Delete RDS Snapshots older than a specified period of time

What It Does

Deletes manual Amazon RDS snapshots—either DB instance or DB cluster snapshots—that are older than a specified retention period. Outdated snapshots can accumulate over time, leading to unnecessary storage costs. Removing them optimizes storage usage without affecting operational databases.

Risk and Scope

Detail
Value

Risk Level

Low

AWS Service Targeted

Amazon RDS

Permissions Required

Delete Permissions

  • rds:DeleteDBSnapshots

  • rds:DeleteDBClusterSnapshots

Read Permissions

  • rds:DescribeDBSnapshots

  • rds:DescribeDBClusterSnapshots

These permissions are granted only to the runbook, not to the OneLens platform itself.

Optimization Policies Addressed

This runbook remediates violation tickets of the following policy:

Policy ID
Policy Name

rds_31

Manual Aurora cluster snapshots older than a specified period of time should be deleted

Risk Mitigation

Risk Mitigation Strategy

  • The change is assessed as low risk with limited scope and impact.

  • No downtime is expected during or after implementation.

  • No additional safety measures are required due to the non-disruptive nature of the change.

  • A rollback plan is not defined, as standard procedures are sufficient to manage the change.

How to Install

Refer to the Runbook Setup Guide for steps to install and enable this runbook in your environment.

Runbook Workflow

Step 1: Start

Trigger: Begins the runbook to identify and delete outdated manual RDS snapshots.

Step 2: checkSnapshotType

Action: Runs a script to determine whether the snapshot is a DB instance snapshot or a DB cluster snapshot.

Step 3: If/Else

Condition: Checks if the snapshot type is valid.

  1. If the snapshot is both manual and available:

    1. DeleteDBSnapshot Executes DeleteDBSnapshot for outdated manual instance-level snapshots.

    2. DeleteDBClusterSnapshot Executes DeleteDBClusterSnapshot for outdated manual cluster-level snapshots.

    3. ThrowError Script raises a runtime error to capture the errors, failing the workflow explicitly.

  2. Else: Terminates workflow if the snapshot type is not supported.

See How It Works

Triggering the Runbook

To run this workflow:

1. Locate the Ticket

Identify the ticket associated with the above mentioned policy violation.

2. Execute the Runbook

Follow the steps described in the executing a runbook section to apply this runbook to the ticket.

PreviousDelete Idle ElastiCache/Memcached ClusterNextDelete idle Classic/Application Load Balancers

Last updated