Description:

This policy ensures that the manual snapshot limit for AWS Directory Service directories is monitored. If the manual snapshot limit is reached, new manual snapshots cannot be created. This can prevent users from being able to restore their directories to a previous point in time.

Rationale:

The manual snapshot limit is a safety feature that prevents users from accidentally creating too many snapshots of their directories. However, it is important to monitor the manual snapshot limit so that users can still create manual snapshots when necessary.

Impact:

If the manual snapshot limit is reached, users will not be able to create new manual snapshots of their directories. This could prevent users from being able to restore their directories to a previous point in time, which could result in data loss.

Default Value:

AWS recommends that the manual snapshot limit be set to 5.

Prerequisites:

  • Access to the AWS Directory Service console or the AWS CLI.

Remediation Steps:

  • If the manual snapshot limit is reached, delete one or more manual snapshots to free up space.
  • If the manual snapshot limit is still reached after deleting manual snapshots, contact AWS support to increase the manual snapshot limit.

Test Plan:

  • Verify that the manual snapshot limit is being monitored.
  • Verify that the manual snapshot limit is not exceeded.

Implementation Plan:

  • Create a process for monitoring the manual snapshot limit.
  • Create a process for deleting manual snapshots to free up space.

AWS CLI Process:

aws directoryservice describe-directories aws directoryservice describe-snapshots aws directoryservice delete-snapshot --snapshot-id <snapshot-id>

Using AWS GUI:

  1. Go to the AWS Directory Service console.
  2. Click on the "Directories" tab.
  3. Select the directory that you want to monitor.
  4. Click on the "Snapshots" tab.
  5. Verify that the manual snapshot limit is not exceeded.

Backout Plan:

  • If the manual snapshot limit is exceeded and you delete a manual snapshot that you need, you can contact AWS support to restore the snapshot.

Note:

  • This policy should be implemented in conjunction with other policies that ensure the availability of Directory Service directories.
  • For more information, see the AWS Directory Service documentation: https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_snapshots.html.

Reference:

  • AWS Directory Service documentation: https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_snapshots.html

Tags and Keywords:

  • directory service
  • manual snapshots
  • snapshot limit
  • monitoring
  • availability