🛡️ AWS RDS Instance is idle🟢

• Contextual name: 🛡️ Instance is idle🟢
• ID: /ce/ca/aws/rds/instance-idle
• Tags:
  • 🟢 Policy with categories
  • 🟢 Policy with type
  • 🟢 Production policy
• Policy Type: COMPLIANCE_POLICY
• Policy Categories: PERFORMANCE, COST

Logic

• 🧠 prod.logic.yaml🟢
  • 📗 AWS RDS Instance
  • 🔌 AWS RDS Instance - object.extracts.yaml
  • 🧪 test-data.json

Description

Open File

Description

This policy identifies AWS RDS Instances that appear to be idle based on their performance metrics over the past 30 days. An instance is considered idle if it meets all of the following criteria:

1. Average CPU utilization has been less than 5%.
2. Average Database Connections are zero.

Rationale

Idle RDS instances generate costs without delivering business value. Identifying and decommissioning these resources can significantly reduce monthly AWS spend. Regular cleanup of unused resources also improves operational efficiency and reduces cloud management overhead.

Audit

This policy evaluates an RDS Instance based on its 30-day performance metrics.

The Instance is marked as INCOMPLIANT if all the following criteria are met:

• CloudWatch: CPU, 30-Day metric is less than 5%.
• CloudWatch: Database Connections, 30-Day metric is zero.

The Instance is marked as INAPPLICABLE if it is not in an available Status or has been running for less than 30 days.

The Instance is marked as UNDETERMINED if any of the evaluated metrics are empty, indicating insufficient data in the CMDB to assess whether the instance is idle.

Remediation

Open File

Remediation

Decommission Idle RDS Instances

Key Considerations

• If deletion is not an option (e.g., business constraints), consider downsizing the instance.
• Confirm with application and database owners that the instance is no longer required before stopping or deleting it.
• Stopping an instance retains the underlying data and allows it to be restarted later.
• Deleting an instance permanently removes it. Always take a final snapshot (if needed) before deletion.

Stop or Delete the Instance

From Command Line

Stop the instance:

aws rds stop-db-instance \
    --db-instance-identifier {{db-instance-id}}

Take a final snapshot before deletion:

aws rds create-db-snapshot \
    --db-snapshot-identifier {{final-snapshot-name}} \
    --db-instance-identifier {{db-instance-id}}

Delete the idle instance:

aws rds delete-db-instance \
    --db-instance-identifier {{db-instance-id}} \
    --skip-final-snapshot

Downsize the DB instance

From Command Line

To apply during the next maintenance window (recommended for production):

... see more

policy.yaml

Open File

Linked Framework Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 Cloudaware Framework → 💼 Waste Reduction			28		no data
💼 Cloudaware Framework → 💼 Workload Efficiency			24		no data