Description:
Lightsail block storage provides additional storage volumes (called “attached disks” in Lightsail) that you can attach to your Lightsail instance, similar to an individual hard drive. Attached disks are useful for applications or software that need to separate out specific data from their core service and to protect application data in case of a failure or other issue with your instance and system disk.
Snapshots are point-in-time backups of instances, databases, or block storage disks. You can create a snapshot of your resources at any time, or you can enable automatic snapshots on instances and disks to have Lightsail create snapshots for you.
Rational:
A snapshot contains all of the data that is needed to restore your resource (from the moment when the snapshot was taken). When you restore a resource by creating it from a snapshot, the new resource begins as an exact replica of the original resource that was used to create the snapshot.
Impact:
Automatic snapshots are a way to schedule daily snapshots of your Linux/Unix instances in Amazon Lightsail. You can pick a time of the day, and Lightsail will automatically take a snapshot for you each day at the time you chose and always keep your seven most recent automatic snapshots.
Default Value:
By default, automatic backups are disabled.
Audit:
Sign into AWS Management console
Go to the Lightsail service at https://lightsail.aws.amazon.com/
Choose and click on the instance you want to examine
Select snapshots tab
Check whether automatic backups are enabled or not
If you notice automatic snapshots are disabled, follow the implementation steps to enable it.
Via CLI:
aws lightsail get-instance --instance-name <value>
The above command will provide all the details related to that mentioned instance, in that output if you found Disabled for autosnapshot it means automatic backup of that instance is not enabled.
Remediation:
Pre-requisites:
Sign in as admin or IAM user with required permissions
Implementation Steps:
Sign into AWS Management console
Go to the Lightsail service at https://lightsail.aws.amazon.com/
Choose and click on the instance you want to enable automatic backup
Select snapshots tab and click on enable the automatic snapshots
“Enable automatic snapshots” wizard will be opened, acknowledge that you understand and click on Yes, Enable
Via CLI:
aws lightsail enable-add-on --resource-name <name> --add-on-request addOnType=AutoSnapshot,autoSnapshotAddOnRequest={snapshotTimeOfDay=23:00}
Backout plan:
Sign into AWS Management console
Go to the Lightsail service at https://lightsail.aws.amazon.com/
Choose and click on the instance you want to disable automatic backup
Select snapshots tab
Disable the automatic snapshots by turning off the toggle, wizard will be poped up there click on Yes, Disable
Note: Your existing automatic snapshots will not get deleted until you delete them, or re-enable automatic snapshots.
Via CLI:
aws lightsail disable-add-on --add-on-type AutoSnapshot --resource-name <name>
Reference:
https://aws.amazon.com/lightsail/
https://docs.aws.amazon.com/cli/latest/reference/lightsail/enable-add-on.html
https://docs.aws.amazon.com/cli/latest/reference/lightsail/disable-add-on.html