Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Redshift Reserved Node Lease Expiration In The Next 30 Days

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk Level: Medium (should be achieved)
Rule ID: RS-011

Ensure that your AWS Redshift Reserved Nodes are renewed before expiration in order to get a significant discount (based on the commitment term) on the hourly charges. The renewal process consists of purchasing another Redshift Reserved Node so that Amazon can keep charging you based on the chosen reservation term.

This rule can help you with the following compliance standards:

  • NIST4

For further details on compliance standards supported by Conformity, see here.

This rule can help you work with the AWS Well-Architected Framework.

This rule resolution is part of the Conformity Security & Compliance tool for AWS.

Cost
optimisation

With Reserved Nodes (RNs) you can optimize your Amazon Redshift costs based on your expected usage. Since RNs are not renewed automatically, purchasing another reserved Redshift nodes before expiration will guarantee their billing at a discounted hourly rate.

Note: You can change the default threshold (seven) for the number of days before expiration on the Cloud Conformity console and set your own value (days) based on your requirements.


Audit

To determine the expiration date for your Amazon Redshift Reserved Nodes, perform the following:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to Redshift dashboard at https://console.aws.amazon.com/redshift/.

03 In the left navigation panel, choose Reserved Nodes.

04 Open the dashboard Show/Hide Columns dialog box by clicking the configuration icon from the right menu:

Open the dashboard Show/Hide Columns dialog box by clicking the configuration icon from the right menu

05 Inside the Show/Hide Columns dialog box, select Remaining Days checkbox then click Save to apply the changes.

06 Select the Reserved Node (RN) that you want to examine and verify the value listed for the selected node in the Remaining Days column. If the number of days displayed in this column is less than 7, the selected AWS Redshift RN is about to expire, therefore it must be renewed to keep it running at the current discounted hourly rate.

07 Repeat step no. 6 to determine the expiration date for other Redshift Reserved Nodes provisioned in the current region.

08 Change the AWS region from the navigation bar and repeat the process for the other regions.

Using AWS CLI

01 Run describe-reserved-nodes command (OSX/Linux/UNIX) using custom query filters to list the IDs of all Redshift Reserved Nodes available in the selected AWS region:

aws redshift describe-reserved-nodes
	--region us-east-1
	--output table
	--query 'ReservedNodes[*].ReservedNodeId'

02 The command output should return a table with the requested RN IDs:

----------------------------------------
|          ReservedNodeIds             |
+--------------------------------------+
| 2c45ab51-bc51-4d65-b35c-a4a3e931e3a0 |
| c027bd27-cf4c-4343-be8b-0d7e09250eda |
+--------------------------------------+

03 Run again describe-reserved-nodes command (OSX/Linux/UNIX) using your Redshift RN identifier returned at the previous step and appropriate filtering to reveal the date when the selected node was purchased and the reservation duration (the commitment term in seconds) in order to determine its expiration date:

aws redshift describe-reserved-nodes
	--region us-east-1
	--reserved-node-id 2c45ab51-bc51-4d65-b35c-a4a3e931e3a0
	--query 'ReservedNodes[*].[StartTime,Duration]'

04 The command output should return the timestamp (date) at which the reservation started and the commitment term in seconds (31536000 for 1 year, 94608000 for 3 years):

[
    "2015-10-23T19:08:20.051Z",
    31536000
]

Based on the timestamp and duration values returned, determine the number of days remained until the reservation expires. If the number of days remained is less than 7, the selected Redshift Reserved Node is about to expire, therefore it must be renewed to maintain the current Amazon Redshift discount rate (see Remediation/Resolution section for the renewal process).

05 Repeat step no. 3 and 4 to determine the expiration date for other Redshift Reserved Nodes provisioned in the current region.

06 Change the AWS region by updating the --region command parameter value and repeat steps no. 1 - 5 to perform the audit process for other regions.

Remediation / Resolution

To renew the Redshift Reserved Nodes before their reservation expire, you need to repurchase them using the same configuration attributes (AWS region, node type, term, etc). To renew your existing Redshift RNs in order to avoid On-Demand rates charges when the current reservation expires, perform the following:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to Redshift dashboard at https://console.aws.amazon.com/redshift/.

03 In the navigation panel choose Reserved Nodes.

04 Select the Redshift Reserved Node that you want to renew and note its configuration attributes (i.e. node type, term and offering type).

