Product

Druva Adds AWS EBS Recycle Bin Support for EBS Snapshots

Great news for customers who are protecting their AWS data with Druva. With our new AWS EBS Recycle Bin feature, you can now recover EBS snapshots from accidental deletion by setting custom retention periods for deleted snapshots. You can enable AWS EBS Recycle Bin for all snapshots in an AWS account, AWS region, or a subset based on tags, and configure the retention period for deleted snapshots. You can choose to recover these deleted snapshots within the retention window. Recovered snapshots retain all metadata including tags, descriptions, and sharing permissions.

What is the AWS EBS Recycle Bin?

AWS EBS Recycle Bin is a data recovery feature that enables you to restore accidentally deleted Amazon EBS snapshots and EBS-backed AMIs. With AWS EBS Recycle Bin, you can now recover EBS snapshots from accidental deletion by setting a custom retention period for deleted snapshots. In the event of accidental deletion, snapshots can be retrieved directly from the Recycle Bin with a single click or an API call.

You can enable AWS EBS Recycle Bin for all snapshots in an account, AWS region, or a subset of them based on tags, and configure the retention period for deleted snapshots. You can then recover these deleted snapshots within the retention window. A recovered snapshot retains all its metadata including tags, descriptions, and sharing permissions.  

You may specify access permissions using AWS Identity and Access Management (IAM) so that only authorized admins can configure AWS EBS Recycle Bin.

Why is this useful for AWS customers?

Backup data may be accidentally or maliciously deleted, or users with access to the backup management interface may choose to delete or set backups to expire prior to the intended retention period. While this allows enterprises to manage and remove backups that are no longer important, this may be applied accidentally or maliciously to delete business-critical backups. With AWS EBS Recycle Bin, you can retrieve such backups within the custom retention period configured.

Key advantages

  • Business continuity: Protect business-critical data against accidental deletion to ensure business continuity
  • Data security: Safeguard from malicious threats and attacks
  • Data governance: Ensure retention of critical snapshots as part of regulatory compliance 

Supported resources

The Druva AWS EBS Recycle Bin feature supports the following resource types:

  • Amazon EBS snapshots
  • Amazon EBS-backed AMIs

How to configure the AWS EBS Recycle Bin 

To get started with AWS Recycle Bin, you will first need to configure your resources using appropriate tags. Once resources are identified, all associated snapshots will continue to reside in the recycle bin based on the pre-defined retention criteria. You may choose to retrieve these snapshots within the retention period, right from your management console.

Considerations for configuration 

Business implications to consider when configuring AWS Recycle Bin:

  • Storage costs on retention of deleted snapshots
  • Security considerations associated with storing business-critical snapshots
  • Compliance and governance on retention

Step 1: Define retention rules in AWS

To enable and use AWS EBS Recycle Bin, you must create retention rules in the AWS Regions in which you want to protect snapshots. Retention rules specify the following:

  • The snapshots to be retained in AWS EBS Recycle Bin once they are deleted
  • The retention period for which to retain snapshots in the AWS EBS Recycle Bin post deletion

With AWS EBS Recycle Bin, you can create two types of retention rules:

  • Tag-level retention rules: Use resource tags to identify the snapshots that are to be retained in the AWS EBS Recycle Bin. For each retention rule, specify one or more key:value pairs. Snapshots tagged with at least one tag key and value pairs that are also specified in the retention rule are automatically retained in the AWS EBS Recycle Bin upon deletion. Use tag-based retention rules to protect specific snapshots in your account based on their tags.
  • Region-level retention rules: These retention rules do not have any resource tags specified. They apply to all snapshots in the Region in which they are created, even if the snapshots are not tagged. Use this type of retention rule if you want to protect snapshots within a specific AWS Region.

Snapshots continue to reside in the AWS EBS Recycle Bin until one of the following happens:

  • You manually restore it for use. When you restore a snapshot from the AWS EBS Recycle Bin, the snapshot is removed and it immediately becomes available for use as a regular snapshot. You can use restored snapshots in the same way as any other snapshot in your account.
  • The retention period expires. If the retention period expires and the snapshot has not been restored from the AWS EBS Recycle Bin, the snapshot is permanently deleted from the AWS EBS Recycle Bin and it can no longer be viewed or restored.

Create retention rules

To create a retention rule, you must specify the Resource Type and the resource tags to identify the snapshots to be retained. The retention rules function only in the Regions in which they are created. For detailed steps on creating retention rules from your AWS console, refer to the AWS documentation.

Step 2: Using tags to configure AWS EBS Recycle Bin

To enable the AWS EBS Recycle Bin, you will need to set up tags to configure resource orchestration. Tags are standardized, case-sensitive key-value pairs that act as metadata to help identify and organize your AWS resources. Use the Add Tags feature to specify the key and the associated value to manage resource orchestration.

  1. Log into your Druva CloudRanger console and navigate to Resources > EBS.
  2. Select a resource and then click Add Tags.

     
  3. Define tags with an appropriate Key and associate a relevant Value depending on the selected key. For example:
    Key: Origin; Value: Origin ID
    Key: Region; Value: us-east
    Key: Created by Policy; Value: New Policy
  4. Click Save.

Retrieve Backups from AWS EBS Recycle Bin 

You can restore a resource from the AWS EBS Recycle Bin at any time before its retention period expires. After you restore a resource from the AWS EBS Recycle Bin, the resource is removed from the AWS EBS Recycle Bin and you can use it in the same way that you use any other resource of that type in your account. 

Note: Once the retention period expires and the resource is not restored, the resource is permanently deleted from the AWS EBS Recycle Bin and is no longer available for recovery.

To retrieve backups from AWS EBS Recycle Bin:

  • Log into your Druva CloudRanger console and navigate to Resources > EC2. Select the Backup tab.
  • Set the Location filter to display backups that have been moved to the AWS EBS Recycle Bin.

Note: Click the information icon to know when the snapshot in AWS EBS Recycle Bin is set to expire.

  • Select the backup to restore, and then click Revive from the AWS EBS Recycle Bin.Verify the backup selected for restore, and then click Revive.
  • Once revived, the selected backups will be available in the original backup location.

Next steps

Druva’s goal is to make your life easy. Our built-in security features will help protect you from malicious insiders and enable you to easily protect your data and snapshots. Even if an insider threat causes problems, you will now have a wall of defense that will give you another chance to roll back from the AWS EBS Recycle Bin.

Learn how you can protect your AWS data without breaking the bank by downloading our latest whitepaper, or request a demo from our team of AWS experts.