🛡️ AWS RDS Instance is idle🟢

• Contextual name: 🛡️ Instance is idle🟢
• ID: /ce/ca/aws/rds/instance-idle
• Tags:
  • 🟢 Policy with categories
  • 🟢 Policy with type
  • 🟢 Production policy
• Policy Type: COMPLIANCE_POLICY
• Policy Categories: COST, PERFORMANCE

Stats

not available

Logic

• 🧠 prod.logic.yaml🟢
  • 📗 AWS RDS Instance
  • 🔌 AWS RDS Instance - object.extracts.yaml
  • 🧪 test-data.json

Description

Open File

Description

This policy identifies AWS RDS Instances that appear to be idle based on their performance metrics over the last 30 days. An instance is flagged as idle when it is available, has existed for at least 30 days, and meets all of the following criteria:

1. Average CPU utilization is below 5%.
2. Average database connections are zero.
3. Maximum database connections are zero.
4. Average disk read and write IOPS are below 1.

Rationale

Idle RDS instances consume resources and incur costs without delivering business value. Identifying and addressing these resources helps reduce unnecessary AWS spend and improves operational efficiency.

Impact

Review ownership, workload schedules, and dependencies before stopping, resizing, or deleting an instance. Some databases support infrequent batch jobs, reporting workloads, or standby processes that may not be visible in average CPU and connection metrics.

Audit

This policy evaluates an AWS RDS Instance based on its 30-day performance metrics.

The Instance is marked as INCOMPLIANT if all the following criteria are met:

... see more

Remediation

Open File

Remediation

Address Idle RDS Instances

Key Considerations

• Confirm with application and database owners that the instance is no longer required before stopping, resizing, or deleting it.
• Review dependencies, connection strings, scheduled jobs, backups, and retention requirements.
• Stopping an instance retains the underlying data and allows it to be restarted later.
• Deleting an instance permanently removes it. Create a final snapshot unless an approved retention process already exists.
• If the instance still supports a low-volume workload, consider rightsizing instead of deleting it.

Stop or Delete the Instance

From AWS CLI

Stop the instance:

aws rds stop-db-instance \
    --db-instance-identifier {{db-instance-id}}

Create a manual snapshot before deletion:

aws rds create-db-snapshot \
    --db-snapshot-identifier {{final-snapshot-name}} \
    --db-instance-identifier {{db-instance-id}}

Delete the idle instance after the manual snapshot is available:

aws rds delete-db-instance \
    --db-instance-identifier {{db-instance-id}} \

... [see more](remediation.md)

policy.yaml

Open File

Linked Framework Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 Cloudaware Framework → 💼 Waste Reduction			25		no data
💼 Cloudaware Framework → 💼 Workload Efficiency			24		no data