AWS Elastic Block Storage (EBS) volumes offer the high degree of availability and performance needed for applications that require moderate or high I/O operations, such as business-intelligence analysis tools and other databases. But this performance comes at a cost, which can spiral if an unused EBS volume detached from an EC2 instance but not deleted.

To help keep these cloud management costs under control, Turbot launched two new Guardrails.

EC2 Volume Tags Guardrail

First, we added a Guardrail to tag an EBS volume when it is detached from an EC2 instance.

Options > Application > EC2 > Volume Tags

If you set this Guardrail to “Enforce” Turbot will check if a detached EBS volume is tagged. If not, it will set tags values for DetachedTimestamp and LastInstanceId on detached volumes (and remove them for attached volumes).


DetachedTimestamp = The time it was detached (or when the Guardrail was Enforced) LastInstanceId = The EC2 instance ID it was last attached to


These tags are useful on their own for informational purposes: The DetachedTimestamp tracks when an EBS volume was last used, and the LastInstanceID gives an indication of what sort of data is in that volume.

The tags are even more powerful when paired with the Volume Lifecycle Guardrail.

EC2 Volume Lifecycle Guardrail

Even if an EBS volume is detached and unused, you will be charged for it until it is deleted. To mitigate costs associated with unused storage, Turbot has implemented a Volume Lifecycle Guardrail that allows you to automatically Snapshot and delete unused EBS volumes.

Options > Application > EC2 > Volume Lifecycle

Using the check options, you can receive an alarm whenever a volume is detached, or if a volume remains detached after 24 hours.


To unleash the full power of this Guardrail to automate volume management, set one of the “Enforce” options. Turbot will search for volumes with a DetachedTimestamp tag and use that data to decide whether to enforce, based on the time frame you set in the Guardrail.


In the example above, I set a Guardrail to delete any detached EBS volumes not used in past 30 days. Turbot automatically creates a Snapshot for that volume and deletes it.

(Note that because EC2 doesn’t expose the detached timestamp info by default, this Guardrail relies on the Volume Tags. Therefore these two Guardrails should be used in concert.)

To find out more about how Turbot can automate mundane cloud operations and help manage cloud costs, contact us to schedule a demo.