Unused EC2 Reserved Instances

01 Sign in to the AWS Management Console.

02 Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.

03 In the left navigation panel, under INSTANCES section, choose Reserved Instances.

04 Select the active Reserved Instance (RI) that you want to examine.

05 Select the Details tab from the dashboard bottom panel and copy the following attributes values: Instance Type, Platform, Tenancy and Availability Zone (if applicable).

06 Within the same AWS region, in the navigation panel, under INSTANCES section, choose Instances.

07 On the EC2 dashboard, click inside the attributes filter box located under the dashboard top menu, choose Instance Type parameter from the dropdown list, paste the instance type value copied at step no. 5 and press Enter. Repeat this step for Platform, Tenancy and Availability Zone parameters using the values copied at step no. 5. To search for active EC2 instances only, choose Instance State then select Running from the dropdown list. This filtering method e.g.

will help you to determine if there are any EC2 instance that match the selected RI criteria, available in the current AWS region. If no EC2 instances matching your filter criteria are found, the selected Reserved Instance does not have a corresponding instance running within the current region, therefore the purchased RI is not being used.

08 If you are using Consolidated Billing and the current AWS account is member of an AWS Organization, access the Instances page on each linked account, using the same region, and repeat step no. 7 to check for any corresponding EC2 instance.

09 Repeat steps no. 4 - 8 for other EC2 Reserved Instances (RIs) available in the current region.

10 Change the AWS region from the navigation bar and repeat the audit process for other regions.

01 Run describe-reserved-instances command (OSX/Linux/UNIX) using custom query filters to list the IDs of all active EC2 Reserved Instances, available in the selected AWS region:

aws ec2 describe-reserved-instances
	--region us-east-1
	--filters Name=state,Values=active
	--output table
	--query 'ReservedInstances[*].ReservedInstancesId'

02 The command output should return a table with the requested EC2 RI IDs:

----------------------------------------
|        ReservedInstancesIds          |
+--------------------------------------+
| 73904b7a-5e4e-4325-464b-13cf48d3b301 |
| 210509b8-f51e-65c6-b3e9-baa2dbdef045 |
+--------------------------------------+

03 Run again describe-reserved-instances command (OSX/Linux/UNIX) using your RI instance ID returned at the previous step and appropriate filtering to describe the selected Reserved Instance attributes:

aws ec2 describe-reserved-instances
	--region us-east-1
	--reserved-instances-ids 73904b7a-5e4e-4325-464b-13cf48d3b301

04 The command output should return the requested RI attributes, information that will be useful later to search for EC2 instances that match the purchase criteria:

aws ec2 describe-reserved-instances
{
    "ReservedInstances": [
        {
            "ReservedInstancesId": "73904b7a-5e4e-4325-464b-13cf48d3b301",
            "OfferingType": "No Upfront",
            "AvailabilityZone": "us-east-1b",
            "End": "2017-08-21T19:43:23.000Z",
            "ProductDescription": "Linux/UNIX (Amazon VPC)",
            "Scope": "Availability Zone",
            "UsagePrice": 0.0,
            "RecurringCharges": [
                {
                    "Amount": 0.048,
                    "Frequency": "Hourly"
                }
            ],
            "OfferingClass": "standard",
            "Start": "2016-08-21T19:43:24.352Z",
            "State": "active",
            "FixedPrice": 0.0,
            "CurrencyCode": "USD",
            "Duration": 31536000,
            "InstanceTenancy": "default",
            "InstanceType": "c4.large",
            "InstanceCount": 1
        }
    ]
}

05 Run describe-instances command (OSX/Linux/UNIX) using predefined filters to list the ID of the EC2 instance that match the selected RI purchase criteria, available within the selected AWS region. To define the right values for the required command filters, use the output information returned at the previous step. The following command example should return the ID of a running c4.large EC2 instance, that utilizes the default/shared tenancy and Linux as OS platform, provisioned in the us-east-1b Availability Zone, within the N. Virginia (us-east-1) AWS region:

aws ec2 describe-instances
	--region us-east-1
	--filters "Name=instance-type,Values=c4.large"
		"Name=tenancy,Values=default"
		"Name=availability-zone,Values=us-east-1b"
		"Name=instance-state-name,Values=running"
	--query 'Reservations[*].Instances[*].InstanceId[]'

06 The command output should return an array that contains the requested EC2 instance ID or an empty array if no instance matches the filter criteria:

aws ec2 describe-instances
[]

07 If you have an active AWS Consolidated Billing implementation and the current AWS account is member of an AWS Organization, repeat step no. 5 and 6 to check for the corresponding EC2 instance within other AWS accounts, members of the AWS Organization.

