Azure Introduction
Azure Pricing
Azure Threats
Remove Unattached Virtual Machine Disk Volumes
More Info:
Identify any unattached (unused) Microsoft Azure virtual machine disk volumes available within your Azure cloud account and delete them in order to lower the cost of your monthly bill and reduce the risk of sensitive data leakage.
Risk Level
Low
Address
Operational Maturity, Cost Optimization
Compliance Standards
CBP
Triage and Remediation
Remediation
Sure, here are the step-by-step instructions to remediate the misconfiguration “Remove Unattached Virtual Machine Disk Volumes” for Azure using Azure console:
- Log in to your Azure portal (https://portal.azure.com/).
- In the left-hand menu, click on “Virtual machines”.
- Select the virtual machine that has unattached disk volumes.
- In the virtual machine’s overview page, scroll down to the “Disks” section and click on it.
- You will see a list of all the disks attached to the virtual machine. Identify the unattached disk volumes that need to be removed.
- Click on the unattached disk volume that you want to remove.
- In the disk’s overview page, click on the “Delete” button at the top of the page.
- A confirmation message will appear. Click on “Yes” to confirm the deletion of the unattached disk volume.
- Repeat steps 6-8 for all the unattached disk volumes that need to be removed.
That’s it! You have successfully remediated the “Remove Unattached Virtual Machine Disk Volumes” misconfiguration for Azure using Azure console.
To remediate the misconfiguration “Remove Unattached Virtual Machine Disk Volumes” for Azure using Azure CLI, follow the below steps:
-
Open the Azure CLI on your local machine or use the Azure Cloud Shell.
-
Login to your Azure account using the command:
az login -
Once you are logged in, set the subscription context where the virtual machines are located using the command:
az account set --subscription <subscription_id>Replace
<subscription_id>with the ID of the subscription where the virtual machines are located. -
Now, list all the virtual machines in the subscription using the command:
az vm list --query "[].{Name:name, ResourceGroup:resourceGroup, Location:location}" --output table -
Identify the virtual machine for which you want to remove the unattached disk volumes.
-
Run the following command to list all the disk volumes attached to the virtual machine:
az vm show -g <resource_group_name> -n <vm_name> --query "storageProfile.dataDisks[].name" --output tableReplace
<resource_group_name>with the name of the resource group where the virtual machine is located and<vm_name>with the name of the virtual machine. -
Identify any unattached disk volumes in the output of the above command.
-
To remove the unattached disk volumes, run the following command:
az disk delete --ids <disk_id>Replace
<disk_id>with the ID of the unattached disk volume that you want to remove. -
Repeat steps 6 to 8 for all the unattached disk volumes that you want to remove.
-
Once you have removed all the unattached disk volumes, verify that they have been removed by running the command in step 6 again.
-
Exit the Azure CLI using the command:
exit
By following the above steps, you can remediate the misconfiguration “Remove Unattached Virtual Machine Disk Volumes” for Azure using Azure CLI.
To remediate the misconfiguration of removing unattached virtual machine disk volumes in Azure using Python, you can follow the below steps:
Step 1: Import the required libraries
from azure.identity import DefaultAzureCredential
from azure.mgmt.compute import ComputeManagementClient
Step 2: Set the subscription ID and resource group name where the virtual machines are located.
subscription_id = 'your-subscription-id'
resource_group_name = 'your-resource-group-name'
Step 3: Authenticate the client using the DefaultAzureCredential.
credential = DefaultAzureCredential()
compute_client = ComputeManagementClient(credential, subscription_id)
Step 4: Get the list of virtual machines in the resource group.
virtual_machines = compute_client.virtual_machines.list(resource_group_name)
Step 5: Iterate through each virtual machine and get the list of disk volumes.
for vm in virtual_machines:
disk_volumes = compute_client.disks.list_by_vm(resource_group_name, vm.name)
Step 6: Check if the disk volume is attached to the virtual machine or not. If it is not attached, delete the disk volume.
for disk in disk_volumes:
if not disk.managed_by and not disk.disk_state:
compute_client.disks.delete(resource_group_name, disk.name)
Step 7: Run the script to remove the unattached virtual machine disk volumes.
Note: Make sure you have the necessary permissions to delete the disk volumes.
The above steps will help you remediate the misconfiguration of removing unattached virtual machine disk volumes in Azure using Python.