Profile Applicability:
Level 1
Description:
Amazon Elastic Block Store (EBS) provides persistent block storage volumes for Amazon EC2 instances. EBS snapshots are point-in-time backups of EBS volumes, allowing you to protect your data by enabling data recovery and disaster recovery scenarios.
Snapshot lifecycle policies help automate the creation, retention, and deletion of EBS snapshots. Defining EBS Snapshot Lifecycle Policies allows for automated snapshot management to ensure that old, unnecessary snapshots are deleted, minimizing storage costs and meeting regulatory requirements for data retention and protection.
Rationale:
Defining EBS Snapshot Lifecycle Policies is critical for:
Cost Management: Automatically deleting old snapshots that are no longer required can reduce costs associated with storing snapshots.
Regulatory Compliance: Helps ensure that you are retaining snapshots for the required time frame to meet compliance standards, and automating the deletion of expired data.
Operational Efficiency: Automation reduces manual intervention for snapshot management and minimizes human error.
Data Protection: Ensures timely backups and safe deletion of outdated snapshots, allowing for disaster recovery and data protection.
Impact:
Pros:
Cost Efficiency: By automatically removing obsolete snapshots, you can reduce unnecessary storage costs.
Regulatory Compliance: Helps maintain compliance with data retention policies by automating the creation and deletion of snapshots.
Time Savings: Automates manual snapshot management tasks, reducing administrative overhead.
Improved Data Management: Enhances consistency and reliability in managing snapshots and their retention.
Cons:
Risk of Deletion: Improper configuration of the lifecycle policy may result in the premature deletion of necessary snapshots.
Initial Setup Complexity: Requires careful configuration of lifecycle policies to ensure that snapshots are managed properly.
Retention Management: Overly aggressive policies could result in the loss of data if snapshots are deleted too early.
Default Value:
By default, EBS Snapshot Lifecycle Policies are not defined. You must manually configure and define lifecycle policies for managing EBS snapshots.
Pre-requisite:
AWS IAM Permissions:
ec2:DescribeSnapshots
ec2:CreateSnapshot
ec2:DeleteSnapshot
ec2:ModifySnapshotAttribute
ec2:CreateTags
AWS CLI installed and configured.
Amazon EC2 and Amazon EBS should be properly set up and running.
AWS Backup or Lifecycle Policies feature available in the region.
Understanding of Amazon EBS snapshots and lifecycle management.
Remediation:
Test Plan:
Using AWS Console:
Sign in to the AWS Management Console.
Navigate to EC2 under Services.
In the Snapshots section, verify if Snapshot Lifecycle Policies have been defined:
Go to Lifecycle Manager under Elastic Block Store.
Check for any defined Snapshot Lifecycle Policies.
If no policies are defined, click Create lifecycle policy to define a policy:
Define the frequency of snapshots (e.g., daily, weekly).
Set retention rules for how long snapshots should be kept before they are deleted.
Apply tags to manage and filter the snapshots.
Verify that the Snapshot Lifecycle Policies apply to the desired EBS volumes or instances.
Using AWS CLI:
To list all EBS snapshot lifecycle policies in your account, use:
aws ec2 describe-snapshot-lifecycle-policies
To create a new snapshot lifecycle policy, run the following:
aws backup create-backup-plan --backup-plan "{ \"BackupPlanName\": \"MyBackupPlan\", \"Rules\": [ { \"RuleName\": \"DailySnapshot\", \"TargetBackupVaultName\": \"Default\", \"ScheduleExpression\": \"cron(0 12 * * ? *)\", \"Lifecycle\": { \"MoveToColdStorageAfterDays\": 30, \"DeleteAfterDays\": 60 } } ] }"
Verify the newly created snapshot lifecycle policy by running:
aws backup describe-backup-plan --backup-plan-id <backup-plan-id>
Implementation Steps:
Using AWS Console:
Sign in to the AWS Management Console.
Navigate to EC2 and click on Lifecycle Manager in the left-hand navigation.
Click Create lifecycle policy.
Fill in the policy details, including:
Policy Name: Define the policy name.
Policy Type: Choose EBS Snapshot Management.
Schedule: Set the frequency of snapshots (e.g., daily, weekly).
Retention: Define how long to retain snapshots before deletion.
Select the EBS volumes or instances for which the policy applies.
Click Create Policy to finalize the configuration.
Verify that the policy is applied by checking the Snapshots section and ensuring that snapshots are automatically created and deleted according to the policy.
Using AWS CLI:
To create a snapshot lifecycle policy, run the following command:
aws ec2 create-snapshot-lifecycle-policy --policy-name <policy-name> --schedule-expression "cron(0 0 * * ? *)" --retention-period-days 30 --volume-id <volume-id>
To list the snapshot policies, use:
aws ec2 describe-snapshot-lifecycle-policies
To confirm the policy has been applied, check the snapshots:
aws ec2 describe-snapshots --filters "Name=tag:Name,Values=<policy-name>"
Backout Plan:
Console Process
Go to the Amazon EC2 Console:
Open the EC2 Management Console.
Navigate to Lifecycle Manager:
Under Elastic Block Store, click on Lifecycle Manager.
Create a New Policy:
Click Create Lifecycle Policy.
Select the policy type as EBS Snapshot Management.
Define Policy Details:
Specify:
Target volumes (e.g., based on tags like Environment=Production).
Schedule for taking snapshots.
Retention rules (e.g., keep snapshots for 30 days).
Save the policy.
CLI Process
Create a Lifecycle Policy:
aws dlm create-lifecycle-policy \ --execution-role-arn <role-arn> \ --description "EBS Snapshot Lifecycle Policy" \ --state ENABLED \ --policy-details file://policy-details.json
Define Policy in a JSON File (e.g., policy-details.json):
json { "ResourceTypes": ["VOLUME"], "TargetTags": [ { "Key": "Environment", "Value": "Production" } ], "Schedules": [ { "Name": "DailySnapshots", "CreateRule": { "Interval": 24, "IntervalUnit": "HOURS" }, "RetainRule": { "Count": 30 } } ] }
Verify the Policy:
aws dlm get-lifecycle-policies
Note:
Monitoring: Set up CloudWatch metrics and SNS notifications to alert you when snapshots are created, deleted, or fail to be created as per the defined lifecycle policy.
Automation: Consider using AWS Backup or other automation tools to back up not only EBS snapshots but also other critical AWS resources.