Protect critical data with ease using Amazon EBS snapshots (STG205)

Here is a detailed summary of the video transcription in Markdown format, broken down into sections:

Introduction

  • The session focuses on protecting critical data using Amazon EBS snapshots.
  • The presenters are Siri (EBS Product Manager), JP (Head of Business Continuity Architecture at SAP), and Denton (EBS Product Manager).

AWS Storage Portfolio Overview

  • AWS offers a range of storage solutions, including:
    • Object storage: Amazon S3
    • Block storage: Amazon EBS
    • File storage: Amazon EFS and Amazon FSX
  • These services integrate seamlessly and help customers build secure and reliable data estates.

Understanding EBS Snapshots

  • EBS snapshots are point-in-time copies of EBS volumes.
  • Snapshots are incremental, meaning only the changed data is stored.
  • Key use cases for snapshots include:
    1. Backup and disaster recovery
    2. Refresh, scale-up, and data handoff workflows
    3. Backup of on-premises data for migration to the cloud
    4. Integrations with third-party automation and orchestration solutions

EBS Snapshot Basics

  • Snapshots contain all the data required to restore a volume to the state when the snapshot was taken.
  • Subsequent snapshots only store the incremental changes, reducing storage costs.

Security Aspects of EBS Snapshots

Encryption

  • EBS offers encryption integration with AWS Key Management Service (KMS).
  • Encrypted volumes and snapshots can be copied and re-encrypted with different keys.
  • Encryption by Default can be enabled at the account level to enforce encryption for all future EBS resources.

Snapshot Sharing

  • Snapshots are private by default, but can be shared with other AWS accounts.
  • Block Public Access can be enabled to prevent public sharing of snapshots.

Snapshot Lock

  • Snapshot Lock provides immutability and write-once-read-many (WORM) protection.
  • Snapshots can be locked in Governance mode (editable) or Compliance mode (non-editable).
  • Locked snapshots cannot be deleted or modified during the specified retention period.

Immutability and Ransomware Protection for SAP RISE

  • JP discusses how SAP RISE leverages EBS snapshots and Snapshot Lock for immutability and ransomware protection.
  • SAP RISE uses a combination of EBS snapshots, Lambda functions for lifecycle management, and Snapshot Lock to achieve:
    • Faster backup and restore times
    • Resilience through regional snapshot storage
    • No performance impact on applications
    • Flexible lifecycle management
    • Cost-effective backups
    • Encryption using KMS keys
    • Immutability and ransomware protection

Data Protection with Amazon Data Lifecycle Manager (DLM)

  • DLM is a policy-based lifecycle management solution for EBS snapshots.
    • Customers can create policies to automate snapshot creation, retention, and archiving.
  • DLM supports application-consistent snapshots by integrating with AWS Systems Manager.
  • Default Policies in DLM can automatically protect all EBS volumes in an account, reducing the risk of unprotected data.

Recycle Bin for EBS Snapshots and AMIs

  • Recycle Bin helps protect against accidental or malicious deletion of snapshots and AMIs.
  • Customers can create retention rules to specify which resources should be placed in Recycle Bin when deleted.
  • Rule Lock feature prevents modification of retention rules, even by malicious actors.
  • Exclusion tags can be used to bypass Recycle Bin for non-essential resources.

Conclusion

  • The presenters encourage attendees to try out the recent features, such as time-based snapshot copy and Recycle Bin with exclusion tags.
  • A hands-on builder session on EBS-related features is coming up next.

Your Digital Journey deserves a great story.

Build one with us.

Cookies Icon

These cookies are used to collect information about how you interact with this website and allow us to remember you. We use this information to improve and customize your browsing experience, as well as for analytics.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference.

Talk to us