Cost

Prune old manual RDS snapshots

Automated RDS snapshots roll off with the retention window — manual snapshots stay until you delete them. Find the long tail and clean it up.

12 min·10 sections·AWS

Last reviewed 27 May 2026

Old RDS snapshots: the basics

Why do manual RDS snapshots quietly become a long-tail bill?

RDS has two kinds of snapshots and they behave nothing alike. Automated snapshots are taken on the schedule you configure (typically daily), retained for 1 to 35 days, and then quietly deleted by RDS as they age out. You set the retention window once and the lifecycle takes care of itself. Manual snapshots are the opposite: you (or a script, or a Terraform run, or a pre-migration runbook) create them, name them, and they sit in S3-backed storage forever until you explicitly delete them.

The trouble is that "forever" is exactly what teams forget about. Someone takes a snapshot before a schema migration to roll back "just in case". The migration succeeds, the team moves on, and 200+ days later the snapshot is still billing at ~$0.095 per GB-month. Multiply that by every database in every region that had a major change in the last two years and the number starts to matter.

RDS-007 flags any manual snapshot older than a configurable threshold — typically 90 to 180 days. The severity is usually LOW per snapshot because a 100 GB snapshot costs around $9.50/month, but the long tail of forgotten snapshots across a fleet adds up quickly. The check isn't telling you to delete blindly; it's telling you that nothing in your tooling has touched this snapshot in months, and it deserves a human eye.

In this lesson you'll learn the difference between automated and manual RDS snapshots, why orphaned manual snapshots are the single most common RDS waste pattern, and how to investigate and prune the long tail safely. You'll see the AWS CLI calls to list manual snapshots by age, the Snapshot Archive tier for compliance retention, and the AWS Backup plan that replaces ad-hoc manual snapshots for good.

Fun fact

The snapshot that outlived the database

Manual snapshots survive the deletion of the database they came from. When you delete an RDS instance, the wizard offers to take a "final snapshot" — that snapshot is a manual snapshot, retained forever, and it keeps billing long after the database is gone. The most common audit finding on long-running AWS accounts is a directory of final-snapshot-* entries from databases that haven't existed in years. They're the cloud equivalent of a storage unit nobody renewed but the lock is still on.

Pruning snapshots in action

Nina is the SRE on call for a payments platform. The monthly finance review flags $480 of unexplained RDS spend on a service that was decommissioned 14 months ago. The database is gone — the bill isn't.

She pulls a list of every manual snapshot in the account, sorted by age. The top of the list is a stack of pre-migration snapshots from the old payments stack — eight of them, between 100 GB and 400 GB each, all over 12 months old. The 400 GB one alone is costing $38/month.

She cross-references the snapshot identifiers against the team's runbooks and Slack history. Every one of them is a "rollback safety net" from a migration that completed cleanly months ago. She archives the two with regulatory retention requirements and deletes the rest.

First, list every manual snapshot in the region, sorted by creation date to surface the oldest first.

$ aws rds describe-db-snapshots --snapshot-type manual --query 'DBSnapshots[].[DBSnapshotIdentifier,DBInstanceIdentifier,SnapshotCreateTime,AllocatedStorage,Status]' --output table

------------------------------------------------------------------------------------------------------

| DescribeDBSnapshots |

+-----------------------------------+--------------------+---------------------------+------+--------+

+-----------------------------------+--------------------+---------------------------+------+--------+

# Top three are >200 days old, attached to a database that no longer exists.

Manual snapshots in eu-west-1, sorted by age.

For the two snapshots Nina needs to keep for compliance, she moves them to the Archive tier to cut storage cost by ~87%.

$ aws rds modify-db-snapshot --db-snapshot-identifier final-snapshot-payments-prod-old --storage-type archive

{

"DBSnapshot": {

"DBSnapshotIdentifier": "final-snapshot-payments-prod-old",

"AllocatedStorage": 400,

"Status": "modifying",

"SnapshotTarget": "archive",

"StorageType": "archive"

}

# $0.095/GB-mo -> $0.0125/GB-mo. 400 GB drops from $38/mo to $5/mo.

Archiving a snapshot that has to be kept but won't be restored frequently.

