diff --git a/remediations/proposed/28520394302-1/10-aws-finops-unattached-volume-vol-022ccd1d2be1787d6/finding.json b/remediations/proposed/28520394302-1/10-aws-finops-unattached-volume-vol-022ccd1d2be1787d6/finding.json new file mode 100644 index 0000000..25ca5a5 --- /dev/null +++ b/remediations/proposed/28520394302-1/10-aws-finops-unattached-volume-vol-022ccd1d2be1787d6/finding.json @@ -0,0 +1,32 @@ +{ + "run_id": "28520394302", + "target": "finops-aws", + "provider": "aws", + "check_id": "aws-finops-unattached-volume", + "check_file": "finops-aws/unattached-volumes.yaml", + "check_name": "Unattached EBS volumes", + "query": "SELECT volumeId, size, status, AvailabilityZone, volumeType, createTime\nFROM aws.ec2_native.volumes\nWHERE region = 'ap-southeast-2'", + "severity": "LOW", + "category": "waste", + "kind": null, + "region": "ap-southeast-2", + "suggested_remediation": { + "type": "delete", + "tool": "stackql", + "preflight_query": "SELECT volumeId FROM aws.ec2_native.volumes WHERE region = 'ap-southeast-2' AND volumeId = 'vol-022ccd1d2be1787d6' AND status = 'available'\n", + "sql_query": "DELETE FROM aws.ec2.volumes WHERE region = 'ap-southeast-2' AND VolumeId = 'vol-022ccd1d2be1787d6'\n", + "command": null, + "description": "Delete the unattached EBS volume (snapshot first if its data may be needed)." + }, + "fields": { + "AvailabilityZone": "null", + "createTime": "2026-01-09T02:35:55.230Z", + "size": "1", + "status": "available", + "volumeId": "vol-022ccd1d2be1787d6", + "volumeType": "gp2", + "region": "ap-southeast-2", + "category": "waste", + "estimated_monthly_usd": 0.1 + } +} diff --git a/remediations/proposed/28520394302-1/10-aws-finops-unattached-volume-vol-022ccd1d2be1787d6/preflight.sql b/remediations/proposed/28520394302-1/10-aws-finops-unattached-volume-vol-022ccd1d2be1787d6/preflight.sql new file mode 100644 index 0000000..3c8e59b --- /dev/null +++ b/remediations/proposed/28520394302-1/10-aws-finops-unattached-volume-vol-022ccd1d2be1787d6/preflight.sql @@ -0,0 +1 @@ +SELECT volumeId FROM aws.ec2_native.volumes WHERE region = 'ap-southeast-2' AND volumeId = 'vol-022ccd1d2be1787d6' AND status = 'available' diff --git a/remediations/proposed/28520394302-1/10-aws-finops-unattached-volume-vol-022ccd1d2be1787d6/rationale.md b/remediations/proposed/28520394302-1/10-aws-finops-unattached-volume-vol-022ccd1d2be1787d6/rationale.md new file mode 100644 index 0000000..610895f --- /dev/null +++ b/remediations/proposed/28520394302-1/10-aws-finops-unattached-volume-vol-022ccd1d2be1787d6/rationale.md @@ -0,0 +1,7 @@ +(a) This removes the unattached EBS volume `vol-022ccd1d2be1787d6` (a 1 GiB gp2 volume) in region `ap-southeast-2` via a `DELETE` against the AWS EC2 provider. + +(b) Confidence: high — the volume reports `status = available` (i.e. detached from any instance), and the preflight query re-asserts `status = 'available'` immediately before the delete, so an in-flight re-attach would abort the operation. + +(c) Captain's call: the volume is tiny (1 GiB) and was created 2026-01-09T02:35:55.230Z, so it is neither large nor especially old; its `AvailabilityZone` reads as `null` and it carries no Name tag, so a deterministic check cannot rule out that it is a detached-but-intended volume (e.g. a spare kept for a workload) — a human should confirm no snapshot/data is needed before deleting. Also note the finding was surfaced from `aws.ec2_native.volumes` while the remediation targets `aws.ec2.volumes`; the reviewer should confirm these resolve to the same volume. + +(d) Estimated monthly saving: $0.1 USD. diff --git a/remediations/proposed/28520394302-1/10-aws-finops-unattached-volume-vol-022ccd1d2be1787d6/remediation.sql b/remediations/proposed/28520394302-1/10-aws-finops-unattached-volume-vol-022ccd1d2be1787d6/remediation.sql new file mode 100644 index 0000000..3f52ba5 --- /dev/null +++ b/remediations/proposed/28520394302-1/10-aws-finops-unattached-volume-vol-022ccd1d2be1787d6/remediation.sql @@ -0,0 +1 @@ +DELETE FROM aws.ec2.volumes WHERE region = 'ap-southeast-2' AND VolumeId = 'vol-022ccd1d2be1787d6'