AWS Elastic Block Storage (EBS) volumes offer the high degree of availability and performance needed for applications that require moderate or high I/O operations, such as business-intelligence analysis tools and other databases. But this performance comes at a cost, which can spiral if an unused EBS volume detached from an EC2 instance but not deleted.
To help keep these cloud management costs under control, Turbot Guardrails launched two new Guardrails.
EC2 Volume Tags Guardrail
First, we added a Guardrail to tag an EBS volume when it is detached from an EC2 instance.
Options > Application > EC2 > Volume Tags
If you set this Guardrail to "Enforce" Turbot Guardrails will check if a detached EBS volume is tagged. If not, it will set tags values for DetachedTimestamp and LastInstanceId on detached volumes (and remove them for attached volumes).
DetachedTimestamp = The time it was detached (or when the Guardrail was Enforced) LastInstanceId = The EC2 instance ID it was last attached to
These tags are useful on their own for informational purposes: The DetachedTimestamp tracks when an EBS volume was last used, and the LastInstanceID gives an indication of what sort of data is in that volume.
The tags are even more powerful when paired with the Volume Lifecycle Guardrail.
EC2 Volume Lifecycle Guardrail
Even if an EBS volume is detached and unused, you will be charged for it until it is deleted. To mitigate costs associated with unused storage, Turbot Guardrails has implemented a Volume Lifecycle Guardrail that allows you to automatically Snapshot and delete unused EBS volumes.
Options > Application > EC2 > Volume Lifecycle
Using the check options, you can receive an alarm whenever a volume is detached, or if a volume remains detached after 24 hours.
To unleash the full power of this Guardrail to automate volume management, set one of the "Enforce" options. Turbot Guardrails will search for volumes with a DetachedTimestamp tag and use that data to decide whether to enforce, based on the time frame you set in the Guardrail.
In the example above, I set a Guardrail to delete any detached EBS volumes not used in past 30 days. Turbot Guardrails automatically creates a Snapshot for that volume and deletes it.
(Note that because EC2 doesn't expose the detached timestamp info by default, this Guardrail relies on the Volume Tags. Therefore these two Guardrails should be used in concert.)
To find out more about how Turbot Guardrails can automate mundane cloud operations and help manage cloud costs, contact us to schedule a demo.