⭐ Repository → 📁 Compliance Engine → 📁 CloudAware → 📁 AWS → 📁 EC2 → 🛡️ EBS Volume is underutilized🟢
🧠 AWS EBS Volume is underutilized - prod.logic.yaml🟢
- Contextual name: 🧠 prod.logic.yaml🟢
- ID:
/ce/ca/aws/ec2/ebs-volume-underutilized/prod.logic.yaml - Tags:
Uses
Test Results 🟢
Generated at: 2025-10-01T12:44:56.225207909Z Open
| Result | Id | Condition Index | Condition Text | Runtime Error |
|---|---|---|---|---|
| 🟢 | 001 | ✔️ 99 | ✔️ isDisappeared(CA10__disappearanceTime__c) | ✔️ null |
| 🟢 | 002 | ✔️ 199 | ✔️ extract('CA10__status__c') != 'in-use' | ✔️ null |
| 🟢 | 003 | ✔️ 299 | ✔️ extract('CA10__createTime__c').withinLastDays(30) | ✔️ null |
| 🟢 | 004 | ✔️ 399 | ✔️ extract('CA10__attachmentAttachTime__c').isNotEmpty() && extract('CA10__attachmentAttachTime__c').withinLastDays(30) | ✔️ null |
| 🟢 | 005 | ✔️ 499 | ✔️ not(setOfText(['gp3', 'io1', 'io2']).contains(extract('CA10__volumeType__c'))) | ✔️ null |
| 🟢 | 006 | ✔️ 599 | ✔️ (extract('CA10__readOpsSum30d__c').isEmpty() && extract('CA10__writeOpsSum30d__c').isEmpty()) || (extract('CA10__readOpsSum30d__c') == number(0.0) && extract('CA10__writeOpsSum30d__c') == number(0.0)) | ✔️ null |
| 🟢 | 007 | ✔️ 699 | ✔️ extract('CA10__volumeType__c') == 'gp3' && extract('CA10__iops__c') > number(3000.0) && extract('CA10__readOpsSum30d__c') < number(1.944E9) && extract('CA10__writeOpsSum30d__c') < number(1.944E9) | ✔️ null |
| 🟢 | 008 | ✔️ 799 | ✔️ extract('CA10__volumeType__c') == 'gp3' | ✔️ null |
| 🟢 | 009 | ✔️ 899 | ✔️ extract('CA10__sumIopsOneMonth__c') < number(6.48E7) | ✔️ null |
| 🟢 | 010 | ✔️ 900 | ✔️ otherwise | ✔️ null |
Generation Bundle
| File | MD5 | |
|---|---|---|
| Open | /ce/ca/aws/ec2/ebs-volume-underutilized/policy.yaml | 890E930ADCAA006EAD37F2FBC8C099AA |
| Open | /ce/ca/aws/ec2/ebs-volume-underutilized/prod.logic.yaml | BC4133702D80ED95D2C00E8655008C45 |
| Open | /ce/ca/aws/ec2/ebs-volume-underutilized/test-data.json | 5A55A05F9E97BA20181A5E4320DFA5EC |
| Open | /types/CA10__CaAwsVolume__c/object.extracts.yaml | D98F19A3E57995D503E82126277DD66A |
Available Commands
repo-manager policies generate FULL /ce/ca/aws/ec2/ebs-volume-underutilized/prod.logic.yaml
repo-manager policies generate DEBUG /ce/ca/aws/ec2/ebs-volume-underutilized/prod.logic.yaml
repo-manager policies generate CAPTURE_TEST_DATA /ce/ca/aws/ec2/ebs-volume-underutilized/prod.logic.yaml
repo-manager policies generate TESTS /ce/ca/aws/ec2/ebs-volume-underutilized/prod.logic.yaml
# Execute tests
repo-manager policies test /ce/ca/aws/ec2/ebs-volume-underutilized/prod.logic.yaml
Content
---
inputType: "CA10__CaAwsVolume__c"
importExtracts:
- file: "/types/CA10__CaAwsVolume__c/object.extracts.yaml"
testData:
- file: 'test-data.json'
conditions:
- status: "INAPPLICABLE"
currentStateMessage: "The EBS volume is not in-use."
