Enforce data retention policies

PostedDecember 20, 2024

UpdatedMarch 21, 2025

ByKevin McCaffrey

Implementing data retention policies is crucial for managing and decommissioning resources effectively. It helps organizations to identify, manage, and delete unnecessary or orphaned resources in a timely manner, thus reducing waste and optimizing costs.

Best Practices

Implement Resource Tagging Strategy

Establish a consistent tagging policy for resources, including tags for environment, owner, project, and cost center. This aids in tracking resource utilization and allocation. Ensure all team members are trained on the tagging process to maintain consistency.

Regularly Review and Audit Resource Usage

Schedule regular audits of your resources to identify unused or underutilized ones. Utilize AWS Cost Explorer and AWS Budgets to monitor spending and project budgets, making it easier to identify resources that can be decommissioned.

Automate Resource Reporting and Alerts

Implement automation tools to generate reports on resource usage and send alerts for resources that are idle for a specified period. Services like AWS Lambda can help automate this process efficiently, driving timely decommissioning.

Establish a Decommissioning Workflow

Create a structured workflow for decommissioning resources that includes requesting decommissioning, approvals, and documenting reasons for decommissioning. This ensures change control and accountability throughout the lifecycle of your resources.

Leverage Resource Management Tools

Use AWS Management tools like AWS Config to monitor configurations and relationships between resources over their lifetime. This assists in understanding dependencies and potential impacts before decommissioning resources.

Questions to ask your team

Do you have a tagging strategy in place to identify resources by workload or function?
How frequently do you review your resource inventory for unused or underutilized resources?
Do you have automated processes to alert you about resources that are no longer needed?
Is there a defined workflow for decommissioning resources once they are identified as unnecessary?
Are you tracking the cost implications of your resources throughout their lifecycle?
How do you ensure compliance with your change control procedures during decommissioning?
Have you documented lessons learned from past resource decommissioning efforts?

Who should be doing this?

Cloud Administrator

Implement and manage tagging strategies for resources.
Monitor resource usage and identify unused resources for potential decommissioning.
Coordinate with teams to ensure accurate tracking of resource lifecycles.

Finance Analyst

Analyze cost reports and identify resources that contribute to wastage.
Provide insights on resource utilization and recommend actions for cost reduction.
Ensure budget alignment with resource usage and decommissioning plans.

Project Manager

Oversee change control processes related to resource decommissioning.
Facilitate communication between teams regarding resource lifecycle management.
Ensure that all stakeholders are informed about resource decommissioning timelines and impacts.

DevOps Engineer

Implement automation scripts to tag and track resources efficiently.
Develop and maintain tools for monitoring resource health and lifecycle status.
Collaborate with development teams to ensure resource decommissioning aligns with project timelines.

Compliance Officer

Ensure decommissioning processes comply with governance and regulatory requirements.
Review policies related to resource management and decommissioning.
Audit resource usage and decommissioning activities for compliance reporting.

What evidence shows this is happening in your organization?

Resource Tagging Policy: A formal document outlining the strategy for tagging AWS resources to track their purpose and associated workloads, helping to identify unused resources for decommissioning.
Resource Lifecycle Management Checklist: A checklist used to ensure all steps in the resource lifecycle are followed, from creation to decommissioning, including methods for tracking and terminating unused resources.
Monthly Resource Cost Report: A report generated monthly detailing all active AWS resources, their costs, and usage statistics to identify any resources that may be deemed unnecessary.
AWS Resource Tracking Dashboard: An interactive dashboard using AWS Cost Explorer and tagging data to visually represent resource usage and associated costs over time, facilitating informed decisions on resource decommissioning.
Decommissioning Strategy Document: A guide that outlines the procedures for safe and efficient decommissioning of AWS resources, including required approvals, tagging relevance, and communication strategies.

Cloud Services

AWS

AWS Resource Groups: Helps you manage and automate tasks on large numbers of resources by grouping them together based on tags.
AWS Cost Explorer: Allows you to view and analyze your costs and usage patterns over time, helping identify unused resources.
AWS Config: Tracks AWS resource configurations and changes, enabling compliance auditing and resource lifecycle management.
AWS Budgets: Enables you to set custom cost and usage budgets that alert you when you exceed your thresholds.

Azure

Azure Resource Manager: Provides management capabilities to deploy, manage, and monitor resources with tagging for organization.
Azure Cost Management + Billing: Offers tools to monitor and optimize costs, including usage tracking and resource management.
Azure Policy: Allows you to create, assign, and manage policies to ensure resources are compliant and managed through their lifecycle.

Google Cloud Platform

Google Cloud Asset Inventory: Provides a comprehensive inventory of your Google Cloud resources, which can be reviewed for unused resources.
Google Cloud Billing Reports: Offers detailed reports to analyze resource usage and associated costs, helping identify inactive resources.
Google Cloud Tags: Allows you to create and manage tags for resources, making it easier to categorize and track resources throughout their lifecycle.

Question: How do you decommission resources?
Pillar: Cost Optimization (Code: COST)

Operational Excellence

Determine what your priorities are

Structure your organization to support your business outcomes

Organizational culture to support your business outcomes

Implement observability in your workload

Reduce defects, ease remediation, and improve flow into production

Mitigate deployment risks

Be ready to support a workload

Uilize workload observability

Understand the health of your operations

Manage workload and operations events

Evolve your operations

Security

Securely operate your workload

Manage identities for people and machines

Manage permissions for people and machines

Detect and investigate security events

Protect your network resources

Protect your compute resources

Classify your data

Protect your data at rest

Protect your data in transit

Anticipate, respond to, and recover from incidents

Incorporate and validate the security properties of applications throughout the design, development, and deployment lifecycle

Reliability

Manage service quotas and constraints

Plan your network topology

Design your workload service architecture

Design interactions in a distributed system to prevent failures

Design interactions in a distributed system to mitigate or withstand failures

Monitor workload resources

Design your workload to adapt to changes in demand

Implement change

Back up data

Fault isolation to protect your workload

Design your workload to withstand component failures

Test reliability

Plan for disaster recovery (DR)

Cost Optimization

Implement cloud financial management

Govern usage

Monitor your cost and usage

Decommission resources

Evaluate cost when you select services

Meet cost targets when you select resource type, size and number

Use pricing models to reduce cost

Plan for data transfer charges

Manage demand, and supply resources

Evaluate new services

Evaluate the cost of effort

Performance

Select the appropriate cloud resources and architecture patterns for your workload

Select and use compute resources in your workload

Store, manage, and access data in your workload

Select and configure networking resources in your workload

Support more performance efficiency for your workload

Sustainability

Select Regions for your workload

Align cloud resources to your demand

Take advantage of software and architecture patterns to support your sustainability goals

Take advantage of data management policies and patterns to support your sustainability goals

Select and use cloud hardware and services in your architecture to support your sustainability goals

Implement organizational processes support your sustainability goals