Lock an Amazon EBS snapshot - Amazon EBS

Lock an Amazon EBS snapshot

You can lock a snapshot that is in the pending or completed state. For more information, see Considerations for Amazon EBS snapshot lock.

Console
To lock a snapshot

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, choose Snapshots.

  3. Select the snapshot to lock and choose Actions, Snapshot settings, Manage snapshot lock.

  4. Select Lock snapshot.

  5. For Lock mode, choose either Governance mode or Compliance mode. For more information, see Lock mode.

  6. For Lock duration, do one of the following:

    • To lock the snapshot for a specific period, choose Lock snapshot for, and then enter the period in either days or years.

    • To lock the snapshot until a specific date and time, choose Lock snapshot until, and then select the expiration date and time.

    For more information, see Lock duration.

  7. (Compliance mode only) For Cooling-off period, specify a cooling-off period during which you can unlock the snapshot and modify the lock configuration. For more information, see Cooling-off period.

  8. (Compliance mode only) To confirm that you want to lock the snapshot in compliance mode and that you will not be able to unlock the snapshot after the cooling-off period expires, choose Acknowledge.

  9. Choose Save lock settings.

AWS CLI
To lock a snapshot in governance mode

Use the lock-snapshot AWS CLI command. For --snapshot-id, specify the ID of the snapshot to lock. For --lock-mode, specify governance. To lock the snapshot for a specific period, for --lock-duration, specify the period for which to lock the snapshot. Or, to lock the snapshot until a specific date, for --expiration-date, specify the date and time at which the lock must expire, in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ).

$ aws ec2 lock-snapshot --snapshot-id snapshot_id \
 --lock-mode governance \
 --lock-duration 1-36500_days | --expiration-date YYYY-MM-DDThh:mm:ss.sssZ
To lock a snapshot in compliance mode

Use the lock-snapshot AWS CLI command. For --snapshot-id, specify the ID of the snapshot to lock. For --lock-mode, specify compliance. For --cool-off-period, optionally specify a cooling-off period in hours. To lock the snapshot for a specific period, for --lock-duration, specify the period for which to lock the snapshot. Or, to lock the snapshot until a specific date, for --expiration-date, specify the date and time at which the lock must expire, in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ).

$ aws ec2 lock-snapshot --snapshot-id snapshot_id \
 --lock-mode compliance \
 --cool-off-period 1-72_hours \
 --lock-duration 1-36500_days | --expiration-date YYYY-MM-DDThh:mm:ss.sssZ