feat(aws): migrate ebs volumes from gp2 to gp3 commands

knowledge base/cloud computing/aws/README.md

@@ -16,12 +16,13 @@
    1. [Security Hub](#security-hub)
 1. [Resource constraints](#resource-constraints)
 1. [Access control](#access-control)
+1. [Costs](#costs)
 1. [Savings plans](#savings-plans)
 1. [Resource tagging](#resource-tagging)
 1. [API](#api)
    1. [Python](#python)
 1. [Further readings](#further-readings)
-   1. [Sources](#sources)
+    1. [Sources](#sources)
 
 ## TL;DR
 
@@ -271,6 +272,10 @@ Member accounts can administer Security Hub by delegation if given the permissio
 
 Refer [IAM].
 
+## Costs
+
+See [Understanding data transfer charges].
+
 ## Savings plans
 
 Refer [Savings Plans user guide].
@@ -542,6 +547,7 @@ machine if not.
 [subnets for your vpc]: https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html
 [test your roles' access policies using the aws identity and access management policy simulator]: https://aws.amazon.com/blogs/security/test-your-roles-access-policies-using-the-aws-identity-and-access-management-policy-simulator/
 [tools to build on aws]: https://aws.amazon.com/developer/tools/
+[understanding data transfer charges]: https://docs.aws.amazon.com/cur/latest/userguide/cur-data-transfers-charges.html
 [what is amazon vpc?]: https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html
 [what is aws config?]: https://docs.aws.amazon.com/config/latest/developerguide/WhatIsConfig.html
 [what is cloudwatch]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/WhatIsCloudWatch.html

knowledge base/cloud computing/aws/ebs.md

@@ -6,6 +6,8 @@ Persistent [block storage][what is block storage?] for [EC2 Instances][ec2].
 1. [Volume types](#volume-types)
 1. [Snapshots](#snapshots)
 1. [Encryption](#encryption)
+1. [Troubleshooting](#troubleshooting)
+   1. [Migrate `gp2` volumes to `gp3`](#migrate-gp2-volumes-to-gp3)
 1. [Further readings](#further-readings)
    1. [Sources](#sources)
 
@@ -184,6 +186,19 @@ Attaching EBS volumes which data keys are encrypted with unusable KMS keys to EC
 not be able to use the KMS keys to decrypt the data key used for the volume.<br/>
 Make the KMS key usable again to be able to attach such EBS volumes.
 
+## Troubleshooting
+
+### Migrate `gp2` volumes to `gp3`
+
+See also [Hands-on Guide: How to migrate from gp2 to gp3 volumes and lower AWS cost].
+
+It is **strongly advised** to take a snapshot of volumes before changing their type.
+
+```sh
+aws ec2 describe-volumes --filters "Name=volume-type,Values=gp2" --query 'Volumes[].VolumeId' --output 'text' \
+| xargs -pn '1' aws ec2 modify-volume --volume-type 'gp3' --volume-id
+```
+
 ## Further readings
 
 - [Amazon Web Services]
@@ -194,6 +209,7 @@ Make the KMS key usable again to be able to attach such EBS volumes.
 - [Choose the best Amazon EBS volume type for your self-managed database deployment]
 - [Extend the file system after resizing an EBS volume]
 - [Pricing][amazon ebs pricing]
+- [Hands-on Guide: How to migrate from gp2 to gp3 volumes and lower AWS cost]
 
 ### Sources
 
@@ -230,3 +246,4 @@ Make the KMS key usable again to be able to attach such EBS volumes.
 
 <!-- Others -->
 [delete unused aws ebs volumes]: https://www.nops.io/unused-aws-ebs-volumes/
+[hands-on guide: how to migrate from gp2 to gp3 volumes and lower aws cost]: https://www.stream.security/post/hands-on-guide-how-to-migrate-from-gp2-to-gp3-volumes

snippets/aws/ec2.fish

@@ -62,6 +62,13 @@ aws ec2 describe-instances --output 'text' \
 	--filters 'Name=tag:Name,Values=Prometheus' 'Name=instance-state-name,Values=running' \
 	--query 'Reservations[].Instances[0].BlockDeviceMappings[*].Ebs.VolumeId'
 
+# Change volume type
+aws ec2 modify-volume --volume-type 'gp3' --volume-id 'vol-0123456789abcdef0'
+
+# Migrate gp2 volumes to gp3
+aws ec2 describe-volumes --filters "Name=volume-type,Values=gp2" --query 'Volumes[].VolumeId' --output 'text' \
+| xargs -pn '1' aws ec2 modify-volume --volume-type 'gp3' --volume-id
+
 # Create snapshots of EBS volumes
 aws ec2 create-snapshot --volume-id 'vol-0123456789abcdef0' --description 'Manual snapshot Pre-Update' \
 	--tag-specifications 'ResourceType=snapshot,Tags=[{Key=Name,Value=Prometheus},{Key=Team,Value=Infra}]' \

snippets/pulumi/commands.fish

@@ -78,7 +78,7 @@ pulumi stack export | jq -r '.deployment.resources[].provider' | grep -v 'aws::d
 # Avoid permission errors when deleting clusters with charts and stuff.
 PULUMI_K8S_DELETE_UNREACHABLE='true' pulumi destroy
 
-# Move rsources between stacks
+# Move resources between stacks
 pulumi state move --source 'organization/utils/dev' --dest 'organization/iam/dev' \
 	'urn:pulumi:dev::utils::aws:iam/role:Role::rdsToS3Exporter' \
 	'urn:pulumi:dev::utils::aws:iam/rolePolicy:RolePolicy::rdsToS3Exporter-allowExportingSnapshotsToS3'