I want to use the "AWSSupport-AnalyzeEBSResourceUsage" AWS Systems Manager Automation runbook to analyze my Amazon Elastic Block Store (Amazon EBS) resource data usage.
Short description
The AWSSupport-AnalyzeEBSResourceUsage Automation runbook helps you to analyze volume usage and identifies abandoned volumes, images, and snapshots in an AWS Region.
Depending on your resources, a successful runbook workflow generates up to three .csv reports in your Amazon Simple Storage Service (Amazon S3) bucket. For more information, see AWSSupport-AnalyzeEBSResourceUsage.
Resolution
Prerequisites
Permissions
Before you run AWSPremiumSupport-AnalyzeEbsResourceUsage, verify that your AWS Identity and Access Management (IAM) user or role has the necessary permissions. For more information, see the Required IAM permissions section of AWSSupport-AnalyzeEBSResourceUsage.
Make sure that your S3 bucket isn't public. If the Automation runbook fails for this reason, then you might see an output that includes the following messages:
- "Bucket BUCKET_NAME is public, Please check bucket configuration and make sure it is not public."
- "Please refer to Automation Service Troubleshooting Guide for more diagnosis details."
Before you run the runbook, block public access to the bucket. For information about other Automation errors, see Troubleshooting Systems Manager Automation.
Prerequisites for a specified bucket
To specify your own S3 bucket, take the following actions:
- Set isPublic to False to block public access to the bucket.
- Turn on Amazon S3 access logging.
- Allow only SSL requests to your bucket.
- Turn on object versioning.
- Use an AWS Key Management Service (KMS) key to encrypt your bucket.
Run the workflow
To run AWSPremiumSupport-AnalyzeEbsResourceUsage, complete the following steps:
- Open the Systems Manager console.
- In the navigation page, choose Documents.
- In the search bar, enter AWSSupport-AnalyzeEBSResourceUsage, and then select the runbook.
- Choose Execute automation.
- (Optional) For the input parameters, enter the following information:
S3BucketName: Enter the S3 bucket that you want to upload the report to. Verify that the bucket policy doesn't grant unnecessary read or write permissions to users who don't require access to the logs. If the bucket doesn't exist in your account, then the automation creates a new bucket in the Region where you run the automation. A newly created bucket uses the naming format USER_PROVIDED_NAME-awssupport-YYYY-MM-DD and is encrypted with a custom AWS KMS key.
CustomerManagedKmsKeyArn: If the automation created an encrypted bucket for you, then enter the custom AWS KMS key ARN for your bucket. If you create a bucket but don't specify a custom AWS KMS key ARN, then the automation fails.
AutomationAssumeRole: Enter the ARN of the role that allows Automation to perform actions for you. If you don't specify this role, then Systems Manager Automation uses the permission of the user that runs this document.
- Choose Execute.
Review the output
After the workflow completes, review the Outputs section for detailed results of the automation. The runbook generates three .csv reports in your S3 bucket. To analyze your EBS data usage, review the images, snapshot, and volume reports. The following are example output statements and their explanations:
verifyOrCreateS3bucketcreatedNewBucket: True or False.
In the preceding output, if the AWSPremiumSupport-AnalyzeEbsResourceUsage runbook creates a new bucket, then the output displays True. If the runbook uses an existing bucket, then the output displays False.
gatherAmiDetails.gatherAmiDetail5Output
In the preceding output, the REGION-image.cv file was uploaded to your bucket and is displayed as BUCKET-ACCOUNT-awssupport-DATE. Review the file to check if you must keep the Amazon Machine Images (AMIs).
gatherSnapshotDetails.gatherSnapshotDetailsOutput
In the preceding output, the REGION-snapshot.cv file was uploaded to your bucket and is displayed as BUCKET-ACCOUNT-awssupport-DATE. Review the file to check if you must keep the snapshots.
gatherVolumeDetails.gatherVolumeDetailsOutput
In the preceding output, the REGION-volume.cv file was uploaded to your bucket and is displayed as BUCKET-ACCOUNT-awssupport-DATE. Review the file to check if you must keep the volumes.
Related information
Amazon EBS pricing
Amazon S3 pricing
How are charges for Amazon EBS volumes calculated on my bill?
AWS Support Automation Workflows (SAW)