Skip to main content

โญ Repository โ†’ ๐Ÿ“ Compliance Engine โ†’ ๐Ÿ“ CloudAware โ†’ ๐Ÿ“ Google โ†’ ๐Ÿ“ GCE

๐Ÿ›ก๏ธ Google GCE Disk is idle๐ŸŸข

Logicโ€‹

Descriptionโ€‹

Open File

Descriptionโ€‹

This policy identifies GCE persistent disks that are not attached to any Compute Engine instance and have remained unused for more than 30 days.

Rationaleโ€‹

Unattached persistent disks can accumulate in a project, leading to unnecessary storage costs if left unmanaged.

Impactโ€‹

Before deleting a disk, confirm that it is not reserved for future use, retained for compliance purposes, or required for backup and disaster recovery. Deleting disks without validation may result in irreversible data loss.

Auditโ€‹

This policy marks a Google GCE Disk as INCOMPLIANT if:

  • The disk doesn't have a related Google GCE Attached Disk.
  • The disk's lastAttachTimestamp is empty.
  • The lastDetachTimestamp is more than 30 days old.

Disks of Type SCRATCH are marked as INAPPLICABLE.

Remediationโ€‹

Open File

Remediationโ€‹

Before deleting a persistent disk, confirm that it is not required for current or planned services. Coordinate with application owners or your operations team to ensure the disk is not reserved for a future deployment or used for failover, archival, or compliance purposes.

Archive the Diskโ€‹

Using gcloud CLIโ€‹

If the disk must be retained for compliance or future recovery, create an image or snapshot before deletion:

gcloud compute disks snapshot {{disk-name}} \
    --zone {{zone}} \
    --snapshot-names {{snapshot-name}} \
    --project {{project-id}}

Release an Unused Persistent Diskโ€‹

Using gcloud CLIโ€‹

Permanently remove an unused persistent disk

gcloud compute disks delete {{disk-name}} \
    --zone {{zone}} \
    --project {{project-id}}

policy.yamlโ€‹

Open File

Linked Framework Sectionsโ€‹

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
๐Ÿ’ผ Cloudaware Framework โ†’ ๐Ÿ’ผ Waste Reduction25no data