🛡️ AWS EC2 Image is unused🟢
- Contextual name: 🛡️ Image is unused🟢
- ID:
/ce/ca/aws/ec2/image-unused - Tags:
- Policy Type:
COMPLIANCE_POLICY - Policy Categories:
COST
Logic
Similar Policies
- Cloud Conformity: Unused AMI
Description
Description
This policy identifies Amazon Machine Images (AMIs) that appear to be unused. An AMI is considered unused when all of the following conditions are met:
- The AMI is in the Available state.
- The AMI was created more than 90 days ago.
- The AMI was last used more than 90 days ago.
- The AMI is not associated with any AWS EC2 Instances in the CMDB.
Removing unused AMIs helps reduce unnecessary storage costs. The AMI cleanup process consists of two steps: deregistering the unused AMI and deleting the associated snapshots.
Rationale
AMIs stored in your AWS account incur ongoing storage charges, regardless of whether they are actively used. Over time, AMIs created from previous deployments, testing, or backup processes can accumulate. If an AMI is no longer required for launching instances, compliance, or recovery purposes, retaining it results in unnecessary cost and operational overhead.
Audit
This policy flags an AWS EC2 Image as
INCOMPLIANTif all of the following conditions are met:... see more
Remediation
Remediation
Remove Unused AMIs
To clean up unused Amazon Machine Images (AMIs), deregister the image and delete any associated snapshots.
From Command Line
Run the following command to deregister an unused AMI and delete its associated snapshots:
aws ec2 deregister-image \
--region {{us-east-1}} \
--image-id {{image-id}} \
--delete-associated-snapshots # If a snapshot is associated with multiple AMIs, it is not deleted, regardless of this setting.Repeat this process for all unused AMIs identified in your AWS account.
policy.yaml
Linked Framework Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 Cloudaware Framework → 💼 Waste Reduction | 28 | no data |