Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
Work with Amazon EBS snapshot lock
Use the following procedures to work with Amazon EBS snapshot lock.
Lock a snapshot
You can lock a snapshot that is in the pending
or completed
state. For more information, see Considerations for Amazon EBS snapshot lock.
- Console
-
To lock a snapshot
-
Open the Amazon EC2 console at
https://console.amazonaws.cn/ec2/.
-
In the navigation pane, choose Snapshots.
-
Select the snapshot to lock and choose Actions,
Snapshot settings, Manage snapshot lock.
-
Select Lock snapshot.
-
For Lock mode, choose either Governance mode
or Compliance mode. For more information, see Lock mode.
-
For Lock duration, do one of the following:
-
To lock the snapshot for a specific period, choose Lock snapshot for,
and then enter the period in either days or years.
-
To lock the snapshot until a specific date and time, choose Lock snapshot
until, and then select the expiration date and time.
For more information, see Lock duration.
-
(Compliance mode only) For Cooling-off period,
specify a cooling-off period during which you can unlock the snapshot and modify the lock
configuration. For more information, see Cooling-off period.
-
(Compliance mode only) To confirm that you want to lock the snapshot
in compliance mode and that you will not be able to unlock the snapshot after the cooling-off
period expires, choose Acknowledge.
-
Choose Save lock settings.
- Amazon CLI
-
To lock a snapshot in governance mode
Use the lock-snapshot
Amazon CLI command. For --snapshot-id
, specify the ID of the snapshot to lock. For --lock-mode
,
specify governance
. To lock the snapshot for a specific period, for --lock-duration
,
specify the period for which to lock the snapshot. Or, to lock the snapshot until a specific date, for
--expiration-date
, specify the date and time at which the lock must expire, in the UTC time zone
(YYYY-MM-DDThh:mm:ss.sssZ
).
$
aws ec2 lock-snapshot --snapshot-id snapshot_id
\
--lock-mode governance \
--lock-duration 1-36500_days
| --expiration-date YYYY-MM-DDThh:mm:ss.sssZ
To lock a snapshot in compliance mode
Use the lock-snapshot
Amazon CLI command. For --snapshot-id
, specify the ID of the snapshot to lock. For --lock-mode
,
specify compliance
. For --cool-off-period
, optionally specify a cooling-off period in
hours. To lock the snapshot for a specific period, for --lock-duration
, specify the period for
which to lock the snapshot. Or, to lock the snapshot until a specific date, for --expiration-date
,
specify the date and time at which the lock must expire, in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ
).
$
aws ec2 lock-snapshot --snapshot-id snapshot_id
\
--lock-mode compliance \
--cool-off-period 1-72_hours
\
--lock-duration 1-36500_days
| --expiration-date YYYY-MM-DDThh:mm:ss.sssZ
Unlock a snapshot
You can unlock a snapshot only if it is locked in governance mode, or if it is locked
in compliance mode and it is still within the cooling-off period.
- Console
-
To unlock a snapshot
-
Open the Amazon EC2 console at
https://console.amazonaws.cn/ec2/.
-
In the navigation pane, choose Snapshots.
-
Select the snapshot to unlock and choose Actions,
Snapshot settings, Manage snapshot lock.
-
Choose Unlock snapshot and then choose Unlock
snapshot again to confirm.
- Amazon CLI
-
To unlock a snapshot
Use the unlock-snapshot
Amazon CLI command. For --snapshot-id
, specify the ID of the snapshot to unlock.
$
aws ec2 unlock-snapshot --snapshot-id snapshot_id
Update snapshot lock settings
The allowed updates depend on the lock state:
-
governance
— you can change the lock mode and increase or decrease the
lock duration or expiration date.
-
compliance-cooloff
— you can change the lock mode, increase or decrease the
cooling-off period, and increase or decrease the lock duration or expiration date.
-
compliance
— you can only increase the lock duration or expiration date.
- Console
-
To update snapshot lock settings
-
Open the Amazon EC2 console at
https://console.amazonaws.cn/ec2/.
-
In the navigation pane, choose Snapshots.
-
Select the snapshot for which to modify the lock settings and choose
Actions, Snapshot settings,
Manage snapshot lock.
-
Update the settings as needed, and then choose Save lock
settings.
- Amazon CLI
-
To update snapshot lock settings
Use the lock-snapshot
Amazon CLI command. For --snapshot-id
, specify the ID of the snapshot for which to
update the lock settings. Then, specify only the options to modify.
View snapshot lock settings
Use one of the following methods to view the lock settings for a snapshot.
- Console
-
To view snapshot lock settings
-
Open the Amazon EC2 console at
https://console.amazonaws.cn/ec2/.
-
In the navigation pane, choose Snapshots.
-
Select the snapshot for which to view the lock settings and choose
Actions, Snapshot settings,
Manage snapshot lock.
- Amazon CLI
-
To view snapshot lock settings
Use the describe-locked-snapshots
Amazon CLI command. For --snapshot-ids
, specify the IDs of the snapshots for which to
view the lock settings.
$
aws ec2 describe-locked-snapshots --snapshot-ids snapshot_id