Security - Amazon Snowball Edge Developer Guide
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.


The following are recommendations and best practices for maintaining security while working with an Amazon Snowball Edge device.

General Security

  • If you notice anything that looks suspicious about the Amazon Snowball Edge device, don't connect it to your internal network. Instead, contact Amazon Web Services Support, and a new Amazon Snowball Edge device will be shipped to you.

  • We recommend that you don't save a copy of the unlock code in the same location on the workstation as the manifest for that job. Saving these in different locations helps prevent unauthorized parties from gaining access to the Amazon Snowball Edge device. For example, you can save a copy of the manifest to your local server, and email the code to a user that unlocks the device. This approach limits access to the Amazon Snowball Edge device to individuals who have access to files saved on the server and the user's email address.

  • The credentials displayed, when you run the Snowball Edge client commands list-access-keys and get-secret-access-key, are a pair of access keys used to access your device.

    These keys are only associated with the job and the local resources on the device. They don't map to your Amazon Web Services account or any other Amazon Web Services account. If you try to use these keys to access services and resources in the Amazon Web Services Cloud, they will fail because they only work for the local resources associated with your job.

For information about how to use Amazon Identity and Access Management (IAM) policies to control access, see Amazon-Managed (Predefined) Policies for Amazon Snowball Edge.

Network Security

  • We recommend that you only use one method at a time for reading and writing data to a local bucket on an Amazon Snowball Edge device. Using both the file interface and the Amazon S3 interface on the same Amazon S3 bucket at the same time can result in read/write conflicts.

  • To prevent corrupting your data, don't disconnect the Amazon Snowball Edge device or change its network settings while transferring data.

  • Files that are being written to on the device should be in a static state. Files that are modified while they are being written to can result in read/write conflicts.

  • For more information about improving performance of your Amazon Snowball Edge device, see Performance.