π Azure Managed Disk Snapshot is 90 days old or more π’
- Contextual name: π Managed Disk Snapshot is 90 days old or more π’
- ID:
/ce/ca/azure/virtual-machine/managed-disk-snapshot-90-days-old - Located in: π Azure Virtual Machine
Flagsβ
- π’ Policy with categories
- π’ Policy with type
- π’ Production policy
Our Metadataβ
- Policy Type:
COMPLIANCE_POLICY - Policy Category:
COST
Logicβ
- π§ prod.logic.yaml π’
- π Azure Snapshot
- π Azure Snapshot - object.extracts.yaml
- π§ͺ test-data.json
Descriptionβ
Descriptionβ
Identify Azure Managed Disk Snapshots that are 90 days old or older to optimize storage utilization and uphold data lifecycle management practices by flagging snapshots for potential deletion or archival.
Rationaleβ
Snapshots that exceed 90 days in age may contribute to unnecessary storage costs. Regular review and lifecycle management of such resources support cost efficiency and improve data hygiene. Archiving or deleting outdated snapshots helps ensure a well-governed and optimized cloud infrastructure.
Impactβ
You should assess the business and compliance requirements for retaining snapshots beyond 90 days. Some regulatory or operational policies may necessitate extended retention. Actions taken (i.e., deletion or archival) must align with internal data retention and governance policies.
Auditβ
This policy marks an Azure Snapshot as
INCOMPLIANTif the value in itsTime Createdfield indicates a creation date 90 days or more in the past, relative to the current date.
Remediationβ
Remediationβ
Deleting Snapshotsβ
If a snapshot is no longer required for operational, compliance, or recovery purposes, it should be permanently deleted to eliminate unnecessary storage charges.
Azure CLIβ
Use the
az snapshot deletecommand to remove the snapshot:az snapshot delete \
--resource-group {{resource-group-name}} \
--name {{snapshot-name}} \
--yesPowerShellβ
Use the
Remove-AzSnapshotcmdlet:Remove-AzSnapshot `
-ResourceGroupName "{{resource-group-name}}" `
-SnapshotName "{{snapshot-name}}" `
-ForceArchiving Snapshotsβ
Snapshots that must be retained for compliance or archival purposes can be exported as VHDs and stored in a lower-cost blob storage tier.
Export Snapshot to Page Blob (VHD)β
Generate a short-lived SAS for the snapshot and copy it to a designated storage account container as a Page Blob:
Azure CLIβ
subscriptionId={{subscription-id}}
resourceGroupName={{resource-group-name}}
snapshotName={{snapshot-name}}
sasExpiryDuration=3600
storageAccountName={{storage-account-name}}
... [see more](remediation.md)
policy.yamlβ
Linked Framework Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ Cloudaware Framework β πΌ Waste Reduction | 9 |