AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
Renew RDS Reserved Instances Before Expiration (7 days)
More Info:
Your AWS RDS Reserved Instances (RIs) should be renewed before expiration in order to get the appropriate discount on the hourly charge for these instances
Risk Level
High
Address
Cost Optimisation
Compliance Standards
CBP
Triage and Remediation
Remediation
To renew RDS Reserved Instances before expiration (7 days) in AWS using the AWS Management Console, follow these steps:
-
Login to AWS Console: Go to the AWS Management Console (https://aws.amazon.com/console/) and login using your credentials.
-
Navigate to RDS Dashboard: Click on the “Services” dropdown menu at the top of the console, select “RDS” under the Database section.
-
Select Reserved Instances: In the RDS dashboard, select the “Reserved Instances” option from the left-hand menu.
-
Identify Expiring Reserved Instances: Look for the Reserved Instances that are expiring within the next 7 days. You can identify them by checking the “Expiration” column in the Reserved Instances table.
-
Renew Reserved Instance: Click on the checkbox next to the Reserved Instance that you want to renew. Then, click on the “Actions” dropdown menu above the table and select “Renew Reserved Instances”.
-
Select Renewal Options: In the Renew Reserved Instances wizard, you will be prompted to select the duration for the renewal (1 year or 3 years) and the payment option (All Upfront, Partial Upfront, or No Upfront). Choose the appropriate options based on your requirements.
-
Review and Confirm: Review the details of the renewal, including the total cost and the new expiration date. Once you are satisfied with the selections, click on the “Purchase Reserved Instances” button to confirm the renewal.
-
Verification: After completing the renewal process, verify that the Reserved Instance now shows the updated expiration date in the RDS dashboard.
By following these steps, you can successfully renew RDS Reserved Instances before their expiration date in AWS using the AWS Management Console.
To renew RDS Reserved Instances before expiration in AWS RDS using AWS CLI, follow these steps:
- List all the existing reserved instances in your AWS account to identify the ones that are expiring within the next 7 days:
aws rds describe-reserved-db-instances
-
Identify the Reserved Instance that is expiring within the next 7 days and note down its Reserved Instance ID.
-
Purchase a new Reserved Instance with the same specifications as the expiring one using the following command:
aws rds purchase-reserved-db-instances-offering --reserved-db-instances-offering-id <offering-id> --instance-count 1
Replace <offering-id> with the ID of the offering that matches the specifications of the expiring Reserved Instance.
- Once the new Reserved Instance is purchased, modify your existing RDS instance to apply the new Reserved Instance using the following command:
aws rds modify-db-instance --db-instance-identifier <instance-id> --reserved-db-instance-id <new-reserved-instance-id>
Replace <instance-id> with the identifier of your RDS instance and <new-reserved-instance-id> with the ID of the newly purchased Reserved Instance.
- Verify that the modification was successful by checking the details of your RDS instance:
aws rds describe-db-instances --db-instance-identifier <instance-id>
Replace <instance-id> with the identifier of your RDS instance.
By following these steps, you can successfully renew RDS Reserved Instances before their expiration in AWS RDS using AWS CLI.
To remediate the misconfiguration of not renewing RDS Reserved Instances before expiration in AWS using Python, you can create a script that will check the expiration dates of your RDS Reserved Instances and automatically renew them if they are set to expire within 7 days. Here’s a step-by-step guide on how to do this:
- Install the Boto3 library: Ensure you have the Boto3 library installed in your Python environment. You can install it using pip:
pip install boto3
- Create a Python script:
Create a Python script (e.g.,
renew_rds_reserved_instances.py) and import the necessary libraries:
import boto3
from datetime import datetime, timedelta
- Initialize the AWS SDK: Initialize the AWS SDK with your credentials:
client = boto3.client('rds', region_name='your_region', aws_access_key_id='your_access_key', aws_secret_access_key='your_secret_key')
- Retrieve a list of your RDS Reserved Instances: Get a list of your RDS Reserved Instances:
response = client.describe_reserved_db_instances()
reserved_instances = response['ReservedDBInstances']
- Check the expiration date of each Reserved Instance: Iterate through each Reserved Instance and check if it is set to expire within 7 days:
for reserved_instance in reserved_instances:
expiration_date = reserved_instance['StartTime'] + reserved_instance['Duration']
days_until_expiration = (expiration_date - datetime.now()).days
if days_until_expiration <= 7:
# Renew the Reserved Instance
response = client.modify_reserved_db_instances(
ReservedDBInstanceId=reserved_instance['ReservedDBInstanceId'],
ReservedDBInstancesOfferingId=reserved_instance['ReservedDBInstancesOfferingId'],
DBInstanceClass=reserved_instance['DBInstanceClass'],
MultiAZ=reserved_instance['MultiAZ'],
Duration=reserved_instance['Duration'],
OfferingType=reserved_instance['OfferingType'],
ProductDescription=reserved_instance['ProductDescription'],
Tags=reserved_instance['Tags']
)
- Run the script: Save the script and run it periodically using a scheduler like cron to check and renew your RDS Reserved Instances before expiration.
Please ensure to replace 'your_region', 'your_access_key', and 'your_secret_key' with your actual AWS region, access key, and secret key. Also, make sure your IAM user has the necessary permissions to describe and modify RDS Reserved Instances.