library
turbot/aws_thrifty
- Detect & correct DynamoDB table with stale data
- Detect & correct EBS snapshots exceeding max age
- Detect & correct EBS volumes attached to stopped instances
- Detect & correct EBS volumes exceeding max size
- Detect & correct EBS volumes if unattached
- Detect & correct EBS volumes using gp2
- Detect & correct EBS volumes using io1
- Detect & correct EBS volumes with low IOPS
- Detect & correct EBS volumes with low usage
- Detect & correct EC2 application load balancers if unused
- Detect & correct EC2 classic load balancers if unused
- Detect & correct EC2 gateway load balancers if unused
- Detect & correct EC2 instances exceeding max age
- Detect & correct EC2 instances large
- Detect & correct EC2 instances of older generation
- Detect & correct EC2 instances without graviton
- Detect & correct EC2 network load balancers if unused
- Detect & correct EKS node groups without graviton
- Detect & correct Elasticache clusters exceeding max age
- Detect & correct EMR Clusters idle 30 mins
- Detect & correct Lambda functions without graviton
- Detect & correct RDS DB instances exceeding max age
- Detect & correct RDS DB instances of older generation
- Detect & correct RDS DB instances with low connection count
- Detect & correct RDS DB instances without graviton processor
- Detect & correct Route53 health checks if unused
- Detect & correct Route53 records with lower TTL
- Detect & correct S3 buckets without lifecycle policy
- Detect & correct SecretsManager secrets if unused
- Detect & correct VPC EIPs if unattached
- Detect & correct VPC NAT gateways if unused
Get Involved
Version
Detect & correct EBS volumes attached to stopped instances
Overview
EBS volumes attached to stopped instances still incur costs even though they may not be used; these should be reviewed and either detached from the stopped instance or deleted.
This query trigger detects EBS volumes attached to stopped instances and then either sends a notification or attempts to perform a predefined corrective action.
Getting Started
By default, this trigger is disabled, however it can be configured by setting the below variables
ebs_volumes_attached_to_stopped_instances_trigger_enabledshould be set totrueas the default isfalse.ebs_volumes_attached_to_stopped_instances_trigger_scheduleshould be set to your desired running scheduleebs_volumes_attached_to_stopped_instances_default_actionshould be set to your desired action (i.e."notify"for notifications or"detach_volume"to detach the volume from the instance).
Then starting the server:
flowpipe serveror if you've set the variables in a .fpvars file:
flowpipe server --var-file=/path/to/your.fpvarsQuery
with vols_and_instances as ( select v.volume_id, i.instance_id, v.region, v.account_id, v._ctx, bool_or(i.instance_state = 'stopped') as has_stopped_instances from aws_ebs_volume as v left join jsonb_array_elements(v.attachments) as va on true left join aws_ec2_instance as i on va ->> 'InstanceId' = i.instance_id group by v.volume_id, i.instance_id, v.region, v.account_id, v._ctx)select concat( volume_id, ' [', volume_type, '/', region, '/', account_id, ']' ) as title, volume_id, region, _ctx ->> 'connection_name' as credfrom vols_and_instanceswhere has_stopped_instances = true;Schedule
15m