From 78335a4bf187132981b53b915fa5ae62bd447eae Mon Sep 17 00:00:00 2001
From: Michele Cereda <cereda.michele@gmail.com>
Date: Thu, 13 Feb 2025 00:09:03 +0100
Subject: [PATCH] feat(aws): migrate ebs volumes from gp2 to gp3 commands

---
 knowledge base/cloud computing/aws/README.md |  8 +++++++-
 knowledge base/cloud computing/aws/ebs.md    | 17 +++++++++++++++++
 snippets/aws/ec2.fish                        |  7 +++++++
 snippets/pulumi/commands.fish                |  2 +-
 4 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/knowledge base/cloud computing/aws/README.md b/knowledge base/cloud computing/aws/README.md
index 2290dd5..0fd50fb 100644
--- a/knowledge base/cloud computing/aws/README.md	
+++ b/knowledge base/cloud computing/aws/README.md	
@@ -16,12 +16,13 @@
    1. [Security Hub](#security-hub)
 1. [Resource constraints](#resource-constraints)
 1. [Access control](#access-control)
+1. [Costs](#costs)
 1. [Savings plans](#savings-plans)
 1. [Resource tagging](#resource-tagging)
 1. [API](#api)
    1. [Python](#python)
 1. [Further readings](#further-readings)
-   1. [Sources](#sources)
+    1. [Sources](#sources)
 
 ## TL;DR
 
@@ -271,6 +272,10 @@ Member accounts can administer Security Hub by delegation if given the permissio
 
 Refer [IAM].
 
+## Costs
+
+See [Understanding data transfer charges].
+
 ## Savings plans
 
 Refer [Savings Plans user guide].
@@ -542,6 +547,7 @@ machine if not.
 [subnets for your vpc]: https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html
 [test your roles' access policies using the aws identity and access management policy simulator]: https://aws.amazon.com/blogs/security/test-your-roles-access-policies-using-the-aws-identity-and-access-management-policy-simulator/
 [tools to build on aws]: https://aws.amazon.com/developer/tools/
+[understanding data transfer charges]: https://docs.aws.amazon.com/cur/latest/userguide/cur-data-transfers-charges.html
 [what is amazon vpc?]: https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html
 [what is aws config?]: https://docs.aws.amazon.com/config/latest/developerguide/WhatIsConfig.html
 [what is cloudwatch]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/WhatIsCloudWatch.html
diff --git a/knowledge base/cloud computing/aws/ebs.md b/knowledge base/cloud computing/aws/ebs.md
index 3259926..f4b2bd0 100644
--- a/knowledge base/cloud computing/aws/ebs.md	
+++ b/knowledge base/cloud computing/aws/ebs.md	
@@ -6,6 +6,8 @@ Persistent [block storage][what is block storage?] for [EC2 Instances][ec2].
 1. [Volume types](#volume-types)
 1. [Snapshots](#snapshots)
 1. [Encryption](#encryption)
+1. [Troubleshooting](#troubleshooting)
+   1. [Migrate `gp2` volumes to `gp3`](#migrate-gp2-volumes-to-gp3)
 1. [Further readings](#further-readings)
    1. [Sources](#sources)
 
@@ -184,6 +186,19 @@ Attaching EBS volumes which data keys are encrypted with unusable KMS keys to EC
 not be able to use the KMS keys to decrypt the data key used for the volume.<br/>
 Make the KMS key usable again to be able to attach such EBS volumes.
 
+## Troubleshooting
+
+### Migrate `gp2` volumes to `gp3`
+
+See also [Hands-on Guide: How to migrate from gp2 to gp3 volumes and lower AWS cost].
+
+It is **strongly advised** to take a snapshot of volumes before changing their type.
+
+```sh
+aws ec2 describe-volumes --filters "Name=volume-type,Values=gp2" --query 'Volumes[].VolumeId' --output 'text' \
+| xargs -pn '1' aws ec2 modify-volume --volume-type 'gp3' --volume-id
+```
+
 ## Further readings
 
 - [Amazon Web Services]
@@ -194,6 +209,7 @@ Make the KMS key usable again to be able to attach such EBS volumes.
 - [Choose the best Amazon EBS volume type for your self-managed database deployment]
 - [Extend the file system after resizing an EBS volume]
 - [Pricing][amazon ebs pricing]
+- [Hands-on Guide: How to migrate from gp2 to gp3 volumes and lower AWS cost]
 
 ### Sources
 
@@ -230,3 +246,4 @@ Make the KMS key usable again to be able to attach such EBS volumes.
 
 <!-- Others -->
 [delete unused aws ebs volumes]: https://www.nops.io/unused-aws-ebs-volumes/
+[hands-on guide: how to migrate from gp2 to gp3 volumes and lower aws cost]: https://www.stream.security/post/hands-on-guide-how-to-migrate-from-gp2-to-gp3-volumes
diff --git a/snippets/aws/ec2.fish b/snippets/aws/ec2.fish
index 4bfafd1..93e2d69 100644
--- a/snippets/aws/ec2.fish
+++ b/snippets/aws/ec2.fish
@@ -62,6 +62,13 @@ aws ec2 describe-instances --output 'text' \
 	--filters 'Name=tag:Name,Values=Prometheus' 'Name=instance-state-name,Values=running' \
 	--query 'Reservations[].Instances[0].BlockDeviceMappings[*].Ebs.VolumeId'
 
+# Change volume type
+aws ec2 modify-volume --volume-type 'gp3' --volume-id 'vol-0123456789abcdef0'
+
+# Migrate gp2 volumes to gp3
+aws ec2 describe-volumes --filters "Name=volume-type,Values=gp2" --query 'Volumes[].VolumeId' --output 'text' \
+| xargs -pn '1' aws ec2 modify-volume --volume-type 'gp3' --volume-id
+
 # Create snapshots of EBS volumes
 aws ec2 create-snapshot --volume-id 'vol-0123456789abcdef0' --description 'Manual snapshot Pre-Update' \
 	--tag-specifications 'ResourceType=snapshot,Tags=[{Key=Name,Value=Prometheus},{Key=Team,Value=Infra}]' \
diff --git a/snippets/pulumi/commands.fish b/snippets/pulumi/commands.fish
index 010a771..d9aee6a 100644
--- a/snippets/pulumi/commands.fish
+++ b/snippets/pulumi/commands.fish
@@ -78,7 +78,7 @@ pulumi stack export | jq -r '.deployment.resources[].provider' | grep -v 'aws::d
 # Avoid permission errors when deleting clusters with charts and stuff.
 PULUMI_K8S_DELETE_UNREACHABLE='true' pulumi destroy
 
-# Move rsources between stacks
+# Move resources between stacks
 pulumi state move --source 'organization/utils/dev' --dest 'organization/iam/dev' \
 	'urn:pulumi:dev::utils::aws:iam/role:Role::rdsToS3Exporter' \
 	'urn:pulumi:dev::utils::aws:iam/rolePolicy:RolePolicy::rdsToS3Exporter-allowExportingSnapshotsToS3'