Ensure that all your AWS RDS Reserved Instances (RI) have corresponding database instances running within the same account or within any AWS accounts members of an AWS Organization (if any). A corresponding database instance is a running RDS instance that matches the reservation parameters such as Region and Instance Type.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
optimisation
When an AWS RDS Reserved Instance is not in use (i.e. does not have an active corresponding instance) the investment made is not exploited. For example, if you reserve a db.m3.medium RDS instance within US West (Oregon) region and you don't provision a database instance with the same class/type, in the same region of the same AWS account or in any other linked AWS accounts within your AWS Organization, the specified RDS RI is considered unused and your investment has a negative return.
Audit
To determine if you have any unused RDS Reserved Instances within your AWS account or your AWS Organization, perform the following:
Remediation / Resolution
Because AWS RDS Standard Reserved are reserved for you at purchase, you cannot modify, cancel or sell these reservations and you will be billed for these resources regardless of whether you use them. To make use of your investment, you can provision and utilize a corresponding RDS DB instance for each unused RDS Reserved Instance purchased within the current AWS account or within any other member accounts available in your AWS Organization (if you are using one). To launch RDS DB instances that match the RIs purchase criteria, perform the following actions:
References
- AWS Documentation
- Amazon RDS Reserved Instances
- Working with Reserved DB Instances
- Paying Bills for Multiple Accounts Using Consolidated Billing
- Creating and Editing Consolidated Billing Account Families
- AWS Command Line Interface (CLI) Documentation
- rds
- describe-reserved-db-instances
- describe-db-instances
- create-db-instance
- ec2
- create-security-group
- authorize-security-group-ingress