Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
{
"run_id": "28520394302",
"target": "finops-aws",
"provider": "aws",
"check_id": "aws-finops-zero-vms-policy",
"check_file": "finops-aws/zero-vms-policy.yaml",
"check_name": "Active EC2 instance (zero-VMs policy)",
"query": "SELECT instanceId, instanceType, instanceState, placement\nFROM aws.ec2_native.instances\nWHERE region = 'ap-southeast-2'",
"severity": "HIGH",
"category": null,
"kind": null,
"region": "ap-southeast-2",
"suggested_remediation": {
"type": "manual",
"tool": null,
"preflight_query": null,
"sql_query": null,
"command": null,
"description": "Terminate the instance.\nstackql: DELETE FROM aws.ec2_native.instances WHERE region = '<region>' AND data__Identifier = '<instanceId>';"
},
"fields": {
"instanceId": "i-038ae06cdc98be7d9",
"instanceState": "",
"instanceType": "t3a.xlarge",
"placement": "\n ap-southeast-2a\n apse2-az3\n \n default\n ",
"region": "ap-southeast-2"
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
(a) This flags the active EC2 instance `i-038ae06cdc98be7d9` (instance type `t3a.xlarge`) in region `ap-southeast-2` for termination under the zero-VMs policy.

(b) Confidence: medium — the zero-VMs policy is a blanket rule (any running instance is a violation), so detection is reliable, but the remediation is marked `manual` with no preflight or SQL supplied, meaning termination must be performed and double-checked by a human rather than executed automatically.

(c) Captain's call: a `t3a.xlarge` is a comparatively large instance that may back a real workload, the reported `instanceState` is empty, so we cannot confirm from the data whether it is running, stopped, or transitioning; placement is `ap-southeast-2a apse2-az3 default`, and the instance carries no Name tag, so a deterministic check cannot tell whether this is shared/production infrastructure. Terminating an EC2 instance is destructive and irreversible for local (instance-store) data — a human must verify ownership and take backups before acting.

(d) No estimated monthly saving (`estimated_monthly_usd`) is present in the finding fields.