⭐ Repository → 📁 Compliance Engine → 📁 CloudAware → 📁 AWS → 📁 EC2

🛡️ AWS EBS Snapshot is 90 days old or more🟠🟢

• Contextual name: 🛡️ EBS Snapshot is 90 days old or more🟠🟢
• ID: /ce/ca/aws/ec2/ebs-snapshot-old
• Tags:
  • 🟢 Policy with categories
  • 🟠 Policy with internal.md
  • 🟢 Policy with type
  • 🟢 Production policy
• Policy Type: COMPLIANCE_POLICY
• Policy Categories: COST

Logic

• 🧠 prod.logic.yaml🟢
  • 📗 AWS EBS Snapshot
  • 🔌 AWS EBS Snapshot - object.extracts.yaml
  • 🧪 test-data.json

Internal Notes 🟠

Open File

we also need a storageTier field that shows if the snapshot is in archive or standard storage tier.

Description

Open File

Description

This policy identifies AWS EBS Snapshots that are older than 90 days and should be evaluated for deletion or archival.

Rationale

Regular review and management of aged EBS snapshots is an essential component of cloud resource hygiene. Unmanaged snapshots can accumulate over time, resulting in unnecessary storage costs. Additionally, retaining snapshots beyond their required lifecycle may increase security risks, complicate data management, and create compliance challenges.

Impact

Snapshots must be carefully reviewed before removal to confirm they are not part of an active backup or retention strategy. Deleting a critical snapshot could result in irreversible data loss.

Audit

This policy flags an AWS EBS Snapshot as INCOMPLIANT if its Start Time, the timestamp marking snapshot creation, exceeds 90 days.

EBS Snapshots with a State other than completed are marked as INAPPLICABLE.

Remediation

Open File

Remediation

To manage old EBS snapshots, you can either delete them or move them to a lower-cost archive tier. The following steps outline both options, as well as an automated solution using Amazon Data Lifecycle Manager (DLM).

Option 1: Deleting the Snapshot

From Command Line

aws ec2 delete-snapshot --snapshot-id {{snapshot-id}}

Option 2: Archiving the Snapshot

From Command Line

Use this option if the snapshot must be retained for compliance or audit purposes but does not require immediate access. Archiving significantly reduces storage costs.

aws ec2 modify-snapshot-tier \
    --snapshot-id {{snapshot-id}} \
    --storage-tier archive

Automated Remediation with Amazon Data Lifecycle Manager (DLM)

For proactive management, consider Amazon Data Lifecycle Manager to automate snapshot creation, retention, archiving, and deletion.

From Command Line

To create a default policy for EBS snapshots

aws dlm create-lifecycle-policy \
    --state {{ENABLED | DISABLED}} \
    --description "{{policy-description}}" \

... [see more](remediation.md)

policy.yaml

Open File

Linked Framework Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 Cloudaware Framework → 💼 Waste Reduction			25		no data