Work with Amazon EBS snapshot lock - Amazon EBS
Lock a snapshotUnlock a snapshotUpdate snapshot lock settingsView snapshot lock settings
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Work with Amazon EBS snapshot lock

Use the following procedures to work with Amazon EBS snapshot lock.

Lock a snapshot

You can lock a snapshot that is in the pending or completed state. For more information, see Considerations for Amazon EBS snapshot lock.

Console
To lock a snapshot

  1. Open the Amazon EC2 console at https://console.amazonaws.cn/ec2/.

  2. In the navigation pane, choose Snapshots.

  3. Select the snapshot to lock and choose Actions, Snapshot settings, Manage snapshot lock.

  4. Select Lock snapshot.

  5. For Lock mode, choose either Governance mode or Compliance mode. For more information, see Lock mode.

  6. For Lock duration, do one of the following:

    • To lock the snapshot for a specific period, choose Lock snapshot for, and then enter the period in either days or years.

    • To lock the snapshot until a specific date and time, choose Lock snapshot until, and then select the expiration date and time.

    For more information, see Lock duration.

  7. (Compliance mode only) For Cooling-off period, specify a cooling-off period during which you can unlock the snapshot and modify the lock configuration. For more information, see Cooling-off period.

  8. (Compliance mode only) To confirm that you want to lock the snapshot in compliance mode and that you will not be able to unlock the snapshot after the cooling-off period expires, choose Acknowledge.

  9. Choose Save lock settings.

Amazon CLI
To lock a snapshot in governance mode

Use the lock-snapshot Amazon CLI command. For --snapshot-id, specify the ID of the snapshot to lock. For --lock-mode, specify governance. To lock the snapshot for a specific period, for --lock-duration, specify the period for which to lock the snapshot. Or, to lock the snapshot until a specific date, for --expiration-date, specify the date and time at which the lock must expire, in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ).

$ aws ec2 lock-snapshot --snapshot-id snapshot_id \
 --lock-mode governance \
 --lock-duration 1-36500_days | --expiration-date YYYY-MM-DDThh:mm:ss.sssZ
To lock a snapshot in compliance mode

Use the lock-snapshot Amazon CLI command. For --snapshot-id, specify the ID of the snapshot to lock. For --lock-mode, specify compliance. For --cool-off-period, optionally specify a cooling-off period in hours. To lock the snapshot for a specific period, for --lock-duration, specify the period for which to lock the snapshot. Or, to lock the snapshot until a specific date, for --expiration-date, specify the date and time at which the lock must expire, in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ).

$ aws ec2 lock-snapshot --snapshot-id snapshot_id \
 --lock-mode compliance \
 --cool-off-period 1-72_hours \
 --lock-duration 1-36500_days | --expiration-date YYYY-MM-DDThh:mm:ss.sssZ

Unlock a snapshot

You can unlock a snapshot only if it is locked in governance mode, or if it is locked in compliance mode and it is still within the cooling-off period.

Console
To unlock a snapshot

  1. Open the Amazon EC2 console at https://console.amazonaws.cn/ec2/.

  2. In the navigation pane, choose Snapshots.

  3. Select the snapshot to unlock and choose Actions, Snapshot settings, Manage snapshot lock.

  4. Choose Unlock snapshot and then choose Unlock snapshot again to confirm.

Amazon CLI
To unlock a snapshot

Use the unlock-snapshot Amazon CLI command. For --snapshot-id, specify the ID of the snapshot to unlock.

$ aws ec2 unlock-snapshot --snapshot-id snapshot_id

Update snapshot lock settings

The allowed updates depend on the lock state:

  • governance — you can change the lock mode and increase or decrease the lock duration or expiration date.

  • compliance-cooloff — you can change the lock mode, increase or decrease the cooling-off period, and increase or decrease the lock duration or expiration date.

  • compliance — you can only increase the lock duration or expiration date.

Console
To update snapshot lock settings

  1. Open the Amazon EC2 console at https://console.amazonaws.cn/ec2/.

  2. In the navigation pane, choose Snapshots.

  3. Select the snapshot for which to modify the lock settings and choose Actions, Snapshot settings, Manage snapshot lock.

  4. Update the settings as needed, and then choose Save lock settings.

Amazon CLI
To update snapshot lock settings

Use the lock-snapshot Amazon CLI command. For --snapshot-id, specify the ID of the snapshot for which to update the lock settings. Then, specify only the options to modify.

View snapshot lock settings

Use one of the following methods to view the lock settings for a snapshot.

Console
To view snapshot lock settings

  1. Open the Amazon EC2 console at https://console.amazonaws.cn/ec2/.

  2. In the navigation pane, choose Snapshots.

  3. Select the snapshot for which to view the lock settings and choose Actions, Snapshot settings, Manage snapshot lock.

Amazon CLI
To view snapshot lock settings

Use the describe-locked-snapshots Amazon CLI command. For --snapshot-ids, specify the IDs of the snapshots for which to view the lock settings.

$ aws ec2 describe-locked-snapshots --snapshot-ids snapshot_id