Skip to content
.png?width=1920&height=1080&name=Landscape%20(4).png)
UPCOMING WEBINAR Databricks Workload Optimization — Best Practices for Visibility, Performance, and Savings - REGISTER NOW
Rule ID: EBS-001
An Amazon Elastic Block Store (EBS) volume is distinct from the lifecycle of its associated Amazon Elastic Compute Cloud (EC2) instance. EBS volumes are attached to EC2 Instances as storage devices. By default, unless you select the “Delete on Termination” option during instance launch, terminating the EC2 instance will only detach the EBS volume, not delete it. In dynamic development and testing environments where EC2 instances are frequently launched and terminated, this can result in an accumulation of idle EBS volumes. These unused volumes incur charges in your AWS account, even when they’re not in use. To improve cost efficiency, it’s essential to eliminate these unused volumes. Additionally, deleting inactive EBS volumes is a crucial security measure to prevent unauthorized access to any sensitive data that might be stored on them.
Rule EBS- 001 checks whether there are unused EBS Volumes in your AWS account. This rule can help you with the following as well:
Compliance frameworks report
AWS Well-Architected Lens
Carry out the following steps to find out if there are any unused EBS volumes in your cloud environment:
1. Sign in to the AWS Management Console to access the EC2 dashboard via https://console.aws.amazon.com/ec2/.
2. Navigate to the left panel and click the Volumes under the Elastic Block Store section.
3. Scroll horizontally to the State column to confirm the status of each EBS volume.
4. If a volume is marked as in-use, If a volume has an available state, it is currently unused (unattached) by any instance and may be safely deleted.
1. Run thedescribe-volumes command to find out if there are any unused EBS volumes in your cloud environment:
aws ec2 describe-volumes \\
--region us-east-1 \\
--filters Name=status,Values=available
2. A JSON Object containing configuration data for each detected unused EBS volume should be returned as output:
{
"Volumes": [
{
"Attachments": [],
"AvailabilityZone": "us-east-1d",
"CreateTime": "2019-12-02T12:01:41.088000+00:00",
"Encrypted": false,
"Size": 8,
"SnapshotId": "snap-09328b730a42039c6",
**"State": "available",**
"VolumeId": "vol-0b810c6c7e4a334cb",
"Iops": 100,
"Tags": [
{
"Key": "Name",
"Value": "Ashish_ZF1"
}
],
"VolumeType": "gp2",
"MultiAttachEnabled": false
},
{
"Attachments": [],
"AvailabilityZone": "us-east-1d",
"CreateTime": "2019-12-13T04:20:57.505000+00:00",
"Encrypted": false,
"Size": 50,
"SnapshotId": "snap-0415d8298c7099b66",
**"State": "available",**
"VolumeId": "vol-06d24eb6b77f09e70",
"Iops": 150,
"VolumeType": "gp2",
"MultiAttachEnabled": false
},
...
{
"Attachments": [],
"AvailabilityZone": "us-east-1d",
"CreateTime": "2020-02-07T08:29:07.029000+00:00",
"Encrypted": false,
"Size": 80,
"SnapshotId": "snap-0415d8298c7099b66",
**"State": "available",**
"VolumeId": "vol-012e179cf459c730e",
"Iops": 240,
"VolumeType": "gp2",
"MultiAttachEnabled": false
}
]
1. Create a Role for the Automation Runbook:
Begin by creating a role named “AssumeRole.” This role will be utilized by Systems Manager Automation to execute the runbook.
2. Turn On AWS Config Recorder:
Access the AWS Config console to ensure that AWS Config is active and appropriately configured to record Amazon EBS volumes.
3. Run the Rule:
1. Sign in to the AWS Management Console to access the EC2 dashboard via https://console.aws.amazon.com/ec2/.
2. Navigate to the left panel and click the Volumes under the Elastic Block Store section. (Similarly to what we did in the Audit section).
3. Select the unused volume you intend to delete.
5. (Optional) Create a snapshot of your volume:
a. Select the Actions button and choose the Create Snapshot option:
b. Fill in the description in the resulting box and click Create
6. To delete the unused volume, click the Actions button again and choose the Delete Volume option:
7. Confirm the deletion in the popup box.
1. Execute the describe-volumes command which retrieves all unused EBS volumes.
aws ec2 describe-volumes \\
--region us-east-1 \\
--filters Name=status,Values=available
2. Again, a JSON Object containing configuration data for each detected unused EBS volume should be returned as output
{
"Volumes": [
{
"Attachments": [],
"AvailabilityZone": "us-east-1d",
"CreateTime": "2019-12-02T12:01:41.088000+00:00",
"Encrypted": false,
"Size": 8,
"SnapshotId": "snap-09328b730a42039c6",
**"State": "available",**
"VolumeId": "vol-0b810c6c7e4a334cb",
"Iops": 100,
"Tags": [
{
"Key": "Name",
"Value": "Ashish_ZF1"
}
],
"VolumeType": "gp2",
"MultiAttachEnabled": false
},
{
"Attachments": [],
"AvailabilityZone": "us-east-1d",
"CreateTime": "2019-12-13T04:20:57.505000+00:00",
"Encrypted": false,
"Size": 50,
"SnapshotId": "snap-0415d8298c7099b66",
**"State": "available",**
"VolumeId": "vol-06d24eb6b77f09e70",
"Iops": 150,
"VolumeType": "gp2",
"MultiAttachEnabled": false
},
...
{
"Attachments": [],
"AvailabilityZone": "us-east-1d",
"CreateTime": "2020-02-07T08:29:07.029000+00:00",
"Encrypted": false,
"Size": 80,
"SnapshotId": "snap-0415d8298c7099b66",
**"State": "available",**
"VolumeId": "vol-012e179cf459c730e",
"Iops": 240,
"VolumeType": "gp2",
"MultiAttachEnabled": false
}
]
3. Next, run the delete-volume command along with the volume ID of the EBS volume you intend to delete. Below is a sample delete-volume command:
aws ec2 delete-volume \\
--region us-east-1 \\
--volume-id vol-012e179cf459c730e
4. To confirm the selected EBS volume has been deleted, re-run the describe-volumes command while specifying the volume-id:
aws ec2 describe-volumes \\
--region us-east-1 \\
--volume-id vol-e323363d
5. The command should return a volume not found error.
A client error (InvalidVolume.NotFound) occurred when calling the DescribeVolumes operation: The volume 'vol-e323363d' does not exist.
Required IAM permission for AutomationAssumeRole:
1. Add Automatic Remediation Action:
2. Test Automatic Remediation for the AWS Config Rule:
Troubleshooting: Sometimes, AWS Config doesn’t accurately reflect the resource state. So to troubleshoot it turn the recorder off and then turn it back on again from the AWS Config Settings page. The recorder captures the state of the resources. For newly created or deleted resources, it might take some time for the recorder to reflect the current state.
With nOps, it’s a breeze to detect and delete idle EBS volumes.
One-click discover and apply:
nOps streamlines the process of identifying and deleting unused EBS volumes with just one click, eliminating the need for manual cleanup and saving valuable engineering time.
Safe savings:
Review each recommendation and take a cost-effective backup snapshot if desired — providing full peace of mind and flexibility to roll back while optimizing costs.
Let us help you save! Sign up for nOps or Book a demo call today.
nOps is an AI-powered FinOps platform that makes it easy manage and optimize your cloud usage, commitments, and spend.
© nOps 2025. All Rights Reserved.