ec2-volume-inuse-check

Checks if EBS volumes are attached to EC2 instances. Optionally checks if EBS volumes are marked for deletion when an instance is terminated.

The rule is COMPLIANT if an EBS volume is attached to a running EC2 instance. In this case, it is COMPLIANT when the EBS volume is actively in use by an EC2 instance.

The rule is NON_COMPLIANT if an EBS volume is not attached to any EC2 instance or is attached to a stopped or terminated EC2 instance. In this case, it is NON_COMPLIANT when the EBS volume is not actively in use by an EC2 instance.

Identifier: EC2_VOLUME_INUSE_CHECK

Resource Types: AWS::EC2::Volume

Trigger type: Configuration changes

AWS Region: All supported AWS regions

Parameters:

deleteOnTermination (Optional)
Type: boolean: EBS volumes are marked for deletion when an instance is terminated. Possible values: True or False (other input values are marked as NON_COMPLIANT). If set to True, the rule is NON_COMPLIANT if a terminated EBS volume is not marked for deletion.

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

ec2-transit-gateway-auto-vpc-attach-disabled

ec2-vpn-connection-logging-enabled