Reputation: 23
how to identify unused EC2 servers in the company and stop using them
I'm the start-up backend developer. I joined the company last December and am in charge of overall infrastructure and back-end development.
We want to reduce our company's February AWS operating costs by about 20% (expected to be charged $1600) compared to the estimated amount, and reduce our infrastructure usage costs by about $1300 per month.
To this end, I would like to stop using EC2 by identifying unused services that are not in use. The problem is that we have not received the pem key from the previous developer, so we do not have access to AWS EC2 in service.
Also, I understand that you can access the web console without the pem key. However, the method is also a situation in which only the phrase "connection failed" appears.
[Question]
Is there a way to access EC2 without the previously issued pem key? Is there a way to figure out if it's not in use without access?
Upvotes: 2
Views: 266
Answers (1)
Reputation: 60029
I think it's safe to say, without access to the machines, you won't be able to tell what's running on them and therefore if they're required. You could check the ec2 metrics, specifically the network IO, if there is nothing going on, they might be ununsed. But then again there might be something scheduled only once per week/month/year... (wouldn't be the best idea - but neither is having a single developer owning the only key ;-) ) Also, they might be completely idle, but contain important content such as logs that you might want or need to keep (e.g. legal requirements)
If the SSM agent is installed on the instances, you could connect via SSM session or use the AWSSupport-ResetAccess document to replace the key: https://docs.aws.amazon.com/systems-manager/latest/userguide/automation-ec2reset.html
If you cannot access the machine via ssh or ssm, you could use the serial console.
Another idea would be to create a snapshot from the instance(s), then start a new instance from that snapshot with a new EC2 key pair. Then you can access that clone and inspect the content without having access to the original machine(s). Though, depending on the workload, this might be harmfull to your business, since everything might be running in parallel.
A typical startup approach, I've been guilty of myself, is to stop it and see if someone complains. ;-) You could just suspend, not terminate(!), the instances, so you later can start them again. Though this might be a dangerous approach. Services might not automatically start, which means you would need access to manually fix things. And not knowing what needs fixing, doesn't make this easier.
Upvotes: 2
Related Questions
- Connection Error io.netty.handler.codec.http2.Http2Exception: HTTP/2 client preface string missing or corrupt. Hex dump for received bytes:
- grpc client shows Unavailable errors during server scale up
- `Protocol Error` when trying to connect Envoy to gRPC service using gRPC Web
- Simple gRPC envoy configuration
- Envoy Proxy with GRPC Server Streaming throwing UNAVAILABLE: upstream request timeout
- GRPC-Web connectivity issue in TLS
- Error connecting Node.js web client to Java gRPC server
- How to call grpc-web proxy from a NodeJS server
- SSL error ERR_CERT_AUTHORITY_INVALID when using Envoy proxy in front of gRPC service
- How do I set up an envoy proxy in Minikube for a gRPC service?