Identify any Amazon EC2 instances that appear to be underutilized and downsize (resize) them to help lower the cost of your AWS bill. By default, an Amazon EC2 instance is considered "underutilized" when matches the following criteria (to declare the instance "underutilized" both conditions must be met):
- The average CPU utilization has been less than 60% for the last 7 days.
- The average memory utilization has been less than 60% for the last 7 days. By default, Amazon CloudWatch can't record an EC2 instance memory utilization because the necessary metric cannot be implemented at the hypervisor level, therefore to be able to report the memory utilization using CloudWatch you need to install an agent on the instance that you want to monitor and create a custom metric (we'll name it EC2MemoryUtilization) on the Amazon CloudWatch console. The instructions required for installing the monitoring agent, based on the Operating System (OS) used by the instance, are available at this URL.
This rule can help you with the following compliance standards:
- APRA
- MAS
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
optimisation
Downsizing underutilized Amazon EC2 instances to meet the capacity needs at the lowest cost represents an efficient strategy to reduce your AWS cloud costs. For example, resizing a c4.xlarge-type instance provisioned in the US-East (N. Virginia) region to a c4.large-type instance due to CPU and memory underuse, you can roughly save $72 per month.
Audit
To identify any underused Amazon EC2 instances available within your AWS cloud account, perform the following actions:
Remediation / Resolution
Option 1: Downsize (resize) your underused Amazon EC2 instances. To resize any underutilized Amazon EC2 instances running within your AWS cloud account, perform the following actions:
(!) IMPORTANT Note: The following procedure assumes that the Amazon EC2 instances selected for reconfiguration (downsize) are NOT currently used in production or for critical operations.Option 2: Disable the conformity rule check. If the configuration of your underused Amazon EC2 instance must remain unchanged (some workload scenarios can result in low resource utilization by design), you should turn off the conformity rule check for the specified Amazon EC2 instance from the Trend Micro Cloud One™ – Conformity console.
References
- AWS Documentation
- AWS Trusted Advisor check reference
- Cost Optimization: EC2 Right Sizing
- Monitor memory and disk metrics for Amazon EC2 Linux instances
- AWS services that publish CloudWatch metrics
- Stop and start your instance
- Amazon EC2 Instance Types
- AWS Pricing Calculator
- AWS Command Line Interface (CLI) Documentation
- describe-instances
- stop-instances
- modify-instance-attribute
- start-instances
- cloudwatch
- get-metric-statistics
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Underutilized EC2 Instance
Risk Level: High