RDS Reserved DB Instance Payment Pending

Risk Level: High (not acceptable ris)

Rule ID: RDS-017

Identify any pending RDS Reserved Instance (RI) purchases available within your AWS account and follow Cloud Conformity recommendations for remediation in order to enable discounted hourly rates for your database instances. A payment-pending RDS RI purchase is a reservation purchase that can't be fully processed due to issues with the payment method, that maintains the 'payment-pending' status long after the initial purchase attempt - not to be confused with the pending state temporarily installed during a successfully processed RDS RI purchase (i.e. where the reservation status changes from 'payment-pending' to 'active' within a reasonable time frame).

This rule can help you work with the AWS Well-Architected Framework.

This rule resolution is part of the Conformity Security & Compliance tool for AWS.

Cost
optimisation

The cost savings when using RDS Reserved Instances over On-Demand Instances are up to 70% when utilized in steady state (i.e. heavy utilization such as production database), therefore in order to receive this discount benefit you need to make sure that all your RDS database reservation purchases have been fully processed (active).

Audit

To identify any pending RDS RI purchases available in your AWS account, perform the following:

Using AWS Console

01 Login to the AWS Management Console.

02 Navigate to RDS dashboard at https://console.aws.amazon.com/rds/.

03 In the left navigation panel, under RDS Dashboard, click Reserved Purchases.

04 Open the dashboard Show/Hide Columns dialog box by clicking the configuration icon from the right menu:

05 Inside the Show/Hide Columns dialog box, select Status checkbox then click Save to apply the changes.

06 On the RDS Reserved Instances listing page, check the status value displayed for each RI within the Status column to determine the reservation current status. If one or more RDS RIs have the current status set to payment-pending, the purchase payment for the specified Reserved Instance(s) was not fully processed, therefore you need to retry your RI(s) pending charges by contacting AWS Support Center (see Remediation/Resolution section for more details).

07 Change the AWS region from the navigation bar and repeat the audit process for other regions.

Using AWS CLI

01 Run describe-reserved-db-instances command (OSX/Linux/UNIX) using custom query filters to list the identifiers (IDs) of all RDS Reserved Instances, purchased within the selected AWS region:

aws rds describe-reserved-db-instances
	--region us-east-1
	--output table
	--query 'ReservedDBInstances[*].ReservedDBInstanceId'

02 The command output should return a table with the requested RDS RI identifier(s):

-----------------------------
|DescribeReservedDBInstances|
+---------------------------+
|  mysql-db-production      |
|  aurora-db-optimized      |
+---------------------------+

03 Run again describe-reserved-db-instances command (OSX/Linux/UNIX) using the ID of the RDS RI returned at the previous step as command parameter and apply custom query filters to expose the purchase state for the selected Reserved Instance:

aws rds describe-reserved-db-instances
	--region us-east-1
	--reserved-db-instance-id mysql-db-production
	--query 'ReservedDBInstances[*].State'

04 The command output should return the requested RI purchase current status:

[
    "payment-pending"
]

If the status value returned by the command output is "payment-pending" (as shown in the example above), there selected RDS Reserved Instance purchase payment is pending, therefore you must retry your RDS RI(s) payment charges by contacting AWS Support Center.

05 Change the AWS region by updating the --region command parameter value and repeat steps no. 1 – 4 to perform the entire process for other regions.

Remediation / Resolution

There are reservation types such as Partial Upfront and All Upfront that require an upfront payment. If the financial institution that issued your payment method cannot approve the AWS charges for the necessary upfront payment, your reservation purchases are not fully processed and confirmed, therefore Amazon set their status to "payment-pending". To solve incomplete AWS RDS reservations you need to retry these Reserved Instance(s) payments by contacting Amazon Web Services. To create the necessary support case using AWS Support Center, perform the following actions:

Note: Requesting Amazon to retry your pending RDS Reserved Instance(s) payments using AWS Billing and Cost Management console or AWS API via Command Line Interface (CLI) is not currently supported.

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to AWS Support Center page at https://console.aws.amazon.com/support/.

03 On Support Center page, click Create case to access the support case form.

04 On the Create Case page, perform the following:

Under Regarding, select Account and Billing Support option.
Choose Billing from the Service dropdown list to send your request to AWS Billing department.
Select Reserved Instances from the Category dropdown list.
Inside the Subject box, enter a subject for your request such as "Retry RDS Reserved Instance pending payment".
Within Description textbox, enter a small description for your request so that AWS support can evaluate your request accordingly.
Under Contact method, select a preferred contact method that AWS support team can use to respond to your request.
Click Submit to send the payment retry request for your RDS Reserved Instance(s) to AWS.

References

AWS Command Line Interface (CLI) Documentation
rds
describe-reserved-db-instances

Publication date Mar 7, 2017

Unlock the Remediation Steps

Free 30-day Trial

Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

No thanks, back to article

You are auditing:

RDS Reserved DB Instance Payment Pending

Risk Level: High

Audit

Using AWS Console

Using AWS CLI

Remediation / Resolution

Using AWS Console

References

Related RDS rules