Logo of Trend Micro
Use the Conformity Knowledge Base AI to help improve your Cloud Posture

OpenSearch Reserved Instance Lease Expiration In The Next 7 Days

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk Level: High (not acceptable risk)
Rule ID: ES-016

Ensure that your Amazon OpenSearch Reserved Instances (RIs) are renewed before expiration in order to get a significant discount (depending on the commitment term) on the hourly charges. The renewal process consists of purchasing another Reserved Instance so that AWS can keep charging you based on the chosen reservation term. The default threshold for the number of days before expiration when the conformity rule check is performed is 7 (seven) days.

This rule can help you work with the AWS Well-Architected Framework.

This rule resolution is part of the Conformity Security & Compliance tool for AWS.

Cost
optimisation

With Reserved Instances (RIs) you can optimize your Amazon OpenSearch costs based on your expected usage. Because Amazon OpenSearch reservations are not renewed automatically, purchasing new Reserved Instances before expiration will guarantee their billing at a discounted hourly rate.

Note: You can change the default threshold (seven) for the number of days before expiration on the Trend Micro Cloud One™ – Conformity console and set your own value (days) based on your requirements.

Audit

To determine the expiration date for your Amazon OpenSearch Reserved Instances, perform the following operations:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to Amazon OpenSearch console at https://console.aws.amazon.com/esv3/.

03 In the main navigation panel, under Domains, select Reserved Instance leases.

04 Choose the Reserved Instance (RI) that you want to examine and check the value listed in the Remaining days column, to determine the remaining duration of the selected reservation. If the number of days listed in the Remaining days column is less than 7 (the default threshold used when no custom threshold value is configured), the selected Amazon OpenSearch Reserved Instance (RI) is about to expire, therefore you must take action and renew the reservation in order to take advantage of the current discounted hourly rate.

05 Repeat steps no. 4 to check the expiration date for each OpenSearch Reserved Instance available within the current AWS region.

06 Change the AWS cloud region from the console navigation bar and repeat the Audit process for other regions.

Using AWS CLI

01 Run describe-reserved-elasticsearch-instances command (OSX/Linux/UNIX) with custom query filters to list the identifier (ID) of each Amazon OpenSearch Reserved Instance available in the selected AWS region: 

aws es describe-reserved-elasticsearch-instances
  --region us-east-1
  --output table
  --query 'ReservedOpenSearchInstances[*].ReservedOpenSearchInstanceId'

02 The command output should return a table with the requested Reserved Instance IDs: 

----------------------------------------
|    ReservedOpenSearchInstanceIds     |
+--------------------------------------+
| aabbccdd-aabb-ccdd-1234-aabbccdd1234 |
| aaaabbbb-1234-aaaa-bbbb-1234aaaabbbb |
| abcdabcd-abcd-abcd-abcd-abcdabcdabcd |
+--------------------------------------+

03 Run describe-reserved-elasticsearch-instances command (OSX/Linux/UNIX) using the ID of the OpenSearch Reserved Instance (RI) that you want to examine as the identifier parameter and custom query filters to obtain the date when the selected RI was purchased: 

aws es describe-reserved-elasticsearch-instances
  --region us-east-1
  --reserved-elasticsearch-instance-id aabbccdd-aabb-ccdd-1234-aabbccdd1234
  --query 'ReservedOpenSearchInstances[*].StartTime'

04 The command output should return the timestamp (date) at which the reservation started and the commitment term in seconds (31536000 for 1 year, 94608000 for 3 years): 

[
	"StartTime": 1507369500.229,
	"Duration": 31536000
]

05 The value returned for "StartTime" attribute at the previous step is using the Unix time format, which represents the number of seconds that have passed since midnight UTC of 1 January 1970. To convert the returned value into a human-readable format, run the following command (replace the Unix timestamp with your own timestamp returned as value for the "StartTime" attribute): 

date -d @1507369500.229

06 The command output should return the purchasing date in a human-readable format: 

Sat Oct 07 09:45:00 UTC 2017

Check the date/time returned by the date command output at the previous step to determine the number of days remained until the selected reservation expires. If the number of days remained is less than 7, the selected Amazon OpenSearch Reserved Instance (RI) is about to expire, therefore you must take action and renew the reservation in order to take advantage of the current discounted hourly rate.

07 Repeat steps no. 3 – 6 to check the expiration date for each OpenSearch Reserved Instance available in the selected AWS region.

08 Change the AWS cloud region by updating the --region command parameter value and repeat steps no. 1 – 7 to perform the Audit process for other AWS regions.

