Opportunity Name:
Delete Idle AWS Transfer Servers
AWS Resource Type:
AWS Transfer Family
Opportunity Description
AWS Transfer Family servers enable managed SFTP, FTPS, and FTP file transfers to Amazon S3 and EFS. These servers incur hourly charges even when inactive. Often deployed for short-term use cases, many remain active without ongoing need, leading to avoidable costs and potential security risks.
This Finder identifies idle AWS Transfer Family servers by analyzing key CloudWatch metrics over a configurable inactivity period (defaulting to 30 days). Servers with no meaningful activity are flagged for deletion.
Criteria for Identifying the Opportunity
The Finder applies the following rules:
-
Metrics Monitored:
-
DataIn
-
DataOut
-
FilesUploaded
-
FilesDownloaded
-
-
Inactivity Threshold:
-
Sum of all above metrics over the configured period must be zero.
-
-
LoginAttempts:
-
Not used to determine idleness but included in the report to inform decisions.
-
-
CloudFix CUR Filtering:
-
CUR identifies servers with at least $10 in estimated annual cost and near-zero load activity.
-
-
Configurability:
-
Default inactivity period is 30 days, configurable by the user.
-
Potential Savings (if known)
Idle AWS Transfer Family servers accrue hourly charges. By deleting unused servers, users can save nearly 100% of those costs. Servers with at least $10 in annualized cost are prioritized, ensuring meaningful savings per recommendation.
What Happens When the Fixer is Executed?
Note: As of this release, the Fixer runs in dry-run mode only. Actual deletion is not automatic and must be performed manually.
If executed, the Fixer would:
-
Delete the identified AWS Transfer Family server using the
transfer:DeleteServer
API. -
Validate server existence before deletion.
-
Avoid deletion of any S3 or EFS data associated with the server.
-
Include LoginAttempts information in the report for review.
Note: As of this release, the Fixer runs in dry-run mode only. Actual deletion is not automatic and must be performed manually.
Is It Possible to Roll Back Once CloudFix Implements the Fixer?
No. Once a server is deleted, it cannot be restored. There is no mechanism to recover the server configuration, so deletion should be carefully reviewed before execution.
Can CloudFix Implement the Fix Automatically Once I Accept the Recommendation?
Not yet. This Finder includes validation and deletion logic, but currently supports dry-run mode only. Automated deletion must be performed manually until full Fixer automation is released.
Does the Fix Require Downtime?
No downtime is required for your active workloads. However, any clients configured to use the deleted Transfer Family server will fail to connect once it is removed.
Bill Gleeson
Comments