EBS Rules
These rules identify EBS volumes using outdated volume types, volumes that are unattached, and volumes still attached to stopped instances where storage charges continue without active workloads.
| Rule ID | Scan Type | Name |
|---|---|---|
| CLDBRN-AWS-EBS-1 | Discovery and IaC | EBS Volume Type Not Current Generation |
| CLDBRN-AWS-EBS-2 | Discovery | EBS Volume Unattached |
| CLDBRN-AWS-EBS-3 | Discovery | EBS Volume Attached To Stopped Instances |
CLDBRN-AWS-EBS-1
EBS Volume Type Not Current Generation
Scan type: Discovery and IaC
What it checks
Flags EBS volumes using first- or second-generation volume types: gp2, io1, or standard. Current-generation equivalents offer better performance at equal or lower cost.
Why it matters
gp3is 20% cheaper thangp2at baseline ($0.08/GB vs $0.10/GB) and allows independent IOPS/throughput tuning without extra costio2offers higher durability (99.999%) thanio1at the same pricestandard(magnetic) is the oldest type and has no cost or performance advantage overgp3
What triggers a finding
Volume type is gp2, io1, or standard.
How to remediate
gp2→ migrate togp3. You can modify volumes in-place with no downtime.io1→ migrate toio2. Same in-place modification, same pricing.standard→ migrate togp3.
aws ec2 modify-volume --volume-id vol-0abc123 --volume-type gp3
IaC resources checked
| IaC Tool | Resource Type |
|---|---|
| Terraform | aws_ebs_volume |
| CloudFormation | AWS::EC2::Volume |
CLDBRN-AWS-EBS-2
EBS Volume Unattached
Scan type: Discovery
What it checks
Flags EBS volumes that are not attached to any EC2 instance. Unattached volumes have no running workload consuming them but continue to incur storage charges.
Why it matters
EBS volumes are billed by provisioned storage regardless of whether they are attached or actively used. An unattached 1 TB gp3 volume costs $80/month while providing no value.
What triggers a finding
The volume has no attachments (empty attachments list).
How to remediate
- Verify the volume is not needed (check for recent snapshots, tags indicating ownership)
- Create a final snapshot if you want to preserve the data
- Delete the volume
# Optional: snapshot before deleting
aws ec2 create-snapshot --volume-id vol-0abc123 --description "final backup before delete"
# Delete the volume
aws ec2 delete-volume --volume-id vol-0abc123
CLDBRN-AWS-EBS-3
EBS Volume Attached To Stopped Instances
Scan type: Discovery
What it checks
Flags EBS volumes where every attached EC2 instance is in the stopped state. The volume is provisioned and billed but no running workload is using it.
Why it matters
A stopped EC2 instance does not incur compute charges, but its attached EBS volumes continue to incur storage charges. Long-stopped instances accumulate weeks or months of EBS cost that could be eliminated if the instance is truly no longer needed.
What triggers a finding
The volume has one or more attachments AND all attached instances are in the stopped state.
How to remediate
- Determine whether the stopped instance will be restarted. If yes, no action needed.
- If the instance is permanently stopped, snapshot the volume, then delete both the instance and volume.
- Consider whether the workload should be migrated to Lambda, containers, or another managed service that doesn't require persistent block storage.
See Also
- CLI discover command — scan live EBS volumes
- CLI scan command — scan IaC templates for EBS issues
- SDK Reference — run scans programmatically