This policy reports on any existing delete recommendations for persistent disks generated by the Google Recommender service. The user can then choose to delete the persistent disk if desired. Optionally, the user can filter results by number of days detached, label, project ID/name, or region.
This policy uses the following Google recommenders:
google.compute.disk.IdleResourceRecommender: Checks if a persistent disk is idle and recommends deleting the idle disk.
More information is available in Google's documentation:
The policy includes the estimated monthly savings. The estimated monthly savings is recognized if the resource is deleted.
- The
Estimated Monthly Savingsis obtained directly from the Google Recommender service. - Since the savings estimates are obtained directly from Google, they will take into account any cloud provider discounts but not any Flexera adjustment rules or other cost manipulations specific to the Flexera platform.
- The incident message detail includes the sum of each resource
Estimated Monthly SavingsasPotential Monthly Savings. - If the Flexera organization is configured to use a currency other than the one Google Recommender is reporting the savings estimates in, the savings values will be converted using the exchange rate at the time that the policy executes.
This policy has the following input parameters required when launching the policy.
- Email Addresses - Email addresses of the recipients you wish to notify.
- Days Unattached - The number of days since the disk was last attached to an instance to include it in the results. Cannot be set to less than 15 days because Google does not produce recommendations for disks that have been idle for < 15 days.
- Minimum Savings Threshold - Minimum potential savings required to generate a recommendation.
- Allow/Deny Projects - Whether to treat Allow/Deny Projects List parameter as allow or deny list. Has no effect if Allow/Deny Projects List is left empty.
- Allow/Deny Projects List - Filter results by project ID/name, either only allowing this list or denying it depending on how the above parameter is set. Leave blank to consider all projects
- Allow/Deny Regions - Whether to treat Allow/Deny Regions List parameter as allow or deny list. Has no effect if Allow/Deny Regions List is left empty.
- Allow/Deny Regions List - Filter results by region, either only allowing this list or denying it depending on how the above parameter is set. Leave blank to consider all the regions.
- Exclusion Labels - The policy will filter resources containing the specified labels from the results. The following formats are supported:
Key- Filter all resources with the specified label key.Key==Value- Filter all resources with the specified label key:value pair.Key!=Value- Filter all resources missing the specified label key:value pair. This will also filter all resources missing the specified label key.Key=~/Regex/- Filter all resources where the value for the specified key matches the specified regex string.Key!~/Regex/- Filter all resources where the value for the specified key does not match the specified regex string. This will also filter all resources missing the specified label key.
- Exclusion Labels: Any / All - Whether to filter instances containing any of the specified labels or only those that contain all of them. Only applicable if more than one value is entered in the
Exclusion Labelsfield. - Create Final Snapshot - Whether or not to take a final snapshot before deleting a disk.
- Automatic Actions - When this value is set, this policy will automatically take the selected action(s).
Please note that the "Automatic Actions" parameter contains a list of action(s) that can be performed on the resources. When it is selected, the policy will automatically execute the corresponding action on the data that failed the checks, post incident generation. Please leave it blank for manual action. For example, if a user selects the "Delete Disks" action while applying the policy, all idle persistent disks will be deleted.
The following policy actions are taken on any resources found to be out of compliance.
- Send an email report
- Delete idle persistent disks after approval
This Policy Template uses Credentials for authenticating to datasources -- in order to apply this policy you must have a Credential registered in the system that is compatible with this policy. If there are no Credentials listed when you apply the policy, please contact your Flexera Org Admin and ask them to register a Credential that is compatible with this policy. The information below should be consulted when creating the credential(s).
-
Google Cloud Credential (provider=gce) which has the following:
recommender.computeDiskIdleResourceRecommendations.listresourcemanager.projects.getcompute.disks.listlogging.logEntries.listlogging.privateLogEntries.listlogging.views.accesscompute.disks.createSnapshot*compute.disks.delete*compute.globalOperations.get*compute.zoneOperations.get*compute.snapshots.create*
* Only required for taking action; the policy will still function in a read-only capacity without these permissions.
-
Flexera Credential (provider=flexera) which has the following roles:
billing_center_viewer
The Provider-Specific Credentials page in the docs has detailed instructions for setting up Credentials for the most common providers.
Additionally, this policy template requires that several APIs be enabled in your Google Cloud environment:
This policy template does not incur any cloud costs.
Google sets quotas on the Recommender API; this will cause a 429 RESOURCE_EXHAUSTED response when the quota is exceeded. See Quotas & Limits for more information.