More Info:

To ensure that none of your AWS EC2 Reserved Instance purchases have failed.

Risk Level

Low

Address

Cost Optimisation

Compliance Standards

CBP

Triage and Remediation

Remediation

Using Console

To remediate the EC2 Reserved Instances payment failed misconfiguration in AWS, please follow the steps below:
  1. Log in to your AWS Management Console.
  2. Go to the EC2 dashboard.
  3. Click on the “Reserved Instances” link on the left-hand side menu.
  4. Find the Reserved Instance with the payment failed status and select it.
  5. Click on the “Actions” button and select “Modify Reserved Instances”.
  6. In the “Modify Reserved Instances” window, select the new payment option and click “Save Changes”.
  7. If the payment information is correct, the Reserved Instance will be reactivated.
Alternatively, you can also remediate this misconfiguration using the AWS CLI by running the following command:
aws ec2 modify-reserved-instances --reserved-instances-id <reservation-id> --instance-count <new-instance-count> --payment-option <payment-option>
Replace <reservation-id> with the ID of the Reserved Instance that has the payment failed status, <new-instance-count> with the number of instances you want to reserve and <payment-option> with the new payment option you want to use.

To remediate the “EC2 Reserved Instances Should Not Have Payment Failed” misconfiguration for AWS using AWS CLI, follow the below steps:
  1. Login to the AWS CLI by using the command aws configure and entering your AWS access key ID, secret access key, default region name, and default output format.
  2. Check the status of your EC2 Reserved Instances using the command aws ec2 describe-reserved-instances.
  3. Identify the reserved instances with payment failed status.
  4. To remediate the misconfiguration, you can either retry the payment or modify the reserved instance to a different payment option.
  5. To retry the payment, use the command aws ec2 modify-reserved-instances --reserved-instances-id <ID> --offering-id <ID> --instance-count <COUNT> --dry-run and replace the <ID> with the ID of the reserved instance, and <COUNT> with the number of instances you want to purchase.
  6. To modify the reserved instance to a different payment option, use the command aws ec2 modify-reserved-instances --reserved-instances-id <ID> --target-configuration OfferingId=<ID>,InstanceCount=<COUNT> and replace the <ID> with the ID of the reserved instance, and <COUNT> with the number of instances you want to purchase.
  7. After retrying the payment or modifying the reserved instance, use the command aws ec2 describe-reserved-instances to verify that the status has been updated to active.
  8. Repeat the above steps for all the reserved instances with payment failed status.
By following the above steps, you can remediate the “EC2 Reserved Instances Should Not Have Payment Failed” misconfiguration for AWS using AWS CLI.
To remediate the misconfiguration “EC2 Reserved Instances Should Not Have Payment Failed” for AWS using python, you can follow the below steps:Step 1: Import the necessary libraries
import boto3
Step 2: Create an EC2 client object
ec2 = boto3.client('ec2')
Step 3: Get the list of all Reserved Instances
reserved_instances = ec2.describe_reserved_instances()
Step 4: Iterate through the list of Reserved Instances and check if any of them have a payment failure
for reserved_instance in reserved_instances['ReservedInstances']:
    if reserved_instance['State'] == 'payment-failed':
        # Perform the remediation action
Step 5: Perform the remediation action, which is to modify the payment method and update the Reserved Instance
# Modify the payment method
ec2.modify_reserved_instances(
    ReservedInstancesIds=[reserved_instance['ReservedInstancesId']],
    ClientToken='string',
    TargetConfigurations=[
        {
            'AvailabilityZone': 'string',
            'InstanceCount': 123,
            'InstanceType': 'string',
            'Platform': 'string'
        },
    ],
    PaymentOption='AllUpfront'
)

# Update the Reserved Instance
ec2.modify_reserved_instances(
    ReservedInstancesIds=[reserved_instance['ReservedInstancesId']],
    ClientToken='string',
    TargetConfigurations=[
        {
            'AvailabilityZone': 'string',
            'InstanceCount': 123,
            'InstanceType': 'string',
            'Platform': 'string'
        },
    ]
)
Step 6: Once the remediation action is performed, verify if the Reserved Instance is updated successfully
# Verify if the Reserved Instance is updated successfully
reserved_instance = ec2.describe_reserved_instances(
    ReservedInstancesIds=[reserved_instance['ReservedInstancesId']]
)
if reserved_instance['ReservedInstances'][0]['State'] != 'payment-failed':
    print('Reserved Instance updated successfully')
else:
    print('Failed to update Reserved Instance')
By following the above steps, you can remediate the misconfiguration “EC2 Reserved Instances Should Not Have Payment Failed” for AWS using python.

Additional Reading: