Info icon
End of Life Notice: For Trend Cloud One™ - Conformity Customers, Conformity will reach its End of Sale on “July 31st, 2025” and End of Life “July 31st, 2026”. The same capabilities and much more is available in TrendAI Vision One™ Cloud Risk Management. For details, please refer to Upgrade to TrendAI Vision One™
Logo of TrendAI
Use the Knowledge Base AI to help improve your Cloud Posture

Configure Snapshot Policy for File Systems

TrendAI Vision One™ provides continuous assurance that gives peace of mind for your cloud infrastructure, delivering over 1400 automated best practice checks.

Risk Level: Medium (should be achieved)
Rule ID: OCI-FileStorage-009

Ensure that your Oracle Cloud Infrastructure (OCI) File Storage file systems have snapshot policies attached, as these policies govern the automatic creation of snapshots by containing a list of snapshot schedules where the frequency of snapshot creation for the associated file systems can be defined.

Reliability

OCI File Storage file systems should use snapshot policies for automated, frequent, and policy-governed data protection, ensuring reliable point-in-time recovery from data corruption or accidental deletion.

Audit

To determine if snapshot policies are configured for your OCI file systems, perform the following operations:

Using OCI Console

  1. Sign in to your Oracle Cloud Infrastructure (OCI) account.

  2. Navigate to File Storage console available at https://cloud.oracle.com/fss/.

  3. In the left navigation panel, choose File Systems, and select an OCI compartment from the Compartment dropdown menu, to list the file systems provisioned in that compartment.

  4. Click on the name (link) of the file system that you want to examine, listed in the Name column.

  5. Select the File System information tab, and check the Snapshot Policy attribute value, listed in the Snapshot Policy section, to determine if there are any snapshot policies configured for the selected resource. If the Snapshot Policy attribute value is missing, there are no snapshot policies configured for the selected OCI File Storage file system.

Using OCI CLI

  1. Run iam compartment list command (Windows/macOS/Linux) with output query filters to list the ID of each compartment available in your Oracle Cloud Infrastructure (OCI) account:

    oci iam compartment list
	--all
	--include-root
	--query 'data[]."id"'

  2. The command output should return the requested OCI compartment identifiers (OCIDs):

    [
	"ocid1.tenancy.oc1..aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd",
	"ocid1.compartment.oc1..abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd"
]

  3. Run fs file-system list command (Windows/macOS/Linux) with the ID of the OCI compartment that you want to examine as the identifier parameter, to list the ID of each File Storage system provisioned in the selected OCI compartment:

    oci fs file-system list
	--compartment-id 'ocid1.tenancy.oc1..aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd'
	--availability-domain 'ABC1:AB-ABC123-1-BC-1'
	--all
	--query 'data[]."id"'

  4. The command output should return the requested file system IDs:

    [
	"ocid1.filesystem.oc1.ap_sydney_1.aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd",
	"ocid1.filesystem.oc1.ap_sydney_1.aaaabbbbccccddddabcdabcd1234abcd1234abcd1234abcd1234abcd1234"
]

  5. Run fs file-system get command (Windows/macOS/Linux) to determine if there are any snapshot policies configured for the selected OCI file system:

    oci fs file-system get
	--file-system-id 'ocid1.filesystem.oc1.ap_sydney_1.aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd'
	--query 'data."filesystem-snapshot-policy-id"'

  6. The command output should return the ID of the snapshot policy attached to your file system:

    ""

    If the fs file-system get command output returns an empty string, i.e., "", as shown in the example above, there are no snapshot policies configured for the selected OCI File Storage file system.

Remediation / Resolution

To configure snapshot policies for your Oracle Cloud Infrastructure (OCI) File Storage file systems, perform the following operations:

Using OCI Console

  1. Sign in to your Oracle Cloud Infrastructure (OCI) account.

  2. Navigate to File Storage console available at https://cloud.oracle.com/fss/.

  3. In the left navigation panel, under Additional resources, choose Snapshot Policies, and select your OCI compartment from the Compartment dropdown menu.

  4. Choose Create Snapshot Policy and perform the following actions to create a new snapshot policy for your OCI file system:

    1. For Snapshot Policy name, enter your a unique name for your new snapshot policy.
    2. (Optional) For Snapshot Policy prefix, provide a prefix for the snapshot name.
    3. For Availability Domain, select the availability domain that hosts your OCI file system in the selected OCI compartment.
    4. For Create in Compartment, select the appropriate OCI compartment.
    5. For Schedules (Optional), choose Add schedule, and provide the necessary configuration details such as schedule type, schedule time format, and snapshot retention duration. A schedule defines when a file system snapshot is created and how long the system retains the snapshot before it expires and is deleted.
    6. (Optional) Choose Show advanced options and configure resource tags and resource locks for your file system.
    7. Choose Create to create your new OCI file system snapshot policy.

  5. In the left navigation panel, under File Storage, choose File Systems, and select an OCI compartment from the Compartment dropdown menu, to list the file systems provisioned in that compartment.

  6. Click on the name (link) of the file system that you want to configure, listed in the Name column.

  7. In the Resources navigation panel, select Snapshot Policy, choose Attach Snapshot Policy, select the policy created in step no. 4, and choose again Attach Snapshot Policy to associate the snapshot policy with your OCI File Storage file system.

Using OCI CLI

  1. Run fs filesystem-snapshot-policy create command (Windows/macOS/Linux) to create a OCI new file system snapshot policy in the specified compartment and availability domain:

    oci fs filesystem-snapshot-policy create
	--compartment-id 'ocid1.tenancy.oc1..aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd'
	--availability-domain 'ABC1:AP-SYDNEY-1-AD-1'
	--display-name 'cc-project5-fs-snapshot-policy'
	--schedules '[{"timeZone":"UTC","period":"DAILY","hourOfDay":20}]'

  2. The command output should return the configuration information available for the new snapshot policy:

    {
	"data": {
		"availability-domain": "ABC1:AP-SYDNEY-1-AD-1",
		"compartment-id": "ocid1.tenancy.oc1..aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd",
		"defined-tags": {
		"Oracle-Tags": {},
		"display-name": "cc-project5-fs-snapshot-policy",
		"freeform-tags": {},
		"id": "ocid1.filesystemsnapshotpolicy.oc1.ap_sydney_1.abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd",
		"lifecycle-state": "ACTIVE",
		"locks": [],
		"policy-prefix": null,
		"schedules": [
			{
				"day-of-month": null,
				"day-of-week": null,
				"hour-of-day": 20,
				"month": null,
				"period": "DAILY",
				"retention-duration-in-seconds": 604800,
				"schedule-prefix": null,
				"time-schedule-start": "2025-11-05T13:23:07.177000+00:00",
				"time-zone": "UTC"
			}
		],
		"system-tags": {},
		"time-created": "2025-11-05T13:23:07.177000+00:00"
	}
}

  3. Run fs file-system update command (Windows/macOS/Linux) to associate the newly created snapshot policy with the specified Oracle Cloud Infrastructure (OCI) File Storage file system:

    oci fs file-system update
	--file-system-id 'ocid1.filesystem.oc1.ap_sydney_1.aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd'
	--filesystem-snapshot-policy-id 'ocid1.filesystemsnapshotpolicy.oc1.ap_sydney_1.abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd'

  4. The command output should return the configuration information available for the modified file system:

    {
	"data": {
		"are-quota-rules-enabled": false,
		"availability-domain": "ABCD:AP-SYDNEY-1-AD-1",
		"clone-attach-status": "DETACHED",
		"clone-count": 0,
		"compartment-id": "ocid1.tenancy.oc1..aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd",
		"defined-tags": {},
		"display-name": "cc-project5-file-system",
		"filesystem-snapshot-policy-id": "ocid1.filesystemsnapshotpolicy.oc1.ap_sydney_1.abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd",
		"freeform-tags": {},
		"id": "ocid1.filesystem.oc1.ap_sydney_1.aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd",
		"is-clone-parent": false,
		"is-hydrated": true,
		"is-targetable": false,
		"kms-key-id": null,
		"lifecycle-details": null,
		"lifecycle-state": "ACTIVE",
		"metered-bytes": 0,
		"quota-enforcement-state": "DISABLED",
		"replication-source-count": 0,
		"replication-target-id": null,
		"source-details": null,
		"system-tags": null,
		"time-created": "2025-10-16T03:45:20.573000+00:00"
	},
	"etag": "abcd1234abcd1234abcd1234abcd1234"
}

References

Publication date Nov 12, 2025

Related OCI-FileStorage rules