Posted On: Nov 23, 2022

Today, Amazon Elastic Block Store (EBS) announced the availability of Rule Lock for Recycle Bin so customers can lock their Region-level retention rules to prevent them from being unintentionally modified or deleted. This new setting adds an additional layer of protection for customers to recover their EBS Snapshots and EC2 AMIs in case of inadvertent or malicious deletions. 

Customers can set up retention rules in Recycle Bin to recover from accidental deletions of their EBS Snapshots and EC2 AMIs. Each rule specifies the retention period for which resources are retained in the Recycle Bin after their initial deletion. Now, with the Rule Lock setting, customers can lock their retention rules so that they cannot be modified or deleted by any user, including Recycle Bin administrators. Customers can now specify a rule unlock delay period (between 7 and 30 days) after which a locked rule can be modified, giving them a layer of protection against unintentional or malicious deletions of their snapshots and AMIs. This unlock delay period gives customers adequate time to take corrective actions between the time that a user unlocks a rule and when the rule is actually available for editing or deletion.

Rule Lock for Recycle Bin is available in all AWS commercial regions and the AWS GovCloud (US) Regions. Resources in the Recycle Bin are billed at their standard rates and there are no additional charges for using Rule Lock for Recycle Bin. The Rule Lock setting is available to customers through the AWS Console, AWS Command Line Interface (CLI), or AWS SDKs. To learn more, see the technical documentation on Rule Lock for Recycle Bin.