Invitation Digital Tech Blog

Building Scalable & Responsive Architecture


Automating the deletion of Application Versions in AWS

If, like us, you have a Continuous Integration (CI) service that runs all day, you can soon find that you’ve reached the Application Version limit in AWS of 1000. This can be a chore to resolve as it requires going into each Application, checking the tick box of any Application Versions you want to delete, before finally deleting. More than a couple of Applications and this can get pretty boring really fast! However by using the AWS Tools for Windows PowerShell, a PowerShell command can make this a thing of the past.

Firstly, you’ll need to ensure you have the AWS Tools For Windows PowerShell installed and configured.

Then by running the following command you can delete any Application Versions older than 5 days and their associated source bundle from S3:

Get-EBApplication | Get-EBApplicationVersion | Where {$_.DateCreated -lt (Get-Date).AddDays(-5)} | Remove-EBApplicationVersion -DeleteSourceBundle $true -Force

A point worth noting. If you have multiple accounts in AWS, make sure you are running this against the correct account you want to delete the Application Versions from. If in doubt, adding --profile NameOfProfile at the end of the command will specify the profile to run this against. Additionally, you can run the following cut down version of the PowerShell command to list the Application Versions that would meet the criteria, but not delete them:

Get-EBApplication | Get-EBApplicationVersion | Where {$_.DateCreated -lt (Get-Date).AddDays(-5)}

To make this a complete automated solution, this has been integrated into our CI service (in our case TeamCity).

To get this to run in TeamCity, the first thing to do was to ensure that the AWS credentials for the Build Agent service were correctly configured (if you run the agent as a different user).

When running this through TeamCity you will need to add the following to the PowerShell script:

Set-AWSCredentials -ProfileName NameOfProfile

This allows you to read the credentials of the profile you created for the Build Agent user securely into the shell and means you don’t have to supply credential data on a per-cmdlet basis. And you don’t have your Access Key and Secret Key stored in your script, a very bad idea!

Create a new Build Step in a TeamCity Build Configuration, choosing the PowerShell runner type with the PowerShell entered as follows:

PowerShell to delete old Application Versions

Finally, schedule this to trigger on a weekly basis:

PowerShell trigger in TeamCity

For reference, if you get an error like Set-AWSCredentials : Unable to load stored credentials for profile when running this through TeamCity, it means you haven’t got the AWS credentials correctly configured, and it hasn’t created the profile in the AWS SDK store.

And there we have it, no more failed deployments due to reaching the Application Version limit in AWS. And no more ticking check boxes!