08 Repeat steps no. 3 - 7 for other EC2 Reserved Instances (RIs) available within the selected region.

09 Change the AWS region by updating the --region command parameter value and perform the entire audit process for other regions.

01 Sign in to the AWS Management Console.

02 Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.

03 In the navigation panel, under INSTANCES section, choose Reserved Instances.

04 If this is the first time when you are listing AWS EC2 RIs for sale, click the Actions dropdown button from the dashboard top menu and select Sell Reserved Instances option, otherwise skip to step no. 10.

05 Inside Sell Your Reserved Instance dialog box, click Register to initiate the registration wizard.

06 On Account Information page, provide a name for the seller in the Business Name box then click Continue.

07 On Add Bank Account page, register a U.S. bank account as the deposit of your sales by providing the bank account number, account holder name and the necessary routing number. Once your bank account information is validated, click Continue.

08 On the Confirmation page click Continue finish the registration wizard.

09 Go back to the navigation panel and under INSTANCES section click Reserved Instances.

10 Select the AWS EC2 Reserved Instance that you want to sell (see Audit section part I to identify the right EC2 resource).

11 Click the Actions dropdown button from the dashboard top menu and select Sell Reserved Instances.

12 In the Sell Your Reserved Instance dialog box, perform the following actions:

1. Click Get Started to start listing your selected Reserved Instance.
2. Within Configure Your Reserved Instance Listing section, set the number of Reserved instances you would like to sell and the upfront price for each one, then click Continue.
3. In the Confirm Your Reserved Instance Listing section, review the RI listing details then click List Reserved Instances to list your instances on Amazon EC2 Reserved Instance Marketplace. Click Close to return to the EC2 dashboard.

13 Repeat steps no. 10 - 12 to list for sale other unneeded EC2 Reserved Instances, that have been purchased in the current AWS region and account or within any other member (linked) accounts available in your AWS Organization (if you are using one).

14 Change the AWS region from the navigation bar and repeat the remediation process for other regions.

01 Run create-reserved-instances-listing command (OSX/Linux/UNIX) to create a listing for your unused EC2 Standard Reserved Instance (see Audit section part II to identify the right resource), to be sold on the Amazon EC2 Reserved Instance Marketplace. The following command example creates an AWS RI listing of $420.00 for an EC2 Reserved Instance with the ID 73904b7a-5e4e-4325-464b-13cf48d3b301, available in the N. Virginia (us-east-1) region, that has 6 months remaining in the reservation timeframe:

aws ec2 create-reserved-instances-listing
	--region us-east-1
	--reserved-instances-id 73904b7a-5e4e-4325-464b-13cf48d3b301
	--instance-count 1
	--price-schedules Term=6,Price=420.00,CurrencyCode="USD"

02 The command output should return the EC2 RI listing metadata:

{
   "ReservedInstancesListings": [
        {
            "ReservedInstancesId": "73904b7a-5e4e-4325-464b-13cf48d3b301",
            "CreateDate": "2017-03-05T14:15:37.352Z",
            "InstanceCounts": [
                {
                    "State": "active",
                    "InstanceCount": 1
                }
            ],

            ...

            "PriceSchedules": [
                {
                    "Term": 6,
                    "Price": 420.00,
                    "CurrencyCode": "USD",
                    "Active": "true"
                }
            ],
            "Tags": [],
            "Status": "fulfilled",
            "ClientToken": "ba0db215-5222-7889-2216-0cf0e52dc45c"
        }
    ]
}

03 Repeat step no. 1 and 2 to create sale listings for other unneeded EC2 Reserved Instances, that have been purchased in the selected AWS region and account or within any other linked accounts available in your AWS Organization (if applicable).

04 Change the AWS region by updating the --region command parameter value and perform the entire process for other regions.

01 Sign in to the AWS Management Console.

02 Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.

03 In the navigation panel, under INSTANCES section, select Instances.

04 Click the Launch Instance button from the EC2 dashboard top menu to initiate the launch process.

05 On Step 1: Choose an Amazon Machine Image (AMI) page, choose an AMI provided by AWS, the Amazon user community, the AWS Marketplace or select one of your own AMIs. The chosen image must use the same OS platform (e.g. Linux, Windows) as the one selected at EC2 RI purchase (see Audit section part I, step no. 5 to identify the OS platform used).

06 On Step 2: Choose an Instance Type page, select the same instance type as the one used by your EC2 Reserved Instance (see Audit section part I, step no. 5 to identify the right instance type) then click Next: Configure Instance Details button.

07 On Step 3: Configure Instance Details page, select the required Availability Zone (see Audit section part I, step no. 5) from the Subnet dropdown list, select Shared from the Tenancy dropdown list and configure any other options available on this page based on your requirements. Click Next: Add Storage to continue the process.

