AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
EC2 Instances Should Not Be Idle
More Info:
Idle AWS EC2 instances should be stopped or terminated in order to optimize AWS costs.
Risk Level
Low
Address
Cost optimization
Compliance Standards
AWSWAF
Triage and Remediation
Remediation
The best way to remediate this issue is to stop the idle instances. Here are the step by step instructions to remediate this issue in AWS using the AWS console:
- Log in to the AWS Management Console.
- Click on the EC2 service.
- Select the instances that are idle.
- Click on the “Actions” button and select “Instance State” and then click “Stop”.
- In the confirmation dialog box, click “Yes, Stop”.
- Wait for the instances to stop.
- Once the instances have stopped, select them again.
- Click on the “Actions” button and select “Instance Settings” and then click “Change Shutdown Behavior”.
- In the “Change Shutdown Behavior” dialog box, select “Terminate” and then click “Save”.
- Start the instances again when they are required.
By following these steps, you can remediate the EC2 instances that are idle in AWS and ensure that you are not being charged unnecessarily for instances that are not being used.
To remediate the EC2 Instances should not be idle misconfiguration in AWS using AWS CLI, follow these steps:
-
Open the AWS CLI on your local machine.
-
Run the following command to list all the running instances in your AWS account:
aws ec2 describe-instances --filters Name=instance-state-name,Values=running -
Identify the idle instances that have been running for a long time and need to be remediated.
-
To stop the idle instances, run the following command:
aws ec2 stop-instances --instance-ids <instance-id>Replace
<instance-id>with the ID of the idle instance that you want to stop. -
Confirm the action by entering
ywhen prompted. -
After the instance has been stopped, you can start it again using the following command:
aws ec2 start-instances --instance-ids <instance-id>Replace
<instance-id>with the ID of the stopped instance that you want to start. -
Confirm the action by entering
ywhen prompted. -
Repeat steps 4-7 for any other idle instances that need to be remediated.
-
To prevent this misconfiguration from occurring in the future, you can set up CloudWatch alarms to monitor the CPU utilization of your instances and take action if it falls below a certain threshold.
To remediate the issue of idle EC2 instances in AWS using Python, you can follow the below steps:
-
Create a Lambda function in Python that will identify and terminate idle EC2 instances.
-
Use the AWS SDK for Python (Boto3) to access the AWS EC2 service and retrieve the list of instances.
-
For each instance, check its CPU utilization using CloudWatch metrics. If the CPU utilization is below a certain threshold (e.g., 10%), then terminate the instance using the terminate_instances() method.
-
Schedule the Lambda function to run periodically using AWS CloudWatch Events.
Here’s a sample Python code to get you started:
import boto3
def lambda_handler(event, context):
ec2 = boto3.client('ec2')
cw = boto3.client('cloudwatch')
idle_threshold = 10 # Set the idle threshold to 10%
# Get a list of all running instances
instances = ec2.describe_instances(
Filters=[
{'Name': 'instance-state-name', 'Values': ['running']}
]
)
# Check CPU utilization for each instance
for reservation in instances['Reservations']:
for instance in reservation['Instances']:
instance_id = instance['InstanceId']
cpu_utilization = cw.get_metric_statistics(
Namespace='AWS/EC2',
MetricName='CPUUtilization',
Dimensions=[
{'Name': 'InstanceId', 'Value': instance_id}
],
StartTime='2022-02-01T00:00:00Z',
EndTime='2022-02-01T23:59:59Z',
Period=3600,
Statistics=['Average']
)['Datapoints'][0]['Average']
# Terminate idle instances
if cpu_utilization < idle_threshold:
ec2.terminate_instances(InstanceIds=[instance_id])
print(f"Terminated instance {instance_id}")
Note: This is just a sample code and you may need to modify it according to your specific requirements.