CloudWiki

Amazon Web Service (AWS)

EBS Snapshots

Storage
EBS snapshots are incremental point-in-time copy of data of EBS volumes, stored in Amazon S3, that contain all the information needed to restore in case of disaster-recovery or for data migration across regions and accounts.
aws_ebs_snapshot
EBS Snapshots
attributes:
  • volume_id - (Required) The Volume ID of which to make a snapshot.
  • description - (Optional) A description of what the snapshot is.
  • outpost_arn - (Optional) The Amazon Resource Name (ARN) of the Outpost on which to create a local snapshot.
  • storage_tier - (Optional) The name of the storage tier. Valid values are archive and standard. Default value is standard.
  • permanent_restore - (Optional) Indicates whether to permanently restore an archived snapshot.
  • temporary_restore_days - (Optional) Specifies the number of days for which to temporarily restore an archived snapshot. Required for temporary restores only. The snapshot will be automatically re-archived after this period.
  • tags - (Optional) A map of tags to assign to the snapshot. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
Associating resources with a
EBS Snapshots
Resources do not "belong" to a
EBS Snapshots
Rather, one or more Security Groups are associated to a resource.
Create
EBS Snapshots
via Terraform:
The following HCL creates an EBS snapshot from an EBS volume
Syntax:

resource "aws_ebs_volume" "example" {
 availability_zone = "us-west-2a"
 size              = 40

 tags = {
   Name = "HelloWorld"
 }
}

resource "aws_ebs_snapshot" "example_snapshot" {
 volume_id = aws_ebs_volume.example.id

 tags = {
   Name = "HelloWorld_snap"
 }
}

Create
EBS Snapshots
via CLI:
Parametres:

create-snapshot
[--description <value>]
[--outpost-arn <value>]
--volume-id <value>
[--tag-specifications <value>]
[--dry-run | --no-dry-run]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]
[--no-cli-pager]
[--cli-auto-prompt]
[--no-cli-auto-prompt]

Example:

aws ec2 create-snapshot --volume-id vol-1234567890abcdef0 --description 'Prod backup' --tag-specifications 'ResourceType=snapshot,Tags=[{Key=purpose,Value=prod},{Key=costcenter,Value=123}]'

Best Practices for
EBS Snapshots

Categorized by Availability, Security & Compliance and Cost

Warning
EBS snapshots not in use
Warning
Ensure EBS snapshots are encrypted
Critical
Ensure EBS snapshots are not publicly accessible
Info
Ensure there are no EBS snapshots older than a month
Explore all the rules our platform covers
All Resources