Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Reserved Instance Lease Expiration In The Next 7 Days

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk Level: High (not acceptable risk)
Rule ID: EC2-048

Ensure that your AWS EC2 Reserved Instances are renewed before expiration in order to get a significant discount (up to 75% depending on the commitment term) on the hourly charges. The renewal process consists of purchasing another EC2 Reserved Instance so that Amazon can keep charging you based on the chosen reservation term.

This rule can help you with the following compliance standards:

  • APRA
  • MAS

For further details on compliance standards supported by Conformity, see here.

This rule can help you work with the AWS Well-Architected Framework.

This rule resolution is part of the Conformity Security & Compliance tool for AWS.

Cost
optimisation

With Reserved Instances (RIs) you can optimize your Amazon EC2 costs based on your expected usage. Since RIs are not renewed automatically, purchasing another reserved EC2 instances before expiration will guarantee their billing at a discounted hourly rate.

Note: You can change the default threshold (seven) for the number of days before expiration on the Cloud Conformity console and set your own value (days) based on your requirements.


Audit

To determine the expiration date for your Amazon EC2 Reserved Instances, perform the following:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.

03 In the left navigation panel, under INSTANCES section, choose Reserved Instances.

04 Open the dashboard Show/Hide Columns dialog box by clicking the configuration icon from the right menu:

configuration icon from the right menu

05 Inside the Show/Hide Columns dialog box, select Expires checkbox then click Close to return to the EC2 dashboard.

06 Select the Reserved Instance (RI) that you want to examine and verify the value listed for the selected instance in the Expires column. If the date displayed in this column is sooner than 7 days, the selected AWS EC2 RI is about to expire, therefore it must be renewed to keep it running at the current discounted hourly rate.

07 Repeat step no. 6 to determine the expiration date for other EC2 Reserved Instances available in the current region.

08 Change the AWS region from the navigation bar and repeat the process for the other regions.

Using AWS CLI

01 Run describe-reserved-instances command (OSX/Linux/UNIX) using custom query filters to list the IDs of all EC2 Reserved Instances available in the selected AWS region:

aws ec2 describe-reserved-instances
	--region us-east-1
	--output table
	--query 'ReservedInstances[*].ReservedInstancesId'

02 The command output should return a table with the requested RI IDs:

----------------------------------------
|        ReservedInstancesIds          |
+--------------------------------------+
| b847fa93-8129-491f-afbb-29ab75b7b59a |
| e527bd27-e282-4f55-b59a-0d7e09259ad7 |
+--------------------------------------+

03 Run again describe-reserved-instances command (OSX/Linux/UNIX) using your EC2 RI instance ID returned at the previous step and appropriate filtering to describe the date (timestamp) when the selected instance will expire:

aws ec2 describe-reserved-instances
	--region us-east-1
	--reserved-instances-ids b847fa93-8129-491f-afbb-29ab75b7b59a
	--query 'ReservedInstances[*].End'

04 The command output should return the date on which the reservation will expire:

[
    "2016-10-28T21:34:10.000Z"
]

Based on the date (time) returned, determine the number of days remained until the reservation expires. If the number of days remained is less than 7, the selected EC2 RI is about to expire, therefore it must be renewed to maintain the current Amazon EC2 discount rate.

05 Repeat step no. 3 and 4 to determine the expiration date for other EC2 Reserved Instances available in the current region.

06 Change the AWS region by updating the --region command parameter value and repeat steps no. 1 - 5 to perform the audit process for other regions.

Remediation / Resolution

To renew the EC2 Reserved Instances before their reservation expire, you need to repurchase them using the same configuration attributes (region, instance type, OS platform, etc). To renew your existing EC2 RIs in order to avoid On-Demand rates charges when the current reservation expires, perform the following:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.

03 In the left navigation panel, under INSTANCES section, choose Reserved Instances.

04 Select the EC2 Reserved Instance that you want to renew and note its configuration attributes (i.e. OS platform, instance type, tenancy and offering class).

