Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
{
"run_id": "28558710550",
"target": "finops-aws",
"provider": "aws",
"check_id": "aws-finops-unattached-volume",
"check_file": "finops-aws/unattached-volumes.yaml",
"check_name": "Unattached EBS volumes",
"query": "SELECT volumeId, size, status, AvailabilityZone, volumeType, createTime\nFROM aws.ec2_native.volumes\nWHERE region = 'ap-southeast-2'",
"severity": "LOW",
"category": "waste",
"kind": null,
"region": "ap-southeast-2",
"suggested_remediation": {
"type": "delete",
"tool": "stackql",
"preflight_query": "SELECT volumeId FROM aws.ec2_native.volumes WHERE region = 'ap-southeast-2' AND volumeId = 'vol-0e620fc9c3b6d55db' AND status = 'available'\n",
"sql_query": "DELETE FROM aws.ec2.volumes WHERE region = 'ap-southeast-2' AND VolumeId = 'vol-0e620fc9c3b6d55db'\n",
"command": null,
"description": "Delete the unattached EBS volume (snapshot first if its data may be needed)."
},
"fields": {
"AvailabilityZone": "null",
"createTime": "2026-01-09T03:01:34.970Z",
"size": "1",
"status": "available",
"volumeId": "vol-0e620fc9c3b6d55db",
"volumeType": "gp2",
"region": "ap-southeast-2",
"category": "waste",
"estimated_monthly_usd": 0.1
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
SELECT volumeId FROM aws.ec2_native.volumes WHERE region = 'ap-southeast-2' AND volumeId = 'vol-0e620fc9c3b6d55db' AND status = 'available'
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
# Rationale — vol-0e620fc9c3b6d55db

**What & where:** This removes the unattached EBS volume `vol-0e620fc9c3b6d55db` (1 GiB, `gp2`) in region `ap-southeast-2`. The `DELETE` targets `aws.ec2.volumes` filtered by region and `VolumeId`, and the preflight re-confirms via `aws.ec2_native.volumes` that the volume still exists and its `status` is still `available` (i.e. attached to no instance) before anything is deleted.

**Confidence:** High. An EBS volume in `available` state carries no live attachment, so deleting it does not detach storage from a running instance; the preflight guard means the delete is a no-op if the volume was re-attached in the interim.

**Captain's call:** All eleven flagged volumes are identical 1 GiB `gp2` volumes created on 2026-01-09 within a ~90-minute window (this one at 2026-01-09T03:01:34.970Z), and `AvailabilityZone` comes back as `"null"` for every one. That pattern reads like the residue of an automated/batch process (a failed provisioning run, CI, or a test harness) rather than eleven independent orphans — so this finding should likely be reviewed and actioned as a set, not in isolation. The volumes are now ~6 months old (as of 2026-07-02) with no attachment, which supports deletion, but confirm no snapshot/AMI dependency and consider a snapshot first if the 1 GiB contents could matter. Blast radius is tiny given the size.

**Estimated monthly saving:** $0.1 USD.
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
DELETE FROM aws.ec2.volumes WHERE region = 'ap-southeast-2' AND VolumeId = 'vol-0e620fc9c3b6d55db'