Medium

AMI (Amazon Machine Images) not in use

AWS Cost Optimization
APRA
AWS Well-Architected Framework
MAS
Description

Your AWS account will be charged monthly for the AMIs that are created, even if they are not being utilized. Sometimes, AWS users deregister their images but neglect to delete the associated AMI snapshots, leading to ongoing storage expenses. To prevent unforeseen charges on your AWS bill, it's recommended to have an outlined cleanup process.

Remediation

To remediate unused Amazon Machine Images (AMIs), you should follow a two-step cleanup process:

Step 1: Deregister AMIs

Identify and deregister all AMIs that are no longer required or are not being used.

Ensure that there are no dependencies on the AMIs before deregistering them.

Step 2: Delete associated snapshots

Identify and delete all associated Amazon Elastic Block Store (EBS) snapshots that were created when the AMIs were initially created.

Ensure that there are no dependencies on the snapshots before deleting them.

Enforced Resources
AMI
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.