AWS re:Invent 2023
Implement Proactive Data Protection Using Amazon Ebs Snapshots Stg226

Title

AWS re:Invent 2023 - Implement proactive data protection using Amazon EBS snapshots (STG226)

Summary

  • Introduction to EBS Snapshots: EBS Snapshots are point-in-time backups of EBS volumes that are incremental and crash consistent. They can be shared and copied across AWS accounts and regions for disaster recovery purposes.

  • DLM Support for Custom Pre/Post Script Automation: This feature allows for the creation of application-consistent snapshots, particularly for self-managed databases on EC2 instances. Users can automate this process through Data Lifecycle Manager (DLM) by using Systems Manager documents to run necessary commands before and after snapshot creation.

  • Amazon Data Lifecycle Manager Default Policies: Default policies continuously scan for recent backups of assigned critical applications and create backups only when necessary, saving costs and reducing management overhead. Users can exclude non-critical applications and temporary volumes from these policies.

  • Blocked Public Access for Amazon EBS Snapshots: Users can now block public access to EBS snapshots at the account level for a specific region. This setting is available in two modes: block all public sharing and block new public sharing.

  • Snapshot Lock: This feature allows users to lock EBS snapshots to prevent deletion, ensuring data immutability. It is available in governance mode (which allows certain users to modify the lock) and compliance mode (which is more restrictive and does not allow any modifications to the lock).

Insights

  • Incremental Nature of Snapshots: The incremental nature of EBS snapshots means that only the blocks on the EBS volume that have changed after the most recent snapshot are saved, which optimizes storage usage and cost.

  • Application-Consistent Snapshots: The ability to create application-consistent snapshots is crucial for databases and applications that require a consistent state for recovery purposes. The integration with AWS Systems Manager for automation enhances the reliability and efficiency of this process.

  • Cost Optimization with Default Policies: The introduction of default policies reflects AWS's commitment to cost optimization and simplified management. By only creating backups when necessary and excluding non-critical resources, AWS helps customers avoid unnecessary costs and administrative burden.

  • Security Enhancements: The block public access feature and snapshot lock are significant security enhancements. They help prevent accidental or malicious sharing and deletion of snapshots, which is particularly important in the context of increasing security threats like ransomware.

  • Regulatory Compliance: The snapshot lock feature, especially in compliance mode, is designed to help customers meet regulatory requirements for data retention and immutability, such as those required for WORM (Write Once, Read Many) compliance.

  • User Flexibility and Control: AWS provides users with flexibility and control over their snapshots and backup policies. The settings for public access and snapshot lock allow users to tailor the level of security and immutability to their specific needs and use cases.

Immersive Shopping Experience with Amazon Anywhere Amz201Implement Real Time Event Patterns with Websockets and Aws Appsync Fwm204