Recover deleted snapshots from the Recycle Bin
Topics
Permissions for working with snapshots in the Recycle Bin
By default, users don't have permission to work with snapshots that are in the Recycle Bin. To allow users to work with these resources, you must create IAM policies that grant permission to use specific resources and API actions. After the policies are created, you must add permissions to your users, groups, or roles.
To view and recover snapshots that are in the Recycle Bin, users must have the following permissions:
-
ec2:ListSnapshotsInRecycleBin -
ec2:RestoreSnapshotFromRecycleBin
To manage tags for snapshots in the Recycle Bin, users need the following additional permissions.
-
ec2:CreateTags -
ec2:DeleteTags
To use the Recycle Bin console, users need the ec2:DescribeTags
permission.
The following is an example IAM policy. It includes the ec2:DescribeTags permission
for console users, and it includes the ec2:CreateTags and ec2:DeleteTags
permissions for managing tags. If the permissions are not needed, you can remove them from the policy.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:ListSnapshotsInRecycleBin", "ec2:RestoreSnapshotFromRecycleBin" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:CreateTags", "ec2:DeleteTags", "ec2:DescribeTags" ], "Resource": "arn:aws:ec2:Region:account-id:snapshot/*" }, ] }
To provide access, add permissions to your users, groups, or roles:
-
Users and groups in AWS IAM Identity Center:
Create a permission set. Follow the instructions in Create a permission set in the AWS IAM Identity Center User Guide.
-
Users managed in IAM through an identity provider:
Create a role for identity federation. Follow the instructions in Create a role for a third-party identity provider (federation) in the IAM User Guide.
-
IAM users:
-
Create a role that your user can assume. Follow the instructions in Create a role for an IAM user in the IAM User Guide.
-
(Not recommended) Attach a policy directly to a user or add a user to a user group. Follow the instructions in Adding permissions to a user (console) in the IAM User Guide.
-
For more information about the permissions needed to use Recycle Bin, see Permissions for working with Recycle Bin and retention rules.
View snapshots in the Recycle Bin
While a snapshot is in the Recycle Bin, you can view limited information about it, including:
-
The ID of the snapshot.
-
The snapshot description.
-
The ID of the volume from which the snapshot was created.
-
The date and time when the snapshot was deleted and it entered Recycle Bin.
-
The date and time when the retention period expires. The snapshot will be permanently deleted from the Recycle Bin at this time.
You can view the snapshots in the Recycle Bin using one of the following methods.
Restore snapshots from the Recycle Bin
You can't use a snapshot in any way while it is in the Recycle Bin. To use the snapshot, you must first restore it. When you restore a snapshot from the Recycle Bin, the snapshot is immediately available for use, and it is removed from the Recycle Bin. You can use a restored snapshot in the same way that you use any other snapshot in your account.
You can restore a snapshot from the Recycle Bin using one of the following methods.
