Logo of Trend Micro
Use the Conformity Knowledge Base AI to help improve your Cloud Posture

RDS Reserved DB Instance Payment Failed

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk Level: High (not acceptable risk)
Rule ID: RDS-016

Identify any failed RDS Reserved Instances (RIs) available within your AWS account and follow Cloud Conformity recommendations for remediation in order to enable discounted hourly rates for RDS database instances in exchange of reserving a certain amount of compute usage upfront. A failed RDS RI is an unsuccessful reservation that received the "payment-failed" status during the purchase process.

This rule can help you work with the AWS Well-Architected Framework.

This rule resolution is part of the Conformity Security & Compliance tool for AWS.

Cost
optimisation

The cost savings when using RDS Reserved Instances over On-Demand Instances are up to 70% when used in steady state (i.e. heavy utilization), therefore in order to receive this discount benefit you need to make sure that all your RDS database reservation purchases have been successfully completed.

Audit

To identify any failed RDS RI purchases available in your AWS account, perform the following:

Using AWS Console

01 Login to the AWS Management Console.

02 Navigate to RDS dashboard at https://console.aws.amazon.com/rds/.

03 In the left navigation panel, under RDS Dashboard, click Reserved Purchases.

04 Open the dashboard Show/Hide Columns dialog box by clicking the configuration icon from the right menu:

configuration icon

05 Inside the Show/Hide Columns dialog box, select Status checkbox then click Save to apply the changes.

06 On RDS Reserved Instances page, check the status value listed for each RI within the Status column to determine the reservation current status. If one or more RDS RIs have the current status set to payment-failed, e.g.

Payment Failed

the purchase process for the specified Reserved Instance(s) has failed, therefore you need to retry your failed reservation(s) payment by contacting AWS Support Center.

07 Change the AWS region from the navigation bar and repeat the audit process for other regions.

Using AWS CLI

01 Run describe-reserved-db-instances command (OSX/Linux/UNIX) using custom query filters to list the identifiers (IDs) of all RDS Reserved Instances, purchased within the selected AWS region: 

aws rds describe-reserved-db-instances
	--region us-east-1
	--output table
	--query 'ReservedDBInstances[*].ReservedDBInstanceId'

02 The command output should return a table with the requested RDS RI IDs: 

-----------------------------
|DescribeReservedDBInstances|
+---------------------------+
|  mysql-prod-webapp-db     |
|  aurora-webapp-db         |
+---------------------------+

03 Run again describe-reserved-db-instances command (OSX/Linux/UNIX) using the ID of the RDS RI returned at the previous step as identifier and custom query filters to expose the purchase state for the selected Reserved Instance: 

aws rds describe-reserved-db-instances
	--region us-east-1
	--reserved-db-instance-id mysql-prod-webapp-db
	--query 'ReservedDBInstances[*].State'

04 The command output should return the requested RI purchase current status: 

[
    "payment-failed"
]

If the status value returned by the command output is "payment-failed" (as shown in the example above), there selected RDS Reserved Instance purchase has failed, therefore you must retry your failed RI(s) payment by contacting AWS Support Center (see Remediation/Resolution section for more details).

05 Change the AWS region by updating the --region command parameter value and repeat steps no. 1 – 4 to perform the entire audit process for other regions.

Remediation / Resolution

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to AWS Support Center page at https://console.aws.amazon.com/support/.

03 On Support Center page, click Create case to initiate the support request process.

04 On the Create Case page, perform the following:

  1. Under Regarding, select Account and Billing Support option.
  2. Choose Billing from the Service dropdown list to send your request to AWS Billing department.
  3. Select Reserved Instances from the Category dropdown list.
  4. Inside the Subject box, enter a subject for your request such as "Retry failed RDS Reserved Instance payment".
  5. Within Description textbox, enter a small description for your request so that AWS support can evaluate properly your request.
  6. Under Contact method, select a preferred contact method that AWS support team can use to respond to your request.
  7. Click Submit to send the payment retry request for your RDS Reserved Instance(s) to AWS.

References

Publication date Mar 7, 2017

Related RDS rules

Unlock the Remediation Steps

Free 30-day Trial

Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

Confirmity Cloud Platform

No thanks, back to article

You are auditing:

RDS Reserved DB Instance Payment Failed

Risk Level: High