⭐ Repository → 📁 Compliance Engine → 📁 CloudAware → 📁 AWS → 📁 EC2

🛡️ AWS EBS Volume is idle🟢

• Contextual name: 🛡️ EBS Volume is idle🟢
• ID: /ce/ca/aws/ec2/ebs-volume-idle
• Tags:
  • 🟢 Policy with categories
  • 🟢 Policy with type
  • 🟢 Production policy
• Policy Type: COMPLIANCE_POLICY
• Policy Categories: COST

Logic

• 🧠 prod.logic.yaml🟢
  • 📗 AWS EBS Volume
  • 🔌 AWS EBS Volume - object.extracts.yaml
  • 🧪 test-data.json

Description

Open File

Description

This policy flags AWS EBS Volumes that are considered idle. A volume is flagged as Idle if it meets one of the following conditions:

1. It has been in an available state (unattached) for the past 30 days.
2. It is in an in-use state (attached to an instance) but has recorded zero or null read and write operations (VolumeReadOps and VolumeWriteOps) over the last 30 days.

Rationale

EBS volumes incur storage costs regardless of whether they are not attached to an instance or actively utilized.

• Unattached Volumes: Volumes left in an available state often represent forgotten resources from decommissioned instances.
• Attached but Inactive Volumes: Volumes that remain attached but show no I/O activity may indicate they are no longer required, are remnants of incomplete configurations, or serve as secondary/failover disks that require explicit documentation and justification.

Identifying and addressing idle volumes helps reduce unnecessary monthly costs and improves cloud resource efficiency.

... see more

Remediation

Open File

Remediation

The remediation process depends on whether the idle EBS volume is unattached or attached but inactive. In all cases, the goal is to confirm the volume is no longer needed, archive data if required, and then securely remove the volume to avoid unnecessary costs.

Unattached and Idle Volume

From Command Line

Create a Final Snapshot (Recommended)

Snapshots provide a cost-effective way to retain the volume data before deletion.

aws ec2 create-snapshot \
  --volume-id {{volume-id}} \
  --description "{{Archival of idle EBS volume}}" \

Delete the Volume

Once the snapshot status is completed, the volume can be safely deleted:

aws ec2 delete-volume --volume-id {{volume-id}}

Attached but Idle Volume

If the volume is in the "in-use" state but shows no I/O activity, further investigation is required before taking action.

Consult with the application or resource owner to confirm whether the volume is still required.

From Command Line

Detach the Volume

... see more

policy.yaml

Open File

Linked Framework Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 Cloudaware Framework → 💼 Waste Reduction			25		no data