check:
NOT_EQUAL:
left:
EXTRACT: "CA10__status__c"
right:
TEXT: "in-use"
- status: "INAPPLICABLE"
currentStateMessage: "The EBS volume has been created less than 30 days ago."
check:
IS_WITHIN_LAST_DAYS:
offsetDays: 30
arg:
EXTRACT: "CA10__createTime__c"
- status: "INAPPLICABLE"
currentStateMessage: "The volume is attached for less than 30 days."
check:
AND:
args:
- NOT_EMPTY:
arg:
EXTRACT: "CA10__attachmentAttachTime__c"
- IS_WITHIN_LAST_DAYS:
offsetDays: 30
arg:
EXTRACT: "CA10__attachmentAttachTime__c"
- status: "INAPPLICABLE"
currentStateMessage: "This policy checks only gp3, io1 and io2 volume types."
check:
NOT:
arg:
CONTAINS:
arg:
SET:
itemType: TEXT
items:
- "gp3"
- "io1"
- "io2"
search:
EXTRACT: "CA10__volumeType__c"
- status: "INAPPLICABLE"
currentStateMessage: "The EBS volume is idle and considered by the 'AWS EBS volume is idle' policy."
check:
OR:
args:
- AND:
args:
- IS_EMPTY:
arg:
EXTRACT: "CA10__readOpsSum30d__c"
- IS_EMPTY:
arg:
EXTRACT: "CA10__writeOpsSum30d__c"
- AND:
args:
- IS_EQUAL:
left:
EXTRACT: "CA10__readOpsSum30d__c"
right:
NUMBER: 0.0
- IS_EQUAL:
left:
EXTRACT: "CA10__writeOpsSum30d__c"
right:
NUMBER: 0.0
# The gp3 volume has provisioned IOPS above the free baseline performance of 3,000 provisioned IOPS
# Max operations per month for 3,000 IOPS is 7,776,000,000 (3,000 * 86,400 * 30); 1,944,000,000 is a 1/4 of that value.
# The volume is a good candidate to be downsized to the 3,000 IOPS baseline
- status: INCOMPLIANT
currentStateMessage: "The EBS Volume's read and write operations for the past\
\ 30 days are less than the set threshold of 1,944,000,000 operations per month."
remediationMessage: "Investigate the possibility to downsize the volume."
check:
AND:
args:
- IS_EQUAL:
left:
EXTRACT: "CA10__volumeType__c"
right:
TEXT: "gp3"
- GREATER_THAN:
left:
EXTRACT: "CA10__iops__c"
right:
NUMBER: 3000.0
- LESS_THAN:
left:
EXTRACT: "CA10__readOpsSum30d__c"
right:
NUMBER: 1944000000.0
- LESS_THAN:
left:
EXTRACT: "CA10__writeOpsSum30d__c"
right:
NUMBER: 1944000000.0
- status: "COMPLIANT"
currentStateMessage: "The gp3 EBS Volume is not underutilized."
check:
IS_EQUAL:
left:
EXTRACT: "CA10__volumeType__c"
right:
TEXT: "gp3"
# The io1 or io2 volume's minimum provisioned IOPS is 100 IOPS
# Max operations per month for 100 IOPS IOPS is 259,200,000 (100 * 86,400 * 30); 64,800,000 is a 1/4 of that value.
# The volume is a good candidate to be downsized.
- status: INCOMPLIANT # io1, io2
currentStateMessage: "The EBS Volume's sum of read and write operations for the past\
\ 30 days are less than the set threshold of 64,800,000 operations per month."
remediationMessage: "Investigate the possibility to downsize the volume."
check:
LESS_THAN:
left:
EXTRACT: "CA10__sumIopsOneMonth__c"
right:
NUMBER: 64800000.0
otherwise:
status: "COMPLIANT"
currentStateMessage: "The EBS volume is not underutilized."