Identify any Amazon EC2 instances that appear to be idle and stop or terminate them to help lower the cost of your monthly AWS bill. By default, an EC2 instance is considered 'idle' when meets the following criteria (to declare the instance 'idle' both conditions must be true):
- The average CPU Utilization has been less than 2% for the last 7 days.
- The average Network I/O has been less than 5 MB for the last 7 days.
Note 1: For this rule Cloud Conformity assumes that your EC2 instances are tagged with 'Role' and 'Owner' tags which provide visibility into their usage profile and help you decide whether it's safe or not to stop or terminate these resources. Knowing the role and the owner of an EC2 instance before you take the decision to stop/terminate it is very important because, for example, a CPU utilization less than 2% for a 48 hour period may mean that the instance is being idle or not being used at all.
Note 2: You can change the default threshold for this rule on the Cloud Conformity console and set your own values for CPU and Network I/O usage for each condition in order to configure the idleness. The console also provides information about each EC2 instance marked as idle such as region, ID, instance type, launch time, operating system, tags and more to help you decide whether to stop or terminate the instance.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Idle instances represent a good candidate to reduce your monthly AWS costs and avoid accumulating unnecessary EC2 usage charges.
To identify any idle EC2 instances currently available in your AWS account, perform the following:
Remediation / Resolution
Option 1: stop or terminate the idle instances. To shutdown/terminate any AWS EC2 instances that are currently running in idle mode, perform the following commands:
Option 2: turn off the idle instances at night. To implement a shutdown/startup routine for your expensive (large or xlarge) AWS EC2 instances that are currently available in idle mode to run only during the daytime, perform the following commands:
Option 3: stop or terminate automatically the idle instances using AWS CloudWatch alarms. More details about this method can be found on the AWS documentation page.Note: These CloudWatch alarms can use only the CPU usage (CPUUtilization metric) as input data, therefore the method does not satisfy the conditions set by this conformity rule.
Option 4: disable the rule check. If the selected idle EC2 instance is needed (its role within your application stack/environment is important), you should turn off the conformity rule check for the instance from the Cloud Conformity console.
- AWS Documentation
- Trusted Advisor Best Practices (Checks)
- Amazon EC2 Dimensions and Metrics
- Stop and Start Your Instance
- Terminate Your Instance
- Detach EC2 Instances From Your Auto Scaling Group
- Controlling Which Instances Auto Scaling Terminates During Scale In
- Create Alarms to Stop, Terminate, Reboot, or Recover an Instance
- Use Amazon CloudWatch to Detect and Shut Down Unused Amazon EC2 Instances
- AWS Command Line Interface (CLI) Documentation
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
Idle EC2 Instance
Risk level: High