Logo of Trend Micro
Use the Knowledge Base AI to help improve your Cloud Posture

Configure Exponential Backoff for Retries

Trend Vision One™ provides continuous assurance that gives peace of mind for your cloud infrastructure, delivering over 1100 automated best practice checks.

Risk Level: Medium (should be achieved)

Ensure that the retry policy for your Cloud Tasks queue includes an exponential backoff configuration in order to reduce the risk of overwhelming downstream services during failures. In Cloud Tasks, a task will be retried after a failure within the duration specified by the "minBackoff" and "maxBackoff" parameters. Before running this conformity rule, ensure the "minBackoff" and "maxBackoff" parameters are set in the Trend Cloud One™ – Conformity account settings for exponential backoff.

Reliability
Performance
efficiency

Exponential backoff for retries in Google Cloud Tasks queues increases the delay between retry attempts after each failure. Setting "minBackoff" and "maxBackoff" flags is important to control the minimum and maximum retry intervals. "minBackoff" sets the initial delay, while "maxBackoff" sets the upper limit, preventing excessive delays and ensuring eventual retry termination. This strategy prevents overwhelming failing services and allows for temporary recovery.

Audit

To determine if exponential backoff for retries is configured for your Google Cloud Tasks queues, perform the following operations:

Using GCP Console

01 Sign in to your Trend Cloud One™ – Conformity account, access the Configure Exponential Backoff for Retries conformity rule settings and identify the backoff configuration for retries (i.e., minBackoff and maxBackoff values) defined for the rule.

02 Sign in to the Google Cloud Management Console.

03 Select the Google Cloud Platform (GCP) project that you want to examine from the console top navigation bar.

04 Navigate to Cloud Tasks Queues console available at https://console.cloud.google.com/cloudtasks to access the list of Cloud Tasks queues available for the selected GCP project.

05 Click on the name (link) of the queue that you want to examine and select the CONFIGURATION tab to view the configuration settings available for the selected resource.

06 In the Retry parameters section, check the values of the Min interval and Max interval attributes to determine the backoff configuration for retries set for your queue. If the backoff configuration available is different than the one identified in step 1, the selected Cloud Tasks queue is not using an exponential backoff configuration.

07 Repeat steps no. 5 and 6 for each Cloud Tasks queue available within the selected GCP project.

08 Repeat steps no. 3 - 7 for each project deployed within your Google Cloud account.

Using GCP CLI

01 Sign in to your Trend Cloud One™ – Conformity account, access the Configure Exponential Backoff for Retries conformity rule settings and identify the backoff configuration for retries (i.e., minBackoff and maxBackoff values) defined for the rule.

02 Run projects list command (Windows/macOS/Linux) with custom output filters to list the ID of each project available in your Google Cloud Platform (GCP) account: 

gcloud projects list
	--format="table(projectId)"

03 The command output should return the requested GCP project IDs: 

PROJECT_ID
cc-web-project-123123
cc-iot-project-112233

04 Run tasks queues list command (Windows/macOS/Linux) with the ID of the GCP project that you want to examine as the identifier parameter and custom output filters to describe the ID (i.e., fully qualified identifier) of each Cloud Tasks queue created for the selected project, in the specified region: 

gcloud tasks queues list
	--project="cc-web-project-123123"
	--location="us-central1"
	--format="default(name)"

05 The command output should return the requested queue IDs: 

---
name: projects/cc-web-project-123123/locations/us-central1/queues/cc-app-notification-queue
---
name: projects/cc-web-project-123123/locations/us-central1/queues/cc-invoice-release-queue

06 Run tasks queues describe command (Windows/macOS/Linux) with the ID of the Cloud Tasks queue that you want to examine as the identifier parameter, to describe the backoff configuration (i.e., minBackoff and maxBackoff) for retries, available for the selected queue. 

gcloud tasks queues describe projects/cc-web-project-123123/locations/us-central1/queues/cc-app-notification-queue
	--format="default(retryConfig.minBackoff,retryConfig.maxBackoff)"

07 The command output should return the requested configuration values: 

retryConfig:
	minBackoff: 0.100s
	maxBackoff: 1s

If the backoff configuration set for your queue, returned by the tasks queues describe command output, is different than the one identified in step 1, the selected Cloud Tasks queue is not using an exponential backoff configuration.

08 Repeat steps no. 6 and 7 for each Cloud Tasks queue available in the selected GCP project.

09 Repeat steps no. 4 – 8 for each GCP project deployed in your Google Cloud account.

Remediation / Resolution

To ensure that the retry policy defined for your Google Cloud Tasks queues includes a compliant, exponential backoff configuration, perform the following operations:

Using GCP Console

01 Sign in to your Trend Cloud One™ – Conformity account, access the Configure Exponential Backoff for Retries conformity rule settings and copy the backoff configuration for retries (i.e., minBackoff and maxBackoff values) defined for the rule.

02 Sign in to the Google Cloud Management Console.

03 Select the Google Cloud Platform (GCP) project that you want to access from the console top navigation bar.

04 Navigate to Cloud Tasks Queues console available at https://console.cloud.google.com/cloudtasks to access the list of Cloud Tasks queues available for the selected GCP project.

05 Click on the name (link) of the queue that you want to configure and choose EDIT QUEUE from the top menu to modify the queue configuration.

06 In the Retry configuration section, replace the existing values in the Min backoff and Max backoff fields with the minBackoff and maxBackoff values copied in step 1 to configure exponential backoff for the retry policy associated with the selected Cloud Tasks queue. Choose SAVE to apply the changes.

07 Repeat steps no. 5 and 6 for each Cloud Tasks queue that you want to configure, available within the selected GCP project.

08 Repeat steps no. 3 – 7 for each GCP project deployed in your Google Cloud account.

Using GCP CLI

01 Sign in to your Trend Cloud One™ – Conformity account, access the Configure Exponential Backoff for Retries conformity rule settings and copy the backoff configuration for retries (i.e., minBackoff and maxBackoff values) defined for the rule.

02 Run tasks queues update command (OSX/Linux/UNIX) with the ID of the Cloud Tasks queue that you want to configure as the identifier parameter, to configure exponential backoff for the retry policy associated with the selected queue. Use the minBackoff and maxBackoff values copied in step 1 for the --min-backoff and --max-backoff command parameters to set exponential backoff. --min-backoff sets the minimum amount of time in seconds to wait before retrying a task after it fails, while --max-backoff sets the maximum amount of time in seconds to wait before retrying a task after it fails. 

gcloud tasks queues update projects/cc-web-project-123123/locations/us-central1/queues/cc-app-notification-queue
	--min-backoff=1s
	--max-backoff=3600s

03 The command output should return the update operation status: 

Updated queue [us-central1/cc-app-notification-queue].

04 Repeat steps no. 2 and 3 for each Cloud Tasks queue that you want to configure, available in the selected GCP project.

05 Repeat steps no. 2 – 4 for each GCP project deployed in your Google Cloud account.

References

Publication date Mar 27, 2025

Related CloudTasks rules