-
-
Save jdowning/5921369 to your computer and use it in GitHub Desktop.
| #!/bin/bash | |
| # This script cleans up your EC2 instance before baking a new AMI. | |
| # Run the following command in a root shell: | |
| # | |
| # bash <(curl -s https://gist.github.com/justindowning/5921369/raw/ami-clean.sh) | |
| function print_green { | |
| echo -e "\e[32m${1}\e[0m" | |
| } | |
| print_green 'Clean Apt' | |
| apt-get -y autoremove | |
| aptitude clean | |
| aptitude autoclean | |
| print_green 'Remove SSH keys' | |
| [ -f /home/ubuntu/.ssh/authorized_keys ] && rm /home/ubuntu/.ssh/authorized_keys | |
| print_green 'Cleanup log files' | |
| find /var/log -type f | while read f; do echo -ne '' > $f; done | |
| print_green 'Cleanup bash history' | |
| unset HISTFILE | |
| [ -f /root/.bash_history ] && rm /root/.bash_history | |
| [ -f /home/ubuntu/.bash_history ] && rm /home/ubuntu/.bash_history | |
| print_green 'AMI cleanup complete!' |
you really want to also clean up cloud-init cache :
test -d /var/lib/cloud && /bin/rm -rf /var/lib/cloud/*
persistent "rules" in udev
test -f /etc/udev/rules.d/70-persistent-net.rules && /bin/rm /etc/udev/rules.d/70-persistent-net.rules
This effects vmware more then AWS
I'd also suggest replace aptitude clean with apt-get clean since aptitude is not installed by default
also depending on what you have installed check /var/cache/ for crap
( and since your running this as root it is best practice to use full paths for commands )
Also maybe delete generated rsa keys (Debian)
shred -u /etc/ssh/*_key /etc/ssh/*_key.pub
Any suggestion how can we execute this script automatically on Ec2 instance once the provisioning is done? Also, is it okay to clean the cloud-init cache from within the user-data script?
Thanks for sharing.