This Policy finds Azure snapshots older than the specified days and deletes them.
This Policy Template uses Credentials for authenticating to datasources -- in order to apply this policy you must have a Credential registered in the system that is compatible with this policy. If there are no Credentials listed when you apply the policy, please contact your Flexera Org Admin and ask them to register a Credential that is compatible with this policy. The information below should be consulted when creating the credential(s).
-
Azure Resource Manager Credential (provider=azure_rm) which has the following permissions:
Microsoft.Compute/snapshots/readMicrosoft.Compute/snapshots/delete
-
Flexera Credential (provider=flexera) which has the following roles:
billing_center_viewer
The Provider-Specific Credentials page in the docs has detailed instructions for setting up Credentials for the most common providers.
The policy includes the estimated savings. The estimated savings is recognized if the resource is terminated. Optima is used to receive the estimated savings which is the product of the most recent full day's cost of the resource * 30. The savings is displayed in the Estimated Monthly Savings column. If the resource can not be found in Optima the value is 0.0. The incident message detail includes the sum of each resource Estimated Monthly Savings as Total Estimated Monthly Savings.
If the user is missing the minimum required role of billing_center_viewer or if there is not enough data received from Optima to calculate savings, an appropriate message is displayed in the incident detail message along with the estimated monthly savings column value as 0.0 in the incident table.
This policy has the following input parameters required when launching the policy.
- Email addresses - A list of email addresses to notify
- Azure Endpoint - Azure Endpoint to access resources
- Subscription Whitelist - Whitelisted Subscriptions, if empty, all subscriptions will be checked
- Snapshot age - The number of days since the snapshot was created.
- Exclusion Tags - list of tags that a snapshot can have to exclude it from the list.
- Automatic Actions - When this value is set, this policy will automatically take the selected action(s).
Please note that the "Automatic Actions" parameter contains a list of action(s) that can be performed on the resources. When it is selected, the policy will automatically execute the corresponding action on the data that failed the checks, post incident generation. Please leave it blank for manual action. For example if a user selects the "Delete Snapshots" action while applying the policy, all the snapshots that didn't satisfy the policy condition will be deleted.
The following policy actions are taken on any resources found to be out of compliance.
- Send an email report
- Delete old snapshots after an approval
- Azure
This Policy Template does not launch any instances, and so does not incur any cloud costs.