AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
Unused AMIs Should Be Removed
More Info:
Unused AMIs should be removed to follow best practices.
Risk Level
Informational
Address
Cost Optimisation
Compliance Standards
AWSWAF
Triage and Remediation
Remediation
Sure, here are the step by step instructions to remediate the unused AMIs issue in AWS using AWS console:
- Login to your AWS console.
- Go to the EC2 dashboard.
- Click on the “AMIs” option from the left-hand menu.
- Sort the AMIs by the “Creation Date” column to identify the oldest and unused AMIs.
- Select the unused AMIs that you want to remove.
- Click on the “Actions” button and select “Deregister” from the dropdown menu.
- Confirm the deregistration by clicking on the “Deregister” button in the confirmation window.
- Once the AMI is deregistered, you can delete the associated EBS snapshots by selecting the AMI and clicking on the “Snapshots” tab.
- Select the associated EBS snapshot(s) and click on the “Actions” button.
- From the dropdown menu, select “Delete” and confirm the deletion.
By following these steps, you can remediate the unused AMIs issue in AWS and ensure that your cloud resources are optimized for cost and efficiency.
To remediate the misconfiguration of unused AMIs in AWS using AWS CLI, follow the below steps:
-
Open the AWS CLI in your terminal or command prompt.
-
List all the AMIs that are not in use by running the following command:
aws ec2 describe-images --owners self --filters "Name=state,Values=available" "Name=tag-key,Values=Name" --query 'Images[*].{ID:ImageId,Name:Tags[0].Value}'
This command will list all the AMIs that are not in use and have a Name tag.
-
Identify the AMIs that are not required anymore and make a note of their IDs.
-
Deregister the unused AMIs by running the following command:
aws ec2 deregister-image --image-id <AMI-ID>
Replace <AMI-ID> with the actual ID of the unused AMI.
- Verify that the AMI has been deregistered by running the following command:
aws ec2 describe-images --image-ids <AMI-ID>
Replace <AMI-ID> with the actual ID of the unused AMI. If the command returns an error stating that the AMI does not exist, then it has been successfully deregistered.
By following the above steps, you can remediate the misconfiguration of unused AMIs in AWS using AWS CLI.
To remediate the unused AMIs misconfiguration in AWS using Python, you can follow these steps:
-
Install the Boto3 library for Python using pip:
pip install boto3 -
Create an AWS session using the
boto3.Session()method. -
Use the
ec2resource in Boto3 to get a list of all the AMIs currently available in your AWS account. You can use thefilter()method to filter out only the unused AMIs by checking theirstateattribute. For example:
import boto3
session = boto3.Session()
ec2 = session.resource('ec2')
unused_amis = []
for ami in ec2.images.filter(Owners=['self']):
if ami.state == 'available' and len(ami.block_device_mappings) == 0:
unused_amis.append(ami.id)
- Once you have the list of unused AMIs, you can use the
deregister_image()method to remove them from your AWS account. For example:
for ami_id in unused_amis:
ami = ec2.Image(ami_id)
ami.deregister()
This will deregister all the unused AMIs in your AWS account. Make sure to test this code in a non-production environment before running it in a production environment.