Use the Conformity Knowledge Base AI to help improve your Cloud Posture

RDS Reserved DB Instance Lease Expiration In The Next 30 Days

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk Level: Medium (should be achieved)
Rule ID: RDS-015

Ensure that your AWS RDS Reserved Instances (RIs) are renewed before expiration in order to get the appropriate discount (based on the commitment term) on the hourly charge for these instances. The renewal process consists of purchasing another RDS Reserved Instance so that Amazon can keep charging you based on the chosen reservation term.

This rule can help you work with the AWS Well-Architected Framework.

This rule resolution is part of the Conformity Security & Compliance tool for AWS.

Cost
optimisation

With Reserved Instances (RIs) you can optimize your Amazon RDS costs based on your expected usage. Since RDS RIs are not renewed automatically, purchasing another reserved database instances on time will guarantee that these instances will be also billed at a discounted hourly rate.

Note: You can change the default threshold (seven) for the number of days before expiration on the Cloud Conformity console and set your own value (days) based on your requirements.


Audit

To determine the expiration date of your AWS RDS Reserved Instances, perform the following:

Using AWS Console

01 Login to the AWS Management Console.

02 Navigate to RDS dashboard at https://console.aws.amazon.com/rds/.

03 In the left navigation panel, under RDS Dashboard, click Reserved Purchases.

04 Open the dashboard Show/Hide Columns dialog box by clicking the configuration icon from the right menu:

Open the dashboard Show/Hide Columns dialog box by clicking the configuration icon from the right menu

05 Inside the Show/Hide Columns dialog box, select Remaining Days checkbox then click Save to apply the changes.

06 Select the Reserved Instance (RI) that you want to examine and verify the value listed for the instance in the Remaining Days column. If the number of days displayed in this column is less than 30, the selected RDS RI is about to expire, therefore it must be renewed to keep it running at the current discounted hourly rate. To renew (repurchase) the instance, follow the steps outlined in the Remediation/Resolution section of the rule.

07 Repeat step no. 6 to determine the expiration date of other RDS Reserved Instances available in the current region.

08 Change the AWS region from the navigation bar and repeat the process for the other regions.

Using AWS CLI

01 Run describe-reserved-db-instances command (OSX/Linux/UNIX) using custom query filters to list the IDs of the RDS Reserved Instances available in the selected AWS region:

aws rds describe-reserved-db-instances
	--region us-east-1
	--output table
	--query 'ReservedDBInstances[*].ReservedDBInstanceId'

02 The command output should return a table with the requested RI identifiers (IDs):

-------------------------
| ReservedDBInstanceIds |
+-----------------------+
| MySQLDatabaseRI005    |
| AuroraDatabaseRI001   |
+-----------------------+

03 Run again describe-reserved-db-instances command (OSX/Linux/UNIX) using your RDS RI instance identifier returned at the previous step and appropriate filtering to expose the date when the selected instance was purchased and the reservation duration (the commitment term in seconds) in order to determine its expiration date:

aws rds describe-reserved-db-instances
	--region us-east-1
	--reserved-db-instance-id MySQLDatabaseRI005
	--query 'ReservedDBInstances[*].[StartTime,Duration]'

04 The command output should return the timestamp (date) at which the instance reservation started and the commitment term in seconds (31536000 for 1 year, 94608000 for 3 years):

[
    "2015-10-21T10:55:32.000Z",
    31536000
]

Based on the timestamp and duration values returned, determine the number of days remained until the reservation expires. If the number of days remained is less than 30, the selected RDS RI is about to expire, therefore it must be renewed to maintain the current AWS RDS discount rate. To renew (repurchase) the instance, follow the steps outlined in the Remediation/Resolution section of the rule.

05 Repeat step no. 3 and 4 to determine the expiration date of other RDS Reserved Instances available in the current region.

06 Change the AWS region by updating the --region command parameter value and repeat steps no. 1 - 5 to perform the audit process for other regions.

Remediation / Resolution

To renew the RDS Reserved Instances before their reservation expire, you need to repurchase them using the same configuration attributes (region, instance size/class, database type/engine, etc). To renew your existing RDS RIs in order to avoid On-Demand rates charges, perform the following:

Using AWS Console

01 Login to the AWS Management Console.

02 Navigate to RDS dashboard at https://console.aws.amazon.com/rds/.

03 In the left navigation panel, under RDS Dashboard, click Reserved Purchases.

04 Select the RDS Reserved Instance that you want to renew and note its configuration attributes (i.e. class, database type/product description, offering type and Multi-AZ status).

