🛡️ Google GCE Snapshot is 90 days old or more🟢

• Contextual name: 🛡️ Snapshot is 90 days old or more🟢
• ID: /ce/ca/google/compute-engine/snapshot-90-days-old
• Tags:
  • 🟢 Policy with categories
  • 🟢 Policy with type
  • 🟢 Production policy
• Policy Type: COMPLIANCE_POLICY
• Policy Categories: COST

Logic

• 🧠 prod.logic.yaml🟢
  • 📗 Google GCE Snapshot
  • 🔌 Google GCE Snapshot - object.extracts.yaml
  • 🧪 test-data.json

Description

Open File

Description

This policy identifies Google GCE Snapshots that are 90 days old or older. These snapshots are flagged for potential deletion or archival to optimize storage utilization and support effective data lifecycle management practices.

Rationale

Stale snapshots can accumulate over time, generating unnecessary storage costs without providing meaningful value for disaster recovery or data restoration. By removing or archiving outdated snapshots, you can reduce their cloud storage footprint and lower monthly expenses.

Impact

Failure to manage old snapshots results in ongoing storage charges for data that may no longer be relevant. Additionally, retaining a large number of outdated snapshots can complicate recovery processes by making it more difficult to identify the correct snapshot for restoration.

Audit

This policy flags an Google GCE Snapshot as INCOMPLIANT if its Creation Date exceeds 90 days.

GCE Snapshots with a Status other than READY are marked as INAPPLICABLE.

Remediation

Open File

Remediation

Old snapshots should managed through automated schedules for ongoing governance.

Create a Snapshot Lifecycle Policy

To prevent accumulation of old snapshots, configure a snapshot schedule for your persistent disks. This schedule automates snapshot creation and cleanup, ensuring future snapshots older than a set duration (e.g., 90 days) are automatically deleted.

Using gcloud CLI

1. Create a snapshot schedule:

   gcloud compute resource-policies create snapshot-schedule {{schedule-name}} \
       --region={{region}} \
       --start-time={{13:00}} \
       {{--daily-schedule | --hourly-schedule={{hours}} | --weekly-schedule={{weekly-cycle}}}} \
       --max-retention-days={{90}} \
       --on-source-disk-delete=apply-retention-policy

2. Attach the schedule to a persistent disk:

   gcloud compute disks add-resource-policies {{disk-name}} \
       --resource-policies={{schedule-name}} \
       --zone={{zone}}

Note: Existing snapshots older than 90 days are not retroactively deleted when applying a schedule, they must be handled manually.

... see more

policy.yaml

Open File

Linked Framework Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 Cloudaware Framework → 💼 Waste Reduction			25		no data