Workshop 5: Snapshots

Workshop Goals

In this comprehensive workshop, you’ll learn to:
• Create point-in-time snapshots of EBS volumes
• Restore volumes from snapshots
• Automate snapshot creation and retention policies
• Share snapshots across AWS accounts and regions
• Integrate snapshots with AMI creation for backups

Prerequisites

• EC2 instance with attached EBS volume (Workshop 3)
• AWS CLI v2 installed and configured
• IAM permissions: ec2:CreateSnapshot, DescribeSnapshots, DeleteSnapshot, CopySnapshot, ModifySnapshotAttribute
• SSH access to the instance

1. Create a Snapshot

# Create a snapshot of volume vol-0abc1234def56789a
aws ec2 create-snapshot \
  --volume-id vol-0abc1234def56789a \
  --description "Workshop5 Snapshot $(date +%Y%m%d%H%M)"

create-snapshot Parameters Explained

--volume-id ID of the source EBS volume.
--description Label to identify the snapshot (timestamp recommended).

2. Monitor Snapshot Status

# List snapshots owned by you with status
aws ec2 describe-snapshots \
  --owner-ids self \
  --query "Snapshots[*].[SnapshotId,VolumeId,State,StartTime]" \
  --output table

describe-snapshots Parameters Explained

--owner-ids self Filters snapshots you own.
--query Displays snapshot ID, volume ID, state, and start time.
--output table Formats output as a table.

3. Restore a Volume from Snapshot

# Create a new volume from snapshot snap-0123abcd4567efgh8
aws ec2 create-volume \
  --snapshot-id snap-0123abcd4567efgh8 \
  --availability-zone us-east-1a \
  --volume-type gp3

create-volume from snapshot Explained

--snapshot-id ID of the source snapshot.
--availability-zone AZ where the new volume will reside.
--volume-type Type of the restored volume (gp3 for SSD).

4. Share Snapshot with Another Account

aws ec2 modify-snapshot-attribute \
  --snapshot-id snap-0123abcd4567efgh8 \
  --attribute createVolumePermission \
  --operation-type add \
  --user-ids 123456789012

modify-snapshot-attribute Parameters Explained

--attribute createVolumePermission Allows sharing for volume creation.
--operation-type add Adds permission.
--user-ids AWS account IDs granted permission.

5. Copy Snapshot to Another Region

aws ec2 copy-snapshot \
  --source-region us-east-1 \
  --source-snapshot-id snap-0123abcd4567efgh8 \
  --region eu-west-1 \
  --description "Workshop5 Copy to EU"

copy-snapshot Parameters Explained

--source-region Region of the original snapshot.
--source-snapshot-id Original snapshot ID.
--region Destination region.
--description Description for the copied snapshot.

6. Automate Snapshot Lifecycle

Use AWS Data Lifecycle Manager to define snapshot policies. Example CLI to create a lifecycle policy:

aws dlm create-lifecycle-policy \
  --description "Workshop5 Daily Snapshots" \
  --state ENABLED \
  --execution-role-arn arn:aws:iam::123456789012:role/AWSDataLifecycleManagerDefaultRole \
  --policy-details '{
    "ResourceTypes":["VOLUME"],
    "TargetTags":[{"Key":"Workshop","Value":"Workshop5"}],
    "Schedules":[{
      "Name":"DailySnapshots",
      "CreateRule":{"Interval":24,"IntervalUnit":"HOURS"},
      "RetainRule":{"Count":7}
    }]
  }'

Lifecycle Policy Parameters Explained

ResourceTypes Specifies VOLUME snapshots.
TargetTags Applies policy to volumes tagged accordingly.
CreateRule Defines snapshot interval (daily).
RetainRule Keeps last 7 snapshots.

7. Clean Up Old Snapshots

# Delete snapshots older than 30 days (example script)
aws ec2 describe-snapshots --owner-ids self --query 'Snapshots[?StartTime<`'$(date -d '-30 days' --utc +%Y-%m-%dT%H:%M:%SZ)'`].[SnapshotId,StartTime]' --output text | \
  while read snap date; do \
    aws ec2 delete-snapshot --snapshot-id $snap; \
  done

Cleanup Script Explained

Uses JMESPath to filter snapshots older than 30 days by UTC timestamp and deletes each one.

Next Steps

Integrate snapshot workflows into backup strategies for databases and critical workloads. Explore cross-account backup vaults in AWS Backup and test recovery by restoring volumes and attaching them to test instances.