Ensure that all active Amazon Redshift Reserved Node (RN) purchases are reviewed every 7 days to make sure that no unwanted RN purchase has been placed recently.
This rule can help you with the following compliance standards:
- NIST4
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
optimisation
By checking your Redshift RN purchases on a regular basis you can detect and cancel any unwanted purchases placed within your AWS account in order to avoid unexpected charges on your AWS bill.
Note: You can change the default threshold value (7 days) for the review time frame within the rule settings available on the Cloud Conformity console.
Audit
To identify the active Redshift Reserved Node purchases placed within your AWS account for review purposes, perform the following:
Remediation / Resolution
Case A: Verify AWS Cloudtrail logs (if Cloudtrail service is enabled) from the date when the Redshift RN purchase request was placed to determine the request origin and context. To find and analyze the necessary Redshift API logging data, perform the following actions:
Case B: To mitigate unwanted Redshift Reserved Node purchase requests you can contact Amazon Web Services and ask for RN purchases cancellation. To create the necessary case through the AWS Support Center, perform the following:
Note: Requesting Amazon to cancel your unwanted Redshift RN purchase requests using AWS Management Console or AWS API via Command Line Interface (CLI) is not currently supported.References
- AWS Documentation
- Purchasing Amazon Redshift Reserved Nodes
- Purchasing a Reserved Node Offering with the Amazon Redshift Console
- AWS Command Line Interface (CLI) Documentation
- redshift
- describe-reserved-nodes
- cloudtrail
- describe-trails
- s3api
- list-objects
- get-object