From 6f93e7e258ba6636bc6bc7480db0d470ff98e7bd Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 1 Jul 2026 13:19:54 +0000 Subject: [PATCH] Propose remediation: 12-aws-finops-zero-vms-policy-i-00eb8fccb08864940 (run 28520394302.1) --- .../finding.json | 28 +++++++++++++++++++ .../preflight.sql | 0 .../rationale.md | 7 +++++ .../remediation.sql | 0 4 files changed, 35 insertions(+) create mode 100644 remediations/proposed/28520394302-1/12-aws-finops-zero-vms-policy-i-00eb8fccb08864940/finding.json create mode 100644 remediations/proposed/28520394302-1/12-aws-finops-zero-vms-policy-i-00eb8fccb08864940/preflight.sql create mode 100644 remediations/proposed/28520394302-1/12-aws-finops-zero-vms-policy-i-00eb8fccb08864940/rationale.md create mode 100644 remediations/proposed/28520394302-1/12-aws-finops-zero-vms-policy-i-00eb8fccb08864940/remediation.sql diff --git a/remediations/proposed/28520394302-1/12-aws-finops-zero-vms-policy-i-00eb8fccb08864940/finding.json b/remediations/proposed/28520394302-1/12-aws-finops-zero-vms-policy-i-00eb8fccb08864940/finding.json new file mode 100644 index 0000000..ab42616 --- /dev/null +++ b/remediations/proposed/28520394302-1/12-aws-finops-zero-vms-policy-i-00eb8fccb08864940/finding.json @@ -0,0 +1,28 @@ +{ + "run_id": "28520394302", + "target": "finops-aws", + "provider": "aws", + "check_id": "aws-finops-zero-vms-policy", + "check_file": "finops-aws/zero-vms-policy.yaml", + "check_name": "Active EC2 instance (zero-VMs policy)", + "query": "SELECT instanceId, instanceType, instanceState, placement\nFROM aws.ec2_native.instances\nWHERE region = 'ap-southeast-2'", + "severity": "HIGH", + "category": null, + "kind": null, + "region": "ap-southeast-2", + "suggested_remediation": { + "type": "manual", + "tool": null, + "preflight_query": null, + "sql_query": null, + "command": null, + "description": "Terminate the instance.\nstackql: DELETE FROM aws.ec2_native.instances WHERE region = '' AND data__Identifier = '';" + }, + "fields": { + "instanceId": "i-00eb8fccb08864940", + "instanceState": "", + "instanceType": "t3.micro", + "placement": "\n ap-southeast-2b\n apse2-az1\n \n default\n ", + "region": "ap-southeast-2" + } +} diff --git a/remediations/proposed/28520394302-1/12-aws-finops-zero-vms-policy-i-00eb8fccb08864940/preflight.sql b/remediations/proposed/28520394302-1/12-aws-finops-zero-vms-policy-i-00eb8fccb08864940/preflight.sql new file mode 100644 index 0000000..e69de29 diff --git a/remediations/proposed/28520394302-1/12-aws-finops-zero-vms-policy-i-00eb8fccb08864940/rationale.md b/remediations/proposed/28520394302-1/12-aws-finops-zero-vms-policy-i-00eb8fccb08864940/rationale.md new file mode 100644 index 0000000..b1dacd2 --- /dev/null +++ b/remediations/proposed/28520394302-1/12-aws-finops-zero-vms-policy-i-00eb8fccb08864940/rationale.md @@ -0,0 +1,7 @@ +(a) This flags the active EC2 instance `i-00eb8fccb08864940` (instance type `t3.micro`) in region `ap-southeast-2` for termination under the zero-VMs policy. + +(b) Confidence: medium — the zero-VMs policy is a blanket rule (any running instance is a violation), so detection is reliable, but the remediation is marked `manual` with no preflight or SQL supplied, meaning termination must be performed and double-checked by a human rather than executed automatically. + +(c) Captain's call: the reported `instanceState` is empty, so we cannot confirm from the data whether it is running, stopped, or transitioning; placement is `ap-southeast-2b apse2-az1 default`, and the instance carries no Name tag, so a deterministic check cannot tell whether this is shared/production infrastructure. Terminating an EC2 instance is destructive and irreversible for local (instance-store) data — a human must verify ownership and take backups before acting. + +(d) No estimated monthly saving (`estimated_monthly_usd`) is present in the finding fields. diff --git a/remediations/proposed/28520394302-1/12-aws-finops-zero-vms-policy-i-00eb8fccb08864940/remediation.sql b/remediations/proposed/28520394302-1/12-aws-finops-zero-vms-policy-i-00eb8fccb08864940/remediation.sql new file mode 100644 index 0000000..e69de29