How to delete dynamic AWS EC2 instances that constantly churn in and out

I’m new to BigFix/ILMT and working on an issue caused by the constant churn of AWS EC2 instances that dynamically spin up and down. I get left with hundreds of “stale” computers a day.

Chef is installing BigFix when the instance is deployed. Then, at any time, the instance can be destroyed, which does not remove the Computer from the BigFix console. BigFix is seeing all these stale computers, and the active ones, with the same Computer Name, so when I try to look up the ComputerID via the Computer Name, it will show up with many many Computer ID’s for that name.


<Query Resource="(id of it) of bes computers whose (hostname of it as string = “”)">


I was hoping to take an attribute from the EC2 instance, the instance-id, and use that to query for the ComputerID. The instance-id will be a unique identifier. I’m trying to determine how to get that info into the bigfix console with what is already on the EC2 instance by default.

On the EC2 Instance itself, you can run a ‘curl’ that will return the ID. A GET works the same as well. Example;

[ec2-user@ip-10-200-190-2 ~]$ curl

Is there a way to get that to run on each machine and then populate the result in the BigFix console that I can then use to determine it’s ComputerID so I can use a REST API to then delete it.

I’ve been searching around and can’t find any similar posts/info so far. I know we can’t be the only ones that have this. So, maybe i’m just missing some other, better, option here? I don’t want to age them out too quickly, as I don’t want to loose track of clients that could ‘break’ for other reasons.

Still working on this. I did create a Analyses that will pick up the EC2 Instance ID from a file on the instance and pull that in. I was hoping to be able to use that, to then query for the ComputerID, and then delete via REST API.

What about using the BF Computer remover?

fermt - I considered it, however there are a few drawbacks I see.

1 - We have a LOT of churn, nearly 1000 clients just over the weekend that no longer exist.
2 - Due to that, I would feel the cleanup would need to happen at least once a day. That will also clean up valid entries for Servers that stopped reporting for any number of “normal” reasons. Like, it being offline temporarily, if the client was corrupt, etc.

So, mainly with the remover, I just fear valid machines will slip through the cracks. It is my fall back though, if all else fails.

Thanks for the reply!

Actually maybe I need to read that a bit better… So, it will removed duplicate computers, maybe that is actually what i need.