# Delete RDS Snapshots older than a specified period of time

## What It Does

Deletes manual Amazon RDS snapshots—either DB instance or DB cluster snapshots—that are older than a specified retention period. Outdated snapshots can accumulate over time, leading to unnecessary storage costs. Removing them optimizes storage usage without affecting operational databases.

## Risk and Scope

| Detail                   | Value      |
| ------------------------ | ---------- |
| **Risk Level**           | Low        |
| **AWS Service Targeted** | Amazon RDS |

{% hint style="warning" %}

## Permissions Required

**Delete Permissions**

* `rds:DeleteDBSnapshots`
* `rds:DeleteDBClusterSnapshots`

**Read Permissions**

* `rds:DescribeDBSnapshots`
* `rds:DescribeDBClusterSnapshots`

> These permissions are granted **only to the runbook**, not to the OneLens platform itself.
> {% endhint %}

## Optimization Policies Addressed

This runbook remediates violation tickets of the following policy:

| Policy ID | Policy Name                                                                             |
| --------- | --------------------------------------------------------------------------------------- |
| rds\_31   | Manual Aurora cluster snapshots older than a specified period of time should be deleted |

## Risk Mitigation

{% hint style="success" %}

## Risk Mitigation Strategy

* The change is assessed as **low risk** with limited scope and impact.
* **No downtime** is expected during or after implementation.
* **No additional safety measures** are required due to the non-disruptive nature of the change.
* A **rollback plan is not defined**, as standard procedures are sufficient to manage the change.
  {% endhint %}

## How to Install

Refer to the [Runbook Setup Guide ](/automate/remediations/runbooks/install-runbooks.md#installing-a-runbook)for steps to install and enable this runbook in your environment.

## Runbook Workflow

### Step 1: Start

**Trigger:** Begins the runbook to identify and delete outdated manual RDS snapshots.

### Step 2: checkSnapshotType

**Action:** Runs a script to determine whether the snapshot is a DB instance snapshot or a DB cluster snapshot.

### Step 3: If/Else

**Condition:** Checks if the snapshot type is valid.

1. **If the snapshot is both manual and available:**
   1. **DeleteDBSnapshot**\
      Executes `DeleteDBSnapshot` for outdated manual instance-level snapshots.
   2. **DeleteDBClusterSnapshot**\
      Executes `DeleteDBClusterSnapshot` for outdated manual cluster-level snapshots.
   3. **ThrowError**\
      Script raises a runtime error to capture the errors,  failing the workflow explicitly.
2. **Else**:\
   Terminates workflow if the snapshot type is not supported.

## See How It Works

<figure><img src="/files/hGDvol3Hq7SL3zOq4Fy2" alt=""><figcaption></figcaption></figure>

## Triggering the Runbook

To run this workflow:

### **1. Locate the Ticket**

Identify the ticket associated with the above mentioned policy violation.

### **2. Execute the Runbook**

Follow the steps described in the [executing a runbook](/automate/remediations/runbooks.md#executing-a-runbook) section to apply this runbook to the ticket.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.onelens.cloud/automate/remediations/runbooks/runbook-catalog/delete-rds-snapshots-older-than-a-specified-period-of-time.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.