More Info:

AWS EC2 Reserved Instances should be fully utilized.

Risk Level

Low

Address

Cost Optimisation

Compliance Standards

AWSWAF

Triage and Remediation

Remediation

Using Console

To remediate the misconfiguration of unused reserved instances in AWS, you can follow the below steps:
  1. Log in to the AWS Management Console.
  2. Navigate to the EC2 Dashboard.
  3. Click on the “Reserved Instances” option from the left-hand menu.
  4. Identify the unused reserved instances that need to be remediated.
  5. Select the unused reserved instances that you want to modify.
  6. Click on the “Actions” button and select “Modify Reserved Instances”.
  7. In the “Modify Reserved Instances” window, select the “Apply to” option and choose the instances that you want to apply the reserved instances to.
  8. Click on the “Add to queue” button to add the modification to the queue.
  9. Review the changes and click on the “Modify Reserved Instances” button to apply the changes.
Once the changes are applied, the unused reserved instances will be applied to the selected instances, and the misconfiguration of unused reserved instances will be remediated.

To remediate the issue of unused reserved instances in AWS using AWS CLI, follow these steps:
  1. Identify the unused reserved instances by running the following command: 
    aws ec2 describe-reserved-instances --filters "Name=state,Values=active" "Name=instance-state-name,Values=stopped" --query "ReservedInstances[].{ID:ReservedInstancesId,Type:InstanceType,State:State,Count:InstanceCount,Start:Start,End:End}" --output table
    This command will list all the reserved instances that are in active state but not being used.
  2. Once you have identified the unused reserved instances, you can either modify or delete them. To modify the unused reserved instances, you can change the instance type or the availability zone to match your current usage. To modify a reserved instance, run the following command: 
    aws ec2 modify-reserved-instances --reserved-instances-id <reservation-id> --target-configuration InstanceCount=<new-count>,InstanceType=<new-type>,AvailabilityZone=<new-zone>
    Replace <reservation-id> with the ID of the unused reserved instance, <new-count> with the number of instances you want to reserve, <new-type> with the instance type you want to reserve, and <new-zone> with the availability zone you want to reserve the instance in. To delete the unused reserved instances, run the following command: 
    aws ec2 cancel-reserved-instances-merchandise --reserved-instances-id <reservation-id>
    Replace <reservation-id> with the ID of the unused reserved instance you want to delete.
  3. Verify that the unused reserved instances have been modified or deleted by running the command in step 1 again.
To remediate the misconfiguration “Reserved Instances Should Not Be Unused” in AWS using python, follow these steps:
  1. Identify the unused reserved instances in your AWS account. You can do this by using the AWS SDK for Python (boto3) to list all your reserved instances and their utilization status.
import boto3

# Create an EC2 client
ec2 = boto3.client('ec2')

# List all the reserved instances
reserved_instances = ec2.describe_reserved_instances()

# Identify the unused reserved instances
unused_reserved_instances = []
for ri in reserved_instances['ReservedInstances']:
    if ri['State'] == 'active' and ri['InstanceCount'] > 0 and ri['InstanceCount'] == ri['AvailableInstanceCount']:
        unused_reserved_instances.append(ri['ReservedInstancesId'])
  1. Once you have identified the unused reserved instances, you can either sell them on the AWS Reserved Instance Marketplace or exchange them for other instances that you need. To sell the unused reserved instances, you can use the AWS SDK for Python (boto3) to create a listing on the AWS Reserved Instance Marketplace.
import boto3

# Create an EC2 client
ec2 = boto3.client('ec2')

# Create a listing for the unused reserved instances
response = ec2.create_reserved_instances_listing(
    ReservedInstancesId='YOUR_RESERVED_INSTANCE_ID',
    InstanceCount=1,
    PriceSchedules=[
        {
            'Term': 12,
            'Price': 1000.0,
            'CurrencyCode': 'USD'
        },
    ],
    ClientToken='YOUR_CLIENT_TOKEN'
)
  1. If you want to exchange the unused reserved instances for other instances, you can use the AWS SDK for Python (boto3) to modify the reserved instances.
import boto3

# Create an EC2 client
ec2 = boto3.client('ec2')

# Modify the unused reserved instances to exchange them for other instances
response = ec2.modify_reserved_instances(
    ReservedInstancesIds=[
        'YOUR_RESERVED_INSTANCE_ID',
    ],
    TargetConfigurations=[
        {
            'AvailabilityZone': 'us-west-2a',
            'InstanceCount': 1,
            'InstanceType': 't2.micro',
            'Platform': 'Linux/UNIX',
            'Scope': 'Availability Zone',
        },
    ]
)
By following these steps, you can remediate the misconfiguration “Reserved Instances Should Not Be Unused” in AWS using python.

Additional Reading: