diff --git a/remediations/proposed/28487098887-1/10-aws-finops-unattached-volume-vol-022ccd1d2be1787d6/finding.json b/remediations/proposed/28487098887-1/10-aws-finops-unattached-volume-vol-022ccd1d2be1787d6/finding.json new file mode 100644 index 0000000..7af7b37 --- /dev/null +++ b/remediations/proposed/28487098887-1/10-aws-finops-unattached-volume-vol-022ccd1d2be1787d6/finding.json @@ -0,0 +1,32 @@ +{ + "run_id": "28487098887", + "target": "finops-aws", + "provider": "aws", + "check_id": "aws-finops-unattached-volume", + "check_file": "finops-aws/unattached-volumes.yaml", + "check_name": "Unattached EBS volumes", + "query": "SELECT volumeId, size, status, AvailabilityZone, volumeType, createTime\nFROM aws.ec2_native.volumes\nWHERE region = 'ap-southeast-2'", + "severity": "LOW", + "category": "waste", + "kind": null, + "region": "ap-southeast-2", + "suggested_remediation": { + "type": "delete", + "tool": "stackql", + "preflight_query": "SELECT volumeId FROM aws.ec2_native.volumes WHERE region = 'ap-southeast-2' AND volumeId = 'vol-022ccd1d2be1787d6' AND status = 'available'\n", + "sql_query": "DELETE FROM aws.ec2.volumes WHERE region = 'ap-southeast-2' AND VolumeId = 'vol-022ccd1d2be1787d6'\n", + "command": null, + "description": "Delete the unattached EBS volume (snapshot first if its data may be needed)." + }, + "fields": { + "AvailabilityZone": "null", + "createTime": "2026-01-09T02:35:55.230Z", + "size": "1", + "status": "available", + "volumeId": "vol-022ccd1d2be1787d6", + "volumeType": "gp2", + "region": "ap-southeast-2", + "category": "waste", + "estimated_monthly_usd": 0.1 + } +} diff --git a/remediations/proposed/28487098887-1/10-aws-finops-unattached-volume-vol-022ccd1d2be1787d6/preflight.sql b/remediations/proposed/28487098887-1/10-aws-finops-unattached-volume-vol-022ccd1d2be1787d6/preflight.sql new file mode 100644 index 0000000..3c8e59b --- /dev/null +++ b/remediations/proposed/28487098887-1/10-aws-finops-unattached-volume-vol-022ccd1d2be1787d6/preflight.sql @@ -0,0 +1 @@ +SELECT volumeId FROM aws.ec2_native.volumes WHERE region = 'ap-southeast-2' AND volumeId = 'vol-022ccd1d2be1787d6' AND status = 'available' diff --git a/remediations/proposed/28487098887-1/10-aws-finops-unattached-volume-vol-022ccd1d2be1787d6/rationale.md b/remediations/proposed/28487098887-1/10-aws-finops-unattached-volume-vol-022ccd1d2be1787d6/rationale.md new file mode 100644 index 0000000..a57885a --- /dev/null +++ b/remediations/proposed/28487098887-1/10-aws-finops-unattached-volume-vol-022ccd1d2be1787d6/rationale.md @@ -0,0 +1,7 @@ +**What & where:** This proposal deletes unattached EBS volume `vol-022ccd1d2be1787d6` (1 GiB, `gp2`) in region `ap-southeast-2`. The volume reports `status = available`, meaning it is not attached to any instance, and the DELETE is gated behind a preflight query that re-confirms both the volume id and the `available` status before any action is taken. + +**Confidence: high.** The detection is unambiguous — an EBS volume in the `available` state is chargeable but serving no workload, and the preflight guard makes the deletion idempotent and safe against a race where the volume was re-attached. + +**Captain's call:** The volume was created at `2026-01-09T02:35:55.230Z`, so it is relatively recent; confirm it is not a just-provisioned volume awaiting attachment before deleting. Its `AvailabilityZone` field is empty/null in the finding, which is unusual and worth a sanity check against the console. At only 1 GiB there is no size or age red flag, but per the upstream description you may wish to snapshot first if the data could still be needed. + +**Estimated monthly saving:** ~$0.1 USD. diff --git a/remediations/proposed/28487098887-1/10-aws-finops-unattached-volume-vol-022ccd1d2be1787d6/remediation.sql b/remediations/proposed/28487098887-1/10-aws-finops-unattached-volume-vol-022ccd1d2be1787d6/remediation.sql new file mode 100644 index 0000000..3f52ba5 --- /dev/null +++ b/remediations/proposed/28487098887-1/10-aws-finops-unattached-volume-vol-022ccd1d2be1787d6/remediation.sql @@ -0,0 +1 @@ +DELETE FROM aws.ec2.volumes WHERE region = 'ap-southeast-2' AND VolumeId = 'vol-022ccd1d2be1787d6'