Posted On: Oct 4, 2022

AWS Backup now offers a new Backup Vault Lock console experience that provides you a more intuitive way to configure your vault lock details. AWS Backup Vault Lock allows you to deploy and manage your vault’s immutability policies, protecting your backups from accidental or malicious deletions. Depending on your data retention needs, with AWS Backup Vault Lock, you can set governance mode or compliance mode to configure your vault’s immutability policies with greater flexibility and multiple levels of security. Under governance mode, users with the appropriate role-based permissions can test and change retention policies or even remove the lock completely. In compliance mode, the user can specify a lock date after which the vault is locked immutably. Once locked, the acceptable retention periods cannot be changed and the lock cannot be disabled even by the root user. With this feature, the console also provides you with visibility into into your vaults’ lock status and facilitates reporting across all locked vaults. 

To get started with AWS Backup Vault Lock, you can select the backup vault you want to lock. Then, you can select your desired retention period and specify the acceptable retention periods for your vault lock configuration. With AWS Backup, you can set up multiple layers of data protection, including independent copies of backups across multiple AWS Regions and accounts, separate resource access policies, and long-term data retention. 

AWS Backup Vault Lock is available in the US East (Ohio, N. Virginia), US West (N. California, Oregon), Canada (Central), Europe (Frankfurt, Ireland, London, Paris, Stockholm), South America (São Paulo), Asia Pacific (Hong Kong, Mumbai, Seoul, Singapore, Sydney, Tokyo), Middle East (Bahrain), and AWS GovCloud (US) Regions. To learn more about AWS Backup Vault Lock, visit the AWS Backup product page and documentation. Get started with AWS Backup Vault Lock using the AWS Management console, SDKs, or CLI.