Identify unused (unattached) Amazon Elastic Block Store (EBS) volumes available within your AWS cloud account and delete these volumes in order to lower the cost of your AWS bill and reduce the risk of confidential and sensitive data leaks.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
optimisation
Any Amazon EBS volume provisioned in your AWS cloud account adds charges to your monthly bill, regardless of whether it is in use. If you have Amazon EBS volumes that are not attached to EC2 instances and their data is no longer needed, consider deleting these volumes. Removing unattached/orphaned Amazon EBS volumes from your AWS account will help you to avoid unexpected charges on your AWS bill and halt access to any sensitive data available on these volumes.
Note: Backup your data. Once an EBS volume is deleted, the data will be lost and the volume can't be attached to an instance. Because EBS snapshots are much more cost-effective than EBS volumes, it is highly recommended to take snapshots of your unused volumes before deletion.
Audit
To determine if there are any unattached (unused) Amazon EBS volumes available in your AWS account, perform the following actions:
Remediation / Resolution
To remove unused (unattached) Amazon Elastic Block Store (EBS) volumes from your AWS cloud account, you need to perform the following actions:
Note: For IaC resolution steps, removing unattached instances is not supported by CloudFormation.References
- AWS Documentation
- Amazon Elastic Block Store (Amazon EBS)
- Amazon EBS Volumes
- Amazon EBS snapshots
- Create Amazon EBS snapshots
- AWS Command Line Interface (CLI) Documentation
- ec2
- describe-volumes
- create-snapshot
- delete-volume
- CloudFormation Documentation
- Amazon Elastic Compute Cloud resource type reference
- Terraform Documentation
- AWS Provider