Posted On: Nov 15, 2023

Today, Amazon EBS announced the availability of Snapshot Lock, a new security feature that helps customers comply with their data retention policies and add another layer of protection against inadvertent or malicious deletions of data. Customers use EBS Snapshots to back up their EBS volumes for disaster recovery, data migration, and compliance purposes. Customers can set up multiple layers of data protection for EBS Snapshots, including copying them across multiple AWS regions and accounts, setting up IAM access policies as well as enabling Recycle Bin. With Snapshot Lock, customers can configure locks on individual snapshots so that they cannot be deleted by anyone, including the account owner, for a specified period of time. Customers have the flexibility of granting certain users access to modify snapshot lock configurations per their data governance guidelines or implementing stricter controls by ensuring that the lock configuration cannot be modified by anyone, including privileged users. Customers can also rely on this feature to store EBS Snapshots in a WORM (Write-Once-Read-Many) compliant format.

Snapshot Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC Rule 17a-4(f), FINRA Rule 4511, and CFTC Regulation 1.31. A copy of the assessment report can be downloaded from the technical documentation.

Snapshot Lock is available in all AWS commercial Regions and the AWS GovCloud (US) Regions, through the AWS Console, AWS Command Line Interface (CLI), and AWS SDKs. There are no additional charges for using EBS Snapshot Lock. To learn more, see the technical documentation on Snapshot Lock.