05 Click Purchase Reserved Nodes button from the dashboard top menu to start the purchasing process.

06 On the Purchase Reserved Nodes page, provide the following RN offering details:

  1. From Node Type dropdown list, select the same node type (e.g. ds1.xlarge) used by the Redshift Reserved Node that you want to renew.
  2. From Term dropdown list, select the length of time for the new reservation based on your requirements.
  3. From Offering Type dropdown list, choose the payment type that you want to use for this reservation (e.g. Partial Upfront).
  4. In the Number of Nodes box type 1.
  5. Click Continue to proceed with the next page.

07 On the Redshift RN summary page, verify the node configuration information then click Purchase to repurchase your reserved Redshift node.

08 Repeat steps no. 4 - 7 to renew (repurchase) other Redshift Reserved Nodes that are about to expire, available in the current region.

09 Change the AWS region from the navigation bar and repeat the process for other regions.

Using AWS CLI

01 First, run describe-reserved-nodes command (OSX/Linux/UNIX) using the identifier of the Redshift RN that you want to renew as parameter (see Audit section part II to identify the right resource) to describe the node offering ID. This ID will be used later as filter parameter to find the offering(s) that match the existing node configuration attributes:

aws redshift describe-reserved-nodes
	--region us-east-1
	--reserved-node-id 2c45ab51-bc51-4d65-b35c-a4a3e931e3a0
	--query 'ReservedNodes[*].ReservedNodeOfferingId'

02 The command output should return the selected RN offering ID:

[
    "f47716e3-a84f-49fe-99c3-2a473e3efd9e"
]

03 Before you repurchase your Redshift Reserved Node run describe-reserved-node-offerings command (OSX/Linux/UNIX) to get the pricing details and information about available Redshift RN offerings. Use the ID string returned at the previous step as identifier to match the specifications of the RN that you want to renew (repurchase):

aws redshift describe-reserved-node-offerings
	--region us-east-1
	--reserved-node-offering-id f47716e3-a84f-49fe-99c3-2a473e3efd9e

04 The command output should return the requested offering(s) information:

{
    "ReservedNodeOfferings": [
        {
            "OfferingType": "Partial Upfront",
            "FixedPrice": 3000.0,
            "NodeType": "ds1.xlarge",
            "UsagePrice": 0.0,
            "RecurringCharges": [
                {
                    "RecurringChargeAmount": 0.114,
                    "RecurringChargeFrequency": "Hourly"
                }
            ],
            "Duration": 31536000,
            "ReservedNodeOfferingId":
            "f47716e3-a84f-49fe-99c3-2a473e3efd9e",
            "CurrencyCode": "USD"
        }
    ]
}

05 Run purchase-reserved-nodes-offering command (OSX/Linux/UNIX) to purchase the Redshift Reserved Node based on the offering information returned at the previous step. The following command example purchase a reserved Redshift node using an offering identified by the ID f47716e3-a84f-49fe-99c3-2a473e3efd9e:

aws redshift purchase-reserved-node-offering
	--reserved-node-offering-id f47716e3-a84f-49fe-99c3-2a473e3efd9e
	--node-count 1

06 The command output should return the new AWS Redshift Reserved Node metadata:

{
   "ReservedNode": {
      "OfferingType": "Partial Upfront",
      "FixedPrice": 3000.0,
      "NodeType": "ds1.xlarge",
      "ReservedNodeId": "2a473e33-bc01-4d65-b35d-a4a3e9320ec45",
      "UsagePrice": 0.0,
      "RecurringCharges": [
         {
            "RecurringChargeAmount": 0.114,
            "RecurringChargeFrequency": "Hourly"
         }
      ],
      "NodeCount": 1,
      "State": "payment-pending",
      "StartTime": "2016-10-19T17:08:25.051Z",
      "Duration": 31536000,
      "ReservedNodeOfferingId": "f47716e3-a84f-49fe-99c3-2a473e3efd9e"
   },
   "ResponseMetadata": {
      "RequestId": "16e3a7bf-2100-11e2-b605-2754d73960da"
   }
}

07 Repeat steps no. 1 - 6 to renew (repurchase) other Redshift Reserved Nodes that are about to expire, available in the current region.

08 Change the AWS region by updating the --region command parameter value and repeat steps no. 1 - 7 to perform the entire process for other regions.

References

Unlock the Remediation Steps


Free 30-day Trial

Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

Confirmity Cloud Platform

No thanks, back to article

You are auditing:

Redshift Reserved Node Lease Expiration In The Next 30 Days

Risk Level: Medium