Detections
Analytics

Ensure age in days after create to delete snapshot is more than 90 in Azure Storage Management Policy

MEDIUM

Description

Age in days after create to delete the snapshot in Azure Storage Management Policy is set to less than 90 days this may impact the availability.

Remediation

In Azure Console -

  1. Open the Azure Portal and go to Storage Accounts.
  2. Select the Storage Account that you wish to edit.
  3. Under Data Management, select Lifecycle management.
  4. Create a new rule with the blob subtype set to snapshot.
  5. On the next screen, set More than (days ago) to at least 90 and the action to Delete the blob snapshot.
  6. Click Add.

In Terraform -

  1. In the azurerm_storage_management_policy resource, create a rule block with an actions block.
  2. For actions.snapshot, set the delete_after_days_since_creation_greater_than to at least 90.

References:
https://learn.microsoft.com/en-us/azure/storage/blobs/snapshots-overview
https://learn.microsoft.com/en-us/azure/storage/blobs/lifecycle-management-policy-configure?tabs=azure-portal
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_management_policy#snapshot

Policy Details

Rule Reference ID: AC_AZURE_0365
CSP: Azure
Remediation Available: Yes
Domain: Resilience
Resource: azurerm_storage_management_policy
Resource Category: Storage
Resource Type: Storage Accounts

Frameworks