AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
EC2 Reserved Instances Recent Purchases Should Be Reviewed
More Info:
For regularly reviewing your EC2 Reserved Instance purchases for cost optimization (informational).
Risk Level
Low
Address
Cost Optimisation
Compliance Standards
CBP
Triage and Remediation
Remediation
Here are the step-by-step instructions to remediate the “EC2 Reserved Instances Recent Purchases Should Be Reviewed” misconfiguration in AWS using the AWS console:
- Login to your AWS account and go to the AWS EC2 console.
- Click on the “Reserved Instances” link in the left-hand navigation menu.
- Review the list of recently purchased reserved instances to identify any that were purchased in error or are no longer needed.
- Select the reserved instances that need to be modified or cancelled.
- Click on the “Actions” button and select “Modify Reserved Instances” or “Cancel Reserved Instances” depending on the action you want to take.
- Follow the prompts to modify or cancel the selected reserved instances.
- After making the necessary changes, review the list of reserved instances again to ensure that all recent purchases have been reviewed and remediated.
By following these steps, you can remediate the “EC2 Reserved Instances Recent Purchases Should Be Reviewed” misconfiguration in AWS using the AWS console.
The EC2 Reserved Instances Recent Purchases Should Be Reviewed misconfiguration can be remediated in AWS using the following steps:
-
Open the AWS CLI on your local machine.
-
Run the following command to list all active Reserved Instances:
aws ec2 describe-reserved-instances --filters "Name=state,Values=active"
-
Review the output of the above command and identify any recently purchased Reserved Instances that are not being utilized.
-
Run the following command to modify or cancel the unused Reserved Instances:
aws ec2 modify-reserved-instances --reserved-instances-id <ID> --target-configuration "InstanceCount=<COUNT>,OfferingId=<OFFERING_ID>"
Note: Replace <ID> with the Reserved Instance ID and <COUNT> with the desired instance count. <OFFERING_ID> can be obtained from the Reserved Instance description.
- Alternatively, to cancel the unused Reserved Instances, run the following command:
aws ec2 cancel-reserved-instances-listings --reserved-instances-listing-ids <ID>
Note: Replace <ID> with the Reserved Instance Listing ID.
-
Repeat step 4 and 5 for all unused Reserved Instances.
-
Finally, run the following command to verify that all unused Reserved Instances have been modified or cancelled:
aws ec2 describe-reserved-instances --filters "Name=state,Values=active"
This should remediate the EC2 Reserved Instances Recent Purchases Should Be Reviewed misconfiguration in AWS.
The misconfiguration “EC2 Reserved Instances Recent Purchases Should Be Reviewed” typically refers to a situation where an AWS account has recently purchased EC2 Reserved Instances, but they are not being fully utilized. To remediate this, you can use the following steps:
- Identify the underutilized EC2 Reserved Instances using the AWS SDK for Python (boto3) by calling the
describe_reserved_instances()method of the EC2 client object. This method returns information about the specified Reserved Instances, including the number of instances that are currently in use.
import boto3
ec2_client = boto3.client('ec2')
reserved_instances = ec2_client.describe_reserved_instances()
- Filter the results to only include Reserved Instances that are not being fully utilized. You can do this by comparing the
InstanceCountattribute to theInstanceCountattribute of theStateobject for each Reserved Instance.
underutilized_instances = []
for reserved_instance in reserved_instances['ReservedInstances']:
state = ec2_client.describe_reserved_instances_modifications(
ReservedInstancesModificationIds=[reserved_instance['ReservedInstancesId']]
)['ReservedInstancesModifications'][0]['TargetConfigurations'][0]['ReservedInstancesConfiguration']['Scope']
if reserved_instance['InstanceCount'] > state['InstanceCount']:
underutilized_instances.append(reserved_instance)
- Review the list of underutilized EC2 Reserved Instances and take appropriate action. This could include modifying the instance type or family to better match your workload, or selling the underutilized Reserved Instances on the Reserved Instance Marketplace.
for instance in underutilized_instances:
print(f"Underutilized EC2 Reserved Instance: {instance['ReservedInstancesId']}")
By following these steps, you can identify and remediate underutilized EC2 Reserved Instances in your AWS account using Python and the boto3 SDK.