Rds unused reserved instances remediation

Using Console

Using CLI

To remediate the misconfiguration where RDS Reserved Instances (RIs) do not have corresponding DB instances in AWS RDS using AWS CLI, follow these steps:

Identify the unassociated RDS Reserved Instances: Run the following AWS CLI command to list all the RDS Reserved Instances:
```
aws rds describe-reserved-db-instances
```
Identify the DB instances associated with each RDS Reserved Instance: Run the following AWS CLI command to list all the DB instances in your AWS account:
```
aws rds describe-db-instances
```
Compare the RDS Reserved Instances with the DB instances to identify any unassociated RIs.
Associate the unassociated RDS Reserved Instances with the corresponding DB instances: Run the following AWS CLI command to modify the RDS Reserved Instance to associate it with a specific DB instance:
```
aws rds modify-reserved-db-instances --reserved-db-instance-id <RI_ID> --db-instance-id <DB_INSTANCE_ID>
```
Replace <RI_ID> with the ID of the unassociated RDS Reserved Instance and <DB_INSTANCE_ID> with the ID of the corresponding DB instance.
Verify the association: Run the following AWS CLI command to describe the RDS Reserved Instance and verify that it is now associated with the correct DB instance:
```
aws rds describe-reserved-db-instances --reserved-db-instance-id <RI_ID>
```
Replace <RI_ID> with the ID of the RDS Reserved Instance.

By following these steps, you can remediate the misconfiguration where RDS Reserved Instances do not have corresponding DB instances in AWS RDS using AWS CLI.

Using Python

To remediate the misconfiguration of RDS Reserved Instances (RIs) not having corresponding DB instances in AWS using Python, you can follow these steps:

List all the RDS Reserved Instances and DB Instances using the AWS SDK for Python (Boto3):

import boto3

client = boto3.client('rds')

# List all RDS Reserved Instances
response_ris = client.describe_reserved_db_instances()
reserved_instances = response_ris['ReservedDBInstances']

# List all RDS DB Instances
response_db_instances = client.describe_db_instances()
db_instances = response_db_instances['DBInstances']

Create a dictionary mapping the DB Instance IDs to their corresponding RIs:

db_instance_ids = [db_instance['DBInstanceIdentifier'] for db_instance in db_instances]
ri_mapping = {}

for ri in reserved_instances:
    if ri['DBInstanceIdentifier'] in db_instance_ids:
        ri_mapping[ri['DBInstanceIdentifier']] = ri['ReservedDBInstanceId']

Identify the RIs without corresponding DB Instances and release them:

for ri in reserved_instances:
    if ri['ReservedDBInstanceId'] not in ri_mapping.values():
        client.modify_reserved_db_instances(
            ReservedDBInstanceId=ri['ReservedDBInstanceId'],
            ApplyImmediately=True,
            ReservedDBInstanceOfferingId=ri['ReservedDBInstanceOfferingId']
        )

Optionally, you can also create new RIs for the DB Instances that do not have corresponding RIs:

for db_instance in db_instances:
    if db_instance['DBInstanceIdentifier'] not in ri_mapping.keys():
        client.purchase_reserved_db_instances_offering(
            ReservedDBInstancesOfferingId='your_offering_id',
            DBInstanceIdentifier=db_instance['DBInstanceIdentifier'],
            DBInstanceClass=db_instance['DBInstanceClass'],
            Duration=1,  # Duration in years
            MultiAZ=db_instance['MultiAZ'],
            OfferingType='AllUpfront'  # Payment type
        )

Run the Python script to remediate the misconfiguration of RDS RIs not having corresponding DB instances in AWS.

Please ensure that you have the necessary permissions and credentials set up to interact with AWS services using Boto3.

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

Rds unused reserved instances remediation

Triage and Remediation

Remediation