Snapshot billing under the hooddeep dive

RDS snapshots are stored in S3 (a managed bucket you don't see) and billed at roughly $0.095 per GB-month for the Standard tier — about double the rate of EBS snapshots, because RDS snapshots include the redo log positioning and consistency metadata needed to restore a transactional database. Crucially, RDS bills the allocated storage of the source instance at snapshot time, not the actual used data on disk. A snapshot of a 1 TB database that's only 200 GB full still bills against 1 TB.

Snapshots within the automated retention window of an active instance are free — AWS does not charge for backup storage up to 100% of the database's allocated storage. The moment you cross that threshold, or the moment a snapshot is manual, every GB-month is billable. This is also why deleting a database doesn't free its snapshot storage: once the source is gone there's no "included" backup storage left to offset against, so every GB of every retained snapshot starts billing at full rate.

The Snapshot Archive tier (storage-type=archive) drops the rate to ~$0.0125 per GB-month — about 87% cheaper — at the cost of restore latency and a minimum 90-day storage commitment. Restore from archive can take hours rather than minutes. It's the right home for compliance retention copies that you legitimately have to keep but realistically will never restore. Cross-region copies and cross-account shares each create independently-billed copies, so a single 400 GB snapshot replicated to two DR regions is actually paying for 1.2 TB of storage.

# Inventory: every manual snapshot older than 180 days, with size and age in days.
aws rds describe-db-snapshots \
  --snapshot-type manual \
  --query "DBSnapshots[?SnapshotCreateTime<='$(date -u -d '180 days ago' +%FT%TZ)'].[DBSnapshotIdentifier,AllocatedStorage,SnapshotCreateTime,Engine]" \
  --output table

# Estimate the monthly cost of the long tail (Standard tier).
aws rds describe-db-snapshots --snapshot-type manual \
  --query 'sum(DBSnapshots[].AllocatedStorage)' \
  --output text | awk '{ printf "~$%.2f/month\n", $1 * 0.095 }'

What is the impact of leaving old snapshots around?

The direct impact is the bill. A single 100 GB manual snapshot costs roughly $9.50 per month — small enough to ignore, large enough to compound. Across a typical mid-size estate with two years of pre-migration, pre-deployment, and final snapshots, the long tail is often $300 to $1,500 a month in pure storage spend that nobody owns. Over a 12-month window, that single 100 GB snapshot is $114; a 400 GB one is $456.

The second-order impact is operational fog. When a snapshot survives the deletion of its source database, the lineage breaks: there is no longer any way to look up which application owned it, what schema it represents, or whether the data inside is still subject to retention rules. Two years later, the on-call who finds it has no way to decide whether deleting it is safe, so it stays — billing forever, helping no one.

On the compliance side, untracked snapshots are a liability. GDPR, HIPAA, and PCI-DSS all care about how long personal or cardholder data lives. A snapshot taken before a privacy-driven data-deletion event still contains the deleted data — and if nobody knows the snapshot exists, the deletion was never really complete. Audit findings on "data still present in backups beyond retention policy" are some of the most common and most expensive to remediate.

And finally, cross-region and cross-account sharing multiplies everything. A snapshot copied to a DR region for legitimate reasons is fine; a snapshot copied to a DR region and then forgotten about, while the source has also been forgotten, is double-billing for nothing.

How do you clean up safely?

Snapshot hygiene is a four-step loop: inventory, justify, archive-or-delete, and prevent recurrence. Each step is cheap; running them quarterly keeps the long tail from ever forming.

1. Inventory every manual snapshot

Use aws rds describe-db-snapshots --snapshot-type manual per region, sorted by SnapshotCreateTime. Capture identifier, source DB, age, allocated storage, region, and current tier. Don't forget cross-region copies (--snapshot-type manual lists copies separately) and cross-account shared snapshots in linked accounts. Build the list once, then refresh it on a schedule — most teams find a quarterly inventory is enough.

2. Justify each snapshot before touching it

For every snapshot older than your threshold, ask three questions: does the source database still exist; is the data inside still subject to a retention policy; and would the team realistically restore from this rather than the most recent automated backup? If the answer to all three is no, it's safe to delete. If the data has a retention requirement but you won't restore from it, move it to the Archive tier instead of deleting.

3. Delete or archive — never both ignored

Delete with aws rds delete-db-snapshot --db-snapshot-identifier .... For archived retention, use modify-db-snapshot --storage-type archive — remember the 90-day minimum commitment and the slower restore. Tag the survivors with retention=compliance and an expiry date so the next inventory pass can act on them automatically. Whatever you do, do not leave a snapshot in Standard tier with no owner and no decision recorded.

4. Move new backups to AWS Backup

Stop taking ad-hoc manual snapshots. Replace them with an AWS Backup plan that defines retention, cross-region copy rules, lifecycle to cold storage, and an audit trail in a single place. Then enforce "no manual snapshots" with an SCP or a config rule, so the next pre-migration runbook can't accidentally create a fresh 12-month liability. AWS Backup is the long-term answer; the snapshot prune is just cleaning up the years of debt before that.

# Delete every manual snapshot older than 365 days whose source DB no longer exists.
aws rds describe-db-snapshots --snapshot-type manual \
  --query "DBSnapshots[?SnapshotCreateTime<='$(date -u -d '365 days ago' +%FT%TZ)'].DBSnapshotIdentifier" \
  --output text | tr '\t' '\n' > stale-snapshots.txt

# Review the list. Then, only after a human has signed it off:
while read -r snap; do
  aws rds delete-db-snapshot --db-snapshot-identifier "$snap"
done < stale-snapshots.txt

Quick quiz

Question 1 of 5

You find a 400 GB manual snapshot tagged pre-migration-payments-2024-10. The source database was deleted 14 months ago, but legal says you have to keep the data for another 4 years for regulatory retention. What's the right next move?

Keep learning

Dig deeper into RDS backup mechanics and the AWS Backup model that replaces ad-hoc snapshots.

You've completed Prune old manual RDS snapshots. You now know how automated and manual snapshots differ, why the long tail forms, and the four-step loop — inventory, justify, archive-or-delete, prevent recurrence — that keeps it from coming back. The next time RDS-007 lights up on a 200-day-old snapshot, you'll have a real decision framework instead of a guilty tab left open.

Back to the library

Old RDS snapshots: what the bill is actually paying for

Manual snapshots are permanent storage purchases that nobody budgeted for

Every RDS manual snapshot you or a script creates is a line item in your S3-backed storage bill at roughly $0.095 per GB-month — and unlike automated snapshots, nothing in AWS will ever delete it automatically. That means every pre-migration safety net, every final snapshot taken at database decommission, and every ad-hoc copy sits on your bill in perpetuity until someone explicitly decides to remove it.

The unit economics are deceptively small: a single 100 GB snapshot costs about $9.50/month, just over $114 a year. But the pattern scales. An account with two years of migration activity typically accumulates dozens of these, often attached to databases that no longer exist. At $300–$1,500/month for a mid-size fleet, the line is real, it owns no budget, and it grows every time someone runs a pre-migration runbook without a paired cleanup step.

RDS-007 is the audit mechanism that surfaces this: flag every manual snapshot older than 90–180 days and demand a decision. The finance role here is to make that decision process systematic — a tiering judgment between delete (source database is gone, no retention requirement), archive (must keep for compliance but at 87% less cost), and keep standard (actively needed). The goal is zero unowned, unbudgeted snapshot storage, not zero snapshots.

This lesson is for the finance partner who sees an unexplained RDS storage line on the cloud bill and wants to understand what's actually inside it. It explains why manual snapshots are a permanent spend, how to calculate the cost of the long tail per GB and per instance, the Archive tier that cuts compliance-retention cost by 87%, and the four-step inventory-justify-archive-or-delete-prevent loop that turns a one-time cleanup into a standing process. No CLI commands required — the numbers and the framework are the point.

Fun fact

The snapshot that outlived the database

How a finance partner turns a vague RDS cost spike into a defensible cleanup

Jordan is the FinOps analyst reviewing the monthly AWS bill. RDS storage is up $420 month-over-month with no corresponding infrastructure change in the sprint log. The spike isn't a new database — it's old backup data that crossed an accounting threshold nobody was watching.

She pulls the manual snapshot inventory grouped by source database, sorted by age and cost. The output is immediately legible as a chargeback problem: three engineering teams own the top fifteen snapshots by cost, totalling $1,140/month. Every snapshot is tagged to a project or database, so ownership is traceable. None of them have a budget line — they were created as one-time safety nets and never decommissioned.

Jordan takes the list to the next engineering leads review with a simple table: snapshot name, owner team, age, GB, and monthly cost. The ask is a decision per row within two weeks — delete, archive, or document a retention reason. Three of the snapshots turn out to have compliance requirements; those go to the Archive tier at $0.0125/GB-month, cutting their combined cost from $190 to $25. The rest are deleted. The $420 spike disappears from next month's bill and the process becomes part of the quarterly cloud cost review.

The cost model behind the snapshot long tail

The billing mechanics make this a compounding problem. RDS snapshots bill at $0.095/GB-month on the allocated storage of the source instance, not the actual data on disk — so a 1 TB instance that was 20% full creates a 1 TB-allocated snapshot bill. Cross-region copies are billed independently in each region at the same rate, and cross-account shares that are accepted in another account create an additional billable copy there too. A single 400 GB snapshot replicated to one DR region is already paying for 800 GB.

The compounding part is time. A snapshot that cost $38/month when it was created costs the same amount 18 months later, even if the database it backed is long gone. There is no decay, no expiry, and no automatic signal — only the ever-growing cumulative line on the bill. Over two years of active migration work, a mid-size fleet routinely accumulates $500–$2,000/month in unowned snapshot storage because none of the individual snapshots ever crossed a threshold that warranted attention.

The finance intervention is to make the cost visible and owned. Put the monthly snapshot storage cost on the team-level chargeback report, broken down by source database tag and age bucket (30–90d, 90–365d, 365d+). The 365d+ bucket is almost always pure waste; the 90–365d bucket is where tiering decisions live. Requiring a retention reason and a named owner for every snapshot in the 90d+ bucket — on a quarterly cadence — is the recurring control that keeps the long tail from re-forming after a cleanup.

On the compliance side, untracked snapshots create audit exposure that has a dollar cost too. GDPR remediation findings, HIPAA audit observations, and PCI-DSS gap reports all generate consulting and remediation effort that dwarfs the storage cost they were triggered by. The cheapest version of compliance is a current, documented inventory — not a retroactive scramble.

What finance can do to drive snapshot hygiene without running CLI commands

Finance can't delete snapshots, but it owns the cost visibility and budget accountability levers that make hygiene a standing team behavior rather than a one-time cleanup. Four concrete actions at the regular cadence.

1. Put snapshot storage on the team-level chargeback report

Add a snapshot-storage line to each team's monthly cloud cost breakdown, broken out by age bucket (30–90d, 90–365d, 365d+). When a team sees $340/month attributed to their backup storage with 14 snapshots in the 365d+ bucket, the cleanup conversation starts itself. Invisible costs don't get managed.

2. Make the 90d+ bucket the review trigger, not the total count

The metric that matters for finance review is the volume and cost of snapshots older than 90 days with no recorded retention reason. Track this as a standing line in the cost review and ask for it to trend toward zero. Dev/test snapshots being pruned quickly is healthy; old unowned standard-tier snapshots growing month-over-month is the signal to escalate.

3. Budget for legitimate compliance-retention copies at the Archive rate

Some snapshots must be kept — but at $0.0125/GB-month in the Archive tier, not $0.095 in Standard. For each snapshot with a documented retention requirement, model its total cost-to-expiry at Archive tier and put that amount in the team's compliance-storage budget line. That makes the cost predictable and explainable at audit, instead of surfacing as unexplained storage growth.

4. Require a named owner and an expiry date for every snapshot over 90 days

During the next quarterly cloud cost review, export the full manual snapshot list and send each team their portion. Require a response: delete, archive with expiry date, or document a retention reason with a named owner. Unresponded rows default to a delete recommendation at the next cycle. This converts the snapshot inventory from an unknown liability into an auditable, owned register.

Quick quiz

Question 1 of 5

Your quarterly RDS cost review shows $1,200/month in manual snapshot storage: six snapshots from migrations that completed over a year ago (no retention requirement), and two final snapshots from decommissioned databases that legal requires to be kept for three more years. What's the right financial action?

Keep learning

Dig deeper into RDS backup mechanics and the AWS Backup model that replaces ad-hoc snapshots.

You've finished the finance partner's view of RDS snapshot hygiene. You know the billing model ($0.095/GB-month on allocated storage, compounding forever, with cross-region copies billing independently), why the long tail is a chargeback problem as much as a cloud cost one, the Archive tier's 87% cost reduction for legitimate compliance holds, and the four finance levers — chargeback visibility, 90d+ bucket as the review trigger, Archive-rate budgeting for compliance copies, and a quarterly owner-and-expiry register — that prevent the long tail from re-forming after a cleanup. Next time unexplained RDS storage shows up on the bill, you'll know exactly where to look and what to ask.

Back to the library

Old RDS snapshots: the governance gap behind the bill

Unowned backup data is a cost, a compliance, and a data-governance problem simultaneously

Manual RDS snapshots are permanent by default — they accumulate every time an engineer takes a safety copy before a migration and never comes back to remove it. The result is a growing inventory of data at rest with no owner, no retirement policy, and a continuous storage charge. RDS-007 flags these when they age past a threshold because the organization has no recorded reason for their continued existence.

This is a governance failure as much as a cost one. GDPR, HIPAA, and PCI-DSS all require that personal or regulated data is deleted when its purpose expires. A snapshot taken before a data-deletion event still contains the deleted records. If no one knows the snapshot exists, the deletion was never actually complete — and that gap is the kind of finding that turns a routine audit into an incident.

The right organizational response is a policy, not a cleanup sprint: all backup creation must happen through a managed tool (AWS Backup) with defined retention, and manual snapshots require a paired deletion task in the runbook. That turns "we have a long tail" into a one-time remediation followed by a clean ongoing state. The leadership signal to track is not the count of old snapshots, but whether new ones are still being created outside the governed process.

A short read for the leader who wants to understand why backup storage keeps appearing on the cloud bill and what a well-governed organization does about it. You'll get the plain-English version of why manual snapshots accumulate, why untracked backup data is both a cost and a compliance exposure, and what the healthy end state looks like: all backups created through a managed policy, retention defined in advance, and no unowned data sitting in storage with no expiry. No technical depth required.

Fun fact

The snapshot that outlived the database

What cleaning up the snapshot long tail looks like at the leadership level

At a scale-up, the VP of Engineering, Marcus, noticed that the AWS bill kept growing even in quarters where headcount and product scope were flat. The culprit turned out to be a five-year accumulation of manual RDS snapshots — pre-migration safety copies, final snapshots from decommissioned databases, and cross-region DR copies that had never been cleaned up. No one team owned them; no one had a mandate to review them.

The fix was not a cleanup sprint — it was a policy change. Marcus mandated two things: all new backup creation goes through the company's AWS Backup plan with a defined retention period, and every pre-migration runbook must include a paired decommission step to delete or archive the snapshot after the migration succeeds. The existing long tail was addressed in a single two-week triage, reducing RDS storage spend by $900/month.

The lasting organizational outcome was clarity of ownership. Backup data is now traceable to a project and a retention reason, and the monthly cost review includes a standing snapshot-age report. When regulators ask how long personal data persists in backups, Marcus has a documented answer with evidence — not a search through years of S3 keys. That's the difference between managing backup data and hoping no one looks.

Why snapshot accumulation is a governance signal, not just a cost signal

The direct cost of old manual snapshots is real but bounded — a few hundred to a few thousand dollars a month depending on fleet size. The more consequential issue is what the accumulation signals: no one owns the data, no one knows when it expires, and no one has accountability for cleaning it up. That is a data governance failure with regulatory consequences.

GDPR Article 17, HIPAA's minimum necessary standard, and PCI-DSS Requirement 3 all impose obligations on how long you retain personal or cardholder data. A snapshot taken before a privacy-driven deletion event still contains the deleted records in full. If the snapshot is unknown to the data inventory, the deletion was never complete — and that gap can surface as a material finding in an audit. The cost of remediating a data-retention audit observation is orders of magnitude higher than the cost of the snapshot itself.

The executive signal to watch is not the snapshot count — it's whether new unmanaged snapshots are still being created. If the answer is yes, a cleanup sprint will just produce a clean slate that refills over the next 12 months. The durable fix is a policy: all backup creation through a governed tool with retention defined up front, and manual snapshots forbidden except through a documented exception process. When that policy is in place, the snapshot inventory becomes a trailing indicator of past practice, not an ongoing liability.

The leadership play on snapshot hygiene

The executive move is not to mandate a cleanup — it's to require that backup data is created and retained through a governed process, so the long tail never forms again after the first remediation.

1. Set a policy: all backups through AWS Backup, manual snapshots by exception only

Make the organizational default that backup creation is a platform capability, not a per-engineer decision. AWS Backup with defined retention and lifecycle rules means every backup has an expiry by design. Manual snapshots outside that system require documented justification and a paired cleanup task — not a blanket ban, but a named exception with an owner.

2. Require data inventory coverage for all backup storage

Every snapshot that contains personal, financial, or regulated data must appear in the organization's data inventory with a retention class and a named data owner. This is not just a compliance requirement — it's the mechanism that prevents a routine audit from uncovering data you didn't know existed. Snapshots outside the inventory are the finding; the inventory coverage rate is the metric.

3. Track the quarterly cleanup trend, not just the current balance

At the leadership review, the one-line check on snapshot hygiene is: are snapshots older than 90 days without a retention reason trending down quarter-over-quarter? A stable or growing number means the policy is not being followed. A declining number approaching zero means the organization has moved from reactive cleanup to proactive governance — which is the goal.

Quick quiz

Question 1 of 5

Six months after a company-wide snapshot cleanup sprint, the manual snapshot count is back to where it started and the cost line has re-grown to $900/month. What does this mean and what should the response be?

Keep learning

Dig deeper into RDS backup mechanics and the AWS Backup model that replaces ad-hoc snapshots.

That's the lesson. Two takeaways: manual snapshots are permanent by design and accumulate into a real cost and compliance exposure whenever backup creation isn't governed by policy, and a cleanup sprint without a process change just restarts the clock. The leadership question is whether all backup data is created through a managed tool with retention defined in advance, and whether every snapshot older than 90 days has a named owner and a documented reason for existing. If yes, the problem stays solved. If not, the long tail will be back in six months.

Back to the library

Part of the learning path Cut your storage bill

Prune old manual RDS snapshots

Old RDS snapshots: the basics

The snapshot that outlived the database

Pruning snapshots in action

Snapshot billing under the hooddeep dive

What is the impact of leaving old snapshots around?

How do you clean up safely?

1. Inventory every manual snapshot

2. Justify each snapshot before touching it

3. Delete or archive — never both ignored

4. Move new backups to AWS Backup

Quick quiz

Keep learning

Old RDS snapshots: what the bill is actually paying for

The snapshot that outlived the database

How a finance partner turns a vague RDS cost spike into a defensible cleanup

The cost model behind the snapshot long tail

What finance can do to drive snapshot hygiene without running CLI commands

1. Put snapshot storage on the team-level chargeback report

2. Make the 90d+ bucket the review trigger, not the total count

3. Budget for legitimate compliance-retention copies at the Archive rate

4. Require a named owner and an expiry date for every snapshot over 90 days

Quick quiz

Keep learning

Old RDS snapshots: the governance gap behind the bill

The snapshot that outlived the database

What cleaning up the snapshot long tail looks like at the leadership level

Why snapshot accumulation is a governance signal, not just a cost signal

The leadership play on snapshot hygiene

1. Set a policy: all backups through AWS Backup, manual snapshots by exception only

2. Require data inventory coverage for all backup storage

3. Track the quarterly cleanup trend, not just the current balance

Quick quiz

Keep learning

Related cost lessons