Ensure EBS volumes are attached to an instance

Error: An unused EBS volume is not attached to an instance

Bridgecrew Policy ID: BC_AWS_GENERAL_2
Severity: LOW

An unused EBS volume is not attached to an instance

Description

An Amazon EBS volume is a block-level storage device that can be attached to one or more of your instances in the same Availability Zone. An EBS volume may contain sensitive data which is not in use.

Unused EBS volumes incur extra charges. Deleting unused EBS volumes helps to control where sensitive data is stored, and reduce your AWS costs.

Fix - Runtime

AWS Console

To change the policy using the AWS Console, follow these steps:

  1. Log in to the AWS Management Console at https://console.aws.amazon.com/.
  2. Open the Amazon EC2 console.
  3. In the navigation pane, select Elastic Block Store > Volumes.
  4. Select an available Volume, then select Actions > Attach Volume.
  5. Enter the name or ID of the Instance; the matching list of instances displays. Only instances in the same Availability Zone as the volume display. Select an Instance from the list.
  6. For Device, either keep the suggested Device Name, or enter a different supported Device Name. For more information, see Device naming on Linux Instances.
  7. Select Attach.

CLI Command

To attach a volume to an instance, see the following example:

aws ec2 attach-volume
--volume-id vol-1234567890abcdef0
--instance-id i-01474ef662b89480
--device /dev/sdf

To delete the unused EBS volume, use the following command:

aws
--profile <YOUR_PROFILE> 
--region <YOUR_REGION> ec2 delete-volume 
--volume-id <VOLUME_ID>

Fix - Buildtime

Terraform

The code below demonstrates how to attach a volume to an instance.

  • Resource: aws_volume_attachment
  • Arguments:
    instance_id - (Required) ID of the Instance to attach to
    volume_id - (Required) ID of the Volume to be attached
resource "aws_volume_attachment" "ebs_att" {
  ...
+ volume_id   = aws_ebs_volume.example.id
+ instance_id = aws_instance.web.id
}

resource "aws_ebs_volume" "example" {
  ...
}

resource "aws_instance" "web" {
  ...
}