diff --git a/remediations/proposed/28592024706-1/7-aws-finops-unattached-volume-vol-08ba9f209b2b8a11b/finding.json b/remediations/proposed/28592024706-1/7-aws-finops-unattached-volume-vol-08ba9f209b2b8a11b/finding.json new file mode 100644 index 0000000..b9da871 --- /dev/null +++ b/remediations/proposed/28592024706-1/7-aws-finops-unattached-volume-vol-08ba9f209b2b8a11b/finding.json @@ -0,0 +1,32 @@ +{ + "run_id": "28592024706", + "target": "finops-aws", + "provider": "aws", + "check_id": "aws-finops-unattached-volume", + "check_file": "finops-aws/unattached-volumes.yaml", + "check_name": "Unattached EBS volumes", + "query": "SELECT volumeId, size, status, AvailabilityZone, volumeType, createTime\nFROM aws.ec2_native.volumes\nWHERE region = 'ap-southeast-2'", + "severity": "LOW", + "category": "waste", + "kind": null, + "region": "ap-southeast-2", + "suggested_remediation": { + "type": "delete", + "tool": "stackql", + "preflight_query": "SELECT volumeId FROM aws.ec2_native.volumes WHERE region = 'ap-southeast-2' AND volumeId = 'vol-08ba9f209b2b8a11b' AND status = 'available'\n", + "sql_query": "DELETE FROM aws.ec2.volumes WHERE region = 'ap-southeast-2' AND VolumeId = 'vol-08ba9f209b2b8a11b'\n", + "command": null, + "description": "Delete the unattached EBS volume (snapshot first if its data may be needed)." + }, + "fields": { + "AvailabilityZone": "null", + "createTime": "2026-01-09T02:52:39.739Z", + "size": "1", + "status": "available", + "volumeId": "vol-08ba9f209b2b8a11b", + "volumeType": "gp2", + "region": "ap-southeast-2", + "category": "waste", + "estimated_monthly_usd": 0.1 + } +} diff --git a/remediations/proposed/28592024706-1/7-aws-finops-unattached-volume-vol-08ba9f209b2b8a11b/preflight.sql b/remediations/proposed/28592024706-1/7-aws-finops-unattached-volume-vol-08ba9f209b2b8a11b/preflight.sql new file mode 100644 index 0000000..b285a06 --- /dev/null +++ b/remediations/proposed/28592024706-1/7-aws-finops-unattached-volume-vol-08ba9f209b2b8a11b/preflight.sql @@ -0,0 +1 @@ +SELECT volumeId FROM aws.ec2_native.volumes WHERE region = 'ap-southeast-2' AND volumeId = 'vol-08ba9f209b2b8a11b' AND status = 'available' diff --git a/remediations/proposed/28592024706-1/7-aws-finops-unattached-volume-vol-08ba9f209b2b8a11b/rationale.md b/remediations/proposed/28592024706-1/7-aws-finops-unattached-volume-vol-08ba9f209b2b8a11b/rationale.md new file mode 100644 index 0000000..42cc554 --- /dev/null +++ b/remediations/proposed/28592024706-1/7-aws-finops-unattached-volume-vol-08ba9f209b2b8a11b/rationale.md @@ -0,0 +1,7 @@ +(a) This removes the unattached EBS volume `vol-08ba9f209b2b8a11b` (1 GiB, gp2) in region `ap-southeast-2` via a `DELETE FROM aws.ec2.volumes`. The volume is reported as `status = available`, i.e. not attached to any instance. + +(b) Confidence: high. The preflight query re-asserts both the exact volume id and `status = 'available'` immediately before deletion, so the delete only proceeds if the volume is still genuinely unattached. + +(c) Captain's call: the volume carries no visible Name tag or other metadata, so a deterministic check cannot tell whether its data is still needed. It is only 1 GiB and was created on 2026-01-09T02:52:39.739Z — all volumes in this batch were created within minutes of each other on 2026-01-09, which suggests an automated or test provisioning run; confirm it is not a template/scratch disk that will be re-attached before deleting. Deletion is irreversible, so snapshot first if in doubt. + +(d) Estimated monthly saving: $0.10 USD. diff --git a/remediations/proposed/28592024706-1/7-aws-finops-unattached-volume-vol-08ba9f209b2b8a11b/remediation.sql b/remediations/proposed/28592024706-1/7-aws-finops-unattached-volume-vol-08ba9f209b2b8a11b/remediation.sql new file mode 100644 index 0000000..ccc704b --- /dev/null +++ b/remediations/proposed/28592024706-1/7-aws-finops-unattached-volume-vol-08ba9f209b2b8a11b/remediation.sql @@ -0,0 +1 @@ +DELETE FROM aws.ec2.volumes WHERE region = 'ap-southeast-2' AND VolumeId = 'vol-08ba9f209b2b8a11b'