Protect critical data with ease using Amazon EBS snapshots (STG205)

Here is a detailed summary of the video transcription in Markdown format, broken down into sections:

Introduction

• The session focuses on protecting critical data using Amazon EBS snapshots.
• The presenters are Siri (EBS Product Manager), JP (Head of Business Continuity Architecture at SAP), and Denton (EBS Product Manager).

AWS Storage Portfolio Overview

• AWS offers a range of storage solutions, including:
  • Object storage: Amazon S3
  • Block storage: Amazon EBS
  • File storage: Amazon EFS and Amazon FSX
• These services integrate seamlessly and help customers build secure and reliable data estates.

Understanding EBS Snapshots

• EBS snapshots are point-in-time copies of EBS volumes.
• Snapshots are incremental, meaning only the changed data is stored.
• Key use cases for snapshots include:
  1. Backup and disaster recovery
  2. Refresh, scale-up, and data handoff workflows
  3. Backup of on-premises data for migration to the cloud
  4. Integrations with third-party automation and orchestration solutions

EBS Snapshot Basics

• Snapshots contain all the data required to restore a volume to the state when the snapshot was taken.
• Subsequent snapshots only store the incremental changes, reducing storage costs.

Security Aspects of EBS Snapshots

Encryption

• EBS offers encryption integration with AWS Key Management Service (KMS).
• Encrypted volumes and snapshots can be copied and re-encrypted with different keys.
• Encryption by Default can be enabled at the account level to enforce encryption for all future EBS resources.

Snapshot Sharing

• Snapshots are private by default, but can be shared with other AWS accounts.
• Block Public Access can be enabled to prevent public sharing of snapshots.

Snapshot Lock

• Snapshot Lock provides immutability and write-once-read-many (WORM) protection.
• Snapshots can be locked in Governance mode (editable) or Compliance mode (non-editable).
• Locked snapshots cannot be deleted or modified during the specified retention period.

Immutability and Ransomware Protection for SAP RISE

• JP discusses how SAP RISE leverages EBS snapshots and Snapshot Lock for immutability and ransomware protection.
• SAP RISE uses a combination of EBS snapshots, Lambda functions for lifecycle management, and Snapshot Lock to achieve:
  • Faster backup and restore times
  • Resilience through regional snapshot storage
  • No performance impact on applications
  • Flexible lifecycle management
  • Cost-effective backups
  • Encryption using KMS keys
  • Immutability and ransomware protection

Data Protection with Amazon Data Lifecycle Manager (DLM)

• DLM is a policy-based lifecycle management solution for EBS snapshots.
  • Customers can create policies to automate snapshot creation, retention, and archiving.
• DLM supports application-consistent snapshots by integrating with AWS Systems Manager.
• Default Policies in DLM can automatically protect all EBS volumes in an account, reducing the risk of unprotected data.

Recycle Bin for EBS Snapshots and AMIs

• Recycle Bin helps protect against accidental or malicious deletion of snapshots and AMIs.
• Customers can create retention rules to specify which resources should be placed in Recycle Bin when deleted.
• Rule Lock feature prevents modification of retention rules, even by malicious actors.
• Exclusion tags can be used to bypass Recycle Bin for non-essential resources.

Conclusion

• The presenters encourage attendees to try out the recent features, such as time-based snapshot copy and Recycle Bin with exclusion tags.
• A hands-on builder session on EBS-related features is coming up next.