Guides

Cloud Operations and Cost Management

7.3: Unused AWS Elastic Loadbalancer v2

šŸ“˜ Elastic Load Balancers that aren't in use increase costs and can be a potential security risk.

  • Section: Monitoring
  • Severity: Medium
  • CWE: CWE-16 Configuration
  • Assurance Scope: NIST
  • Threat Modeling Principal: NA
  • Rule Set: Rapticore Benchmark

7.3: Unused AWS Elastic Loadbalancer v2

šŸ“˜ Elastic Load Balancers that aren't in use increase costs and can be a potential security risk.

  • Section: Monitoring
  • Severity: Medium
  • CWE: CWE-16 Configuration
  • Assurance Scope: NIST
  • Threat Modeling Principal: NA
  • Rule Set: Rapticore Benchmark

7.4: Unused AWS Classic Load Balancer

šŸ“˜ Classic Load Balancers that aren't actively serving traffic should be reviewed and possibly terminated to ensure optimal cost management and security.

  • Section: Monitoring
  • Severity: Medium
  • CWE: CWE-16 Configuration
  • Assurance Scope: NIST
  • Threat Modeling Principal: NA
  • Rule Set: Rapticore Benchmark

7.5: Unused AWS RDS

Criteria: Less than 1 DB Connection and, on average, less than 20 ReadIOps and WriteIOps in the last 7 days.

šŸ“˜ Idle RDS instances lead to unnecessary costs. Regular monitoring and termination of unused RDS instances is recommended.

  • Section: Monitoring
  • Severity: Medium
  • CWE: CWE-16 Configuration
  • Assurance Scope: NIST
  • Threat Modeling Principal: NA
  • Rule Set: Rapticore Benchmark

7.6: Underutilized AWS RDS

Criteria: Less than 60% CPU utilization and on average, less than 100 ReadIOps and WriteIOps in the last 7 days.

šŸ“˜ Underutilized RDS instances may indicate over-provisioning. Review and resize to ensure cost-effectiveness.

  • Section: Monitoring
  • Severity: Medium
  • CWE: CWE-16 Configuration
  • Assurance Scope: NIST
  • Threat Modeling Principal: NA
  • Rule Set: Rapticore Benchmark

7.7: Overutilized AWS RDS

Criteria: Average CPU utilization more than 90% in last 7 days.

šŸ“˜ Overutilized RDS instances can lead to performance issues. Consider resizing to better fit the workload.

  • Section: Monitoring
  • Severity: Medium
  • CWE: CWE-16 Configuration
  • Assurance Scope: NIST
  • Threat Modeling Principal: NA
  • Rule Set: Rapticore Benchmark

7.8: Idle AWS EC2

Criteria: Average CPU utilization less than 2% and average network I/O less than 5 MB in the last 7 days.

šŸ“˜ Idle EC2 instances are a cost concern and a potential security risk. Review and shut down or terminate as necessary.

  • Section: Monitoring
  • Severity: Medium
  • CWE: CWE-16 Configuration
  • Assurance Scope: NIST
  • Threat Modeling Principal: NA
  • Rule Set: Rapticore Benchmark

7.9: Unused AWS NAT

Criteria: BytesOutToDestination has been 0 for the last 7 days.

šŸ“˜ Unused NAT gateways contribute to additional costs. Consider terminating if not required.

  • Section: Monitoring
  • Severity: Medium
  • CWE: CWE-16 Configuration
  • Assurance Scope: NIST
  • Threat Modeling Principal: NA
  • Rule Set: Rapticore Benchmark

7.10: Unused AWS EBS Volumes

Criteria: VolumeReadOps and VolumeWriteOps are 0 for the last 7 days.

šŸ“˜ Unattached or idle EBS volumes incur costs. Regularly review and delete unused volumes to save on costs.

  • Section: Monitoring
  • Severity: Medium
  • CWE: CWE-16 Configuration
  • Assurance Scope: NIST
  • Threat Modeling Principal: NA
  • Rule Set: Rapticore Benchmark

7.11: Idle AWS ElastiCache

Criteria: Average CPU utilization less than 2% in the last 7 days.

šŸ“˜ Idle ElastiCache clusters may be over-provisioned or not required, leading to unnecessary costs.

  • Section: Monitoring
  • Severity: Medium
  • CWE: CWE-16 Configuration
  • Assurance Scope: NIST
  • Threat Modeling Principal: NA
  • Rule Set: Rapticore Benchmark

7.12: Idle AWS Elasticsearch Clusters

Criteria: Average CPU utilization less than 2% in the last 7 days.

šŸ“˜ Elasticsearch clusters that are underutilized might be over-provisioned or not required. Consider resizing or terminating them to optimize costs.

  • Section: Monitoring
  • Severity: Medium
  • CWE: CWE-16 Configuration
  • Assurance Scope: NIST
  • Threat Modeling Principal: NA
  • Rule Set: Rapticore Benchmark

7.13: Unused AWS Elastic IP (EIP) - Cost Savings

šŸ“˜ Elastic IPs that are not associated with any instance lead to extra costs. Consider releasing unused EIPs.

  • Section: Monitoring
  • Severity: Medium
  • CWE: CWE-16 Configuration
  • Assurance Scope: NIST
  • Threat Modeling Principal: NA
  • Rule Set: Rapticore Benchmark

Updated about 1 year ago