Logo of Trend Micro
Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Reserved Instance Purchase State

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk Level: High (not acceptable risk)
Rule ID: ES-018

Identify any failed Amazon OpenSearch Reserved Instance (RI) available within your AWS account and follow the Trend Micro Cloud One™ – Conformity guidelines for remediation in order to receive a significant discount (depending on the commitment term) for OpenSearch hourly charges. A failed Amazon OpenSearch RI is an unsuccessful reservation that received the "payment-failed" status during the purchase process.

This rule can help you work with the AWS Well-Architected Framework.

This rule resolution is part of the Conformity Security & Compliance tool for AWS.

Cost
optimisation

Reserved Instances (RIs) represent a good strategy to cut down on Amazon OpenSearch costs but to fully receive the discount benefit you need to make sure that all your OpenSearch reservation purchases have been successfully completed.

Audit

To identify any failed Amazon OpenSearch Reserved Instance purchases available within your AWS cloud account, perform the following operations:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to Amazon OpenSearch console at https://console.aws.amazon.com/esv3/.

03 In the main navigation panel, under Domains, select Reserved Instance leases.

04 Choose the Reserved Instance (RI) that you want to examine and check the value (status) listed in the Statuscolumn. If the reservation status is set to payment-failed, the payment processing for the selected Amazon OpenSearch Reserved Instance has failed, therefore you must take action and retry your failed reservation payment by contacting AWS Support Center.

05 Repeat step no. 4 to check the purchase status for other Amazon OpenSearch RIs available within the current AWS region.

06 Change the AWS cloud region from the console navigation bar and repeat the Audit process for other regions.

Using AWS CLI

01 Run describe-reserved-elasticsearch-instances command (OSX/Linux/UNIX) with custom query filters to list the identifier (ID) of each Amazon OpenSearch Reserved Instance available in the selected AWS region: 

aws es describe-reserved-elasticsearch-instances
  --region us-east-1
  --output table
  --query 'ReservedOpenSearchInstances[*].ReservedOpenSearchInstanceId'

02 The command output should return a table with the requested Reserved Instance IDs: 

----------------------------------------
|    ReservedOpenSearchInstanceIds     |
+--------------------------------------+
| aabbccdd-aabb-ccdd-1234-aabbccdd1234 |
| aaaabbbb-1234-aaaa-bbbb-1234aaaabbbb |
| abcdabcd-abcd-abcd-abcd-abcdabcdabcd |
+--------------------------------------+

03 Run describe-reserved-elasticsearch-instances command (OSX/Linux/UNIX) using the ID of the OpenSearch Reserved Instance (RI) that you want to examine as the identifier parameter and custom query filters to describe the purchase status for the selected RI: 

aws es describe-reserved-elasticsearch-instances
  --region us-east-1
  --reserved-elasticsearch-instance-id aabbccdd-aabb-ccdd-1234-aabbccdd1234
  --query 'ReservedOpenSearchInstances[*].State'

04 The command output should return the purchase status for the selected reservation: 

[
	"payment-failed"
]

If the describe-reserved-elasticsearch-instances command output returns "payment-failed", as shown in the example above, the payment processing for the selected Amazon OpenSearch Reserved Instance has failed, therefore you must take action and retry your failed reservation payment by contacting AWS Support Center.

05 Repeat steps no. 3 and 4 to verify the purchase status for other Amazon OpenSearch RIs available in the selected AWS region.

06 Change the AWS cloud region by updating the --region command parameter value and repeat steps no. 1 – 5 to perform the Audit process for other AWS regions.

Remediation / Resolution

To mitigate unsuccessful Amazon OpenSearch reservations you have to retry your failed Reserved Instance payments by contacting Amazon Web Services. To create a support case for failed reservation payments, perform the following operations:

Note 1: Failed Amazon OpenSearch Reserved Instance (RI) purchases from previous billing periods can't be retried.
Note 2: Creating a support case to request to retry your failed OpenSearch Reserved Instance payments using the AWS Command Line Interface (AWS CLI) is not currently supported.

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to AWS Support Center console at https://console.aws.amazon.com/support/.

03 In the Open support cases section, choose Create case to initiate the request process.

04 On the Create case page, perform the following actions:

  1. Select Account and billing support option.
  2. Select Billing from the Type dropdown list.
  3. Select Reserved Instances from the Category dropdown list.
  4. Provide the request subject in the Subject box, e.g. "Retry failed Amazon OpenSearch Reserved Instance payments".
  5. For Description, provide a concise description of the issues and include the reservation ID(s) for the Reserved Instance(s) that you want to discuss. This will help the AWS support team to evaluate your request.
  6. For Contact options, choose your preferred correspondence language from the Preferred contact language dropdown list, then select a preferred contact method that AWS support team can use to respond to your request from the Contact methods section.
  7. Choose Submit to send your request to Amazon Web Services. A customer support representative should contact you shortly.

References

Publication date Oct 29, 2018

Related Elasticsearch rules

Unlock the Remediation Steps

Free 30-day Trial

Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

Confirmity Cloud Platform

No thanks, back to article

You are auditing:

Reserved Instance Purchase State

Risk Level: High