ecs-snapshot-retention-days

更新时间:
复制 MD 格式

Checks whether the retention period of each automatic snapshot for an Elastic Compute Service (ECS) instance meets a specified minimum number of days. If the retention period exceeds the threshold, the evaluation result is Compliant.

Scenarios

Automatic snapshots are agentless backups that support disk restoration, image creation, and disaster recovery. If snapshots expire before an incident is detected and remediated, the recovery window may be lost.

Use this rule to verify that your automatic snapshot policies meet your organization's minimum retention requirements.

Risk level

Default risk level: low.

When you apply this rule, you can change the risk level based on your business requirements.

Compliance evaluation logic

  • If the retention period of each automatic snapshot is greater than the specified number of days, the evaluation result is Compliant.

  • If the retention period of an automatic snapshot is less than or equal to the specified number of days, the evaluation result is Incompliant. For more information about how to remediate an incompliant configuration, see Incompliance remediation.

Rule details

Item Description
Rule name ecs-snapshot-retention-days
Rule identifier ecs-snapshot-retention-days
Tag ECS and Snapshot
Automatic remediation Not supported
Trigger type Configuration change
Supported resource type Automatic snapshot policy
Input parameter days. Default value: 7. Unit: days.
Note Separate multiple values with commas (,).

Incompliance remediation

Update your automatic snapshot policy to set a retention period greater than the minimum specified in Cloud Config. For more information, see Modify policy.