08 On Step 4: Add storage page, configure the instance volume(s) based on your application(s) requirements then click Next: Add Tags.

09 On Step 5: Add Tags page, configure any necessary tags, then click Next: Configure Security Group button to continue.

10 On Step 6: Configure Security Groups, choose Create a new security group, enter a name for the new security group and define the necessary inbound rules required by your application(s). Click Review and Launch to review your new EC2 instance configuration details then click Launch.

11 In the Select an existing key pair or create a new key pair dialog box, select Create a new key pair, provide a name for the new key, then click Launch Instances.

12 Click View Instances to return to the Instances page. The new instance will have the same configuration attributes as the existing AWS EC2 Reserved Instance.

13 Repeat steps no. 4 – 12 to provision corresponding EC2 instances for other Amazon EC2 Reserved Instances purchased in the current AWS region and account or within any other member accounts available in your AWS Organization (if you are using one).

14 Change the AWS region from the navigation bar and repeat the entire remediation process for other regions.

01 First, create the corresponding EC2 instance dependencies – the 2048-bit RSA key pair and the required security group:

1. Run create-key-pair command (OSX/Linux/UNIX) to set up a new RSA key pair in the selected AWS region:
   aws ec2 create-key-pair
   	--region us-east-1
   	--key-name SSHKey
   

2. The command output should return the ASCII version of the private key and the key fingerprint. Save the content of your key, listed as the KeyMaterial parameter value, in a PEM file, in a safe location on your machine:
   {
       "KeyMaterial": "-BEGIN RSA PRIVATE KEY- ... -END RSA PRIVATE KEY-",
       "KeyName": "SSHKey",
       "KeyFingerprint": "de:45:92:4a:5a:06:21 ... cc:22:0f:0e:c9:g4:8d"
   }
   

3. Run create-security-group command (OSX/Linux/UNIX) to set up the new security group. The following command example creates a security group called EC2InstanceSG inside the VPC identified with the ID vpc-d14e9385, within the us-east-1 region:
   aws ec2 create-security-group
   	--region us-east-1
   	--group-name EC2InstanceSG
   	--description "My EC2 Security Group"
   	--vpc-id vpc-d14e9385
   

4. The command output should return the new security group ID:
   {
       "GroupId": "sg-4315d739"
   }
   

5. Run authorize-security-group-ingress command (OSX/Linux/UNIX) to add one or more inbound rules to the security group created at the previous step (no command output is returned):
   aws ec2 authorize-security-group-ingress
   	--region us-east-1
   	--group-id sg-4315d739
   	--protocol tcp
   	--port 80
   	--cidr 0.0.0.0/0
   

02 Now execute run-instances command (OSX/Linux/UNIX) to launch a corresponding EC2 instance that matches the existing RI purchase criteria. The following command example creates an c4.large EC2 instance using an AMI with the ID ami-c31eg8ad (based on Linux OS platform) inside a subnet with the ID subnet-20e7cb6e provisioned in the us-east-1b Availability Zone, within US East (N. Virginia) region:

aws ec2 run-instances
	--region us-east-1
	--instance-type c4.large
	--image-id ami-c31eg8ad
	--subnet-id subnet-20e7cb6e
	--count 1
	--key-name SSHKey
	--security-groups EC2InstanceSG

03 The command output should return the new EC2 instance configuration metadata:

{
    "OwnerId": "123456789012",
    "ReservationId": "r-0c24eacd1e79647c5",
    "Groups": [],
    "Instances": [
        {
            "EbsOptimized": false,
            "LaunchTime": "2017-03-03T18:40:53.000Z",
            "PrivateIpAddress": "172.18.37.51",
            "InstanceId": "i-023adbdd06d11c1dc",
            "ImageId": "ami-c31eg8ad",
            "KeyName": "SSHKey",
            "SecurityGroups": [
                {
                    "GroupName": "EC2InstanceSG",
                    "GroupId": "sg-4315d739"
                }
            ],

            ...

            "ClientToken": "",
            "SubnetId": "subnet-20e7cb6e",
            "InstanceType": "c4.large",
            "Hypervisor": "xen",
            "BlockDeviceMappings": [],
            "Architecture": "x86_64",
            "StateReason": {
                "Message": "pending",
                "Code": "pending"
            },
            "RootDeviceName": "/dev/xvda",
            "VirtualizationType": "hvm",
            "AmiLaunchIndex": 0
        }
    ]
}

04 Repeat steps no. 1 – 3 to provision corresponding EC2 instances for other Amazon EC2 Reserved Instances purchased in the current AWS region and account or within any other member accounts available in your AWS Organization (if applicable).

05 Change the AWS region by updating the --region command parameter value and perform the entire process for other regions.