05 Click Purchase Reserved Instances button from the dashboard top menu to start the purchasing process.

06 On the Purchase Reserved Instances page, specify the following RI offering details:

  1. From Platform dropdown menu, select the OS platform (e.g. Linux/UNIX) used by the EC2 Reserved Instance that you want to renew.
  2. From Instance Type dropdown list, choose the necessary instance type (e.g. m3.medium).
  3. From Tenancy dropdown menu, select the EC2 Reserved Instance tenancy (e.g. default).
  4. From Term dropdown menu, select the length of time for the new reservation based on your needs.
  5. From Offering Class dropdown menu, choose Standard.
  6. And from Payment Option dropdown menu, select the payment type that you want to use for this reservation (e.g. No Upfront).
  7. Click Search to seek for EC2 Reserved Instances that match the provided criteria.
  8. Once the query results are returned, choose the preferred offering and click Add to Cart.
  9. Click View Cart to view your cart before purchasing the selected RI offering.
  10. Review the shopping cart details then click Purchase to complete your purchase.
  11. Once the order confirmation message appears, click Close to return to the EC2 dashboard. The RI order processing may take few minutes as the instance status will change to from pending-payment to active.

07 Repeat steps no. 4 - 6 to renew (repurchase) other EC2 Reserved Instances that are about to expire, available in the current region.

08 Change the AWS region from the navigation bar and repeat the process for other regions.

Using AWS CLI

01 Before you repurchase the EC2 Reserved Instance run describe-reserved-instances-offerings command (OSX/Linux/UNIX) to get the pricing details and information about available EC2 RI offerings. Use the command parameters provided in the following example to match the specifications of the RI that you want to renew (repurchase):

aws ec2 describe-reserved-instances-offerings
	--region us-east-1
	--availability-zone us-east-1a
	--instance-type "m3.medium"
	--product-description "Linux/UNIX (Amazon VPC)"
	--instance-tenancy default
	--offering-type "no upfront"
	--min-duration 2592000
	--max-duration 31536000
	--no-include-marketplace

02 The command output should return the requested offering(s) information:

{
    "ReservedInstancesOfferings": [
        {
            "OfferingType": "No Upfront",
            "AvailabilityZone": "us-east-1a",
            "InstanceTenancy": "default",
            "PricingDetails": [],
            "ProductDescription": "Linux/UNIX",
            "UsagePrice": 0.0,
            "RecurringCharges": [
                {
                    "Amount": 0.048,
                    "Frequency": "Hourly"
                }
            ],
            "Marketplace": false,
            "CurrencyCode": "USD",
            "FixedPrice": 0.0,
            "Duration": 31536000,
            "ReservedInstancesOfferingId":
            "b66073b7-b160-42b9-92b5-216e0ef2929b",
            "InstanceType": "m3.medium"
        }
    ]
}

03 Run purchase-reserved-instances-offering command (OSX/Linux/UNIX) to purchase the EC2 Reserved Instance based on the offering information returned at the previous step. The following command example purchase a reserved EC2 instance using an offering identified by the ID b66073b7-b160-42b9-92b5-216e0ef2929b:

aws ec2 purchase-reserved-instances-offering
	--region us-east-1
	--reserved-instances-offering-id b66073b7-b160-42b9-92b5-216e0ef2929b
	--instance-count 1

04 The command output should return the new EC2 Reserved Instance ID:

{
  "ReservedInstancesId": "ed9f760e-6f90-4551-a5f7-209e0ef2933a"
}

05 Repeat steps no. 1 - 4 to renew (repurchase) other EC2 Reserved Instances that are about to expire, available in the current region.

06 Change the AWS region by updating the --region command parameter value and repeat steps no. 1 - 5 to perform the entire process for other regions.

References

Publication date Oct 27, 2016

Unlock the Remediation Steps


Free 30-day Trial

Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

Confirmity Cloud Platform

No thanks, back to article

You are auditing:

Reserved Instance Lease Expiration In The Next 7 Days

Risk Level: High