Logo of Trend Micro
Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Remove Old Persistent Disk Snapshots

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk Level: Low (generally tolerable level of risk)

Identify and remove old virtual machine persistent disk snapshots in order to optimize storage costs. A Google Cloud virtual machine disk snapshot is considered old when the resource is older than the number of days specified in the conformity rule settings (threshold). The threshold must be configured in the rule settings, on your Trend Micro Cloud One™ – Conformity account console.

Cost
optimisation

Virtual machine persistent disk snapshots incur monthly storage charges as long as they exist within your Google Cloud Platform (GCP) projects, regardless whether the snapshots are being used or not. To help lower your Google Cloud storage costs, remove any obsolete (old) virtual machine disk snapshots from your GCP projects.

Audit

To identify any old (unneeded) virtual machine disk snapshots within your Google Cloud account, perform the following actions:

Using GCP Console

01 Sign in to your Trend Micro Cloud One™ – Conformity account, access Remove Old Persistent Disk Snapshots conformity rule settings and identify the threshold (i.e. number of days) configured for the disk snapshot age.

02 Sign in to Google Cloud Management Console.

03 Select the Google Cloud Platform (GCP) project that you want to examine from the console top navigation bar.

04 Navigate to Google Compute Engine console at https://console.cloud.google.com/compute.

05 In the navigation panel, select Snapshots to access the list with all the virtual machine (VM) disk snapshots available for the selected project.

06 Choose the VM disk snapshot that you want to examine, and check the date and time value listed in the Creation time column to determine when the selected snapshot was created. Compare the snapshot age with the threshold value identified at step no. 1. If the age of the verified resource is higher than the configured threshold, the selected VM persistent disk snapshot is considered old and can be safely removed from your Google Cloud project.

07 Repeat step no. 5 and 6 for each virtual machine disk snapshot created for the selected GCP project.

08 Repeat steps no. 2 – 7 for each project deployed in your Google Cloud account.

Using GCP CLI

01 Sign in to your Trend Micro Cloud One™ – Conformity account, access Remove Old Persistent Disk Snapshots conformity rule settings and identify the threshold (i.e. number of days) configured for the disk snapshot age.

02 Run projects list command (Windows/macOS/Linux) using custom query filters to list the IDs of all the Google Cloud Platform (GCP) projects available in your Google Cloud account: 

gcloud projects list
    --format="table(projectId)"

03 The command output should return the requested GCP project IDs: 

PROJECT_ID
cc-project5-123123
cc-web-stack-112233

04 Run compute snapshots list command (Windows/macOS/Linux) using the ID of the GCP project that you want to examine as identifier parameter and custom query filters to list the names of all the VM persistent disk snapshots available for the selected project: 

gcloud compute snapshots list
    --project cc-project5-123123
    --format="table(name)"

05 The command output should return the name(s) of the disk snapshot(s) created for the selected GCP project: 

NAME
cc-project5-disk-snapshot-001
cc-project5-disk-snapshot-002
cc-project5-disk-snapshot-003
cc-project5-disk-snapshot-004
cc-project5-disk-snapshot-005

06 Run compute snapshots describe command (Windows/macOS/Linux) using the name of the virtual machine disk snapshot that you want to examine as identifier parameter and custom query filters to describe the date and time when the selected disk snapshot was taken: 

gcloud compute snapshots describe cc-project5-disk-snapshot-001
    --format="value(creationTimestamp)"

07 The command output should return the creation date/time for the selected resource: 

2019-09-03T09:21:00.000-08:00

Use the date/time value returned by the compute snapshots describe command output and compare the age of the verified disk snapshot with the threshold value identified at step no. 1. If the age of the verified resource is higher than the configured threshold, the selected virtual machine persistent disk snapshot is considered old and can be safely removed from your Google Cloud project.

08 Repeat step no. 6 and 7 for each virtual machine disk snapshot available within the selected GCP project.

09 Repeat steps no. 4 – 8 for each GCP project deployed in your Google Cloud account.

Remediation / Resolution

To remove old and unneeded virtual machine (VM) persistent disk snapshots from your Google Cloud projects, perform the following operations:

Using GCP Console

01 Sign in to Google Cloud Management Console.

02 Select the Google Cloud Platform (GCP) project that you want to examine from the console top navigation bar.

03 Navigate to Google Compute Engine console at https://console.cloud.google.com/compute.

04 In the navigation panel, select Snapshots to access the list with all the VM disk snapshots available for the selected project.

05 Select the old disk snapshot that you want to remove (see Audit section part I to identify the right resource), and choose DELETE to initiate the snapshot removal.

06 Inside the Delete <snapshot-name>? confirmation box, click DELETE to confirm the VM disk snapshot removal.

07 Repeat step no. 5 and 6 to delete other old/obsolete virtual machine disk snapshots available in the selected GCP project.

08 Repeat steps no. 2 – 7 for each GCP project created within your Google Cloud account.

Using GCP CLI

01 Run compute snapshots delete command (Windows/macOS/Linux) using the name of the old virtual machine disk snapshot that you want to delete as identifier parameter (see Audit section part II to identify the right resource), to remove the selected VM persistent disk snapshot from your Google Cloud project: 

gcloud compute snapshots delete cc-project5-disk-snapshot-001

02 Type Y (yes), then press Enter to confirm the resource removal, i.e.: 

The following snapshots will be deleted:
 - [cc-project5-disk-snapshot-001]
Do you want to continue (Y/n)? Y

03 The command request should return the URL of the deleted VM persistent disk snapshot: 

Deleted [https://www.googleapis.com/compute/v1/projects/cc-project5-123123/global/snapshots/cc-project5-disk-snapshot-001].

04 Repeat steps no. 1 – 3 to delete other unneeded (old) virtual machine disk snapshots created for the selected GCP project.

05 Repeat steps no. 1 – 4 for each GCP project deployed within your Google Cloud account.

References

Publication date May 10, 2021

Related ComputeEngine rules

Unlock the Remediation Steps

Free 30-day Trial

Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

Confirmity Cloud Platform

No thanks, back to article

You are auditing:

Remove Old Persistent Disk Snapshots

Risk Level: Low