Logo of Trend Micro
Use the Conformity Knowledge Base AI to help improve your Cloud Posture

EBS Volumes Too Old Snapshots

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk Level: Low (generally tolerable level of risk)
Rule ID: EBS-005

Check for any AWS EBS snapshots older than 30 days available within your AWS account and remove them in order to lower the cost of your monthly bill. The threshold for the retention period is 30 days, which means that all incremental snapshots older than 30 days should be deleted.

This rule can help you work with the AWS Well-Architected Framework.

This rule resolution is part of the Conformity Security & Compliance tool for AWS.

Sustainability
Cost
optimisation

With an active EBS backup strategy that takes volume snapshots daily or weekly, your data can grow rapidly and add unexpected charges to your bill. Since AWS EBS volumes snapshots are incremental, deleting previous (older) snapshots do not affect the ability to restore the volume data from later snapshots which allows you keep just the necessary backup data and lower your AWS monthly costs.

Audit

To determine if you have any obsolete (> 30 days) EBS snapshots available in your AWS account, perform the following:

Using AWS Console

01 Login to the AWS Management Console.

02 Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.

03 In the navigation panel, under Elastic Block Store, click Snapshots.

04 Select the EBS volume snapshot that you need to examine.

05 Select the Description tab from the bottom panel.

06 Under Volume ID check for the Started parameter value to determine the date and time when the selected snapshot was taken:

check for the Started parameter value to determine the date and time when the selected snapshot was taken

If the volume snapshot has been created more than 30 days ago, it's highly likely that the selected snapshot is not needed anymore and it can be safely deleted.

07 Repeat step no. 4, 5 and 6 for each EBS snapshot available in the current region. Change the AWS region from the navigation bar:

Change the AWS region from the navigation bar

to repeat the process for the other regions.

Using AWS CLI

01 Run describe-snapshots command (OSX/Linux/UNIX) to determine if your EBS volume snapshots are older than 30 days. The next example expose the metadata for each completed snapshot available in the US East region, for the AWS account with the ID 353366855517: 

aws ec2 describe-snapshots
	--owner-ids 353366855517
	--region us-east-1
	--filters Name=status,Values=completed

02 The command output should reveal the creation date and time for each snapshot available in the selected region. Check the StartTime parameter value to determine if there are any snapshots older than 30 days: 

{
    "Snapshots": [
        {
            "Description": "EBS app ver. 1.2 (June 2015)",
            "Encrypted": false,
            "VolumeId": "vol-a747f676",
            "State": "completed",
            "VolumeSize": 30,
            "Progress": "100%",
            "StartTime": "2015-06-18T20:46:40.000Z",
            "SnapshotId": "snap- 4b297149",
            "OwnerId": "353366855517"
        },
	       ...
        {
            "Description": "Initial EBS root snapshot (January 2015)",
            "Encrypted": false,
            "VolumeId": "vol-44853295",
            "State": "completed",
            "VolumeSize": 15,
            "Progress": "100%",
            "StartTime": "2015-01-22T11:43:31.000Z",
            "SnapshotId": "snap-6a5c7b0b",
            "OwnerId": "353366855517"
        }
    ]
}

Remediation / Resolution

To safely delete any old and unneeded EBS volume snapshots from your AWS account, perform the following:

Using AWS Console

01 Login to the AWS Management Console.

02 Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.

03 In the navigation panel, under Elastic Block Store, click Snapshots.

04 Select the EBS volume snapshot that you need to remove.

05 Click Actions dropdown button from the dashboard top menu and select Delete:

Click Actions dropdown button from the dashboard top menu and select Delete

06 In the Delete Snapshot dialog box, review the snapshot details (ID), then click Yes, Delete.

07 Repeat step no. 4, 5 and 6 for each obsolete EBS snapshot available in the current region. Change the AWS region from the navigation bar:

Change the AWS region from the navigation bar

to repeat the process for the other regions.

Using AWS CLI

01 Run delete-snapshot command (OSX/Linux/UNIX) to remove the selected EBS volume snapshot. The following example use an EBS snapshot with the ID snap-4b297149. If delete-snapshot command succeeds, no output is returned:

aws ec2 delete-snapshot
	--snapshot-id snap-4b297149

References

Publication date Apr 18, 2016

Related EBS rules

Unlock the Remediation Steps

Free 30-day Trial

Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

Confirmity Cloud Platform

No thanks, back to article

You are auditing:

EBS Volumes Too Old Snapshots

Risk Level: Low