup cannot be disabled.

System Requirements

Orphaned resource cleanup is supported on the following access node operating systems and processor architectures:

Operating system

Processor architectures

Amazon Linux 2023 AMI

  • 64-bit (Arm)

  • 64-bit (x86)

Microsoft Windows Server 2022

64-bit (x86)

IAM Permission Requirements

The Commvault software uses the IAM credentials configured on your AWS accounts to perform orphaned resource cleanup. No additional permissions are required.

Orphaned Resource Cleanup Process

The Commvault software performs the following process in your AWS accounts to detect and delete orphaned resources:

  1. Every 6 hours, connect to the AWS account (that is, the Amazon EC2 hypervisor) and check for orphaned AMIs and Amazon EBS snaphots in the regions that are configured on the hypervisor.

  2. If an orphaned resource is found and if the age of the resource is equal to or greater than the retention days setting, delete the resource. (The retention days setting is nSnapshotRetentionDays. The default value is 15 days.)

Configuring the Retention Days Setting (nSnapshotRetentionDays)

To change the default number of days (15) that resources, including orphaned resources, are retained in your AWS account, add the nSnapshotRetentionDays setting to the Commvault access nodes that protect your Amazon EC2 instances.

  1. From the Command Center navigation pane, go to Manage > System.

  2. Click the Settings tile.

    The Settings page appears.

  3. Click Add, and then select Entity settings.

    The Add entity settings dialog box appears.

  4. For Name, enter nSnapshotRetentionDays.

  5. For Entity, select the Amazon EC2 access node.

  6. For Category, select VirtualServer.

  7. For Type, select String.

  8. In the Value box, enter the number of days to retain resources.

  9. In the Comment box, enter an explanation for the change.

  10. Click Save.

Troubleshooting the Orphaned Resource Cleanup Process

The orphaned resource cleanup process logs its activity at the default log level to the following log files:

  • evmgrs.log (CommServe server)

  • vscleanup.log (access node for a hypervisor)

A successful cleanup execution can be observed on the CommServe server (evmgrs.log):

### runVMInfoRefreshThread() - Virtual Machine Discovery for instance [936], client [6487]. 

### getVirtualServerManualDiscovery() - Trying Discovery on preferred Member server with Client Id:[4777] 

### getVirtualServerManualDiscovery() - Discovery on Physical client:[4777] Succeeded.

A successful cleanup of a single Amazon EC2 hypervisor can be observed on the access node (vscleanup.log): 

### VSCleanupAccount::Initialize() - nCleanupAccountResourceWaitTime additional setting is set to [5] mins – Default  6 hours 

### VSCleanupAccount::RegisterAccount() - Registered account for cleanup for client [6487] instance [936] 

### VSCleanupAccount::MonitorAccount() - Monitor account and schedule resource cleanup 

### VSCleanupService::MonitorJobs() - Monitoring jobs.. 

### VSCleanupAccount::MonitorAccount() - Account [6487_936] wait time [5] mins elapsed, current time [2024/04/05 22:51:13.307752Z] last cleanup time [Clear] 

### CvNetworkPool::initNetworkPool() - Creating the control thread 

### CAmazonInfo::Connect() - Connecting to Url=[default], user name[arn:aws:iam::123456789102:role/Commvault/CommvaultCloudRestrictedRole] 

### AmazonCompute::CleanupStaleCBTSnapshots() - Read additional setting [nSnapshotRetentionDays] : [3] 

### AmazonCompute::CleanupStaleCBTSnapshots() - CBT Snapshots older than [3] days will be considered stale and will be deleted  -> – Default  15 days 

### AmazonCompute::CleanupStaleCBTSnapshots() - Deleting AMI [ami-00e2f83adf3c9eb68] in region [us-east-1] 

### AmazonCompute::CleanupStaleCBTSnapshots() - Deleting AMI [ami-0e6e65d8c1b37aa0f] in region [us-east-1] 

### AmazonCompute::CleanupStaleCBTSnapshots() - Deleting snapshot [snap-0b53953a5c1f43d67] in region [us-east-1] 

### AmazonCompute::CleanupStaleCBTSnapshots() - Deleting snapshot [snap-0006e9dd885fddabb] in region [us-east-1] 

### AmazonCompute::CleanupStaleCBTSnapshots() - Deleting snapshot [snap-04160836a9b9aa772] in region [us-east-1]