Triage AWS EBS Volume Unattached EBS_VOLUME_UNATTACHED
Quick Links
- Configure AWS EBS Volume Unattached
- Use Case for AWS EBS Volume Unattached
- Triage Guides by Violation Type
Triage Guide: EBS_VOLUME_UNATTACHED
0. Understand
Why should I care about fixing this issue? Unattached EBS volumes result in unused resources that continue to incur storage costs. Identifying and removing these volumes helps optimize costs and maintain a clean cloud environment.
1. Validate
How am I sure that this alert is true and accurate?
The alert is based on the attachment status of the specific EBS volume. The DescribeVolumes method of the EC2 Client is called to check the attachment status.
What is the data source for this policy? AWS SDK for JS/TS v3 is used to query AWS resources.
How do I retrieve it manually? You can manually call the AWS CLI command: sh aws ec2 describe-volumes --volume-ids [volume-id]
Does this policy scan on a schedule or is it Reactive? If so, when? This policy is reactive and evaluates based on the attachment status of the provided EBS volume.
2. Triage
What is the impact if it is unfixed? If unfixed, you will continue to incur storage costs for unused EBS volumes.
Does this problem get worse over time if it is unaddressed? No, but it will continue to incur unnecessary costs.
Can remediation cause outages or downtime to any other running service? No, as long as the volume is verified to be unattached, you can safely delete it without impacting other services.
3. Act
What do I do to fix this alarm? Review the unattached volume and if it is not required, you can delete it via AWS Management Console or CLI: sh aws ec2 delete-volume --volume-id [volume-id]
4. Reflect
What should I do if this alarm wasn't a good use of time? If you find volumes that are purposely unattached (e.g., for use in migration or backups), you can document these cases and adjust your monitoring or tagging strategy to filter these volumes out from future checks.