Find any unused Amazon Machine Images available in your AWS account and remove them in order to lower the cost of your monthly AWS bill. The AMI removal/cleanup process consists of two steps: 1) deregister the unused image and 2) delete the snapshot associated with it.
This rule can help you with the following compliance standards:
- APRA
- MAS
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
optimisation
The AMIs created in your AWS cloud account are adding charges to your AWS bill, regardless whether these are being used or not. Many AWS customers will deregister their images but forget to delete the AMIs snapshots, therefore these will continue to incur storage costs. Trend Micro Cloud One™ – Conformity recommends implementing the two-step cleanup process shown in the Remediation section in order to avoid any unexpected charges on your AWS bill.
Audit
To identify unused Amazon Machine Images (AMIs) within your AWS account, perform the following operations:
Remediation / Resolution
To remove the unused Amazon Machine Images (AMIs) from your AWS account, you have to deregister the required images and delete the associated snapshots. To run the removal process, perform the following operations:
References
- AWS Documentation
- Amazon Machine Images (AMI)
- Deregistering Your AMI
- Amazon EBS Snapshots
- Deleting an Amazon EBS Snapshot
- AWS Command Line Interface (CLI) Documentation
- ec2
- describe-images
- describe-instances
- deregister-image
- delete-snapshot
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Unused AMI
Risk Level: Low