π Azure Managed Disk Snapshot is stored on Premium SSDs Managed Disk storage π’
- Contextual name: π Managed Disk Snapshot is stored on Premium SSDs Managed Disk storage π’
- ID:
/ce/ca/azure/virtual-machine/premium-managed-disk-snapshot - Located in: π Azure Virtual Machine
Flagsβ
- π’ Policy with categories
- π’ Policy with type
- π’ Production policy
Our Metadataβ
- Policy Type:
COMPLIANCE_POLICY - Policy Category:
COST
Logicβ
- π§ prod.logic.yaml π’
- π Azure Snapshot
- π Azure Snapshot - object.extracts.yaml
- π§ͺ test-data.json
Descriptionβ
Descriptionβ
Ensure that Azure Managed Disk snapshots are stored on cost-effective Standard-tier storage rather than Premium SSDs. Premium SSDs are designed for performance-intensive workloads, whereas snapshots are typically used for point-in-time backups and disaster recovery scenarios that do not require high performance or low-latency access.
Rationaleβ
Premium SSDs are engineered to deliver high IOPS and throughput for latency-sensitive production workloads. However, these performance characteristics are not required for snapshots, which primarily serve as backup and recovery artifacts.
By utilizing Standard HDD or Standard SSD storage tiers, you can significantly reduce snapshot storage costs without compromising data durability or recovery capabilities.
Auditβ
This policy flags Azure Snapshots as
INCOMPLIANTif theDisk SKU Namecontains the keyword Premium, indicating that the snapshot resides on Premium SSDs Managed Disk storage.
Remediationβ
Remediationβ
Azure does not currently support changing the storage tier (SKU) of an existing snapshot. To transition a snapshot from Premium SSD to a Standard storage, the current Premium snapshot must be re-created using a Standard SKU (Standard_LRS or Standard_ZRS). This re-creation can be done from either the original managed disk, if it still exists or the existing premium snapshot itself.
Create a New Snapshot Using a Standard SKUβ
Specify the appropriate source resource ID in the
--sourceor-SourceUrifield.Azure CLIβ
az snapshot create \
--resource-group {{resource-group-name}} \
--source {{resource-id-of-source-disk-or-snapshot}} \
--name {{new-standard-snapshot-name}} \
--sku {{Standard_LRS / Standard_ZRS}} \
--location {{snapshot-location}}
--sourcecan be a Managed Disk name (if in the same resource group), or the full resource ID of a snapshot or disk.PowerShellβ
$resourceGroup = "{{resource-group-name}}"
$sourceResourceId = "{{resource-id-of-source-disk-or-snapshot}}"
$newSnapshotName = "{{new-standard-snapshot-name}}"
... [see more](remediation.md)
policy.yamlβ
Linked Framework Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ Cloudaware Framework β πΌ Waste Reduction | 9 |