More Info:

For regularly reviewing your EC2 Reserved Instance purchases for cost optimization (informational).

Risk Level

Low

Address

Cost Optimisation

Compliance Standards

CBP

Remediation

Using Console

Here are the step-by-step instructions to remediate the “EC2 Reserved Instances Recent Purchases Should Be Reviewed” misconfiguration in AWS using the AWS console:

  1. Login to your AWS account and go to the AWS EC2 console.
  2. Click on the “Reserved Instances” link in the left-hand navigation menu.
  3. Review the list of recently purchased reserved instances to identify any that were purchased in error or are no longer needed.
  4. Select the reserved instances that need to be modified or cancelled.
  5. Click on the “Actions” button and select “Modify Reserved Instances” or “Cancel Reserved Instances” depending on the action you want to take.
  6. Follow the prompts to modify or cancel the selected reserved instances.
  7. After making the necessary changes, review the list of reserved instances again to ensure that all recent purchases have been reviewed and remediated.

By following these steps, you can remediate the “EC2 Reserved Instances Recent Purchases Should Be Reviewed” misconfiguration in AWS using the AWS console.

Using CLI

The EC2 Reserved Instances Recent Purchases Should Be Reviewed misconfiguration can be remediated in AWS using the following steps:

  1. Open the AWS CLI on your local machine.

  2. Run the following command to list all active Reserved Instances:

aws ec2 describe-reserved-instances --filters "Name=state,Values=active"

  1. Review the output of the above command and identify any recently purchased Reserved Instances that are not being utilized.

  2. Run the following command to modify or cancel the unused Reserved Instances:

aws ec2 modify-reserved-instances --reserved-instances-id <ID> --target-configuration "InstanceCount=<COUNT>,OfferingId=<OFFERING_ID>"

Note: Replace <ID> with the Reserved Instance ID and <COUNT> with the desired instance count. <OFFERING_ID> can be obtained from the Reserved Instance description.

  1. Alternatively, to cancel the unused Reserved Instances, run the following command:
aws ec2 cancel-reserved-instances-listings --reserved-instances-listing-ids <ID>

Note: Replace <ID> with the Reserved Instance Listing ID.

  1. Repeat step 4 and 5 for all unused Reserved Instances.

  2. Finally, run the following command to verify that all unused Reserved Instances have been modified or cancelled:

aws ec2 describe-reserved-instances --filters "Name=state,Values=active"

This should remediate the EC2 Reserved Instances Recent Purchases Should Be Reviewed misconfiguration in AWS.

Using Python

The misconfiguration “EC2 Reserved Instances Recent Purchases Should Be Reviewed” typically refers to a situation where an AWS account has recently purchased EC2 Reserved Instances, but they are not being fully utilized. To remediate this, you can use the following steps:

  1. Identify the underutilized EC2 Reserved Instances using the AWS SDK for Python (boto3) by calling the describe_reserved_instances() method of the EC2 client object. This method returns information about the specified Reserved Instances, including the number of instances that are currently in use.
import boto3

ec2_client = boto3.client('ec2')

reserved_instances = ec2_client.describe_reserved_instances()
  1. Filter the results to only include Reserved Instances that are not being fully utilized. You can do this by comparing the InstanceCount attribute to the InstanceCount attribute of the State object for each Reserved Instance.
underutilized_instances = []

for reserved_instance in reserved_instances['ReservedInstances']:
    state = ec2_client.describe_reserved_instances_modifications(
        ReservedInstancesModificationIds=[reserved_instance['ReservedInstancesId']]
    )['ReservedInstancesModifications'][0]['TargetConfigurations'][0]['ReservedInstancesConfiguration']['Scope']

    if reserved_instance['InstanceCount'] > state['InstanceCount']:
        underutilized_instances.append(reserved_instance)
  1. Review the list of underutilized EC2 Reserved Instances and take appropriate action. This could include modifying the instance type or family to better match your workload, or selling the underutilized Reserved Instances on the Reserved Instance Marketplace.
for instance in underutilized_instances:
    print(f"Underutilized EC2 Reserved Instance: {instance['ReservedInstancesId']}")

By following these steps, you can identify and remediate underutilized EC2 Reserved Instances in your AWS account using Python and the boto3 SDK.

Additional Reading: