Logo of Trend Micro

AWS EC2 Reserved Instances Purchase Recommendations

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk level: Medium (should be achieved)

Identify any AWS EC2 instances that can be upgraded to Reserved Instances (RIs) and follow the Cloud Conformity recommendations for purchasing your RIs in order to receive a significant discount on the hourly charges. RIs represent a pricing model that enables discounted hourly rates for compute capacity in exchange of reserving a certain amount of compute usage upfront. The cost savings when using Reserved Instances over On-Demand Instances are up to 75% depending on the commitment term (1-year or 3-years) and the payment option used (No Upfront, Partial Upfront or All Upfront). For example, for a t2.large EC2 instance provisioned in the US-East region (N. Virginia) you can save roughly $24 per month by upgrading it to a Reserved Instance for a period of 1 year with no upfront costs or save $40 per month (as of November 2016) by reserving it for a period of 3 years with a portion of the cost paid upfront (Partial Upfront payment option).

Cost
optimisation

Reserved Instances represent a good strategy to cut down on EC2 costs but purchasing them without a plan can feel like a risky process. The Cloud Conformity purchasing recommendations outlined in this rule will help you optimize your RIs spending and save money by using only what you need.

Note: In order to verify the current status of purchased reserved capacity and provide accurate recommendations, Cloud Conformity needs access to the AWS payer account (the account designated to pay the bills) or to AWS individual accounts. The following IAM policy allows Cloud Conformity to view all the reserved EC2 instances available in your account(s):

{
  "Version": "2012-10-17",
  "Statement": [{
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeReservedInstances"
      ],
      "Resource": "*"
    }
  ]
}

Audit

To verify your current Amazon EC2 compute capacity and determine if there are any candidates for upgrading to Reserved Instances (RIs), perform the following:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.

03 In the left navigation panel, under INSTANCES section, choose Instances.

04 Select the EC2 instance that you want to examine.

05 Select the Description tab from the dashboard bottom panel and determine the instance role within the application stack based on its attributes. If the selected EC2 instance is not the component of an application stack that is about to be decommissioned and the resource will be in use for at least 6 months, the instance is stable and qualifies as candidate for the upgrade to a Reserved Instance (RI). To upgrade it you must follow the recommendations outlined in the Remediation/Resolution section and purchase an EC2 RI based on the active (On-Demand) instance attributes.

06 Repeat step no. 4 and 5 to determine if other EC2 instances available in the current region are eligible for the upgrade.

07 Change the AWS region from the navigation bar and repeat the process for the other regions.

Using AWS CLI

01 Run describe-instances command (OSX/Linux/UNIX) using custom query filters to list the IDs of all existing EC2 instances provisioned in the selected region: 

aws ec2 describe-instances
	--region us-east-1
	--output table
	--query 'Reservations[*].Instances[*].InstanceId'

02 The command output should return a table with the requested instance IDs: 

-------------------------
|   DescribeInstances   |
+-----------------------+
|  i-0cca77faf62f142c4  |
|  i-02c5346e06d9425da  |
|  i-0d3cdfa00d01f7d5e  |
+-----------------------+

03 Run again describe-instances command (OSX/Linux/UNIX) using the ID of the instance that you want to examine as identifier to describe the selected resource attributes: 

aws ec2 describe-instances
	--region us-east-1
	--instance-ids i-0cca77faf62f142c4

04 The command output should return the requested information (i.e. instance attributes, configuration details, etc): 

{
  "Reservations": [
     {
        "OwnerId": "123456789012",
        "ReservationId": "r-0bfc44e698e3b7118",
        "Groups": [],
        "Instances": [
            {
            "Monitoring": {
                "State": "disabled"
            },
            "PublicDnsName": "ec2-52-87-206-233.compute-1.amazonaws.com",
            "State": {
                "Code": 16,
                "Name": "running"
            },
            "EbsOptimized": false,
            "PublicIpAddress": "52.87.206.233",
            "PrivateIpAddress": "172.31.58.84",
            "VpcId": "vpc-2fb56548",
            "StateTransitionReason": "",
            "InstanceId": "i-0cca77faf62f142c4",
            "EnaSupport": true,
            "ImageId": "ami-b73b63a0",
            "PrivateDnsName": "ip-172-31-58-84.ec2.internal",
            "KeyName": "gpav",
            "SecurityGroups": [
                {
                    "GroupName": "web-app-server-sg",
                    "GroupId": "sg-58dc0a22"
                }
            ],
            "ClientToken": "SMZYE1477996852744",
            "SubnetId": "subnet-2b394201",
            "InstanceType": "t2.medium",

		...


            "SourceDestCheck": true,
            "Placement": {
                "Tenancy": "default",
                "GroupName": "",
                "AvailabilityZone": "us-east-1a"
            },
            "Hypervisor": "xen",
            "BlockDeviceMappings": [
                {
                    "DeviceName": "/dev/xvda",
                    "Ebs": {
                        "Status": "attached",
                        "DeleteOnTermination": true,
                        "VolumeId": "vol-669d22b2",
                        "AttachTime": "2016-11-01T10:40:54.000Z"
                    }
                }
            ],
            "Architecture": "x86_64",
            "RootDeviceType": "ebs",
            "RootDeviceName": "/dev/xvda",
            "VirtualizationType": "hvm",
            "Tags": [
                {
                    "Value": "",
                    "Key": "Name"
                }
            ],
            "AmiLaunchIndex": 0
          }
        ]
     }
   ]
}

05 Analyze the instance attributes listed at the previous step and determine its role in the application stack. If the selected EC2 instance is not the component of an application stack that is about to be decommissioned soon and the resource will be in use for at least 6 months, the instance is stable and qualifies as candidate for the upgrade to a Reserved Instance (RI). To upgrade it you must follow the recommendations outlined in the Remediation/Resolution section and purchase an EC2 RI based on the active instance attributes.

06 Repeat steps no. 3 - 5 to determine if other EC2 instances provisioned in the current region are eligible for the upgrade.

07 Change the AWS region by updating the --region command parameter value and repeat steps no. 1 - 6 to perform the audit process for other regions.

Remediation / Resolution

To upgrade your On-Demand EC2 instances to Reserved Instances you need to purchase them wisely in order to avoid paying for resources that you do not need. To make the RI purchase based on the right pricing model, the right size and platform at the right time, follow the recommendations outlined below:

Using AWS Console

01 Commitment Term - choose carefully the commitment period based on your application(s) requirements because you will be charged for every hour during the entire reservation term that you select, regardless of whether the instance is running or not. AWS provides two types of commitment terms:

  1. 1-year term - the reservation is made for just 1 year, it’s useful for predictable workloads that do not require vertical scaling and provides lower discount rate when compared with the 3-year term.
  2. 3-year term - the reservation is made for 3 years, it's useful for long-running applications and web services that do not require vertical scaling and provides higher discount rate.

02 Payment Options - decide how you would like to pay for your Reserved Instances throughout the chosen commitment period. There are 3 payment options to choose from:

  1. No Upfront - no upfront payment is required at purchase and but discount is lower (31% over On-Demand pricing model) when compared to other payment options. This option is not available for 3-year term reservations.
  2. Partial Upfront - a portion of the cost must be paid upfront and the remaining hours in the term are billed at the established discounted hourly rate. This option balances the Reserved Instance payments between upfront and hourly.
  3. All Upfront - you are paying for the entire commitment term selected (one or three years) with one upfront payment and get the best effective hourly price when compared to On-Demand model and the biggest discount when compared to other payment options available.

03Consolidated Billing - using Consolidated Billing is recommended when you own multiple accounts because the AWS billing engine treats all your accounts as a single account for billing purposes (designated payer account), resulting in the lowest possible bill as the applicable discounts are spread across all accounts. For instance, the Reserved Instances purchased in one AWS account can share their reservations with other AWS accounts available in the same billing family. The purchase recommendations are based on the previous calendar month's hour-by-hour usage aggregated across all consolidated billing accounts. For example, if you have two RIs in the same region with the same attributes, the AWS billing system checks each hour the total number of instances you have running that match those attributes. If there are two instances or less, you will be charged the Reserved Instance rate for each matching instance running that hour. If more than two are running, you will be charged the On-Demand rate for the additional instance(s).

04Purchasing Process - is important to review carefully the shopping cart details before the purchase. After your purchase is confirmed, it cannot be cancelled so make sure the parameters displayed on the RI shopping cart page are accurate.

05 Limitations - you can purchase up to 20 Reserved Instances per Availability Zone each month. If you need additional EC2 RIs, use the form available at this URL to request an increase.

To upgrade to Reserved Instances just purchase RIs in the same region, using the same attributes as your active On-demand instances and the billing will be automatically changed to reflect the reserved rates. To buy the required RIs, perform the following actions:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.

03 In the left navigation panel, under INSTANCES section, choose Reserved Instances.

04 Click Purchase Reserved Instances button from the dashboard top menu to initiate the purchasing process.

05 On the Purchase Reserved Instances page, specify the following RI offering details:

  1. From Platform dropdown menu, select the OS platform (e.g. Linux/UNIX) used by the active On-demand instance that you want to upgrade.
  2. From Instance Type dropdown list, choose the right instance type (e.g. t2.large).
  3. From Tenancy dropdown menu, select the On-demand Instance tenancy (e.g. default).
  4. From Term dropdown menu, select the length of time for the new reservation based on your needs.
  5. From Offering Class dropdown menu, choose Standard.
  6. From Payment Option dropdown menu, select the payment type that you want to use for this reservation (e.g. No Upfront).
  7. Click Search to seek for EC2 Reserved Instances that match the provided criteria.
  8. Once the query results are returned, choose the preferred offering and click Add to Cart.
  9. Click View Cart to view your cart item before purchasing the selected RI offering. (!) IMPORTANT: verify the shopping cart details before the purchase in order to make sure that the parameters listed on this page are correct.
  10. Click Purchase to complete your purchase.
  11. Once the order confirmation message appears, click Close to return to the EC2 dashboard. The RI order processing may take few minutes as the instance status will change to from pending-payment to active.

06 Repeat step no. 4 and 5 to upgrade other On-Demand EC2 instances available in the current region by purchasing Reserved Instances that match their configuration.

07 Change the AWS region from the navigation bar and repeat the process for other regions.

Using AWS CLI

01 Before you purchase the EC2 Reserved Instance run describe-reserved-instances-offerings command (OSX/Linux/UNIX) to get the pricing details and information about available EC2 RI offerings. Use the command parameters provided in the following example to match the specifications of the On-Demand instance that you want to upgrade to RI: 

aws ec2 describe-reserved-instances-offerings
	--region us-east-1
	--availability-zone us-east-1a
	--instance-type "t2.large"
	--product-description "Linux/UNIX (Amazon VPC)"
	--instance-tenancy default
	--offering-type "no upfront"
	--min-duration 2592000
	--max-duration 31536000
	--no-include-marketplace

02 The command output should return the requested offering(s) information: 

{
    "ReservedInstancesOfferings": [
        {
            "OfferingType": "No Upfront",
            "AvailabilityZone": "us-east-1a",
            "InstanceTenancy": "default",
            "PricingDetails": [],
            "ProductDescription": "Linux/UNIX",
            "UsagePrice": 0.0,
            "RecurringCharges": [
                {
                    "Amount": 0.048,
                    "Frequency": "Hourly"
                }
            ],
            "Marketplace": false,
            "CurrencyCode": "USD",
            "FixedPrice": 0.0,
            "Duration": 31536000,
            "ReservedInstancesOfferingId":
            "c05073b7-d160-42b0-92b5-216e0ef292e8",
            "InstanceType": "t2.large"
        }
    ]
}

03 Now run purchase-reserved-instances-offering command (OSX/Linux/UNIX) to purchase the EC2 Reserved Instance based on the offering information returned at the previous step. The following command example purchase a reserved EC2 instance using an AWS offering identified by the ID c05073b7-d160-42b0-92b5-216e0ef292e8: 

aws ec2 purchase-reserved-instances-offering
	--region us-east-1
	--reserved-instances-offering-id c05073b7-d160-42b0-92b5-216e0ef292e8
	--instance-count 1

04 The command output should return the new EC2 Reserved Instance ID: 

{
  "ReservedInstancesId": "a19f760e-3f91-4551-a5f7-209e0ef2959d"
}

05 Repeat steps no. 1 - 4 to upgrade other On-Demand EC2 instances provisioned in the current region by purchasing Reserved Instances that match their configuration.

06 Change the AWS region by updating the --region command parameter value and repeat steps no. 1 - 5 to perform the entire process for other regions.

Remediation / Resolution

To renew your existing Reserved Instances (RIs), you need to repurchase them using the same configuration attributes (region, instance type, OS platform, etc). The EC2 RIs are not renewed automatically so you must repurchase your existing RIs in order to avoid On-Demand rates charges when the current reservations expire. To repurchase them perform the following:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.

03 In the left navigation panel, under INSTANCES section, choose Reserved Instances.

04 Select the running EC2 Reserved Instance that you want to renew and note its configuration attributes (i.e. OS platform, instance type, tenancy and offering class).

05 Click Purchase Reserved Instances button from the dashboard top menu to start the purchasing process.

06 On the Purchase Reserved Instances page, specify the following RI offering details:

  1. From Platform dropdown menu, select the OS platform (e.g. Linux/UNIX) used by the EC2 Reserved Instance that you want to renew.
  2. From Instance Type dropdown list, choose the necessary instance type (e.g. t2.medium).
  3. From Tenancy dropdown menu, select the EC2 Reserved Instance tenancy (e.g. default).
  4. From Term dropdown menu, select the length of time for the new reservation based on your needs.
  5. From Offering Class dropdown menu, choose Standard.
  6. And from Payment Option dropdown menu, select the payment type that you want to use for this reservation (e.g. Partial Upfront).
  7. Click Search to seek for EC2 Reserved Instances that match the provided criteria.
  8. Once the query results are returned, choose the preferred offering and click Add to Cart.
  9. Click View Cart to view your cart before purchasing the selected RI offering.
  10. Review the shopping cart details before the purchase. (!) IMPORTANT: After your purchase is confirmed, it cannot be cancelled so make sure the parameters displayed on this page are correct.
  11. Click Purchase to complete your purchase.
  12. Once the order confirmation message appears, click Close to return to the EC2 dashboard. The RI order processing may take few minutes as the instance status will change to from pending-payment to active.

07 Repeat steps no. 4 - 6 to renew (repurchase) other EC2 Reserved Instances available in the current region.

08 Change the AWS region from the navigation bar and repeat the process for other regions.

Using AWS CLI

01 First, run describe-reserved-instances-offerings command (OSX/Linux/UNIX) to get the pricing details and information about the available EC2 RI offerings. Use the command parameters provided in the following example to match the specifications of the RI that you want to renew (repurchase): 

aws ec2 describe-reserved-instances-offerings
	--region us-east-1
	--availability-zone us-east-1d
	--instance-type "t2.medium"
	--product-description "Linux/UNIX (Amazon VPC)"
	--instance-tenancy default
	--offering-type "no upfront"
	--min-duration 2592000
	--max-duration 31536000
	--no-include-marketplace

02 The command output should return the requested offering(s) information: 

{
    "ReservedInstancesOfferings": [
        {
            "OfferingType": "No Upfront",
            "AvailabilityZone": "us-east-1d",
            "InstanceTenancy": "default",
            "PricingDetails": [],
            "ProductDescription": "Linux/UNIX",
            "UsagePrice": 0.0,
            "RecurringCharges": [
                {
                    "Amount": 0.048,
                    "Frequency": "Hourly"
                }
            ],
            "Marketplace": false,
            "CurrencyCode": "USD",
            "FixedPrice": 0.0,
            "Duration": 31536000,
            "ReservedInstancesOfferingId":
            "ca0073b7-d160-42b9-92b5-216e0ef27ec3",
            "InstanceType": "t2.medium"
        }
    ]
}

03 Run purchase-reserved-instances-offering command (OSX/Linux/UNIX) to purchase the EC2 Reserved Instance based on the offering information returned previously. The following command example purchase a reserved EC2 instance using an offering identified by the ID ca0073b7-d160-42b9-92b5-216e0ef27ec3: 

aws ec2 purchase-reserved-instances-offering
	--region us-east-1
	--reserved-instances-offering-id ca0073b7-d160-42b9-92b5-216e0ef27ec3
	--instance-count 1

04 The command output should return the ID of the newly purchased EC2 Reserved Instance: 

{
  "ReservedInstancesId": "ba0f760e-6f90-3779-a5f8-209e0ef2cbe8"
}

05 Repeat steps no. 1 - 4 to renew (repurchase) other EC2 Reserved Instances available in the current region.

06 Change the AWS region by updating the --region command parameter value and repeat steps no. 1 - 5 to perform the entire process for other regions.

References

Publication date Nov 2, 2016

Related EC2 rules

Unlock the Remediation Steps

Gain free unlimited access
to our full Knowledge Base

Over 750 rules & best practices
for AWS and Azure

You are auditing:

AWS EC2 Reserved Instances Purchase Recommendations

Risk level: Medium