Posted On: Nov 15, 2023
Today, Amazon Elastic Block Store (EBS) announced the availability of EBS Snapshot Lock, a new security feature that helps customers comply with their data retention policies and add another layer of protection against inadvertent or malicious deletions of data. Customers use EBS Snapshots to back up their EBS volumes for disaster recovery, data migration and compliance purposes. Customers can set up multiple layers of data protection for EBS Snapshots, including copying them across multiple Amazon Web Services regions and accounts, setting up IAM access policies as well as enabling Recycle Bin. With Snapshot Lock, customers can configure locks on individual snapshots so that they cannot be deleted by anyone, including the account owner, for a specified period of time. Customers have the flexibility of either granting certain users access to modify snapshot lock configurations per their data governance guidelines or implementing stricter controls by ensuring that the lock configuration cannot be modified by anyone, including privileged users. Customers can also rely on this feature to store EBS Snapshots in a WORM (Write-Once-Read-Many) compliant format.
Snapshot Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC Rule 17a-4(f), FINRA Rule 4511, and CFTC Regulation 1.31. A copy of the Cohasset Associates Assessment report can be downloaded from the EBS Snapshot Lock technical documentation.
EBS Snapshot Lock is available in Amazon Web Services China (Beijing) Region, operated by Sinnet and Amazon Web Services China (Ningxia) Region, operated by NWCD. There are no additional charges for using EBS Snapshot Lock. The feature is available to customers through the Amazon Web Services Console, Amazon Command Line Interface (CLI), and Amazon SDKs. To learn more, see the technical documentation on EBS Snapshot Lock.