Profile Applicability:

  • Level 1

Description:

Amazon Elastic Block Store (EBS) allows you to create snapshots of your volumes, which are point-in-time copies of the data on your EBS volumes. EBS snapshots can be used for backup purposes, data migration, or disaster recovery. This SOP ensures that EBS snapshots exist for the EC2 instances' EBS volumes to ensure proper data backup practices are followed.

Rationale:

EBS snapshots are an important part of data backup and disaster recovery strategies. Ensuring that EBS snapshots exist for critical EC2 instances provides protection against data loss, instance failure, or accidental data corruption. Regular snapshots can help in recovering the data in case of issues and are a best practice for maintaining operational continuity.

Impact:

Pros:

  • Data Backup: EBS snapshots provide reliable data backups that are easy to restore in case of failure or corruption.

  • Disaster Recovery: Snapshots provide a mechanism for recovering volumes and restoring data in emergencies.

  • Compliance: Regular snapshots help meet compliance requirements related to data protection.

Cons:

  • Storage Costs: Snapshots are stored in Amazon S3, and there could be associated costs based on the number of snapshots and the amount of data.

  • Snapshot Management: Excessive or outdated snapshots can lead to clutter and need to be managed appropriately to avoid unnecessary storage usage.

Default Value:

By default, EBS snapshots are not automatically created unless explicitly configured (e.g., via AWS Backup or Amazon Data Lifecycle Manager). You must manually create or automate snapshot creation for your EC2 instances’ EBS volumes.

Pre-requisite:

  • AWS IAM Permissions:

    • ec2:DescribeSnapshots

    • ec2:DescribeVolumes

  • AWS CLI installed and configured.

  • Familiarity with Amazon EBS, AWS EC2, and EBS snapshot management.

Remediation:

Test Plan:

Using AWS Console:

  1. Sign in to the AWS Management Console.

  2. Navigate to EC2 under Services.

     

  1. In the left-hand navigation pane,select Snapshots under Elastic Block Store.

               

  1. Review the list of existing snapshots:

    • Ensure snapshots exist for all critical EC2 instances or EBS volumes.

    • If no snapshots are found for specific volumes, these volumes may require backup snapshots.

  2. Verify the snapshot details for volume consistency and retention policies.

Using AWS CLI:

To list all EBS snapshots in your account, run the following command:

aws ec2 describe-snapshots --query 'Snapshots[*].{ID:SnapshotId,VolumeID:VolumeId,State:State,StartTime:StartTime}' --output table

Review the output for any snapshots associated with critical EC2 instances or EBS volumes.

  • The State field should be "completed" to confirm the snapshot is ready.

  • If no snapshots exist or if they are in an incomplete state, further action is needed.

Optionally, to list snapshots associated with a specific volume, use:

aws ec2 describe-snapshots --filters Name=volume-id,Values <volume-id> --query 'Snapshots[*].{ID:SnapshotId,State:State}' --output table

Implementation Steps:

Using AWS Console:

  1. Log in to the AWS Management Console  

  2. Navigate to EC2.

       

  1. In the Elastic Block Store section, select Snapshots.

               

  1. Verify if snapshots are listed for the volumes you need to check.

     

  1. If no snapshots exist for specific EBS volumes, you can create new snapshots by selecting the Create Snapshot option and selecting the desired volume.

     

Using AWS CLI:

Run the following command to list all EBS snapshots:

aws ec2 describe-snapshots --query 'Snapshots[*].{ID:SnapshotId,VolumeID:VolumeId,State:State,StartTime:StartTime}' --output table

To list snapshots for a specific volume, use the following command:

aws ec2 describe-snapshots --filters Name=volume-id,Values <volume-id> --query 'Snapshots[*].{ID:SnapshotId,State:State}' --output table

Ensure that snapshots exist for your required volumes and that their State is "completed."

Backout Plan:

If you discover that no snapshots exist or the snapshots are incomplete:

Create new snapshots for the missing volumes using the AWS Console or AWS CLI:

aws ec2 create-snapshot --volume-id <volume-id> --description "Snapshot for backup"

Review the snapshot status and ensure that it completes successfully:

aws ec2 describe-snapshots --snapshot-id <snapshot-id> --query 'Snapshots[*].{State:State}'

Re-run the snapshot verification after the new snapshots are created to confirm successful backup.

References:

CIS Controls Mapping:

Version

Control ID

Control Description

IG1

IG2

IG3

v8

3.4

Encrypt Data on End-User Devices – Ensure data encryption during file system access.

v8

6.7

Implement Application Layer Filtering and Content Control – Ensure appropriate content filtering is applied to sensitive files.

v8

6.8

Define and Maintain Role-Based Access Control – Implement and manage role-based access for file systems.

aws ec2 create-snapshot --volume-id <volume-id> --description "Snapshot for backup"