AWS

Find and Clean Up Unattached EBS Volumes Across AWS Accounts with CloudQuery

•

Unattached Amazon EBS volumes, marked as “available,” quietly add up your cloud storage costs and carry operational risks. This guide walks through using CloudQuery to find, assess, and safely remove orphaned volumes across multiple AWS accounts and regions with minimal fuss. We cover setting up access, discovering candidates through CloudQuery - no direct AWS CLI required - estimating savings, snapshotting before deletion, and automating cleanup with CloudQuery + SQL for identifying offending volumes.

Why Do Unattached EBS Volumes Pile Up? #

Volumes don’t delete automatically when instances terminate unless you set a specific flag. These orphans linger, accumulating fees based on size and type. Beyond costs, they create inventory noise, increase attack surfaces (forgotten snapshots), and inflate incident response times. CloudQuery helps us see these “lost” volumes clearly across accounts, making cleanup practical rather than guesswork.

Prerequisites and Access Setup #

The CloudQuery AWS Source Integration require the right IAM roles with scoped permissions. For EBS volumes, minimum policies include:

ec2:DescribeVolumes
ec2:DescribeSnapshots
ec2:CreateSnapshot
ec2:DeleteVolume
sts:AssumeRole for cross-account access

Set up CloudQuery Sources per AWS account and enable cross-account access via assumed roles. CloudQuery centralizes all integration data, normalized and ready to query, so there’s no juggling multiple AWS CLI profiles or manual scripts.

Discovering Unattached EBS Volumes With CloudQuery #

Rather than querying each region or account manually, CloudQuery centralizes all of your AWS configuration data in one place, making it easy to get answers. With one SQL query through CloudQuery CLI, retrieve unattached volumes across organizations:

SELECT
 volume_id,
 size,
 create_time,
 availability_zone,
 tags
FROM
 aws_ebs_volumes
WHERE
 state = 'available'
 AND NOT tags ? 'DoNotDelete'
 AND create_time < current_date - interval '7 days'
ORDER BY create_time ASC;

This query filters unattached volumes older than a week and excludes those tagged to avoid deletion. CloudQuery normalizes data from all AWS accounts and regions configured as Sources, making this audit effortless at scale.

Organization-Wide Scanning #

CloudQuery automates multi-account, multi-region scans through configured Sources linked to AWS Organizations accounts. Just one query above covers the entire estate. No more looping AWS CLI calls or juggling credentials, CloudQuery handles cross-account data aggregation with built-in role assumptions and region discovery.

Estimating Cost Savings and Setting Cleanup Policies #

Use CloudQuery to calculate monthly cost per volume type and size by joining EBS volume data with pricing tables you maintain or import:

SELECT
 volume_id,
 size,
 storage_cost_gb * size AS monthly_cost_estimate
FROM
 aws_ebs_volumes
JOIN aws_ebs_pricing ON volume_type = pricing_volume_type
WHERE
 state = 'available';

Set policies in your cleanup playbook: snapshot first, delete only after backup completion, and exclude volumes tagged critical.

Automating Snapshot and Deletion Workflows #

CloudQuery can trigger automation outside metadata queries. Export volume IDs flagged for cleanup to the destination of your choice using CloudQuery CLI

cloudquery query volumes_to_cleanup.sql --output json > volumes_to_cleanup.json

Use these IDs as input for AWS Systems Manager Automation Documents, Lambda functions, or Step Functions orchestrating:

Snapshot creation for volumes to preserve data.
Snapshots verification or wait conditions.
Volume deletion commands.

Trigger workflows based on CloudQuery discoveries for tightly-coupled automation.

Next Steps #

Once you’ve built the workflow, you can use it to continuously monitor your AWS environment for savings opportunities. Here are a few examples.

Scheduling Scans and Alerting #

EventBridge rules schedule periodic CloudQuery syncs and scans. When unattached volumes exceed thresholds, SNS topics trigger notifications or ticket openings. CloudQuery integrates easily with these AWS services, pushing inventories into your preferred alerting workflow with minimal glue code.

Reporting With S3, Athena, and QuickSight #

CloudQuery lets you output scan results to S3 in structured formats. Athena queries on this data support advanced analytics, and QuickSight dashboards monitor volume trends and cleanup activity over time.

Continuous Compliance With CloudQuery and AWS Config #

Augment CloudQuery findings with AWS Config rule ec2-volume-in-use-check to enforce unattached volume monitoring. Employ tagging standards within CloudQuery query filters and periodic audits to ensure exceptions are intentional and documented.

By leveraging CloudQuery’s centralized, normalized cloud inventory and querying power, cleaning unattached EBS volumes across complex AWS organizations turns from a slog into a repeatable, auditable process. Combining CloudQuery’s data with AWS automation tools like SSM and EventBridge forms a practical guardrail, cutting costs and tidying cloud estates without high-maintenance scripting or costly manual checks.

If detailed examples linking CloudQuery SQL scripts to automation triggers or demo repos would help, just ask. CloudQuery keeps multi-account cleanup safer, smarter, and easier.

Ready to get started? The first step is to download CloudQuery and create an account. During the 14-day trial period, you can sync unlimited rows, using any of our premium plugins, like AWS or PostgreSQL. You can also identify more first actions in our list of AWS Quick Wins.

Frequently Asked Questions #

What’s involved in finding unattached EBS volumes across AWS accounts using CloudQuery? With CloudQuery, you discover unattached EBS volumes by syncing volume data from all your AWS accounts and regions into your preferred database, then running queries to filter for volumes in the "available" state. This process bypasses manual account-by-account scans, saving time and ensuring you can review unattached volumes organization-wide with straightforward SQL.

What IAM permissions are required for CloudQuery to manage EBS volumes safely? To discover and clean up unattached EBS volumes, CloudQuery needs IAM policies like ec2, ec2, ec2, ec2, and sts for cross-account access. Restricting permissions to read-only for discovery and enabling creates/deletes for authorized automation is recommended for security compliance.

How do I estimate the potential savings from cleaning up unattached EBS volumes? CloudQuery lets you join inventory queries with EBS pricing tables, multiplying the size of each unattached volume by its per-GB pricing. For example, a gp3 volume at 100GB with $0.08/GB per month costs $8/month when unattached. You can easily aggregate this data to understand your monthly waste and prioritize cleanup.

Is it possible to automate EBS volume cleanup—snapshot, delete, and report—in CloudQuery workflows? Yes. CloudQuery exports flagged volume IDs for automation with AWS tools like Systems Manager Automation, Lambda, and Step Functions. You can trigger snapshots before deletion for recovery, monitor process status, and send logs/results to S3 for analysis with Athena and QuickSight dashboards.

How can I ensure my environment stays clean in the future after an initial cleanup? Continuous monitoring is enabled by combining CloudQuery queries with AWS Config rules (like ec2-volume-in-use-check). Tagging standards for exception handling, scheduled event-driven scans, and integration with alerting tools help prevent regressions. Regular review and automation are key for ongoing compliance and cost optimization