CloudWiki
Resource
Detect, troubleshoot & optimize AWS environments in real-time ->

Amazon Web Service (AWS)

EBS Snapshots

Storage
EBS snapshots are incremental point-in-time copy of data of EBS volumes, stored in Amazon S3, that contain all the information needed to restore in case of disaster-recovery or for data migration across regions and accounts.
Costs
The cost of using Amazon Elastic Block Store (EBS) snapshots in Amazon Web Services (AWS) depends on the amount of data stored and the amount of data transferred. For storage, you are charged based on the amount of data stored in your EBS snapshots. The cost of storage varies depending on the region you are using. For data transfer, you are charged based on the amount of data transferred in and out of your EBS snapshots. The cost of data transfer varies depending on the region you are using.
Direct Cost

<Region>-EBS:SnapshotUsage

Indirect Cost
No items found.
Terraform Name
aws_ebs_snapshot
EBS Snapshots
attributes:
  • volume_id - (Required) The Volume ID of which to make a snapshot.
  • description - (Optional) A description of what the snapshot is.
  • outpost_arn - (Optional) The Amazon Resource Name (ARN) of the Outpost on which to create a local snapshot.
  • storage_tier - (Optional) The name of the storage tier. Valid values are archive and standard. Default value is standard.
  • permanent_restore - (Optional) Indicates whether to permanently restore an archived snapshot.
  • temporary_restore_days - (Optional) Specifies the number of days for which to temporarily restore an archived snapshot. Required for temporary restores only. The snapshot will be automatically re-archived after this period.
  • tags - (Optional) A map of tags to assign to the snapshot. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
Associating resources with a
EBS Snapshots
Resources do not "belong" to a
EBS Snapshots
Rather, one or more Security Groups are associated to a resource.
Create
EBS Snapshots
via Terraform:
The following HCL creates an EBS snapshot from an EBS volume
Syntax:

resource "aws_ebs_volume" "example" {
 availability_zone = "us-west-2a"
 size              = 40

 tags = {
   Name = "HelloWorld"
 }
}

resource "aws_ebs_snapshot" "example_snapshot" {
 volume_id = aws_ebs_volume.example.id

 tags = {
   Name = "HelloWorld_snap"
 }
}

Create
EBS Snapshots
via CLI:
Parametres:

create-snapshot
[--description <value>]
[--outpost-arn <value>]
--volume-id <value>
[--tag-specifications <value>]
[--dry-run | --no-dry-run]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]
[--no-cli-pager]
[--cli-auto-prompt]
[--no-cli-auto-prompt]

Example:

aws ec2 create-snapshot --volume-id vol-1234567890abcdef0 --description 'Prod backup' --tag-specifications 'ResourceType=snapshot,Tags=[{Key=purpose,Value=prod},{Key=costcenter,Value=123}]'

Best Practices for
EBS Snapshots

Categorized by Availability, Security & Compliance and Cost

Medium
EBS snapshots not in use
AWS Cost Optimization
AWS Well-Architected Framework
Medium
Ensure EBS snapshots are encrypted
Security & Compliance
PCI-DSS
GDPR
HIPAA
NIST4
HITRUST
Critical
Ensure EBS snapshots are not publicly accessible
Security & Compliance
GDPR
NIST4
PCI-DSS
AWS Well-Architected Framework
HITRUST
Low
Ensure there are no EBS snapshots older than a month
AWS Cost Optimization
AWS Well-Architected Framework
Explore all the rules our platform covers
Related blog posts
Hands-on Guide: How to Find and Remove Orphaned EBS Snapshots
All Resources
Compute
Athena
Auto Scaling Group
Availability Zone
EC2
ECS
ECS Task Definition
EKS
Lambda Function
Region
SageMaker Notebook
Database
DMS
DocumentDB
DynamoDB
EMR
ElastiCache
Glue
OpenSearch
RDS
Network
ALB
API Gateway
CloudFront
Direct Connect
Direct Connect Gateway
ELB
ENI
Elastic IP
GLB
Internet Gateway
NAT Gateway
NLB
Prefix List
Route 53
Route Table
Site-to-Site VPN Connection
Subnet
Target Group
Transit Gateway
VPC
VPC Endpoint
VPC Peering
VPN Customer Gateway
Virtual Private Gateway
Permission
IAM Account Password Policy
IAM Group
IAM Policy
IAM Role
IAM User
Instance Profile
Queue
Kinesis
MSK
SES
SNS
SQS
Security
CloudWatch
GuardDuty
Config
WAF
Network ACL
KMS
Security Group
Storage
EFS
S3 Glacier
AMI
EBS Snapshots
EBS Volume
S3 Bucket
Kubernetes
Network Policy
StatefulSet
Service
ReplicaSet
Namespace
Ingress
Endpoints
Deployment
Service Account
Pod