Remediation / Resolution

To renew your Amazon OpenSearch Reserved Instances before their reservation expire, you have to repurchase them using the same configuration attributes (AWS region, instance type and term). To renew your OpenSearch RIs in order to avoid On-Demand rates charges when the current reservation expires, perform the following operations:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to Amazon OpenSearch console at https://console.aws.amazon.com/esv3/.

03 In the main navigation panel, under Domains, select Reserved Instance leases.

04 Select the Amazon OpenSearch Reserved Instances that you want to renew and identify the instance configuration attributes (i.e. instance type, instance size, term and so on).

05 Choose Order Reserved Instances from the console top menu to initiate the purchasing process.

06 On the Purchase reserved instance page, perform the following operations:

  1. Provide a unique name, required to identify the reservation, in the Reservation name box.
  2. Select the instance type used by the Reserved Instance that you want to renew from Instance type dropdown list.
  3. Enter the same instance size as the one identified at step no. 4 in the Instance quantity box.
  4. For Term, select the appropriate length of time for the new OpenSearch reservation (1 year or 3 years).
  5. For Payment option (USD), choose the payment plan that you want to use for the new reservation.
  6. Choose Next to continue the process.
  7. Review the Reserved Instance (RI) configuration information and payment plan, then choose Order to repurchase your Amazon OpenSearch Reserved Instance.

07 Repeat steps no. 4 – 6 to renew (repurchase) other OpenSearch Reserved Instances that are about to expire, available within the current AWS region.

08 Change the AWS cloud region from the console navigation bar and repeat the Remediation process for other regions.

Using AWS CLI

01 Run describe-reserved-elasticsearch-instances command (OSX/Linux/UNIX) using the ID of the Amazon OpenSearch Reserved Instance that you want to renew as the identifier parameter and custom query filters to get the OpenSearch Reserved Instance offering ID: 

aws es describe-reserved-elasticsearch-instances
  --region us-east-1
  --reserved-elasticsearch-instance-id aaaabbbb-aaaa-bbbb-cccc-aaaabbbbcccc
  --query 'ReservedOpenSearchInstances[*].ReservedOpenSearchInstanceOfferingId'

02 The command output should return the required RI offering ID: 

[
	"abcd12345-1234-abcd-1234-abcd1234abca"
]

03 Before you repurchase your Amazon OpenSearch Reserved Instance, run describe-reserved-elasticsearch-instance-offerings command (OSX/Linux/UNIX) to obtain the pricing information available for OpenSearch RI offering. Use the ID returned at the previous step as the identifier parameter to match the specifications of the OpenSearch Reserved Instance that you want to repurchase: 

aws es describe-reserved-elasticsearch-instance-offerings
  --region us-east-1
  --reserved-elasticsearch-instance-offering-id abcd12345-1234-abcd-1234-abcd1234abca

04 The command output should return the requested RI offering information: 

{
	"ReservedOpenSearchInstanceOfferings": [
		{
			"FixedPrice": 443.00,
			"ReservedOpenSearchInstanceOfferingId": "abcd12345-1234-abcd-1234-abcd1234abca",
			"RecurringCharges": [
				{
					"RecurringChargeAmount": 0.051,
					"RecurringChargeFrequency": "Hourly"
				}
			],
			"UsagePrice": 0.0,
			"PaymentOption": "PARTIAL_UPFRONT",
			"Duration": 31536000,
			"OpenSearchInstanceType": "m4.large.elasticsearch",
			"CurrencyCode": "USD"
		}
	]
}

05 Run purchase-reserved-elasticsearch-instance-offering command (OSX/Linux/UNIX) to repurchase your OpenSearch Reserved Instance(s) based on the offering information returned at the previous step: 

aws es purchase-reserved-elasticsearch-instance-offering
  --region us-east-1
  --reserved-elasticsearch-instance-offering-id abcd12345-1234-abcd-1234-abcd1234abca
  --reservation-name cc-opensearch-instance-reservation
  --instance-count 3

06 The command output should return the RI reservation request information: 

{
	"ReservationName": "cc-project5-es-reservation",
	"ReservedOpenSearchInstanceId": "aabbccdd-aabb-ccdd-eeff-aabbccddeeff"
}

07 Repeat steps no. 1 – 6 to renew (repurchase) other OpenSearch Reserved Instances that are about to expire, available in the selected AWS region.

08 Change the AWS cloud region by updating the --region command parameter value and repeat the Remediation process for other regions.

References

Publication date Oct 29, 2018

Related Elasticsearch rules

Unlock the Remediation Steps

Free 30-day Trial

Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

Confirmity Cloud Platform

No thanks, back to article

You are auditing:

OpenSearch Reserved Instance Lease Expiration In The Next 7 Days

Risk Level: High