From c467f92b91d83d9970be9c056c2e4ee741f2f5e7 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 2 Jul 2026 01:23:23 +0000 Subject: [PATCH] Propose remediation: 6-aws-finops-unattached-volume-vol-0a4cbdbcb44dc7e5f (run 28558710550.1) --- .../finding.json | 32 +++++++++++++++++++ .../preflight.sql | 1 + .../rationale.md | 9 ++++++ .../remediation.sql | 1 + 4 files changed, 43 insertions(+) create mode 100644 remediations/proposed/28558710550-1/6-aws-finops-unattached-volume-vol-0a4cbdbcb44dc7e5f/finding.json create mode 100644 remediations/proposed/28558710550-1/6-aws-finops-unattached-volume-vol-0a4cbdbcb44dc7e5f/preflight.sql create mode 100644 remediations/proposed/28558710550-1/6-aws-finops-unattached-volume-vol-0a4cbdbcb44dc7e5f/rationale.md create mode 100644 remediations/proposed/28558710550-1/6-aws-finops-unattached-volume-vol-0a4cbdbcb44dc7e5f/remediation.sql diff --git a/remediations/proposed/28558710550-1/6-aws-finops-unattached-volume-vol-0a4cbdbcb44dc7e5f/finding.json b/remediations/proposed/28558710550-1/6-aws-finops-unattached-volume-vol-0a4cbdbcb44dc7e5f/finding.json new file mode 100644 index 0000000..bb111b5 --- /dev/null +++ b/remediations/proposed/28558710550-1/6-aws-finops-unattached-volume-vol-0a4cbdbcb44dc7e5f/finding.json @@ -0,0 +1,32 @@ +{ + "run_id": "28558710550", + "target": "finops-aws", + "provider": "aws", + "check_id": "aws-finops-unattached-volume", + "check_file": "finops-aws/unattached-volumes.yaml", + "check_name": "Unattached EBS volumes", + "query": "SELECT volumeId, size, status, AvailabilityZone, volumeType, createTime\nFROM aws.ec2_native.volumes\nWHERE region = 'ap-southeast-2'", + "severity": "LOW", + "category": "waste", + "kind": null, + "region": "ap-southeast-2", + "suggested_remediation": { + "type": "delete", + "tool": "stackql", + "preflight_query": "SELECT volumeId FROM aws.ec2_native.volumes WHERE region = 'ap-southeast-2' AND volumeId = 'vol-0a4cbdbcb44dc7e5f' AND status = 'available'\n", + "sql_query": "DELETE FROM aws.ec2.volumes WHERE region = 'ap-southeast-2' AND VolumeId = 'vol-0a4cbdbcb44dc7e5f'\n", + "command": null, + "description": "Delete the unattached EBS volume (snapshot first if its data may be needed)." + }, + "fields": { + "AvailabilityZone": "null", + "createTime": "2026-01-09T02:58:38.135Z", + "size": "1", + "status": "available", + "volumeId": "vol-0a4cbdbcb44dc7e5f", + "volumeType": "gp2", + "region": "ap-southeast-2", + "category": "waste", + "estimated_monthly_usd": 0.1 + } +} diff --git a/remediations/proposed/28558710550-1/6-aws-finops-unattached-volume-vol-0a4cbdbcb44dc7e5f/preflight.sql b/remediations/proposed/28558710550-1/6-aws-finops-unattached-volume-vol-0a4cbdbcb44dc7e5f/preflight.sql new file mode 100644 index 0000000..2562439 --- /dev/null +++ b/remediations/proposed/28558710550-1/6-aws-finops-unattached-volume-vol-0a4cbdbcb44dc7e5f/preflight.sql @@ -0,0 +1 @@ +SELECT volumeId FROM aws.ec2_native.volumes WHERE region = 'ap-southeast-2' AND volumeId = 'vol-0a4cbdbcb44dc7e5f' AND status = 'available' diff --git a/remediations/proposed/28558710550-1/6-aws-finops-unattached-volume-vol-0a4cbdbcb44dc7e5f/rationale.md b/remediations/proposed/28558710550-1/6-aws-finops-unattached-volume-vol-0a4cbdbcb44dc7e5f/rationale.md new file mode 100644 index 0000000..37b57be --- /dev/null +++ b/remediations/proposed/28558710550-1/6-aws-finops-unattached-volume-vol-0a4cbdbcb44dc7e5f/rationale.md @@ -0,0 +1,9 @@ +# Rationale — vol-0a4cbdbcb44dc7e5f + +**What & where:** This removes the unattached EBS volume `vol-0a4cbdbcb44dc7e5f` (1 GiB, `gp2`) in region `ap-southeast-2`. The `DELETE` targets `aws.ec2.volumes` filtered by region and `VolumeId`, and the preflight re-confirms via `aws.ec2_native.volumes` that the volume still exists and its `status` is still `available` (i.e. attached to no instance) before anything is deleted. + +**Confidence:** High. An EBS volume in `available` state carries no live attachment, so deleting it does not detach storage from a running instance; the preflight guard means the delete is a no-op if the volume was re-attached in the interim. + +**Captain's call:** All eleven flagged volumes are identical 1 GiB `gp2` volumes created on 2026-01-09 within a ~90-minute window (this one at 2026-01-09T02:58:38.135Z), and `AvailabilityZone` comes back as `"null"` for every one. That pattern reads like the residue of an automated/batch process (a failed provisioning run, CI, or a test harness) rather than eleven independent orphans — so this finding should likely be reviewed and actioned as a set, not in isolation. The volumes are now ~6 months old (as of 2026-07-02) with no attachment, which supports deletion, but confirm no snapshot/AMI dependency and consider a snapshot first if the 1 GiB contents could matter. Blast radius is tiny given the size. + +**Estimated monthly saving:** $0.1 USD. diff --git a/remediations/proposed/28558710550-1/6-aws-finops-unattached-volume-vol-0a4cbdbcb44dc7e5f/remediation.sql b/remediations/proposed/28558710550-1/6-aws-finops-unattached-volume-vol-0a4cbdbcb44dc7e5f/remediation.sql new file mode 100644 index 0000000..55bf15d --- /dev/null +++ b/remediations/proposed/28558710550-1/6-aws-finops-unattached-volume-vol-0a4cbdbcb44dc7e5f/remediation.sql @@ -0,0 +1 @@ +DELETE FROM aws.ec2.volumes WHERE region = 'ap-southeast-2' AND VolumeId = 'vol-0a4cbdbcb44dc7e5f'