EC2 Reserved Instances Should Not Have Payment Pending

More Info:

To ensure that none of your AWS EC2 Reserved Instance purchases are pending.

Risk Level

Low

Address

Cost Optimisation

Compliance Standards

CBP

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the misconfiguration of EC2 Reserved Instances having payment pending in AWS using AWS CLI, follow the below steps:

Identify the EC2 Reserved Instances that have payment pending by running the following command in AWS CLI:

aws ec2 describe-reserved-instances --filters Name=state,Values=payment-pending

Note down the Reserved Instance ID of the EC2 Reserved Instance that has payment pending.
Cancel the payment pending of the EC2 Reserved Instance by running the following command in AWS CLI:

aws ec2 cancel-reserved-instances-listings --reserved-instances-id <ReservedInstanceID>

Replace <ReservedInstanceID> with the Reserved Instance ID noted in Step 2.

Verify that the payment pending of the EC2 Reserved Instance has been cancelled by running the following command in AWS CLI:

aws ec2 describe-reserved-instances --filters Name=state,Values=payment-pending

This should return an empty response indicating that there are no EC2 Reserved Instances with payment pending.

Finally, to avoid such misconfigurations in the future, set up billing alerts in AWS to get notified when there are any payment issues with your Reserved Instances.

Using Python

To remediate the misconfiguration “EC2 Reserved Instances Should Not Have Payment Pending” in AWS using Python, you can follow these steps:

Import the necessary AWS SDK modules in Python. For example, you can use the boto3 module to interact with AWS services.

import boto3

Create an EC2 client object using the boto3.client() method.

ec2 = boto3.client('ec2')

Use the describe_reserved_instances() method to get a list of all the reserved instances in your account.

reserved_instances = ec2.describe_reserved_instances()

Iterate through the list of reserved instances and check if any of them have a payment pending status.

for reserved_instance in reserved_instances['ReservedInstances']:
    if reserved_instance['State'] == 'payment-pending':
        # Remediation code goes here

If you find any reserved instances with a payment pending status, you can use the modify_reserved_instances() method to modify the payment option and complete the payment.

ec2.modify_reserved_instances(
    ReservedInstancesIds=[reserved_instance['ReservedInstancesId']],
    ReservedInstancesModification={
        'ModificationType': 'purchase',
        'TargetConfigurations': [
            {
                'InstanceCount': reserved_instance['InstanceCount'],
                'OfferingId': reserved_instance['OfferingId']
            }
        ]
    }
)

Once the payment is completed, you can verify that the status of the reserved instance has changed to active using the describe_reserved_instances() method.

reserved_instances = ec2.describe_reserved_instances(
    ReservedInstancesIds=[reserved_instance['ReservedInstancesId']]
)
if reserved_instances['ReservedInstances'][0]['State'] == 'active':
    print('Reserved instance payment completed successfully.')
else:
    print('Error: Reserved instance payment not completed.')

Finally, you can wrap the above code in a function and call it periodically to ensure that all reserved instances in your account have a valid payment status.

import boto3

def remediate_reserved_instance_payment_pending():
    ec2 = boto3.client('ec2')
    reserved_instances = ec2.describe_reserved_instances()
    for reserved_instance in reserved_instances['ReservedInstances']:
        if reserved_instance['State'] == 'payment-pending':
            ec2.modify_reserved_instances(
                ReservedInstancesIds=[reserved_instance['ReservedInstancesId']],
                ReservedInstancesModification={
                    'ModificationType': 'purchase',
                    'TargetConfigurations': [
                        {
                            'InstanceCount': reserved_instance['InstanceCount'],
                            'OfferingId': reserved_instance['OfferingId']
                        }
                    ]
                }
            )
            reserved_instances = ec2.describe_reserved_instances(
                ReservedInstancesIds=[reserved_instance['ReservedInstancesId']]
            )
            if reserved_instances['ReservedInstances'][0]['State'] == 'active':
                print('Reserved instance payment completed successfully.')
            else:
                print('Error: Reserved instance payment not completed.')

Note: The above code is just an example to remediate the misconfiguration “EC2 Reserved Instances Should Not Have Payment Pending” in AWS using Python. You may need to modify it based on your specific requirements and use case. Also, make sure to test the code in a non-production environment before running it in production.

Additional Reading:

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-reserved-instances.htmlhttps://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-reserved-instances.html

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

EC2 Reserved Instances Should Not Have Payment Pending

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: