Logo of Trend Micro
Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Remove Old Virtual Machine Disk Snapshots

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk Level: Low (generally tolerable level of risk)
Rule ID: VirtualMachines-035

Identify and remove old Azure virtual machine (VM) disks snapshots for cost optimization. A virtual machine disk snapshot is considered old when the VM resource is older than the number of days (e.g. 30 days) specified in the rule settings (threshold). The threshold must be configured in the rule settings, on the Trend Micro Cloud One™ – Conformity account console.

This rule resolution is part of the Conformity Security & Compliance tool for Azure.

Cost
optimisation

A snapshot is a read-only copy of a virtual machine disk. Each VM disk snapshot stored within your Azure cloud account is adding charges to your monthly bill, regardless whether the snapshot is being used or not. Deleting previous (older) snapshots do not affect the ability to restore the disk data from the later snapshots which allows you to keep just the necessary backup data and help lower your Azure cloud costs.

Audit

To determine if you have any obsolete (old) virtual machine disk snapshots within your Azure account, perform the following operations:

Using Azure Portal

01 Sign in to your Trend Micro Cloud One™ – Conformity account, access Check for Remove Old Virtual Machine Disk Snapshots conformity rule settings and identify the threshold (i.e. number of days) configured for the disk snapshot age.

02 Sign in to Azure Management Portal.

03 Navigate to All resources blade at https://portal.azure.com/#blade/HubsExtension/BrowseAll to access all your Microsoft Azure resources.

04 Choose the Azure subscription that you want to access from the Subscription filter box.

05 From the Type filter box, select Snapshot to list only the virtual machine (VM) disk snapshots created in the selected Azure subscription.

06 Click on the name of the VM disk snapshot that you want to examine.

07 In the navigation panel, select Overview to access the configuration details available for the selected disk snapshot.

08 On the Overview panel, check the DATE CREATED attribute value to determine when the selected snapshot was created. Compare the snapshot age with the threshold value identified at step no. 1. If the age of the verified resource is higher than the configured threshold, the selected Azure virtual machine disk snapshot is considered old and can be safely removed from your cloud account.

09 Repeat steps no. 6 – 8 for each Azure VM disk snapshot available in the selected subscription.

10 Repeat steps no. 4 – 9 for each subscription created in your Microsoft Azure cloud account.

Using Azure CLI

01 Sign in to your Trend Micro Cloud One™ – Conformity account, access Check for Remove Old Virtual Machine Disk Snapshots conformity rule settings and identify the threshold configured for the disk snapshot age.

02 Run account list command (Windows/macOS/Linux) using custom query filters to list the IDs of the subscriptions available in your Azure account: 

az account list
	--query '[*].id'

03 The command output should return the requested subscription identifiers (IDs): 

[
  "abcdabcd-1234-abcd-1234-abcdabcdabcd",
  "abcd1234-abcd-1234-abcd-abcd1234abcd",
]

04 Run snapshot list command (Windows/macOS/Linux) using custom query filters to list the name and the associated resource group of virtual machine (VM) disk snapshot created in the selected Azure subscription: 

az snapshot list
	--subscription abcdabcd-1234-abcd-1234-abcdabcdabcd
	--output table
	--query '[*].{name:name, resourceGroup:resourceGroup}'

05 The command output should return the requested disk snapshot identifiers: 

Name                 ResourceGroup
-------------------  ------------------------------
cc-vm-data-snapshot  cloud-shell-storage-westeurope
cc-vm-prod-snapshot  cloud-shell-storage-westeurope

06 Run snapshot show command (Windows/macOS/Linux) using the name of the virtual machine disk snapshot that you want to examine as identifier parameter, to describe the date when the selected disk snapshot was created: 

az snapshot show
	--name cc-vm-data-snapshot
	--resource-group cloud-shell-storage-westeurope
	--subscription abcdabcd-1234-abcd-1234-abcdabcdabcd
	--query 'timeCreated'

07 The command output should return the requested date in human readable format: 

"2018-07-01T10:30:15.00+00:00"

Use the date returned by the snapshot show command output and compare the disk snapshot age with the threshold value identified at step no. 1. If the age of the verified resource is higher than the configured threshold, the selected virtual machine disk snapshot is considered old and can be safely removed from your Azure cloud account.

08 Repeat step no. 6 and 7 for each Azure VM disk snapshot provisioned in the selected subscription.

09 Repeat steps no. 4 – 8 for each subscription created in your Microsoft Azure cloud account.

Remediation / Resolution

To delete any old and unneeded virtual machine disk snapshot from your Microsoft Azure cloud account, perform the following operations:

Using Azure Portal

01 Sign in to Azure Management Portal.

02 Navigate to All resources blade at https://portal.azure.com/#blade/HubsExtension/BrowseAll to access all your Microsoft Azure resources.

03 Choose the Azure subscription that you want to access from the Subscription filter box.

04 From the Type filter box, select Snapshot to list only the virtual machine (VM) disk snapshots available in the selected Azure subscription.

05 Click on the name of the VM disk snapshot that you want to remove.

06 In the navigation panel, select Overview, and click Delete to initiate the snapshot removal.

07 Inside the Delete snapshot confirmation box, click Yes to confirm the VM disk snapshot removal.

08 Repeat steps no. 5 – 7 to delete other obsolete Azure virtual machine disk snapshots available in the selected subscription.

09 Repeat steps no. 3 – 8 for each subscription available in your Microsoft Azure cloud account.

Using Azure CLI

01 Run snapshot delete command (Windows/macOS/Linux) using the name of the virtual machine disk snapshot that you want to delete as identifier parameter, to remove the selected disk snapshot from your Azure cloud account (the command does not produce an output): 

az snapshot delete
	--name cc-vm-data-snapshot
	--resource-group cloud-shell-storage-westeurope
	--subscription abcdabcd-1234-abcd-1234-abcdabcdabcd

02 Repeat step no. 1 to remove other old Azure virtual machine disk snapshots provisioned in the selected subscription.

03 Repeat step no. 1 and 2 for each subscription created in your Microsoft Azure cloud account.

References

Publication date Jul 9, 2020

Related VirtualMachines rules

Unlock the Remediation Steps

Free 30-day Trial

Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

Confirmity Cloud Platform

No thanks, back to article

You are auditing:

Remove Old Virtual Machine Disk Snapshots

Risk Level: Low