Rule Description
Rule Code: AWS-EBS-01
Identify any non-root idle EBS volumes and consider to remove them if unused.
By default, an EBS volume is defined as "Idle EBS" when it has very low I/O activity:
- The total number of VolumeReadOps and VolumeWriteOps recorded per day for the last 7 days has been less than 1 (one) on average.
To avoid any risk, it is recommended to backup all of your data before deleting it. For example, using S3 to store data in the short period of time.
Audit / Verification
Step 01: Sign in to the AWS Management Console.
Step 02: Access to EC2 dashboard. Select Volume under ELASTIC BLOCK STORE section
Step 03: On the list of EBS volumes, navigate Volume State parameter from the dropdown list and select In-use.
Step 04: Select the Description tab and check the Attachment information attribute value. If the attachment information for the selected EBS volume contains the /dev/sda1
or /dev/xvda
In case, the verified EBS resource is a root volume, then the rule audit process must be restarted with the step 3, otherwise continue with the next step.
Step 05: Select the Monitoring tab. Within the CloudWatch metrics section, follow these steps as below:
- Click on the Read Throughput (Ops/s) usage graph thumbnail to view volume Read I/O usage details.
- Verify the EBS volume read throughput (i.e. VolumeReadOps) usage recorded in the last 7 days.
- Consider delete EBS volume if unused.
Step 06: Repeat steps no. 3 – 5 to verify the associated CloudWatch metrics (VolumeReadOps and VolumeWriteOps) for other EBS volumes available in the current region.
Step 07: Switch to the other AWS regions and follow the same above audit process.