EC2 Instances Should Not Be Idle

More Info:

Idle AWS EC2 instances should be stopped or terminated in order to optimize AWS costs.

Risk Level

Low

Address

Cost optimization

Compliance Standards

AWSWAF

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the EC2 Instances should not be idle misconfiguration in AWS using AWS CLI, follow these steps:

Open the AWS CLI on your local machine.
Run the following command to list all the running instances in your AWS account:
```
aws ec2 describe-instances --filters Name=instance-state-name,Values=running
```
Identify the idle instances that have been running for a long time and need to be remediated.
To stop the idle instances, run the following command:
```
aws ec2 stop-instances --instance-ids <instance-id>
```
Replace <instance-id> with the ID of the idle instance that you want to stop.
Confirm the action by entering y when prompted.
After the instance has been stopped, you can start it again using the following command:
```
aws ec2 start-instances --instance-ids <instance-id>
```
Replace <instance-id> with the ID of the stopped instance that you want to start.
Confirm the action by entering y when prompted.
Repeat steps 4-7 for any other idle instances that need to be remediated.
To prevent this misconfiguration from occurring in the future, you can set up CloudWatch alarms to monitor the CPU utilization of your instances and take action if it falls below a certain threshold.

Using Python

To remediate the issue of idle EC2 instances in AWS using Python, you can follow the below steps:

Create a Lambda function in Python that will identify and terminate idle EC2 instances.
Use the AWS SDK for Python (Boto3) to access the AWS EC2 service and retrieve the list of instances.
For each instance, check its CPU utilization using CloudWatch metrics. If the CPU utilization is below a certain threshold (e.g., 10%), then terminate the instance using the terminate_instances() method.
Schedule the Lambda function to run periodically using AWS CloudWatch Events.

Here’s a sample Python code to get you started:

import boto3

def lambda_handler(event, context):
    ec2 = boto3.client('ec2')
    cw = boto3.client('cloudwatch')
    idle_threshold = 10 # Set the idle threshold to 10%
    
    # Get a list of all running instances
    instances = ec2.describe_instances(
        Filters=[
            {'Name': 'instance-state-name', 'Values': ['running']}
        ]
    )
    
    # Check CPU utilization for each instance
    for reservation in instances['Reservations']:
        for instance in reservation['Instances']:
            instance_id = instance['InstanceId']
            cpu_utilization = cw.get_metric_statistics(
                Namespace='AWS/EC2',
                MetricName='CPUUtilization',
                Dimensions=[
                    {'Name': 'InstanceId', 'Value': instance_id}
                ],
                StartTime='2022-02-01T00:00:00Z',
                EndTime='2022-02-01T23:59:59Z',
                Period=3600,
                Statistics=['Average']
            )['Datapoints'][0]['Average']
            
            # Terminate idle instances
            if cpu_utilization < idle_threshold:
                ec2.terminate_instances(InstanceIds=[instance_id])
                print(f"Terminated instance {instance_id}")

Note: This is just a sample code and you may need to modify it according to your specific requirements.

Additional Reading:

https://aws.amazon.com/about-aws/whats-new/2013/01/08/use-amazon-cloudwatch-to-detect-and-shut-down-unused-amazon-ec2-instances/

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

EC2 Instances Should Not Be Idle

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: