Reserved Instance Lease Expiration In The Next 30 Days

More Info:

Lists all EC2 reserved instances expiring in the next 30 days.

Risk Level

Low

Address

Cost Optimisation

Compliance Standards

CBP

Triage and Remediation

Remediation

Using Console

Using CLI

The “Reserved Instance Lease Expiration In The Next 30 Days” issue in AWS means that some of your Reserved Instances are about to expire. To remediate this issue, you can follow the below steps using AWS CLI:

Open your terminal and ensure that you have the AWS CLI installed and configured with your AWS account credentials.
Run the following command to list all the Reserved Instances that are about to expire in the next 30 days:

aws ec2 describe-reserved-instances --filters "Name=state,Values=active" "Name=product-description,Values=Linux/UNIX (Amazon VPC)" "Name=scope,Values=Availability Zone" --query 'ReservedInstances[?End <= `'"$(date -u +'%Y-%m-%dT%H:%M:%S.000Z' -d '+30 days')"']'

This command will list all the active Reserved Instances that are running Linux/UNIX in Amazon VPC and are scoped to Availability Zone, and whose lease is expiring in the next 30 days.

Review the output and identify the Reserved Instances that you want to renew. Note down the Reserved Instance ID(s) that you want to renew.
Run the following command to purchase a new Reserved Instance with the same specifications and lease term as the expiring Reserved Instance:

aws ec2 purchase-reserved-instances-offering --instance-count [COUNT] --reserved-instances-offering-id [OFFERING_ID] --dry-run

Replace [COUNT] with the number of instances you want to reserve, [OFFERING_ID] with the ID of the offering that matches the expiring Reserved Instance, and —dry-run with —no-dry-run to actually purchase the Reserved Instance.

Verify that the new Reserved Instance is active and that the old Reserved Instance has been retired by running the following command:

aws ec2 describe-reserved-instances --reserved-instances-ids [OLD_INSTANCE_ID] [NEW_INSTANCE_ID]

Replace [OLD_INSTANCE_ID] with the ID of the expiring Reserved Instance and [NEW_INSTANCE_ID] with the ID of the newly purchased Reserved Instance.

Once you have verified that the new Reserved Instance is active, you can terminate the old Reserved Instance by running the following command:

aws ec2 modify-reserved-instances --reserved-instances-id [OLD_INSTANCE_ID] --target-configurations "InstanceCount=0"

Replace [OLD_INSTANCE_ID] with the ID of the expiring Reserved Instance.By following the above steps, you can remediate the “Reserved Instance Lease Expiration In The Next 30 Days” issue in AWS using AWS CLI.

Using Python

To remediate the issue of Reserved Instance Lease Expiration In The Next 30 Days in AWS using Python, you can follow these steps:

Import the required libraries:

import boto3
from datetime import datetime, timedelta

Create a connection to the AWS EC2 service:

ec2 = boto3.client('ec2')

Retrieve the list of Reserved Instances with lease expiration dates within the next 30 days:

now = datetime.now()
filters = [{'Name': 'state', 'Values': ['active']},
           {'Name': 'instance-state-name', 'Values': ['running', 'stopped']},
           {'Name': 'end', 'Values': [str(now + timedelta(days=30)).split()[0]]}]
reserved_instances = ec2.describe_reserved_instances(Filters=filters)

For each Reserved Instance, check if its lease expiration date is within the next 30 days and if so, modify its lease to extend it:

for reserved_instance in reserved_instances['ReservedInstances']:
    end_date = datetime.strptime(reserved_instance['End'], '%Y-%m-%dT%H:%M:%S.%fZ')
    if (end_date - now).days <= 30:
        ec2.modify_reserved_instances(
            ReservedInstancesIds=[reserved_instance['ReservedInstancesId']],
            ClientToken=str(datetime.now().strftime('%Y%m%d%H%M%S')),
            TargetConfigurations=[
                {
                    'AvailabilityZone': reserved_instance['AvailabilityZone'],
                    'InstanceCount': reserved_instance['InstanceCount'],
                    'InstanceType': reserved_instance['InstanceType'],
                    'Platform': reserved_instance['ProductDescription'],
                    'Scope': 'Availability Zone',
                    'Tenancy': reserved_instance['InstanceTenancy']
                }
            ]
        )

Run the Python script on a regular basis (e.g. daily) using a scheduler like cron to ensure that Reserved Instances are always extended before their lease expires.

Note: This code is provided as an example only and should be tested and modified to suit your specific requirements. It is also important to ensure that you have the necessary permissions to modify Reserved Instances in your AWS account.

Additional Reading:

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-reserved-instances.html

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

Reserved Instance Lease Expiration In The Next 30 Days

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: