AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
EC2 Reserved Instances Should Not Have Payment Failed
More Info:
To ensure that none of your AWS EC2 Reserved Instance purchases have failed.
Risk Level
Low
Address
Cost Optimisation
Compliance Standards
CBP
Triage and Remediation
Remediation
To remediate the EC2 Reserved Instances payment failed misconfiguration in AWS, please follow the steps below:
- Log in to your AWS Management Console.
- Go to the EC2 dashboard.
- Click on the “Reserved Instances” link on the left-hand side menu.
- Find the Reserved Instance with the payment failed status and select it.
- Click on the “Actions” button and select “Modify Reserved Instances”.
- In the “Modify Reserved Instances” window, select the new payment option and click “Save Changes”.
- If the payment information is correct, the Reserved Instance will be reactivated.
Alternatively, you can also remediate this misconfiguration using the AWS CLI by running the following command:
aws ec2 modify-reserved-instances --reserved-instances-id <reservation-id> --instance-count <new-instance-count> --payment-option <payment-option>
Replace <reservation-id> with the ID of the Reserved Instance that has the payment failed status, <new-instance-count> with the number of instances you want to reserve and <payment-option> with the new payment option you want to use.
To remediate the “EC2 Reserved Instances Should Not Have Payment Failed” misconfiguration for AWS using AWS CLI, follow the below steps:
-
Login to the AWS CLI by using the command
aws configureand entering your AWS access key ID, secret access key, default region name, and default output format. -
Check the status of your EC2 Reserved Instances using the command
aws ec2 describe-reserved-instances. -
Identify the reserved instances with payment failed status.
-
To remediate the misconfiguration, you can either retry the payment or modify the reserved instance to a different payment option.
-
To retry the payment, use the command
aws ec2 modify-reserved-instances --reserved-instances-id <ID> --offering-id <ID> --instance-count <COUNT> --dry-runand replace the<ID>with the ID of the reserved instance, and<COUNT>with the number of instances you want to purchase. -
To modify the reserved instance to a different payment option, use the command
aws ec2 modify-reserved-instances --reserved-instances-id <ID> --target-configuration OfferingId=<ID>,InstanceCount=<COUNT>and replace the<ID>with the ID of the reserved instance, and<COUNT>with the number of instances you want to purchase. -
After retrying the payment or modifying the reserved instance, use the command
aws ec2 describe-reserved-instancesto verify that the status has been updated to active. -
Repeat the above steps for all the reserved instances with payment failed status.
By following the above steps, you can remediate the “EC2 Reserved Instances Should Not Have Payment Failed” misconfiguration for AWS using AWS CLI.
To remediate the misconfiguration “EC2 Reserved Instances Should Not Have Payment Failed” for AWS using python, you can follow the below steps:
Step 1: Import the necessary libraries
import boto3
Step 2: Create an EC2 client object
ec2 = boto3.client('ec2')
Step 3: Get the list of all Reserved Instances
reserved_instances = ec2.describe_reserved_instances()
Step 4: Iterate through the list of Reserved Instances and check if any of them have a payment failure
for reserved_instance in reserved_instances['ReservedInstances']:
if reserved_instance['State'] == 'payment-failed':
# Perform the remediation action
Step 5: Perform the remediation action, which is to modify the payment method and update the Reserved Instance
# Modify the payment method
ec2.modify_reserved_instances(
ReservedInstancesIds=[reserved_instance['ReservedInstancesId']],
ClientToken='string',
TargetConfigurations=[
{
'AvailabilityZone': 'string',
'InstanceCount': 123,
'InstanceType': 'string',
'Platform': 'string'
},
],
PaymentOption='AllUpfront'
)
# Update the Reserved Instance
ec2.modify_reserved_instances(
ReservedInstancesIds=[reserved_instance['ReservedInstancesId']],
ClientToken='string',
TargetConfigurations=[
{
'AvailabilityZone': 'string',
'InstanceCount': 123,
'InstanceType': 'string',
'Platform': 'string'
},
]
)
Step 6: Once the remediation action is performed, verify if the Reserved Instance is updated successfully
# Verify if the Reserved Instance is updated successfully
reserved_instance = ec2.describe_reserved_instances(
ReservedInstancesIds=[reserved_instance['ReservedInstancesId']]
)
if reserved_instance['ReservedInstances'][0]['State'] != 'payment-failed':
print('Reserved Instance updated successfully')
else:
print('Failed to update Reserved Instance')
By following the above steps, you can remediate the misconfiguration “EC2 Reserved Instances Should Not Have Payment Failed” for AWS using python.