Unused Elastic Block Store Volumes

This plugin ensures Elastic Block Store volumes are in use and attached to EC2 instances

Risk Level: Low

Description

This plugin ensures Elastic Block Store volumes are in use and attached to EC2 instances. Elastic Block Store volumes should be deleted if the parent instance has been deleted to prevent accidental exposure of data.

About the Service

Amazon EC2: Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) Cloud. With the EC2 instance, you can launch as many virtual servers as you need, configure security and networking, and manage storage without worrying about the hardware needs of the process. Security Groups act as a firewall for an EC2 instance to control the incoming and outgoing traffic. You can read more about security groups here.

Impact

Amazon EBS volumes are created as a storage option for EC2 instances. On detaching an instance, it must be deleted to avoid unnecessary exposure of the data. To save the volume data, EBS snapshots can be created.

Steps to Reproduce

Using AWS Console-

  1. Log In to your AWS Console.
  2. Open the EC2 Management Console. You can use this link (https://console.aws.amazon.com/ec2) to navigate directly if already logged in. 
  3. Move to the Volumes in the Elastic Block Store section from the left navigation pane.
  4. A list of EBS snapshots available will be displayed. Check the Volume status column. If it is not set to “In Use”, the vulnerability exists.
  5. Repeat steps for all the EBS volumes you want to investigate.

Steps for Remediation

Delete the unassociated Elastic Block Store volume:

  1. Log In to your AWS Console.
  2. Open the EC2 Management Console. You can use this link (https://console.aws.amazon.com/ec2) to navigate directly if already logged in. 
  3. Move to the Volumes in the Elastic Block Store section from the left navigation pane.
  4. A list of EBS volumes available will be displayed. Select the vulnerable volume by clicking on the checkbox next to it.
  5. From the Actions drop-down menu, click on Delete volume.
  6. Repeat steps for all the vulnerable EBS volumes.