Why is my deleted EBS volume still showing as compliant or noncompliant in my AWS Config rule?
Last updated: 2020-08-06
I deleted my Amazon Elastic Block Store (Amazon EBS). Why is my Amazon EBS volume still showing as compliant or noncompliant in my AWS Config rule?
Amazon EBS volumes are durable, block-level storage devices that you can attach to Amazon Elastic Compute Cloud (Amazon EC2) instances. You can delete Amazon EBS volumes by:
Amazon EBS volumes deleted with the DeleteVolume API call
Amazon EBS volumes deleted using the DeleteVolume API call invoke a DescribeVolumes API call on volume. The DescribeVolumes API call returns an InvalidVolume.NotFound error code, and the Amazon EBS volume is removed from the list of resources in AWS Config. The updated configuration of the volume is recorded as a configuration item with a status as ResourceDeleted, and then delivered to an Amazon Simple Storage Service (Amazon S3) bucket.
Amazon EBS volumes deleted with the TerminateInstances API call
Terminated Amazon EC2 instances use the DeleteOnTermination attribute for each attached EBS volume to determine to delete the volume. By default, the DeleteOnTermination attribute for the root volume of an Amazon EC2 instance is set to true, and set to false for all other volume types. Amazon EC2 deletes the Amazon EBS volume that have the DeleteOnTermination attribute set to true, but it does not publish the DeleteVolume API call. This is because AWS Config uses the DeleteVolume API call as a trigger with the rule, and the resource changes aren't recorded for the EBS volume. The EBS volume still shows as compliant or noncompliant.
AWS Config performs a baseline every six hours to check for new configuration items with the ResourceDeleted status. The AWS Config rule removes the deleted EBS volumes from the evaluation results. If you choose the "Include deleted resources" check box, you can safely ignore any deleted Amazon EBS volumes.
Note: Amazon EBS volumes associated with Amazon EC2 instances created by Auto Scaling groups use the TerminateInstances API call to terminate the instance.