AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
Reserved Instances Should Not Be Unused
More Info:
AWS EC2 Reserved Instances should be fully utilized.
Risk Level
Low
Address
Cost Optimisation
Compliance Standards
AWSWAF
Triage and Remediation
Remediation
To remediate the misconfiguration of unused reserved instances in AWS, you can follow the below steps:
- Log in to the AWS Management Console.
- Navigate to the EC2 Dashboard.
- Click on the “Reserved Instances” option from the left-hand menu.
- Identify the unused reserved instances that need to be remediated.
- Select the unused reserved instances that you want to modify.
- Click on the “Actions” button and select “Modify Reserved Instances”.
- In the “Modify Reserved Instances” window, select the “Apply to” option and choose the instances that you want to apply the reserved instances to.
- Click on the “Add to queue” button to add the modification to the queue.
- Review the changes and click on the “Modify Reserved Instances” button to apply the changes.
Once the changes are applied, the unused reserved instances will be applied to the selected instances, and the misconfiguration of unused reserved instances will be remediated.
To remediate the issue of unused reserved instances in AWS using AWS CLI, follow these steps:
-
Identify the unused reserved instances by running the following command:
aws ec2 describe-reserved-instances --filters "Name=state,Values=active" "Name=instance-state-name,Values=stopped" --query "ReservedInstances[].{ID:ReservedInstancesId,Type:InstanceType,State:State,Count:InstanceCount,Start:Start,End:End}" --output tableThis command will list all the reserved instances that are in active state but not being used.
-
Once you have identified the unused reserved instances, you can either modify or delete them.
To modify the unused reserved instances, you can change the instance type or the availability zone to match your current usage. To modify a reserved instance, run the following command:
aws ec2 modify-reserved-instances --reserved-instances-id <reservation-id> --target-configuration InstanceCount=<new-count>,InstanceType=<new-type>,AvailabilityZone=<new-zone>Replace
<reservation-id>with the ID of the unused reserved instance,<new-count>with the number of instances you want to reserve,<new-type>with the instance type you want to reserve, and<new-zone>with the availability zone you want to reserve the instance in.To delete the unused reserved instances, run the following command:
aws ec2 cancel-reserved-instances-merchandise --reserved-instances-id <reservation-id>Replace
<reservation-id>with the ID of the unused reserved instance you want to delete. -
Verify that the unused reserved instances have been modified or deleted by running the command in step 1 again.
To remediate the misconfiguration “Reserved Instances Should Not Be Unused” in AWS using python, follow these steps:
- Identify the unused reserved instances in your AWS account. You can do this by using the AWS SDK for Python (boto3) to list all your reserved instances and their utilization status.
import boto3
# Create an EC2 client
ec2 = boto3.client('ec2')
# List all the reserved instances
reserved_instances = ec2.describe_reserved_instances()
# Identify the unused reserved instances
unused_reserved_instances = []
for ri in reserved_instances['ReservedInstances']:
if ri['State'] == 'active' and ri['InstanceCount'] > 0 and ri['InstanceCount'] == ri['AvailableInstanceCount']:
unused_reserved_instances.append(ri['ReservedInstancesId'])
- Once you have identified the unused reserved instances, you can either sell them on the AWS Reserved Instance Marketplace or exchange them for other instances that you need. To sell the unused reserved instances, you can use the AWS SDK for Python (boto3) to create a listing on the AWS Reserved Instance Marketplace.
import boto3
# Create an EC2 client
ec2 = boto3.client('ec2')
# Create a listing for the unused reserved instances
response = ec2.create_reserved_instances_listing(
ReservedInstancesId='YOUR_RESERVED_INSTANCE_ID',
InstanceCount=1,
PriceSchedules=[
{
'Term': 12,
'Price': 1000.0,
'CurrencyCode': 'USD'
},
],
ClientToken='YOUR_CLIENT_TOKEN'
)
- If you want to exchange the unused reserved instances for other instances, you can use the AWS SDK for Python (boto3) to modify the reserved instances.
import boto3
# Create an EC2 client
ec2 = boto3.client('ec2')
# Modify the unused reserved instances to exchange them for other instances
response = ec2.modify_reserved_instances(
ReservedInstancesIds=[
'YOUR_RESERVED_INSTANCE_ID',
],
TargetConfigurations=[
{
'AvailabilityZone': 'us-west-2a',
'InstanceCount': 1,
'InstanceType': 't2.micro',
'Platform': 'Linux/UNIX',
'Scope': 'Availability Zone',
},
]
)
By following these steps, you can remediate the misconfiguration “Reserved Instances Should Not Be Unused” in AWS using python.