diff --git a/remediations/proposed/28558710550-1/4-aws-finops-unattached-volume-vol-0e620fc9c3b6d55db/finding.json b/remediations/proposed/28558710550-1/4-aws-finops-unattached-volume-vol-0e620fc9c3b6d55db/finding.json new file mode 100644 index 0000000..60067a1 --- /dev/null +++ b/remediations/proposed/28558710550-1/4-aws-finops-unattached-volume-vol-0e620fc9c3b6d55db/finding.json @@ -0,0 +1,32 @@ +{ + "run_id": "28558710550", + "target": "finops-aws", + "provider": "aws", + "check_id": "aws-finops-unattached-volume", + "check_file": "finops-aws/unattached-volumes.yaml", + "check_name": "Unattached EBS volumes", + "query": "SELECT volumeId, size, status, AvailabilityZone, volumeType, createTime\nFROM aws.ec2_native.volumes\nWHERE region = 'ap-southeast-2'", + "severity": "LOW", + "category": "waste", + "kind": null, + "region": "ap-southeast-2", + "suggested_remediation": { + "type": "delete", + "tool": "stackql", + "preflight_query": "SELECT volumeId FROM aws.ec2_native.volumes WHERE region = 'ap-southeast-2' AND volumeId = 'vol-0e620fc9c3b6d55db' AND status = 'available'\n", + "sql_query": "DELETE FROM aws.ec2.volumes WHERE region = 'ap-southeast-2' AND VolumeId = 'vol-0e620fc9c3b6d55db'\n", + "command": null, + "description": "Delete the unattached EBS volume (snapshot first if its data may be needed)." + }, + "fields": { + "AvailabilityZone": "null", + "createTime": "2026-01-09T03:01:34.970Z", + "size": "1", + "status": "available", + "volumeId": "vol-0e620fc9c3b6d55db", + "volumeType": "gp2", + "region": "ap-southeast-2", + "category": "waste", + "estimated_monthly_usd": 0.1 + } +} diff --git a/remediations/proposed/28558710550-1/4-aws-finops-unattached-volume-vol-0e620fc9c3b6d55db/preflight.sql b/remediations/proposed/28558710550-1/4-aws-finops-unattached-volume-vol-0e620fc9c3b6d55db/preflight.sql new file mode 100644 index 0000000..b48d72f --- /dev/null +++ b/remediations/proposed/28558710550-1/4-aws-finops-unattached-volume-vol-0e620fc9c3b6d55db/preflight.sql @@ -0,0 +1 @@ +SELECT volumeId FROM aws.ec2_native.volumes WHERE region = 'ap-southeast-2' AND volumeId = 'vol-0e620fc9c3b6d55db' AND status = 'available' diff --git a/remediations/proposed/28558710550-1/4-aws-finops-unattached-volume-vol-0e620fc9c3b6d55db/rationale.md b/remediations/proposed/28558710550-1/4-aws-finops-unattached-volume-vol-0e620fc9c3b6d55db/rationale.md new file mode 100644 index 0000000..610c2cf --- /dev/null +++ b/remediations/proposed/28558710550-1/4-aws-finops-unattached-volume-vol-0e620fc9c3b6d55db/rationale.md @@ -0,0 +1,9 @@ +# Rationale — vol-0e620fc9c3b6d55db + +**What & where:** This removes the unattached EBS volume `vol-0e620fc9c3b6d55db` (1 GiB, `gp2`) in region `ap-southeast-2`. The `DELETE` targets `aws.ec2.volumes` filtered by region and `VolumeId`, and the preflight re-confirms via `aws.ec2_native.volumes` that the volume still exists and its `status` is still `available` (i.e. attached to no instance) before anything is deleted. + +**Confidence:** High. An EBS volume in `available` state carries no live attachment, so deleting it does not detach storage from a running instance; the preflight guard means the delete is a no-op if the volume was re-attached in the interim. + +**Captain's call:** All eleven flagged volumes are identical 1 GiB `gp2` volumes created on 2026-01-09 within a ~90-minute window (this one at 2026-01-09T03:01:34.970Z), and `AvailabilityZone` comes back as `"null"` for every one. That pattern reads like the residue of an automated/batch process (a failed provisioning run, CI, or a test harness) rather than eleven independent orphans — so this finding should likely be reviewed and actioned as a set, not in isolation. The volumes are now ~6 months old (as of 2026-07-02) with no attachment, which supports deletion, but confirm no snapshot/AMI dependency and consider a snapshot first if the 1 GiB contents could matter. Blast radius is tiny given the size. + +**Estimated monthly saving:** $0.1 USD. diff --git a/remediations/proposed/28558710550-1/4-aws-finops-unattached-volume-vol-0e620fc9c3b6d55db/remediation.sql b/remediations/proposed/28558710550-1/4-aws-finops-unattached-volume-vol-0e620fc9c3b6d55db/remediation.sql new file mode 100644 index 0000000..585cb65 --- /dev/null +++ b/remediations/proposed/28558710550-1/4-aws-finops-unattached-volume-vol-0e620fc9c3b6d55db/remediation.sql @@ -0,0 +1 @@ +DELETE FROM aws.ec2.volumes WHERE region = 'ap-southeast-2' AND VolumeId = 'vol-0e620fc9c3b6d55db'