Great news for customers who are protecting their AWS data with Druva. With our new AWS EBS Recycle Bin feature, you can now recover EBS snapshots from accidental deletion by setting custom retention periods for deleted snapshots. You can enable AWS EBS Recycle Bin for all snapshots in an AWS account, AWS region, or a subset based on tags, and configure the retention period for deleted snapshots. You can choose to recover these deleted snapshots within the retention window. Recovered snapshots retain all metadata including tags, descriptions, and sharing permissions.
What is the AWS EBS Recycle Bin?
AWS EBS Recycle Bin is a data recovery feature that enables you to restore accidentally deleted Amazon EBS snapshots and EBS-backed AMIs. With AWS EBS Recycle Bin, you can now recover EBS snapshots from accidental deletion by setting a custom retention period for deleted snapshots. In the event of accidental deletion, snapshots can be retrieved directly from the Recycle Bin with a single click or an API call.
You can enable AWS EBS Recycle Bin for all snapshots in an account, AWS region, or a subset of them based on tags, and configure the retention period for deleted snapshots. You can then recover these deleted snapshots within the retention window. A recovered snapshot retains all its metadata including tags, descriptions, and sharing permissions.
You may specify access permissions using AWS Identity and Access Management (IAM) so that only authorized admins can configure AWS EBS Recycle Bin.
Why is this useful for AWS customers?
Backup data may be accidentally or maliciously deleted, or users with access to the backup management interface may choose to delete or set backups to expire prior to the intended retention period. While this allows enterprises to manage and remove backups that are no longer important, this may be applied accidentally or maliciously to delete business-critical backups. With AWS EBS Recycle Bin, you can retrieve such backups within the custom retention period configured.
- Business continuity: Protect business-critical data against accidental deletion to ensure business continuity
- Data security: Safeguard from malicious threats and attacks
- Data governance: Ensure retention of critical snapshots as part of regulatory compliance
The Druva AWS EBS Recycle Bin feature supports the following resource types:
- Amazon EBS snapshots
- Amazon EBS-backed AMIs
How to configure the AWS EBS Recycle Bin
To get started with AWS Recycle Bin, you will first need to configure your resources using appropriate tags. Once resources are identified, all associated snapshots will continue to reside in the recycle bin based on the pre-defined retention criteria. You may choose to retrieve these snapshots within the retention period, right from your management console.
Considerations for configuration
Business implications to consider when configuring AWS Recycle Bin:
- Storage costs on retention of deleted snapshots
- Security considerations associated with storing business-critical snapshots
- Compliance and governance on retention
Step 1: Define retention rules in AWS
To enable and use AWS EBS Recycle Bin, you must create retention rules in the AWS Regions in which you want to protect snapshots. Retention rules specify the following:
- The snapshots to be retained in AWS EBS Recycle Bin once they are deleted
- The retention period for which to retain snapshots in the AWS EBS Recycle Bin post deletion
With AWS EBS Recycle Bin, you can create two types of retention rules:
- Tag-level retention rules: Use resource tags to identify the snapshots that are to be retained in the AWS EBS Recycle Bin. For each retention rule, specify one or more key:value pairs. Snapshots tagged with at least one tag key and value pairs that are also specified in the retention rule are automatically retained in the AWS EBS Recycle Bin upon deletion. Use tag-based retention rules to protect specific snapshots in your account based on their tags.
- Region-level retention rules: These retention rules do not have any resource tags specified. They apply to all snapshots in the Region in which they are created, even if the snapshots are not tagged. Use this type of retention rule if you want to protect snapshots within a specific AWS Region.
Snapshots continue to reside in the AWS EBS Recycle Bin until one of the following happens:
- You manually restore it for use. When you restore a snapshot from the AWS EBS Recycle Bin, the snapshot is removed and it immediately becomes available for use as a regular snapshot. You can use restored snapshots in the same way as any other snapshot in your account.
- The retention period expires. If the retention period expires and the snapshot has not been restored from the AWS EBS Recycle Bin, the snapshot is permanently deleted from the AWS EBS Recycle Bin and it can no longer be viewed or restored.
Create retention rules
To create a retention rule, you must specify the Resource Type and the resource tags to identify the snapshots to be retained. The retention rules function only in the Regions in which they are created. For detailed steps on creating retention rules from your AWS console, refer to the AWS documentation.
Step 2: Using tags to configure AWS EBS Recycle Bin
To enable the AWS EBS Recycle Bin, you will need to set up tags to configure resource orchestration. Tags are standardized, case-sensitive key-value pairs that act as metadata to help identify and organize your AWS resources. Use the Add Tags feature to specify the key and the associated value to manage resource orchestration.
- Log into your Druva CloudRanger console and navigate to Resources > EBS.
- Select a resource and then click Add Tags.