AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
Reserved Instance Lease Expiration In The Next 7 Days
More Info:
Lists all EC2 reserved instances expiring in the next 7 days.
Risk Level
Low
Address
Cost Optimisation
Compliance Standards
CBP
Triage and Remediation
Remediation
To remediate the “Reserved Instance Lease Expiration In The Next 7 Days” misconfiguration for AWS, you can follow the below steps:
- Log in to your AWS Management Console.
- Navigate to the EC2 Dashboard.
- Click on the “Reserved Instances” link in the left-hand menu.
- In the “Reserved Instances” page, you will see a list of your reserved instances.
- Look for the instances that have lease expiration in the next 7 days.
- Select the instance by clicking on the checkbox in front of it.
- Click on the “Modify Reserved Instances” button.
- In the “Modify Reserved Instances” page, you can choose to either modify the instance or exchange it for a new one.
- If you choose to modify the instance, you can change the instance type, availability zone, or platform.
- If you choose to exchange the instance, you can select a new instance type, availability zone, or platform.
- Once you have made your changes, click on the “Preview” button to review your changes.
- If you are satisfied with your changes, click on the “Modify Reserved Instances” button to apply the changes.
By following these steps, you will be able to remediate the “Reserved Instance Lease Expiration In The Next 7 Days” misconfiguration for AWS.
The Reserved Instance Lease Expiration In The Next 7 Days issue in AWS can be remediated by modifying the reservation period of the instance. Here are the steps to remediate this issue using AWS CLI:
-
Open the AWS CLI on your local machine.
-
Run the following command to get a list of all the reserved instances that have an expiration date within the next 7 days:
aws ec2 describe-reserved-instances --filters "Name=state,Values=active" "Name=product-description,Values=*Linux/UNIX*" "Name=scope,Values=Availability Zone" --query 'ReservedInstances[*].[ReservedInstancesId,InstanceType,AvailabilityZone,InstanceCount,Start,End,Duration,State,Tags[?Key==`Name`].Value|[0]]' --output table --region <region>
Note: Replace <region> with the region where your instances are located.
-
Identify the instance that requires remediation.
-
Run the following command to modify the reservation period:
aws ec2 modify-reserved-instances --reserved-instances-id <reservation_id> --target-configuration "InstanceCount=<count>,End=`date -d '+1 year' +%Y-%m-%d`" --region <region>
Note: Replace <reservation_id> with the ID of the reserved instance that requires remediation and <count> with the number of instances that you want to reserve. Also, ensure that the End date is set to at least 1 year from the current date.
- Verify that the reservation has been modified by running the first command again and checking that the expiration date is now more than 7 days away.
By following these steps, you can remediate the Reserved Instance Lease Expiration In The Next 7 Days issue in AWS using AWS CLI.
To remediate the issue of Reserved Instance Lease Expiration in the next 7 days in AWS using Python, follow these steps:
- Import the necessary AWS SDK boto3:
import boto3
- Create an EC2 client object:
ec2 = boto3.client('ec2')
- Use the describe_reserved_instances() method to get the list of all reserved instances:
reserved_instances = ec2.describe_reserved_instances()
- Loop through the list of reserved instances and check if any of them are expiring within the next 7 days:
for reserved_instance in reserved_instances['ReservedInstances']:
expiration_time = reserved_instance['End']
remaining_days = (expiration_time.date() - datetime.date.today()).days
if remaining_days <= 7:
# Do something to remediate the issue
- To remediate the issue, you can either renew the reserved instance or purchase a new one. To renew the reserved instance, use the modify_reserved_instances() method:
response = ec2.modify_reserved_instances(
ReservedInstancesIds=[
'string',
],
TargetConfigurations=[
{
'AvailabilityZone': 'string',
'InstanceCount': 123,
'InstanceType': 'string',
'Platform': 'string',
'Scope': 'string'
},
]
)
- Alternatively, you can purchase a new reserved instance using the purchase_reserved_instances_offering() method:
response = ec2.purchase_reserved_instances_offering(
InstanceCount=123,
ReservedInstancesOfferingId='string',
DryRun=True|False,
LimitPrice={
'Amount': 'string',
'CurrencyCode': 'string'
}
)
- Finally, you can schedule a Lambda function to run this script periodically and remediate the issue automatically.