Why do I have running EC2 instances that I didn't launch?

Last updated: 2020-12-07

I checked the Amazon Elastic Compute Cloud (Amazon EC2) console, and I have instances running that I don't remember launching. Where did these instances come from and how can I remove them?

Short description

To discover how EC2 instances on your account were launched, do the following:

  • Determine if the instances were launched by other AWS services.
  • Determine if other authorized users of your AWS account launched the instances.

Resolution

Determine if the instances were launched by other AWS services

Some AWS services launch EC2 instances as part of their function. The following services, among others, might be configured to launch EC2 instances:

Note: You might need to complete additional steps before or after terminating resources.

If you're charged for EC2 resources that you previously terminated, see Why am I being charged for EC2 when all my instances have been terminated? or Why am I charged for Elastic IP addresses when all my Amazon EC2 instances have been terminated?

Determined if other authorized users launched the instances

Another authorized user might have launched the instances as part of a project that they were working on.

You can use AWS CloudTrail to look for instances of the RunInstances API call. Or, check with other authorized AWS users on your team to verify if they launched instances.

Note: You can use AWS Identity and Access Management (IAM) to manage which users can launch instances or use AWS services.


Did this article help?


Do you need billing or technical support?