05 Click Purchase Reserved DB Instance button from the dashboard top menu to start the renewal process.

06 On the Purchase Reserved DB Instances page, perform the following actions:

  1. From Product Description dropdown list, select the database engine used by the RDS Reserved Instance that you want to renew.
  2. From Instance Class dropdown list, choose the database instance size/class (e.g. db.m3.medium).
  3. For Multi AZ Deployment, choose whether or not you want a Multi-AZ deployment for your instance (must match the specifications of the RI that you want to renew).
  4. From Term dropdown list, select the length of time for the new reservation (e.g. 3 years).
  5. From Offering Type dropdown list, choose the preferred offering type.
  6. In the Reserved DB Id box, type the reserved database instance identifier that you want to renew (repurchase).
  7. In the Number of DB Instances box type 1.
  8. Click Continue to continue the process.

07 On the RDS RI summary page, verify the instance configuration information then click Purchase to repurchase your reserved database instance.

08 Repeat steps no. 4 - 7 to repurchase other RDS Reserved Instances that are about to expire, available in the current region.

09 Change the AWS region from the navigation bar and repeat the process for other regions.

Using AWS CLI

01 Before you repurchase the RDS Reserved Instance run describe-reserved-db-instances-offerings command (OSX/Linux/UNIX) to get the pricing details and information about available reserved database instance offerings. Use the command parameters provided in the following example to match the specifications of the RI that you want to renew (repurchase):

aws rds describe-reserved-db-instances-offerings
	--region us-east-1
	--product-description mysql
	--db-instance-class db.m3.medium
	--duration 1
	--offering-type "No Upfront"
	--no-multi-az

02 The command output should return the requested offering(s) information (pricing and configuration details):

{
    "ReservedDBInstancesOfferings": [
        {
            "MultiAZ": false,
            "OfferingType": "No Upfront",
            "FixedPrice": 0.0,
            "UsagePrice": 0.0,
            "ReservedDBInstancesOfferingId":
            "c39f6bbc-8129-491f-afbb-29ab75b7bac7",
            "RecurringCharges": [
                {
                    "RecurringChargeAmount": 0.065,
                    "RecurringChargeFrequency": "Hourly"
                }
            ],
            "ProductDescription": "mysql",
            "Duration": 31536000,
            "DBInstanceClass": "db.m3.medium",
            "CurrencyCode": "USD"
        }
    ]
}

03 Run purchase-reserved-db-instances-offering command (OSX/Linux/UNIX) to purchase an RDS Reserved Instance based on the offering information returned at the previous step. The following command example repurchase a reserved database instance with the identifier MySQLDatabaseRI005, using an instance offering identified by the ID c39f6bbc-8129-491f-afbb-29ab75b7bac7:

aws rds purchase-reserved-db-instances-offering
	--region us-east-1
	--reserved-db-instances-offering-id c39f6bbc-8129-491f-afbb-29ab75b7bac7
	--reserved-db-instance-id MySQLDatabaseRI005
	--db-instance-count 1

04 The command output should return the new RDS Reserved Instance metadata:

{
    "ReservedDBInstance": [
        {
            "ReservedDBInstanceId": MySQLDatabaseRI005,
            "ReservedDBInstancesOfferingId":
            "c39f6bbc-8129-491f-afbb-29ab75b7bac7",
            "DBInstanceClass": "db.m3.medium",
            "StartTime ": "2016-10-17T14:20:09.000Z",
            "Duration": 31536000,
            "FixedPrice": 0.0,
            "UsagePrice": 0.0,
            "CurrencyCode": "USD",
            "DBInstanceCount": 1,
            "ProductDescription": "mysql",
            "OfferingType": "No Upfront",
            "RecurringCharges": [
                {
                    "RecurringChargeAmount": 0.065,
                    "RecurringChargeFrequency": "Hourly"
                }
            ],
            "MultiAZ": false,
            "State": "payment-pending"
        }
    ]
}

05 Repeat steps no. 1 - 4 to repurchase other RDS Reserved Instances that are about to expire, available in the current region.

06 Change the AWS region by updating the --region command parameter value and repeat steps no. 1 - 5 to perform the entire process for other regions.

References

Publication date Oct 27, 2016

Unlock the Remediation Steps


Free 30-day Trial

Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

Confirmity Cloud Platform

No thanks, back to article

You are auditing:

RDS Reserved DB Instance Lease Expiration In The Next 30 Days

Risk Level: Medium