AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
Redshift Reserved Node Recent Purchases Should Be Reviewed
More Info:
Ensure Redshift Reserved Node purchases are regularly reviewed for cost optimization (informational).
Risk Level
Low
Address
Cost Optimisation
Compliance Standards
CBP
Triage and Remediation
Remediation
To remediate the misconfiguration “Redshift Reserved Node Recent Purchases Should Be Reviewed” for AWS Redshift using the AWS console, follow these steps:
-
Sign in to the AWS Management Console: Go to https://aws.amazon.com/ and sign in to your AWS account.
-
Navigate to the Amazon Redshift Console: Click on “Services” in the top navigation bar, then select “Redshift” under the Analytics section.
-
Review Reserved Nodes: In the Amazon Redshift Console, navigate to the “Clusters” section on the left side menu and select your Redshift cluster that you want to review reserved nodes for.
-
Check Reserved Nodes: In the cluster details page, scroll down to the “Cluster Details” section and look for the “Reserved Nodes” tab. Click on it to view the list of reserved nodes associated with your cluster.
-
Review Recent Purchases: In the Reserved Nodes tab, review the list of recent purchases to ensure that they align with your current usage and requirements. Look for any unused or unnecessary reserved nodes that can be modified or sold.
-
Modify or Sell Unused Reserved Nodes: If you find any unused or unnecessary reserved nodes, you can modify or sell them to optimize your costs. To modify a reserved node, select the node and click on the “Modify” button to adjust the node type or quantity. To sell a reserved node, select the node and click on the “Sell” button to list it on the Reserved Nodes Marketplace.
-
Monitor and Review Regularly: It is recommended to regularly monitor and review your reserved nodes to ensure they are aligned with your current workload and optimize costs effectively.
By following these steps, you can remediate the misconfiguration “Redshift Reserved Node Recent Purchases Should Be Reviewed” for AWS Redshift using the AWS console.
To remediate the misconfiguration “Redshift Reserved Node Recent Purchases Should Be Reviewed” for AWS Redshift using AWS CLI, follow these steps:
- List all the existing reserved nodes for Redshift using the following AWS CLI command:
aws redshift describe-reserved-nodes
-
Review the output of the command to identify any recent purchases of reserved nodes that need to be reviewed.
-
If there are any recent purchases that need to be reviewed, check the details of the specific reserved node using the following AWS CLI command:
aws redshift describe-reserved-nodes --reserved-node-id <RESERVED_NODE_ID>
Replace <RESERVED_NODE_ID> with the actual ID of the reserved node that needs to be reviewed.
-
Analyze the details of the reserved node, including the node type, duration, upfront cost, and recurring charges.
-
If the reserved node purchase is not required or needs to be modified, you can modify or delete the reserved node using the following AWS CLI commands:
- To modify a reserved node, use the
modify-reserved-nodecommand:
aws redshift modify-reserved-node --reserved-node-id <RESERVED_NODE_ID> --node-type <NEW_NODE_TYPE> --reserved-node-offering-id <NEW_OFFERING_ID>
Replace <RESERVED_NODE_ID> with the actual ID of the reserved node, <NEW_NODE_TYPE> with the new node type, and <NEW_OFFERING_ID> with the ID of the new offering.
- To delete a reserved node, use the
delete-reserved-nodecommand:
aws redshift delete-reserved-node --reserved-node-id <RESERVED_NODE_ID>
Replace <RESERVED_NODE_ID> with the actual ID of the reserved node that needs to be deleted.
- After modifying or deleting the reserved node, re-run the
describe-reserved-nodescommand to verify that the changes have been applied successfully.
By following these steps, you can remediate the misconfiguration “Redshift Reserved Node Recent Purchases Should Be Reviewed” for AWS Redshift using AWS CLI.
To remediate the misconfiguration of “Redshift Reserved Node Recent Purchases Should Be Reviewed” in AWS Redshift using Python, you can follow these steps:
-
Use the AWS SDK for Python (Boto3) to access AWS Redshift and describe the recent purchases of reserved nodes.
-
Check the purchase date of each reserved node and compare it with the current date to identify any recently purchased nodes.
-
Send a notification or alert if any reserved nodes have been recently purchased and need to be reviewed.
Here is a sample Python code snippet to achieve this:
import boto3
from datetime import datetime
# Initialize the Redshift client
redshift_client = boto3.client('redshift')
# Describe recent purchases of reserved nodes
response = redshift_client.describe_reserved_nodes()
# Get the current date
current_date = datetime.now()
# Check the purchase date of each reserved node
for reserved_node in response['ReservedNodes']:
purchase_date = reserved_node['OfferingType']
if (current_date - purchase_date).days <= 30: # Check if the node was purchased within the last 30 days
print(f"Reserved node {reserved_node['ReservedNodeId']} was purchased on {purchase_date}. Please review this purchase.")
Make sure to replace the print statement with the appropriate action you want to take when a recently purchased reserved node is detected, such as sending an alert via email or a notification to your monitoring system.
You can run this Python script periodically using a cron job or a scheduled AWS Lambda function to continuously monitor and remediate the misconfiguration of reviewing recent purchases of reserved nodes in AWS Redshift.