AWS Idle EBS Volumes

Rule Description

Rule Code: AWS-EBS-01

Identify any non-root idle EBS volumes and consider to remove them if unused.

By default, an EBS volume is defined as "Idle EBS" when it has very low I/O activity:

  • The total number of VolumeReadOps and VolumeWriteOps recorded per day for the last 7 days has been less than 1 (one) on average.

To avoid any risk, it is recommended to backup all of your data before deleting it. For example, using S3 to store data in the short period of time.

Audit / Verification

Step 01: Sign in to the AWS Management Console.

AWS Console login

Step 02: Access to EC2 dashboard. Select Volume under ELASTIC BLOCK STORE section

Navigate EC2
Navigate EBS

Step 03: On the list of EBS volumes, navigate Volume State parameter from the dropdown list and select In-use.

Step 04: Select the Description tab and check the Attachment information attribute value. If the attachment information for the selected EBS volume contains the /dev/sda1

or /dev/xvda

In case, the verified EBS resource is a root volume, then the rule audit process must be restarted with the step 3, otherwise continue with the next step.

Step 05: Select the Monitoring tab. Within the CloudWatch metrics section, follow these steps as below:

  • Click on the Read Throughput (Ops/s) usage graph thumbnail to view volume Read I/O usage details.
  • Verify the EBS volume read throughput (i.e. VolumeReadOps) usage recorded in the last 7 days.
  • Consider delete EBS volume if unused.

Step 06: Repeat steps no. 3 – 5 to verify the associated CloudWatch metrics (VolumeReadOps and VolumeWriteOps) for other EBS volumes available in the current region.

Step 07: Switch to the other AWS regions and follow the same above audit process.