You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add support for resource deletion for recovery points taken by AWS Backup.
Extra information or context
C7N is unable to delete AWS Backup recovery points. Below is the output of a policy using the aws.ebs-volume resource type intended to cleanup orphaned EBS snapshots.
An error occurred (InvalidParameterValue) when calling the DeleteSnapshot operation: This snapshot is managed by the AWS Backup service and cannot be deleted via EC2 APIs. If you wish to delete this snapshot, please do so via the Backup console.
When discussing this issue in the C7N Slack, @kapilt suggested that I submit a feature request, as this is currently not supported.
Use case:
When AWS Backup plans are deleted, the recovery points taken by the backup plan remain and are not cleaned up by the normal aging process within the backup plan because the plan no longer exists.
There have also been other situations where an IAM role associated with the plan changes, leaving the plan unable to remove the snapshots created by the other role because it is replaced/changed.
In summary, there are times when AWS Backup will leave snapshots lying around, increasing cost over time due to the length of snapshot deltas.
It would be excellent if there were support for AWS Backup recovery point cleanup, starting with EBS, AMI and RDS recovery points. I am also aware that AWS Backup supports multiple services as outlined here, but it would be excellent if EBS, AMI, RDS, EFS, and S3 recovery points were supported.
The text was updated successfully, but these errors were encountered:
Describe the feature
Add support for resource deletion for recovery points taken by AWS Backup.
Extra information or context
C7N is unable to delete AWS Backup recovery points. Below is the output of a policy using the
aws.ebs-volumeresource type intended to cleanup orphaned EBS snapshots.An error occurred (InvalidParameterValue) when calling the DeleteSnapshot operation: This snapshot is managed by the AWS Backup service and cannot be deleted via EC2 APIs. If you wish to delete this snapshot, please do so via the Backup console.When discussing this issue in the C7N Slack, @kapilt suggested that I submit a feature request, as this is currently not supported.
Use case:
When AWS Backup plans are deleted, the recovery points taken by the backup plan remain and are not cleaned up by the normal aging process within the backup plan because the plan no longer exists.
There have also been other situations where an IAM role associated with the plan changes, leaving the plan unable to remove the snapshots created by the other role because it is replaced/changed.
In summary, there are times when AWS Backup will leave snapshots lying around, increasing cost over time due to the length of snapshot deltas.
It would be excellent if there were support for AWS Backup recovery point cleanup, starting with EBS, AMI and RDS recovery points. I am also aware that AWS Backup supports multiple services as outlined here, but it would be excellent if EBS, AMI, RDS, EFS, and S3 recovery points were supported.
The text was updated successfully, but these errors were encountered: