# Amazon EBS snapshot lifecycle
The lifecycle of an Amazon EBS snapshot starts with the creation process. You create snapshots from Amazon EBS volumes. You can use snapshots to restore new Amazon EBS volumes. You can create copies of snapshots either in the same Region, or in different Regions. You can share snapshots with other AWS accounts, either publicly or privately. Those accounts can restore volumes from the shared snapshots, or they can create copies of the shared snapshots in their own account. If you don't need immediate access to a snapshot, you can archive it to save on storage costs.
The following image shows actions that you can perform on your snapshots as part of the snapshot lifecycle.
![\[Snapshot lifecycle\]](http://docs.aws.amazon.com/ebs/latest/userguide/images/snapshot-lifecycle.png)
**Topics**
+ [Create snapshots](ebs-creating-snapshot.md)
+ [View snapshot information](ebs-describing-snapshots.md)
+ [Copy a snapshot](ebs-copy-snapshot.md)
+ [Share a snapshot](ebs-modifying-snapshot-permissions.md)
+ [Archive snapshots](snapshot-archive.md)
+ [Delete a snapshot](ebs-deleting-snapshot.md)
# Create Amazon EBS snapshots
You can create an Amazon EBS snapshot of an Amazon EBS volume to create a point-in-time backup of that volume. You can either create snapshots of **individual Amazon EBS volumes**, or you can create **multi-volume snapshots** of all, or a subset, of the volumes attached to an Amazon EC2 instance.
Snapshot creation is asynchronous. The snapshot is created immediately, but it remains in the `pending` state until all of data has been transferred to Amazon S3. This can take several hours to complete, depending on the number of modified blocks on the volume. You can continue to use the volume during this time without impacting the snapshot. The snapshot includes only the data that was written to the volume at the time the snapshot was requested. It does not include data that has been cached by applications or the operating system.
**Tip**
To ensure consistent and complete snapshots, we recommend that you pause writes to the volume before you create the snapshot. If you can't pause writes to the volume, we recommend that you unmount the volume, from within the instance, before you create the snapshot. You can remount and resume writes once the snapshot enters the `pending` state.
If you create a snapshot of a volume that serves as the root device for an Amazon EC2 instance, we recommend that you stop the instance before taking the snapshot.
**Topics**
+ [Snapshot encryption](#create-snapshot-encryption)
+ [Snapshot destinations](#create-snapshot-destinations)
+ [Automating snapshots](#create-snapshots-automate)
+ [Considerations for creating snapshots](#create-snapshots-considerations)
+ [Create snapshot of a volume](ebs-create-snapshot.md)
+ [Create multi-volume snapshots](ebs-create-snapshots.md)
## Snapshot encryption
A snapshot automatically gets the same encryption status as the volume from which it is created. Snapshots created from unencrypted volumes are not encrypted. Snapshots created from encrypted volumes are automatically encrypted using the same KMS key as the volume.
**Tip**
If you need to create an encrypted snapshot from an unencrypted volume, first create the unencrypted snapshot of the volume, and then create an encrypted copy of that snapshot.
## Snapshot destinations
The location of the source resource (volume or instance) determines where you can create snapshots.
+ If the source resource is in a Region, you must create snapshots in the same Region as the source resource.
+ If the source resource is in a Local Zone, you can create snapshots in the same Local Zone or in its parent Region. For more information, see [Local snapshots in Local Zones](snapshots-localzones.md).
+ If the source resource is on an Outpost, you can create snapshots on the same Outpost or in its parent Region. For more information, see [Amazon EBS local snapshots on Outposts](snapshots-outposts.md).
## Automating snapshots
You can automate snapshot creation using [Amazon Data Lifecycle Manager](snapshot-lifecycle.md) and [AWS Backup](https://docs.aws.amazon.com/aws-backup/latest/devguide/multi-volume-crash-consistent.html).
## Considerations for creating snapshots
+ We recommend that you do not create snapshots of volumes that are attached to Amazon EC2 instances that are hibernated or that are enabled for hibernation. For more information, see [How Amazon EC2 instance hibernation works](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-hibernate-overview.html#instance-hibernate-limitations).
+ Although you can take a snapshot of a volume while a previous snapshot of that volume is in the `pending` status, having multiple snapshots in the `pending` state for the same volume can result in reduced volume performance until the snapshots complete.
+ There are limits on the number of snapshots you can have in the `pending` state, and on the number of concurrent snapshots you can request per volume type. For more information, see [Quotas for Amazon EBS](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-resource-quotas.html). If you exceed one of these quotas, wait for the current snapshots to complete and then try again.
# Create a snapshot of an EBS volume
You can create a single snapshot of a single volume. Alternatively, to automate snapshot creation, use [Amazon Data Lifecycle Manager](snapshot-lifecycle.md) or [AWS Backup](https://docs.aws.amazon.com/aws-backup/latest/devguide/multi-volume-crash-consistent.html). To create snapshots of all the volumes for an EC2 instance, use [multi-volume snapshots](ebs-create-snapshots.md).
------
#### [ Console ]
**To create a snapshot**
1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/).
1. In the navigation pane, choose **Snapshots**, **Create snapshot**.
1. For **Resource type**, choose **Volume**.
1. For **Volume ID**, select the volume from which to create the snapshot. The **Encryption** field indicates the volume and resulting snapshot's encryption status. It can't be modified.
1. (*Optional*) For **Description**, enter a brief description for the snapshot.
1. If the volume is on an Outpost or in a Local Zone, the **Snapshot destination** field appears. Do one of the following:
+ If the volume is in a Local Zone, choose **Local Zone** to create the snapshot in the same Local Zone, or choose **AWS Region** to create the snapshot in the parent Region of the Local Zone.
+ If the volume is on an Outpost, choose **AWS Outpost**, to create the snapshot on the same Outpost, or choose **AWS Region** to create the snapshot in the parent Region of the Outpost.
**Note**
If the volume is in a Region, the **Snapshot destination** does not appear. The snapshot is automatically created in the same Region as the volume.
1. (*Optional*) To assign custom tags to the snapshot, in the **Tags** section, choose **Add tag**, and then enter the key-value pair. You can add up to 50 tags.
1. Choose **Create snapshot**.
------
#### [ AWS CLI ]
**To create a snapshot**
Use the [create-snapshot](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-snapshot.html) command.
```
aws ec2 create-snapshot \
--volume-id vol-01234567890abcdef \
--description "Snapshot of the root volume for i-1234567890abcdef0"
```
------
#### [ PowerShell ]
**To create a snapshot**
Use the [New-EC2Snapshot](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2Snapshot.html) cmdlet.
```
New-EC2Snapshot `
-VolumeId vol-01234567890abcdef `
-Description "Snapshot of the root volume for i-1234567890abcdef0"
```
------
# Create multi-volume EBS snapshots from an EC2 instance
By default, when you create multi-volume snapshots from an Amazon EC2 instance, Amazon EBS creates snapshots of all the Amazon EBS volumes that are attached to the instance. However, you can choose to exclude the root volume, or specific data volumes if needed.
**Tip**
We recommend that you tag your multi-volume snapshots so that it's easy to identify and manage them collectively. You can also copy the tags from the source volumes to the corresponding snapshots to set the snapshot metadata, such as access policies, attachment information, and cost allocation, to match the source volume.
**Considerations for multi-volume snapshots**
+ If all of the snapshots complete successfully, a `createSnapshots` CloudWatch event with a result of `succeeded` is sent to your AWS account. If any one snapshot in the multi-volume snapshot set fails, all of the other snapshots enter the `error` state and a `createSnapshots` CloudWatch event with a result of `failed` is sent to your account. For more information, see [Create snapshots (createSnapshots)](ebs-cloud-watch-events.md#create-snapshots-complete).
+ Multi-volume snapshots support up to 128 Amazon EBS volumes attached to an instance, including the root volume and up to 127 data volumes.
+ Each snapshot in the multi-volume snapshot set is an individual snapshot that can be used in the same way, and that supports the same features, as an individual snapshot.
+ You can take application-consistent snapshots of all the Amazon EBS volumes attached to an Amazon EC2 Windows instance using [AWS Systems Manager command documents](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-vss-snapshots-ssm.html).
------
#### [ Console ]
**To create multi-volume snapshots**
1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/).
1. In the navigation pane, choose **Snapshots**, **Create snapshot**.
1. For **Resource type**, choose **Instance**.
1. For **Description**, enter a brief description for the snapshots. This description is applied to all of the snapshots.
1. If the instance is on an Outpost or in a Local Zone, the **Snapshot destination** field appears. Do one of the following:
+ If the instance is in a Local Zone, choose **Local Zone** to create the snapshots in the same Local Zone, or choose **AWS Region** to create the snapshots in the parent Region of the Local Zone.
+ If the instance is on an Outpost, choose **AWS Outpost**, to create the snapshots on the same Outpost, or choose **AWS Region** to create the snapshots in the parent Region of the Outpost.
**Note**
If the instance is in a Region, the **Snapshot destination** does not appear. The snapshot is automatically created in the same Region as the instance.
1. (*Optional*) To exclude the instance's root volume, select **Exclude root volume**.
1. (*Optional*) To exclude data volumes, select **Exclude specific data volumes**. The **Attached data volumes** section lists all of the data volumes that are currently attached to the selected instance.
Select the data volumes to exclude. Only the volumes that remain unselected will be included in the multi-volume snapshot set.
1. (*Optional*) To automatically copy tags from the source volumes to the corresponding snapshots, for **Copy tags from source volume**, select **Copy tags**.
1. (*Optional*) To assign additional custom tags to the snapshots, in the **Tags** section, choose **Add tag**, and then enter the key-value pair. You can add up to 50 tags.
1. Choose **Create snapshot**.
------
#### [ AWS CLI ]
**To create multi-volume snapshots**
Use the [ create-snapshots](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-snapshots.html) command.
```
aws ec2 create-snapshots \
--instance-specification InstanceId=i-1234567890abcdef0 \
--description "from a multi-volume snapshot of i-1234567890abcdef0"
```
To exclude the root volume, add the following to the `--instance-specification` option.
```
ExcludeBootVolume=true
```
To exclude a data volume, add the following to the `--instance-specification` option.
```
ExcludeDataVolumeIds=vol-01234567890abcdef
```
------
#### [ PowerShell ]
**To create multi-volume snapshots**
Use the [New-EC2SnapshotBatch](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2SnapshotBatch.html) cmdlet.
```
New-EC2SnapshotBatch `
-InstanceSpecification_InstanceId i-1234567890abcdef0 `
-Description "from a multi-volume snapshot of i-1234567890abcdef0"
```
To exclude the root volume, add the following parameter.
```
-InstanceSpecification_ExcludeBootVolume $true
```
To exclude data volumes, add the following parameter.
```
-InstanceSpecification_ExcludeDataVolumes "vol-01234567890abcdef"
```
------
# View Amazon EBS snapshot information
You can view detailed information about your snapshots.
------
#### [ Console ]
**To view snapshot information**
1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/).
1. In the navigation pane, choose **Snapshots**.
1. To view only your snapshots that you own, in the top-left corner of the screen, choose **Owned by me**. You can also filter the list of snapshots using tags and other snapshot attributes. In the **Filter** field, select the attribute field, and then select or enter the attribute value. For example, to view only encrypted snapshots, select **Encryption**, and then enter `true`.
1. To view more information about a specific snapshot, choose its ID in the list.
**Note**
The **Full snapshot size** field shows the full size of the snapshot, in bytes. This is **not** the incremental size of the snapshot. Instead, it represents the size of all the blocks that were written to the source volume at the time the snapshot was created.
The **Volume size** field shows the size of the EBS volume that will created from the snapshot if no other size is specified.
------
#### [ AWS CLI ]
**To view snapshot information**
Use the [describe-snapshots](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-snapshots.html) command.
**Example 1: Filter based on tags**
The following example describes the snapshots with the tag Stack=production.
```
aws ec2 describe-snapshots --filters Name=tag:Stack,Values=production
```
**Example 2: Filter based on volume**
The following example describes the snapshots created from the specified volume.
```
aws ec2 describe-snapshots --filters Name=volume-id,Values=vol-049df61146c4d7901
```
**Example 3: Filter based on snapshot age**
You can use JMESPath to filter results using expressions. For example, the following command displays the IDs of all snapshots created by your account before the specified date. If you do not specify the owner, the results include all public snapshots.
```
aws ec2 describe-snapshots \
--filters Name=owner-id,Values=123456789012 \
--query "Snapshots[?(StartTime<='2024-03-31')].[SnapshotId]" \
--output text
```
The following command displays the IDs of all snapshots created in the specified date range.
```
aws ec2 describe-snapshots \
--filters Name=owner-id,Values=123456789012 \
--query "Snapshots[?(StartTime>='2024-01-01') && (StartTime<='2024-12-31')].[SnapshotId]" \
--output text
```
------
#### [ PowerShell ]
**To view snapshot information**
Use the [Get-EC2Snapshot](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2Snapshot.html) cmdlet.
**Example 1: Describe a snapshot**
The following example describes the specified snapshot.
```
Get-EC2Snapshot -SnapshotId snap-0abcdef1234567890
```
**Example 2: Filter based on volume**
The following example describes the snapshots created from the specified volume.
```
Get-EC2Snapshot`
-Filter @{Name="volume-id"; Values="vol-01234567890abcdef"}
```
------
## Snapshot states
An Amazon EBS snapshot transitions through different states from the moment it is created until it is permanently deleted.
The following illustration shows the transitions between snapshot states. When you create a snapshot, it enters the `pending` state. After the snapshot is ready for use, it enters the `completed` state. When you've decided that you no longer need a snapshot, you can delete it. If you delete a snapshot that matches a Recycle Bin retention rule, it is retained in the Recycle Bin and it enters the `recoverable` state. If you recover a snapshot from the Recycle Bin, it enters the `recovering` state and then the `completed` state. Otherwise, it is permanently deleted.
![\[Snapshot with allocated blocks\]](http://docs.aws.amazon.com/ebs/latest/userguide/images/snapshot-statuses.png)
The following table summarizes the snapshot states.
| Status | Description |
| --- | --- |
| pending | The snapshot creation process is still in progress. A snapshot can't be used while it is in the `pending` state. |
| completed | The snapshot creation process has completed and the snapshot is ready for use. |
| recoverable | The snapshot is currently in the Recycle Bin. To use the snapshot, you must first recover it from the Recycle Bin. |
| recovering | The snapshot is being recovered from the Recycle Bin. After the snapshot has been recovered, it transitions to the completed state and becomes ready for use. |
| error | The snapshot creation process has failed. A snapshot can't be used if it is in the error state. |
# Copy an Amazon EBS snapshot
After you create a snapshot, and it has reached the `completed` state, you can create a copy of it. The snapshot copy is an exact copy of the original, but it has a unique resource ID. You can copy snapshots that you own and snapshots that are shared with you, privately or publicly. You might need to copy a snapshot for the following use cases:
+ Geographic expansion — You need to launch your applications in a new Region.
+ Migration — You need to move an application to a new destination, to enable better availability or to minimize cost.
+ Disaster recovery — You need to back up your data and logs to secondary Regions for data redundancy purposes.
+ Encryption — You need to encrypt a previously unencrypted snapshot or reencrypt an encrypted snapshot using a different KMS key.
+ Copy a shared snapshot — You need to copy a snapshot that is shared with you.
+ Data retention and auditing requirements — You need to copy encrypted snapshots from one AWS account to another to preserve data for auditing or data retention. Using a different account protects you if your main AWS account is compromised.
To copy multi-volume snapshots, identify all of the snapshots that are part of that set using the tags that you assigned during creation, and then copy them individually.
For information about copying an Amazon RDS snapshot, see [Copying a DB Snapshot](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CopySnapshot.html) in the *Amazon RDS User Guide*.
**Pricing**
For pricing information about copying snapshots, see [Amazon EBS Pricing](https://aws.amazon.com/ebs/pricing/).
**Topics**
+ [Considerations for copying snapshots](#snapshot-copy-consids)
+ [Destinations for snapshot copies](#snapshot-copy-destinations)
+ [Incremental snapshot copying](#ebs-incremental-copy)
+ [Time-based copies](time-based-copies.md)
+ [Encryption and snapshot copying](#creating-encrypted-snapshots)
+ [Copy a snapshot](#ebs-snapshot-copy)
## Considerations for copying snapshots
+ You can copy AWS Marketplace, VM Import/Export, and Storage Gateway snapshots, but you must verify that the snapshot is supported in the destination Region.
+ There is a limit of `20` concurrent snapshot copy requests per destination. If you exceed this quota, you receive a `ResourceLimitExceeded` error. If you receive this error, wait for one or more of the copy requests to complete before making a new snapshot copy request.
+ User-defined tags are not copied from the source snapshot to the snapshot copy. You can add user-defined tags during or after the copy operation.
+ Snapshots created by a snapshot copy operation have an arbitrary volume ID, such as `vol-ffff` or `vol-ffffffff`. These arbitrary volume IDs should not be used for any purpose.
+ Resource-level permissions specified for the snapshot copy operation can apply to the snapshot copy and the source snapshot. For an example, see [ Example: Copying snapshots](https://docs.aws.amazon.com/ebs/latest/userguide/security_iam_id-based-policy-examples.html#iam-copy-snapshot).
+ If you copy a snapshot that is enabled for fast snapshot restore, the snapshot copy is not automatically enabled for fast snapshot restore. You must explicitly enable fast snapshot restore for the snapshot copy.
+ If you copy a snapshot and encrypt it to a new KMS key, a complete (non-incremental) copy is created. This results in additional storage costs.
+ If you copy a snapshot to a new Region, a full (non-incremental) copy is created. This results in additional storage costs.
+ If you use external or cross-Region data transfers, additional [EC2 data transfer](https://aws.amazon.com/ebs/pricing/) charges will apply. If you delete any snapshots after initiation, you are still charged for the data that has already been transferred.
## Destinations for snapshot copies
The location of the source snapshot determines whether you can copy it or not.
+ If the source snapshot is in a Region, you can copy it within that Region, to another Region, to an Outpost associated with that Region, or to a Local Zone in that Region.
+ If the source snapshot is in a Local Zone, you can copy it within the same Local Zone, to another Local Zone in the same zone group, or to the parent Region of that Local Zone.
+ If the source snapshot is on an Outpost, you can't copy it.
## Incremental snapshot copying
Snapshot copy operations within the same account and Region using the same KMS key are always incremental copies. However, if you encrypt the snapshot copy using a different KMS key, the copy is a full copy.
When you copy a snapshot across Regions or accounts, the copy is an incremental copy if the following conditions are met:
+ The snapshot was copied to the destination Region or account previously.
+ The most recent snapshot copy still exists in the destination Region or account.
+ The most recent snapshot copy has not been archived.
+ All copies of the snapshot in the destination Region or account are either unencrypted or were encrypted using the same KMS key.
**Tip**
We recommend that you tag your snapshot copies with the volume ID and creation time so that you can keep track of the most recent snapshot copy of a volume in the destination Region or account.
To see whether your snapshot copies are incremental, check the [copySnapshot](ebs-cloud-watch-events.md#copy-snapshot-complete) CloudWatch event.
# Time-based copies for Amazon EBS snapshots and EBS-backed AMIs
Time-based copies can help you meet compliance or business requirements for data replication by ensuring that your EBS snapshots and EBS-backed AMIs are copied, within and across AWS Regions, in a specified timeframe. Time-based copies can also help backup administrators meet stringent disaster recovery requirements (Recovery Point Objectives and Recovery Time Objectives), and it improves development agility by ensuring predictable copying times for snapshots and EBS-backed AMIs.
With time-based snapshot and EBS-backed AMI copy operations, you specify a completion duration, between 15 minutes and 48 hours, in which the copy is to be completed. The completion duration must be specified in 15 minute increments.
**Topics**
+ [Quotas](#time-based-copies-quota)
+ [Determine your completion duration](#time-based-copies-how)
+ [Considerations](#time-based-copies-considerations)
+ [Monitoring](#time-based-copies-monitoring)
+ [Pricing and billing](#time-based-copies-pricing)
## Quotas
The following quotas apply to time-based snapshot and EBS-backed AMI copy operations:
| Quota | Description | Quota value | Adjustable |
| --- | --- | --- | --- |
| Snapshot copy operation throughput quota | The maximum throughput that can be achieved by a single time-based snapshot copy operation. For AMI copy operations, the quota applies to each individual snapshot associated with the AMI. | 500 MiB/s | No |
| Cumulative snapshot copy throughput quota | The maximum cumulative throughput that can be achieved by concurrent time-based snapshot copy operations between a source and destination Region. For AMI copy operations, each individual snapshot associated with the AMI counts towards the quota. | 2,000 MiB/s | [Yes](https://console.aws.amazon.com/servicequotas/home/services/ebs/quotas/L-E137849C) |
When you initiate a **time-based snapshot copy operation**, you specify a completion duration. The throughput used by the request is determined by the size of the snapshot data and the requested completion duration. For example, if you copy a snapshot that has 225,000 MiB (0.214 TiB) of data, and you request a completion duration of 15 minutes, the throughput is 250 MiB/s (225,000 MiB ÷ 15 minutes = 250 MiB/s).
When you initiate a **time-based AMI copy operation**, the completion duration you specify applies to each snapshot associated with the AMI. Because each snapshot can have a different size, each snapshot is copied at a different throughput to ensure that all snapshots are copied within the completion duration. For example, say you have an AMI with the following associated snapshots:
+ Snapshot 1: 200,000 MiB
+ Snapshot 2: 500,000 MiB
+ Snapshot 3: 450,000 MiB
If you initiate a time-based copy for this AMI and specify a completion duration of 60 minutes, the request uses the following throughput:
+ Snapshot 1: 55.56 MiB/s (200,000 MiB ÷ 60 minutes = 55.56 MiB/s)
+ Snapshot 2: 138.89 MiB/s (500,000 MiB ÷ 60 minutes = 138.89 MiB/s)
+ Snapshot 3: 125 MiB/s (450,000 MiB ÷ 60 minutes = 125 MiB/s)
This means that the request uses 319.45 MiB/s of your cumulative snapshot copy throughput quota to ensure that the copy completes in 60 minutes.
If you initiate a time-based snapshot or EBS-backed AMI copy request and your available cumulative snapshot copy throughput quota is:
+ greater than or equal to the required throughput rate, the copy completes within the requested completion duration.
+ less than the required throughput rate but greater than zero, the request succeeds but it will take longer than you requested. The copy is completed using your available throughput quota.
+ zero (quota reached), the request fails.
## Determine your completion duration
The minimum completion duration you can request for a time-based snapshot or EBS-backed AMI copy operation is 15 minutes, and the maximum completion duration you can request is 48 hours. The completion duration must be specified in 15 minute increments.
**Concurrent time-based snapshot copy operations**
You can perform concurrent time-based snapshot copy operations between the same source and destination Regions, as long as the combined throughput of all of the concurrent operations is within your cumulative snapshot copy throughput quota (2,000 MiB/s by default).
To determine whether you can achieve your required completion duration for your existing snapshots, divide the combined size of all of your snapshots by your required completion duration to determine the required throughput rate.
**Tip**
If you don't know the exact size of the data in your snapshots, you can use the full snapshot size as a proxy instead. To get the full snapshot size, use the [ describe-snapshots](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-snapshots.html) AWS CLI command.
```
required throughput rate = combined snapshot size ÷ required completion duration
```
If the required throughput rate is less than your cumulative snapshot copy throughput quota, you can achieve your required completion duration. If the required throughput rate is greater than your cumulative snapshot copy throughput quota, we recommend that you request a quota increase that is at least 10% higher than your required throughput rate.
**Tip**
The Amazon EC2 console provides a calculator that you can use to check how much snapshot data you copied between two Regions over a specific period, and the minimum achievable completion duration that you can achieve for that amount of data, based on a specific cumulative snapshot copy throughput quota. The calculator uses the `SnapshotCopyBytesTransferred` CloudWatch metric to calculate data copied between two Regions over a period. To open the calculator, in the Amazon EC2 console navigation panel, select **Snapshots**, and then choose **Actions**, **Launch copy duration calculator**.
The snapshot copy duration calculator are not supported with AWS Outposts, Local Zones, and Wavelength Zones.
**Individual time-based snapshot copy operations**
You can calculate the minimum completion duration for an individual time-based snapshot copy operation by dividing the size of the snapshot data by the snapshot copy operation throughput quota (500 MiB/s).
**Tip**
If you don't know the exact size of the data in your snapshots, you can use the full snapshot size as a proxy instead. To get the full snapshot size, use the [ describe-snapshots](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-snapshots.html) AWS CLI command.
```
minimum completion duration = Max(15 minutes, (snapshot data size ÷ 500 MiB/s)
```
For example, the minimum completion duration for a snapshot with 900,000 MiB of data is 30 minutes.
```
minimum completion duration = Max(15 minutes, (900,000 MiB ÷ 500 MiB/s)
= Max(15 minutes, 30 minutes)
= 30 minutes
```
**Time-based AMI copy operations**
When you initiate a time-based AMI copy operation for an EBS-backed AMI with a single associated snapshot, it behaves in the same way as an **individual time-based snapshot copy operation**, and the same throughput limitations apply.
When you initiate a time-based AMI copy operation for an EBS-backed AMI with a multiple associated snapshots, it behaves in the same way as **concurrent time-based snapshot copy operations** and the same throughput limitations apply. Each associated snapshot results in a separate snapshot copy request, each of which contributes to your cumulative snapshot copy throughput quota. The completion duration that you specify applies to each associated snapshot.
## Considerations
+ You can initiate time-based snapshot and EBS-backed AMI copy operations when copying snapshots within the same Region or when copying snapshots across Regions.
+ If you initiate two time-based copy operations for the same snapshot or AMI, the second copy operation's completion duration starts only after the first copy operation completes.
+ Time-based copy operations and the snapshot copy duration calculator are not supported with AWS Outposts, Local Zones, and Wavelength Zones.
## Monitoring
You can monitor the progress of time-based snapshot and EBS-backed AMI copy operations using the Amazon EC2 console and the AWS CLI. In the console, select the snapshot and then, in the **Details tab**, inspect the ** Progress** field. With the AWS CLI, inspect the `Progress` output element in the [ describe-snapshots](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-snapshots.html) command response.
You can check whether a time-based snapshot or EBS-backed AMI copy operation completed within the requested completion duration by checking the difference between the **Started** and **Completed** times in the console, or `StartTime` and `CompletionTime` in the `describe-snapshots` response.
You can also use the `copySnapshot` Amazon EventBridge event to monitor the outcome of time-based copy operations. The event indicates whether the operation completed and whether the requested completion duration was met. If the completion duration was not met, the event includes more information about the cause. For more information, see [EBS snapshot events](ebs-cloud-watch-events.md#snapshot-events).
## Pricing and billing
**Note**
Similar to standard snapshot copy operations, if you copy a snapshot to a new Region, a full (non-incremental) copy is created, which results in additional storage costs. Subsequent copies of the same snapshot are incremental. Additionally, if you use external or cross-region data transfers, additional Amazon EC2 data transfer charges will apply.
Additional charges apply for time-based snapshot and EBS-backed AMI copy operations. Time-based copy operations are charged at a rate that is based on the requested completion duration, per GiB of snapshot data copied. The fixed rates are as follows:
**Note**
The completion duration must be specified in 15 minute increments. The minimum completion duration is 15 minutes, and the maximum is 48 hours.
+ 15 minutes — \$10.020 per GiB of data
+ 30 minutes and 45 minutes — \$10.018 per GiB of data
+ 1 hour to 1 hour 45 minutes — \$10.016 per GiB of data
+ 2 hours to 3 hours 45 minutes — \$10.014 per GiB of data
+ 4 hours to 7 hours 45 minutes — \$10.012 per GiB of data
+ 8 hours to 15 hours 45 minutes — \$10.010 per GiB of data
+ 16 hours or more — \$10.005 per GiB of data
For example, if you copy a snapshot with 3,000 GiB of data with a completion duration of 8 hours, you are billed \$130 (\$10.010 x 3,000 GiB).
If you initiate a time-based copy operation, but the requested completion duration is not met due to you exceeding a quota, you are billed based on the actual completion duration instead of the requested completion duration. For example, if you request a completion duration of 1 hour, but the operation completes in 2 hours, you are billed based on the rate for the 2 hour completion duration.
If Amazon EBS is not able to achieve the requested completion duration or if a request is canceled due to service-side issues, you are not billed the additional charges for the time-based snapshot copy operation.
If you delete the snapshot copy while the time-based snapshot copy operation is still in progress, you are billed for the data copied up to that point at the rate corresponding to the specified completion duration.
## Encryption and snapshot copying
**Note**
Amazon S3 server-side encryption (256-bit AES) protects a snapshot's data in transit during a copy operation.
You can create an encrypted snapshot copy of a source snapshot that is unencrypted. And you can encrypt a snapshot copy with a KMS key that is different from the source snapshot. However, changing the encryption status of a snapshot copy during a copy operation could result in a full (not incremental) copy, which might incur greater data transfer and storage charges.
**Tip**
When using an encrypted snapshot that is shared with you, we recommend that you re-encrypt the snapshot by copying it and using a KMS key that you own. This protects you if the original KMS key is compromised, or if the owner revokes your access, which could cause you to lose access to the snapshot and any encrypted volumes that you created from it.
**Permissions for copying encrypted snapshots**
To copy an encrypted snapshot, your user must have the following permissions to use Amazon EBS encryption.
+
+ `kms:DescribeKey`
+ `kms:CreateGrant`
+ `kms:GenerateDataKey`
+ `kms:GenerateDataKeyWithoutPlaintext`
+ `kms:ReEncrypt`
+ `kms:Decrypt`
+ To copy an encrypted snapshot that is shared from another AWS account, you must have permissions to use customer managed key that was used to encrypt that snapshot. For more information, see [Share the KMS key used to encrypt a shared Amazon EBS snapshot](share-kms-key.md).
**Encryption outcomes for snapshot copies**
The following table describes the encryption outcomes when copying snapshots that you own and snapshots that are shared with you.
| Encryption by default for destination Region | Source snapshot | Snapshot copy encryption outcome | Note |
| --- | --- | --- | --- |
| Disabled | Unencrypted | Optional encryption | If you encrypt the copy, you can specify the KMS key to use. If you encrypt the copy but do not specify a KMS key, the key specified for encryption by default is used. |
| Disabled | Encrypted | Automatically encrypted | You can specify the KMS key to use. If you do not specify a KMS key, the AWS managed key (aws/ebs) is used. |
| Enabled | Unencrypted | Automatically encrypted | You can specify the KMS key to use. If you do not specify a KMS key, the key specified for encryption by default is used. |
| Enabled | Encrypted | Automatically encrypted | You can specify the KMS key to use. If you do not specify a KMS key, the key specified for encryption by default is used. |
## Copy a snapshot
You can copy snapshots from one Region to another. You can copy an unencrypted snapshot to an encrypted snapshot. However, if you attempt to copy an encrypted snapshot without having permissions to use the encryption key, the operation fails silently and the snapshot copy receives the "Given key ID is not accessible" status message.
------
#### [ Console ]
**To copy a snapshot**
1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/).
1. In the navigation pane, choose **Snapshots**.
1. Select the snapshot to copy, and then choose **Actions**, **Copy snapshot**.
1. For **Description**, enter a brief description for the snapshot copy.
By default, the description includes information about the source snapshot so that you can identify a copy from the original.
1. Specify the destination for the snapshot copy.
+ To copy the snapshot to the same Region or to a different Region, select **AWS Region** and then select the destination Region.
+ To copy the snapshot to a Local Zone, select **AWS Local Zone** and then select the destination Local Zone.
+ (*Outpost customers only*) To copy the snapshot to an Outpost, select **AWS Outpost** and then enter the ARN of the destination Outpost.
1. If you need the snapshot copy to be completed within a specific timeframe, select **Enable time-based copy**. For **Completion duration**, enter the required completion duration, in 15-minute increments. For more information, [Time-based copies for Amazon EBS snapshots and EBS-backed AMIs](time-based-copies.md).
If you do not need the snapshot copy to be completed in a specific timeframe, do not enable time-based copy. In this case, the snapshot copy is completed on a best-effort basis.
1. (*Outpost customers only*) To create the snapshot copy on an Outpost in the selected Region, for **Snapshot destination** choose **AWS Outpost**, and then for **Destination Outpost ARN**, enter the ARN of the Outpost to which to copy the snapshot. The **Snapshot destination** field appears only if you have and Outpost in the selected Region.
1. Specify the encryption status for the snapshot copy.
If the source snapshot is encrypted, or if your account is enabled for [encryption by default](encryption-by-default.md), the snapshot copy is automatically encrypted. If the source snapshot is unencrypted and your account is not enabled for encryption by default, encryption is optional.
1. Choose **Copy snapshot**.
------
#### [ AWS CLI ]
**To copy a snapshot to another Region**
Use the [copy-snapshot](https://docs.aws.amazon.com/cli/latest/reference/ec2/copy-snapshot.html) command. The following example copies the specified snapshot from the source Region to the current Region, which is specified by the `--region` option.
```
aws ec2 copy-snapshot \
--source-snapshot-id snap-0abcdef1234567890 \
--source-region us-east-1 \
--region us-west-2
```
**To copy an unencrypted snapshot to an encrypted snapshot**
Use the [copy-snapshot](https://docs.aws.amazon.com/cli/latest/reference/ec2/copy-snapshot.html) command. The following example copies the specified unencrypted snapshot from the source Region to the current Region, encrypting the new snapshot using the specified KMS key.
```
aws ec2 copy-snapshot \
--source-snapshot-id snap-0abcdef1234567890 \
--source-region us-east-1 \
--encrypted \
--kms-key-id alias/my-kms-key
```
------
#### [ PowerShell ]
**To copy a snapshot to another Region**
Use the [Copy-EC2Snapshot](https://docs.aws.amazon.com/powershell/latest/reference/items/Copy-EC2Snapshot.html) cmdlet. The following example copies the specified snapshot from the source Region to the current Region, which is specified by the `--region` option.
```
Copy-EC2Snapshot `
-SourceSnapshotId snap-0abcdef1234567890 `
-SourceRegion us-east-1 `
-Region us-west-2
```
**To copy an unencrypted snapshot to an encrypted snapshot**
Use the [Copy-EC2Snapshot](https://docs.aws.amazon.com/powershell/latest/reference/items/Copy-EC2Snapshot.html) cmdlet. The following example copies the specified unencrypted snapshot from the source Region to the current Region, encrypting the new snapshot using the specified KMS key.
```
Copy-EC2Snapshot `
-SourceSnapshotId snap-0abcdef1234567890 `
-SourceRegion us-east-1 `
-Encrypted $true `
-KmsKeyId alias/my-kms-key
```
------
# Share an Amazon EBS snapshot with other AWS accounts
You can modify the permissions of a snapshot if you want to share it with other AWS accounts. You can share snapshots publicly with all other AWS accounts, or you can share them privately with individual AWS accounts that you specify. Users that you have authorized can use the snapshots that you share to create their own EBS volumes, while your original snapshot remains unaffected.
**Important**
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people that you trust with *all* of your snapshot data.
To prevent the public sharing of snapshots, you can enable [Block public access for Amazon EBS snapshots](block-public-access-snapshots.md).
**Topics**
+ [Before you share a snapshot](#share-snapshot-considerations)
+ [Share a snapshot](#share-unencrypted-snapshot)
+ [Share a KMS key](share-kms-key.md)
+ [Use shared snapshots](view-shared-snapshot.md)
+ [Determine the use of snapshots that you share](#shared-snapshot-cloudtrail-logging)
## Before you share a snapshot
The following considerations apply to sharing snapshots:
+ If block public access for snapshots is enabled for the Region, attempts to publicly share snapshots will be blocked. Snapshots can still be privately shared.
+ Snapshots are constrained to the Region in which they were created. To share a snapshot with another Region, copy the snapshot to that Region and then share the copy. For more information, see [Copy an Amazon EBS snapshot](ebs-copy-snapshot.md).
+ You can't share snapshots that are encrypted with the default AWS managed key. You can only share snapshots that are encrypted with a customer managed key. For more information, see [Creating Keys](https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html) in the *AWS Key Management Service Developer Guide*.
+ You can share only unencrypted snapshots publicly.
+ When you share an encrypted snapshot, you must also share the customer managed key used to encrypt the snapshot. For more information, see [Share the KMS key used to encrypt a shared Amazon EBS snapshot](share-kms-key.md).
## Share a snapshot
You can share a snapshot publicly or with specific AWS accounts.
------
#### [ Console ]
**To share a snapshot**
1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/).
1. In the navigation pane, choose **Snapshots**.
1. Select the snapshot to share, and then choose **Actions**, **Modify permissions**.
1. Specify the snapshot's permissions. *Current setting* indicates the snapshot's current sharing permissions.
+ To share the snapshot publicly with all AWS accounts, choose **Public**.
+ To share the snapshot privately with specific AWS accounts, choose **Private**. Then, in the **Sharing accounts** section, choose **Add account**, and enter the 12-digit account ID (without hyphens) of the account to share with.
1. Choose **Save changes**.
------
#### [ AWS CLI ]
The permissions for a snapshot are specified using the `createVolumePermission` attribute of the snapshot. To make a snapshot public, set the group to `all`. To share a snapshot with a specific AWS account, set the user to the ID of the AWS account.
**To share a snapshot publicly**
Use the [modify-snapshot-attribute](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-snapshot-attribute.html) command.
For `--attribute`, specify `createVolumePermission`. For `--operation-type`, specify `add`. For `--group-names`, specify `all`.
```
aws ec2 modify-snapshot-attribute \
--snapshot-id snap-0abcdef1234567890 \
--attribute createVolumePermission \
--operation-type add \
--group-names all
```
**To share a snapshot privately**
Use the [modify-snapshot-attribute](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-snapshot-attribute.html) command.
For `--attribute`, specify `createVolumePermission`. For `--operation-type`, specify `add`. For `--user-ids`, specify the 12-digit IDs of the AWS accounts with which to share the snapshots.
```
aws ec2 modify-snapshot-attribute \
--snapshot-id snap-0abcdef1234567890 \
--attribute createVolumePermission \
--operation-type add \
--user-ids 123456789012 111122223333
```
------
#### [ PowerShell ]
The permissions for a snapshot are specified using the `createVolumePermission` attribute of the snapshot. To make a snapshot public, set the group to `all`. To share a snapshot with a specific AWS account, set the user to the ID of the AWS account.
**To share a snapshot publicly**
Use the [Edit-EC2SnapshotAttribute](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2SnapshotAttribute.html) cmdlet.
For `-Attribute`, specify `CreateVolumePermission`. For `-OperationType`, specify `Add`. For `-GroupName`, specify `all`.
```
Edit-EC2SnapshotAttribute `
-SnapshotId snap-0abcdef1234567890 `
-Attribute CreateVolumePermission `
-OperationType Add `
-GroupName all
```
**To share a snapshot privately**
Use the [Edit-EC2SnapshotAttribute](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2SnapshotAttribute.html) cmdlet.
For `-Attribute`, specify `CreateVolumePermission`. For `-OperationType`, specify `Add`. For `UserId`, specify the 12-digit IDs of the AWS accounts with which to share the snapshots.
```
Edit-EC2SnapshotAttribute `
-SnapshotId snap-0abcdef1234567890 `
-Attribute CreateVolumePermission `
-OperationType Add `
-UserId 123456789012 111122223333
```
------
# Share the KMS key used to encrypt a shared Amazon EBS snapshot
When you share an encrypted snapshot, you must also share the customer managed key used to encrypt the snapshot. You can apply cross-account permissions to a customer managed key either when it is created or at a later time.
Users of your shared customer managed key who are accessing encrypted snapshots must be granted permissions to perform the following actions on the key:
+ `kms:DescribeKey`
+ `kms:CreateGrant`
+ `kms:GenerateDataKey`
+ `kms:GenerateDataKeyWithoutPlaintext`
+ `kms:ReEncrypt`
+ `kms:Decrypt`
**Tip**
To follow the principle of least privilege, do not allow full access to `kms:CreateGrant`. Instead, use the `kms:GrantIsForAWSResource` condition key to allow the user to create grants on the KMS key only when the grant is created on the user's behalf by an AWS service.
For more information about controlling access to a customer managed key, see [ Using key policies in AWS KMS](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html) in the *AWS Key Management Service Developer Guide*.
**To share customer managed key using the AWS KMS console**
1. Open the AWS KMS console at [https://console.aws.amazon.com/kms](https://console.aws.amazon.com/kms).
1. To change the AWS Region, use the Region selector in the upper-right corner of the page.
1. Choose **Customer managed keys** in the navigation pane.
1. In the **Alias** column, choose the alias (text link) of the customer managed key that you used to encrypt the snapshot. The key details open in a new page.
1. In the **Key policy** section, you see either the *policy view* or the *default view*. The policy view displays the key policy document. The default view displays sections for **Key administrators**, **Key deletion**, **Key Use**, and **Other AWS accounts**. The default view displays if you created the policy in the console and have not customized it. If the default view is not available, you'll need to manually edit the policy in the policy view. For more information, see [Viewing a Key Policy (Console)](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-viewing.html#key-policy-viewing-console) in the *AWS Key Management Service Developer Guide*.
Use either the policy view or the default view, depending on which view you can access, to add one or more AWS account IDs to the policy, as follows:
+ (Policy view) Choose **Edit**. Add one or more AWS account IDs to the following statements: `"Allow use of the key"` and `"Allow attachment of persistent resources"`. Choose **Save changes**. In the following example, the AWS account ID `444455556666` is added to the policy.
```
{
"Sid": "Allow use of the key",
"Effect": "Allow",
"Principal": {"AWS": [
"arn:aws:iam::111122223333:user/KeyUser",
"arn:aws:iam::444455556666:root"
]},
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
},
{
"Sid": "Allow attachment of persistent resources",
"Effect": "Allow",
"Principal": {"AWS": [
"arn:aws:iam::111122223333:user/KeyUser",
"arn:aws:iam::444455556666:root"
]},
"Action": [
"kms:CreateGrant",
"kms:ListGrants",
"kms:RevokeGrant"
],
"Resource": "*",
"Condition": {"Bool": {"kms:GrantIsForAWSResource": true}}
}
```
+ (Default view) Scroll down to **Other AWS accounts**. Choose **Add other AWS accounts** and enter the AWS account ID as prompted. To add another account, choose **Add another AWS account** and enter the AWS account ID. When you have added all AWS accounts, choose **Save changes**.
# Use Amazon EBS snapshots that are shared with you
**To use a shared unencrypted snapshot**
Locate the shared snapshot by ID or description. You can use this snapshot as you would any other snapshot that you own in your account. For example, you can create a volume from the snapshot or copy it to a different Region.
**To use a shared encrypted snapshot**
Locate the shared snapshot by ID or description. Create a copy of the shared snapshot in your account, and encrypt the copy with a KMS key that you own. You can then use the copy to create volumes or you can copy it to different Regions.
------
#### [ Console ]
**To view snapshot permissions**
1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/).
1. In the navigation pane, choose **Snapshots**.
1. Select the snapshot.
1. If the filter is **Owned by me**, the snapshot is owned by this account. If the filter is **Private snapshots**, the snapshot is either owned by this account or shared specifically with this account. Select a snapshot and on the **Details** tab, check whether **Owner** specifies this account or a different account.
------
#### [ AWS CLI ]
**To view snapshot permissions**
Use the [describe-snapshot-attribute](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-snapshot-attribute.html) command to get the snapshot permissions of the specified snapshot.
```
aws ec2 describe-snapshot-attribute \
--snapshot-id snap-0abcdef1234567890 \
--attribute createVolumePermission
```
The following is example output.
```
{
"SnapshotId": "snap-0abcdef1234567890",
"CreateVolumePermissions": [
{
"UserId": "111122223333"
}
]
}
```
------
#### [ PowerShell ]
**To view snapshot permissions**
Use the [Get-EC2SnapshotAttribute](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2SnapshotAttribute.html) cmdlet.
```
(Get-EC2SnapshotAttribute `
-SnapshotId snap-0abcdef1234567890 `
-Attribute createVolumePermission).CreateVolumePermissions
```
The following is example output.
```
Group UserId
----- ------
111122223333
```
------
## Determine the use of snapshots that you share
You can use AWS CloudTrail to monitor whether a snapshot that you have shared with others is copied or used to create a volume. The following events are logged in CloudTrail when an action is taken on a snapshot you have shared::
+ **SharedSnapshotCopyInitiated** — A shared snapshot is being copied.
+ **SharedSnapshotVolumeCreated** — A shared snapshot is being used to create a volume.
For more information about using CloudTrail, see [ Log Amazon EC2 and Amazon EBS API calls with AWS CloudTrail](https://docs.aws.amazon.com//AWSEC2/latest/UserGuide/monitor-with-cloudtrail.html).
# Archive Amazon EBS snapshots
Amazon EBS Snapshots Archive is a storage tier that you can use for low-cost, long-term storage of your rarely-accessed snapshots that do not need frequent or fast retrieval.
By default, when you create a snapshot, it is stored in the Amazon EBS Snapshot Standard tier (*standard tier*). Snapshots stored in the standard tier are incremental. This means that only the blocks on the volume that have changed after your most recent snapshot are saved.
When you archive a snapshot, the incremental snapshot is converted to a full snapshot, and it is moved from the standard tier to the Amazon EBS Snapshots Archive tier (*archive tier*). Full snapshots include all of the blocks that were written to the volume at the time when the snapshot was created.
When you need to access an archived snapshot, you can restore it from the archive tier to the standard tier, and then use it in the same way that you use any other snapshot in your account.
Amazon EBS Snapshots Archive offers up to 75 percent lower snapshot storage costs for snapshots that you plan to store for 90 days or longer and that you rarely need to access.
Some typical use cases include:
+ Archiving the only snapshot of a volume, such as end-of-project snapshots
+ Archiving full, point-in-time incremental snapshots for compliance reasons.
+ Archiving monthly, quarterly, or yearly incremental snapshots.
**Topics**
+ [Quotas](#archive-quotas)
+ [Considerations and limitations](snapshot-archive-considerations.md)
+ [Pricing and billing](snapshot-archive-pricing.md)
+ [Guidelines and best practices](archiving-guidelines.md)
+ [Required permissions](snapshot-archiving-iam.md)
+ [Archive a snapshot](archive-snapshot.md)
+ [Restore an archived snapshot](restore-archived-snapshot.md)
+ [Modify the restore period](modify-temp-restore-period.md)
+ [View archived snapshots](view-archived-snapshot.md)
+ [Monitor snapshot archiving](monitor-snapshot-archiving.md)
## Quotas
This section describes the default quotas for archived and in-progress snapshots.
| Quota | Default quota |
| --- | --- |
| Archived snapshots per volume | 25 |
| Concurrent in-progress snapshot archives per account | 25 |
| Concurrent in-progress snapshot restores per account | 5 |
If you need more than the default limits, complete the Support Center [Create case](https://console.aws.amazon.com/support/home#/case/create?issueType=service-limit-increase&limitType=service-code-ebs) form to request a limit increase.
# Considerations and limitations for archiving Amazon EBS snapshots
Keep the following in mind when archiving Amazon EBS snapshots.
**Considerations**
+ The minimum archive period is 90 days. If you delete or permanently restore an archived snapshot before the minimum archive period of 90 days, you are billed for remaining days in the archive tier, rounded to the nearest hour. For more information, see [Pricing and billing for archiving Amazon EBS snapshots](snapshot-archive-pricing.md).
+ It can take up to 72 hours to restore an archived snapshot from the archive tier to the standard tier, depending on the size of the snapshot.
+ Archived snapshots are always full snapshots. A full snapshot contains all the blocks written to the volume at the time the snapshot was created. The full snapshot will likely be larger than the incremental snapshot from which it was created. However, if you have only one snapshot of a volume on the standard tier, the size of the full snapshot in the archive tier will be the same size as the snapshot in standard tier. This is because the first snapshot taken of a volume is always a full snapshot. To get the full snapshot size, use the [ describe-snapshots](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-snapshots.html) AWS CLI command.
+ Archiving is recommended for monthly, quarterly, or yearly snapshots. Archiving daily incremental snapshots of a single volume can lead to higher costs when compared to keeping them in the standard tier.
+ When a snapshot is archived, the data of the snapshot that is referenced by other snapshots in the snapshot lineage are retained in the standard tier. Data and storage costs associated with the referenced data that is retained on the standard tier are allocated to the next snapshot in the lineage. This ensures that subsequent snapshots in the lineage are not affected by the archival.
+ If you delete an archived snapshot that matches a Recycle Bin retention rule, the archived snapshot is retained in the Recycle Bin for the retention period defined in the retention rule. To use the snapshot, you must first recover it from the Recycle Bin and then restore it from the archive tier. For more information, see [Recycle Bin](recycle-bin.md) and [Pricing and billing for archiving Amazon EBS snapshots](snapshot-archive-pricing.md).
+ You can't use an archived snapshot in a block device mapping or to create an Amazon EBS volume.
+ You can archive snapshots created by AWS Backup using the AWS Backup console, APIs, or command line tools. For more information, see [ Creating a backup plan](https://docs.aws.amazon.com/aws-backup/latest/devguide/creating-a-backup-plan.html) in the *AWS Backup Developer Guide*.
**Limitations**
+ You can archive snapshots that are in the `completed` state only.
+ You can archive only snapshots that you own in your account. To archive a snapshot that is shared with you, first copy the snapshot to your account and then archive the snapshot copy.
+ Before you can use an archived snapshot, you must first restore it to the standard tier. Restoring to the standard tier is required to create a volume from the snapshot through the `CreateVolume` and `RunInstances` API operations as well as to share or copy a snapshot. For more information, see [Restore an archived Amazon EBS snapshot](restore-archived-snapshot.md).
+ You can archive a snapshot that is associated with one or more AMIs only if all of the associated AMIs are disabled. For more information, see [Disable an AMI](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/disable-an-ami.html).
+ You can't enable a disabled AMI if the associated snapshots are temporarily restored. All of the associated snapshots must be permanently restored before you can enable the AMI.
+ You can't cancel the snapshot archive or snapshot restore process after it has been started.
+ You can't share archived snapshots. If you archive a snapshot that you have shared with other accounts, the accounts with which the snapshot is shared lose access after the snapshot is archived.
+ You can't copy an archived snapshot. If you need to copy an archived snapshot, you must first restore it.
+ You can't enable fast snapshot restore for an archived snapshot. Fast snapshot restore is automatically disabled when a snapshot is archived. If you need to use fast snapshot restore, you must manually enable it after restoring the snapshot.
# Pricing and billing for archiving Amazon EBS snapshots
Archived snapshots are billed at a rate of \$10.0125 per GB-month. For example, if you archive a 100 GiB snapshot, you are billed \$11.25 (100 GiB \$1 \$10.0125) per month.
Snapshot restores are billed at a rate of \$10.03 per GB of data restored. For example, if you restore a 100 GiB snapshot from the archive tier, you are billed one time for \$13 (100 GiB \$1 \$10.03).
After the snapshot is restored to the standard tier, the snapshot is billed at the standard rate for snapshots of \$10.05 per GB-month.
For more information, see [Amazon EBS pricing](https://aws.amazon.com/ebs/pricing/).
**Billing for the minimum archive period**
The minimum archive period is 90 days. If you delete or permanently restore an archived snapshot before the minimum archive period of 90 days, you are billed a pro-rated charge equal to the archive tier storage charge for the remaining days, rounded to the nearest hour. For example, if you delete or permanently restore an archived snapshot after 40 days, you are billed for the remaining 50 days of the minimum archive period.
**Note**
Temporarily restoring an archived snapshot before the minimum archive period of 90 days does not incur this charge.
**Temporary restores**
When you temporarily restore a snapshot, the snapshot is restored from the archive tier to the standard tier, and a copy of the snapshot remains in the archive tier. You are billed for both the snapshot in the standard tier and the snapshot copy in the archive tier for the duration of the temporary restore period. When the temporarily restored snapshot is removed from the standard tier, you are no longer billed for it, and you are billed for the snapshot in the archive tier only.
**Permanent restores**
When you permanently restore a snapshot, the snapshot is restored from the archive tier to the standard tier, and the snapshot is deleted from the archive tier. You are billed for the snapshot in the standard tier only.
**Deleting snapshots**
If you delete a snapshot while it is being archived, you are billed for the snapshot data that has already been moved to the archive tier. This data is subject to the minimum archive period of 90 days and billed accordingly upon deletion. For example, if you archive a 100 GiB snapshot, and you delete the snapshot after only 40 GiB has been archived, you are billed \$11.50 for the minimum archive period of 90 days for the 40 GiB that has already been archived (\$10.0125 per GB-month \$1 40 GB \$1 (90 days \$1 24 hours) / (24 hours/day \$1 30-day month).
If you delete a snapshot while it is being restored from the archive tier, you are billed for the snapshot restore for the full size of the snapshot (snapshot size \$1 \$10.03). For example, if you restore a 100 GiB snapshot from the archive tier, and you delete the snapshot at any point before the snapshot restore completes, you are billed \$13 (100 GiB snapshot size \$1 \$10.03).
**Recycle Bin**
Archived snapshots are billed at the rate for archived snapshots while they are in the Recycle Bin. Archived snapshots that are in the Recycle Bin are subject to the minimum archive period of 90 days and they are billed accordingly if they are deleted by Recycle Bin before the minimum archive period. In other words, if a retention rule deletes an archived snapshot from the Recycle Bin before the minimum period of 90 days, you are billed for the remaining days.
If you delete a snapshot that matches a retention rule while the snapshot is being archived, the archived snapshot is retained in the Recycle Bin for the retention period defined in the retention rule. It is billed at the rate for archived snapshots.
If you delete a snapshot that matches a retention rule while the snapshot is being restored, the restored snapshot is retained in the Recycle Bin for the remainder of the retention period, and billed at the standard snapshot rate. To use the restored snapshot, you must first recover it from the Recycle Bin.
For more information, see [Recycle Bin](recycle-bin.md).
**Cost tracking**
Archived snapshots appear in the AWS Cost and Usage Report with their same resource ID and Amazon Resource Name (ARN). For more information, see the [AWS Cost and Usage Report User Guide](https://docs.aws.amazon.com/cur/latest/userguide/what-is-cur.html).
You can use the following usage types to identify the associated costs:
+ `SnapshotArchiveStorage` — fee for monthly data storage
+ `SnapshotArchiveRetrieval` — one-time fee for snapshot restores
+ `SnapshotArchiveEarlyDelete` — fee for deleting or permanently restoring a snapshot before the minimum archive period (90 days)
# Guidelines and best practices for archiving Amazon EBS snapshots
This section provides some guidelines and best practices for archiving snapshots.
**Topics**
+ [Archiving the only snapshot of a volume](#guidelines-single-snapshot)
+ [Archiving incremental snapshots of a single volume](#guidelines-incremental-snapshot)
+ [Archiving full snapshots for compliance reasons](#guidelines-full-snapshot)
+ [Determining the reduction in standard tier storage costs](#archive-guidelines)
## Archiving the only snapshot of a volume
When you have only one snapshot of a volume, the snapshot is always the same size as the blocks written to the volume at the time the snapshot was created. When you archive such a snapshot, the snapshot in the standard tier is converted to an equivalent-sized full snapshot and it is moved from the standard tier to the archive tier.
Archiving these snapshots can help you save with lower storage costs. If you no longer need the source volume, you can delete the volume for further storage cost savings.
![\[Creating a snapshot, archiving it, and then deleting the source volume.\]](http://docs.aws.amazon.com/ebs/latest/userguide/images/archive-single-snap.png)
## Archiving incremental snapshots of a single volume
When you archive an incremental snapshot, the snapshot is converted to a full snapshot and it is moved to the archive tier. For example, in the following image, if you archive **Snap B**, the snapshot is converted to a full snapshot that is 10 GiB in size and moved to the archive tier. Similarly, if you archive **Snap C**, the size of the full snapshot in the archive tier is 14 GiB.
![\[Archiving incremental snapshots of a volume.\]](http://docs.aws.amazon.com/ebs/latest/userguide/images/snapshot_1e.png)
If you are archiving snapshots to reduce your storage costs in the standard tier, you should not archive the first snapshot in a set of incremental snapshots. These snapshots are referenced by subsequent snapshots in the snapshot lineage. In most cases, archiving these snapshots will not reduce storage costs.
**Note**
You should not archive the last snapshot in a set of incremental snapshots. The last snapshot is the most recent snapshot taken of a volume. You will need this snapshot in the standard tier if you want to create volumes from it in the case of a volume corruption or loss.
If you archive a snapshot that contains data that is referenced by a later snapshot in the lineage, the data storage and storage costs associated with the referenced data are allocated to the later snapshot in the lineage. In this case, archiving the snapshot will not reduce data storage or storage costs. For example, in the preceding image, if you archive **Snap B**, its 4 GiB of data is attributed to **Snap C**. In this case, your overall storage costs will increase because you incur storage costs for the full version of **Snap B** in the archive tier, and your storage costs for the standard tier remain unchanged.
If you archive **Snap C**, your standard tier storage will decrease by 4 GiB because the data is not referenced by any other snapshots later in the lineage. And your archive tier storage will increase by 14 GiB because the snapshot is converted to a full snapshot.
## Archiving full snapshots for compliance reasons
You might need to create full backups of volumes on a monthly, quarterly, or yearly basis for compliance reasons. For these backups, you might need standalone snapshots without backward or forward references to other snapshots in the snapshot lineage. Snapshots archived with EBS Snapshots Archive are full snapshots, and they do not have any references to other snapshots in the lineage. Additionally, you will likely need to retain these snapshots for compliance reasons for several years. EBS Snapshots Archive makes it cost-effective to archive these full snapshots for long-term retention.
## Determining the reduction in standard tier storage costs
If you want to archive an incremental snapshot to reduce your storage costs, you should consider the size of the full snapshot in the archive tier and the reduction in storage in the standard tier. This section explains how to do this.
**Important**
The API responses are data accurate at the point-in-time when the APIs are called. API responses can differ as the data associated with a snapshot changes as a result of changes in the snapshot lineage.
To determine the reduction in storage and storage costs in the standard tier, use the following steps.
1. For the snapshot that you want to archive, check the full snapshot size and the source volume from which it was created. Use the [ describe-snapshots](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-snapshots.html) command, and for `--snapshot-id`, specify the ID of the snapshot that you want to archive.
```
$ aws ec2 describe-snapshots --snapshot-id snapshot_id
```
The `FullSnapshotSizeInBytes` reponse value indicates the full snapshot size, in bytes, and the `VolumeId` response value indicates the ID of the source volume.
For example, the following command returns information about snapshot `snap-09c9114207084f0d9`.
```
$ aws ec2 describe-snapshots --snapshot-id snap-09c9114207084f0d9
```
The following example output shows that the full snapshot size is `5678912341` bytes (5.28 GiB), and the source volume is `vol-0f3e2c292c52b85c3`.
```
{
"Snapshots": [
{
"Description": "",
"Tags": [],
"Encrypted": false,
"VolumeId": "vol-0f3e2c292c52b85c3",
"State": "completed",
"VolumeSize": 8,
"StartTime": "2021-11-16T08:29:49.840Z",
"Progress": "100%",
"OwnerId": "123456789012",
"FullSnapshotSizeInBytes" : "5678912341",
"SnapshotId": "snap-09c9114207084f0d9"
}
]
}
```
1. Find all of the snapshots created from the source volume. Use the [describe-snapshots](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-snapshots.html) command. Specify the `volume-id` filter, and for the filter value, specify the volume ID from the previous step.
```
$ aws ec2 describe-snapshots --filters "Name=volume-id, Values=volume_id"
```
For example, the following command returns all snapshots created from volume `vol-0f3e2c292c52b85c3`.
```
$ aws ec2 describe-snapshots --filters "Name=volume-id, Values=vol-0f3e2c292c52b85c3"
```
The following is the command output, which indicates that three snapshots were created from volume `vol-0f3e2c292c52b85c3`.
```
{
"Snapshots": [
{
"Description": "",
"Tags": [],
"Encrypted": false,
"VolumeId": "vol-0f3e2c292c52b85c3",
"State": "completed",
"VolumeSize": 8,
"StartTime": "2021-11-14T08:57:39.300Z",
"Progress": "100%",
"OwnerId": "123456789012",
"SnapshotId": "snap-08ca60083f86816b0"
},
{
"Description": "",
"Tags": [],
"Encrypted": false,
"VolumeId": "vol-0f3e2c292c52b85c3",
"State": "completed",
"VolumeSize": 8,
"StartTime": "2021-11-15T08:29:49.840Z",
"Progress": "100%",
"OwnerId": "123456789012",
"SnapshotId": "snap-09c9114207084f0d9"
},
{
"Description": "01",
"Tags": [],
"Encrypted": false,
"VolumeId": "vol-0f3e2c292c52b85c3",
"State": "completed",
"VolumeSize": 8,
"StartTime": "2021-11-16T07:50:08.042Z",
"Progress": "100%",
"OwnerId": "123456789012",
"SnapshotId": "snap-024f49fe8dd853fa8"
}
]
}
```
1. Using the output from the previous command, sort the snapshots by their creation times, from oldest to newest. The `StartTime` response parameter for each snapshot indicates its creation time, in UTC time format.
For example, the snapshots returned in the previous step arranged by creation time, from oldest to newest, is as follows:
1. `snap-08ca60083f86816b0` (oldest – created before the snapshot that you want to archive)
1. `snap-09c9114207084f0d9` (the snapshot to archive)
1. `snap-024f49fe8dd853fa8` (newest – created after the snapshot that you that want to archive)
1. Identify the snapshots that were created immediately before and after the snapshot that you want to archive. In this case, you want to archive snapshot `snap-09c9114207084f0d9`, which was the second incremental snapshot created in the set of three snapshots. Snapshot `snap-08ca60083f86816b0` was created immediately before, and snapshot `snap-024f49fe8dd853fa8` was created immediately after.
1. Find the unreferenced data in the snapshot that you want to archive. First, find the blocks that are different between the snapshot that was created immediately before the snapshot that you want to archive, and the snapshot that you want to archive. Use the [list-changed-blocks](https://docs.aws.amazon.com/cli/latest/reference/ebs/list-changed-blocks.html) command. For `--first-snapshot-id`, specify the ID of the snapshot that was created immediately before the snapshot that you want to archive. For `--second-snapshot-id`, specify the ID of the snapshot that you want to archive.
```
$ aws ebs list-changed-blocks --first-snapshot-id snapshot_created_before --second-snapshot-id snapshot_to_archive
```
For example, the following command shows the block indexes for the blocks that are different between snapshot `snap-08ca60083f86816b0` (the snapshot created before the snapshot you want to archive), and snapshot `snap-09c9114207084f0d9` (the snapshot you want to archive).
```
$ aws ebs list-changed-blocks --first-snapshot-id snap-08ca60083f86816b0 --second-snapshot-id snap-09c9114207084f0d9
```
The following shows the command output, with some blocks omitted.
```
{
"BlockSize": 524288,
"ChangedBlocks": [
{
"FirstBlockToken": "ABgBAX6y+WH6Rm9y5zq1VyeTCmEzGmTT0jNZG1cDirFq1rOVeFbWXsH3W4z/",
"SecondBlockToken": "ABgBASyx0bHHBnTERu+9USLxYK/81UT0dbHIUFqUjQUkwTwK5qkjP8NSGyNB",
"BlockIndex": 4
},
{
"FirstBlockToken": "ABgBAcfL+EfmQmlNgstqrFnYgsAxR4SDSO4LkNLYOOChGBWcfJnpn90E9XX1",
"SecondBlockToken": "ABgBAdX0mtX6aBAt3EBy+8jFCESMpig7csKjbO2Ocd08m2iNJV2Ue+cRwUqF",
"BlockIndex": 5
},
{
"FirstBlockToken": "ABgBAVBaFJmbP/eRHGh7vnJlAwyiyNUi3MKZmEMxs2wC3AmM/fc6yCOAMb65",
"SecondBlockToken": "ABgBAdewWkHKTcrhZmsfM7GbaHyXD1Ctcn2nppz4wYItZRmAo1M72fpXU0Yv",
"BlockIndex": 13
},
{
"FirstBlockToken": "ABgBAQGxwuf6z095L6DpRoVRVnOqPxmx9r7Wf6O+i+ltZ0dwPpGN39ijztLn",
"SecondBlockToken": "ABgBAUdlitCVI7c6hGsT4ckkKCw6bMRclnV+bKjViu/9UESTcW7CD9w4J2td",
"BlockIndex": 14
},
{
"FirstBlockToken": "ABgBAZBfEv4EHS1aSXTXxSE3mBZG6CNeIkwxpljzmgSHICGlFmZCyJXzE4r3",
"SecondBlockToken": "ABgBAVWR7QuQQB0AP2TtmNkgS4Aec5KAQVCldnpc91zBiNmSfW9ouIlbeXWy",
"BlockIndex": 15
},
.....
{
"SecondBlockToken": "ABgBAeHwXPL+z3DBLjDhwjdAM9+CPGV5VO5Q3rEEA+ku50P498hjnTAgMhLG",
"BlockIndex": 13171
},
{
"SecondBlockToken": "ABgBAbZcPiVtLx6U3Fb4lAjRdrkJMwW5M2tiCgIp6ZZpcZ8AwXxkjVUUHADq",
"BlockIndex": 13172
},
{
"SecondBlockToken": "ABgBAVmEd/pQ9VW9hWiOujOAKcauOnUFCO+eZ5ASVdWLXWWC04ijfoDTpTVZ",
"BlockIndex": 13173
},
{
"SecondBlockToken": "ABgBAT/jeN7w+8ALuNdaiwXmsSfM6tOvMoLBLJ14LKvavw4IiB1d0iykWe6b",
"BlockIndex": 13174
},
{
"SecondBlockToken": "ABgBAXtGvUhTjjUqkwKXfXzyR2GpQei/+pJSG/19ESwvt7Hd8GHaUqVs6Zf3",
"BlockIndex": 13175
}
],
"ExpiryTime": 1637648751.813,
"VolumeSize": 8
}
```
Next, use the same command to find blocks that are different between the snapshot that you want to archive and the snapshot that was created immediately after it. For `--first-snapshot-id`, specify the ID of the snapshot that you want to archive. For `--second-snapshot-id`, specify the ID of the snapshot that was created immediately after the snapshot that you want to archive.
```
$ aws ebs list-changed-blocks --first-snapshot-id snapshot_to_archive --second-snapshot-id snapshot_created_after
```
For example, the following command shows the block indexes of the blocks that are different between snapshot `snap-09c9114207084f0d9` (the snapshot that you want to archive) and snapshot `snap-024f49fe8dd853fa8` (the snapshot created after the snapshot that you want to archive).
```
$ aws ebs list-changed-blocks --first-snapshot-id snap-09c9114207084f0d9 --second-snapshot-id snap-024f49fe8dd853fa8
```
The following shows the command output, with some blocks omitted.
```
{
"BlockSize": 524288,
"ChangedBlocks": [
{
"FirstBlockToken": "ABgBAVax0bHHBnTERu+9USLxYK/81UT0dbSnkDk0gqwRFSFGWA7HYbkkAy5Y",
"SecondBlockToken": "ABgBASEvi9x8Om7Htp37cKG2NT9XUzEbLHpGcayelomSoHpGy8LGyvG0yYfK",
"BlockIndex": 4
},
{
"FirstBlockToken": "ABgBAeL0mtX6aBAt3EBy+8jFCESMpig7csfMrI4ufnQJT3XBm/pwJZ1n2Uec",
"SecondBlockToken": "ABgBAXmUTg6rAI+v0LvekshbxCVpJjWILvxgC0AG0GQBEUNRVHkNABBwXLkO",
"BlockIndex": 5
},
{
"FirstBlockToken": "ABgBATKwWkHKTcrhZmsfM7GbaHyXD1CtcnjIZv9YzisYsQTMHfTfh4AhS0s2",
"SecondBlockToken": "ABgBAcmiPFovWgXQio+VBrxOqGy4PKZ9SAAHaZ2HQBM9fQQU0+EXxQjVGv37",
"BlockIndex": 13
},
{
"FirstBlockToken": "ABgBAbRlitCVI7c6hGsT4ckkKCw6bMRclnARrMt1hUbIhFnfz8kmUaZOP2ZE",
"SecondBlockToken": "ABgBAXe935n544+rxhJ0INB8q7pAeoPZkkD27vkspE/qKyvOwpozYII6UNCT",
"BlockIndex": 14
},
{
"FirstBlockToken": "ABgBAd+yxCO26I+1Nm2KmuKfrhjCkuaP6LXuol3opCNk6+XRGcct4suBHje1",
"SecondBlockToken": "ABgBAcPpnXz821NtTvWBPTz8uUFXnS8jXubvghEjZulIjHgc+7saWys77shb",
"BlockIndex": 18
},
.....
{
"SecondBlockToken": "ABgBATni4sDE5rS8/a9pqV03lU/lKCW+CTxFl3cQ5p2f2h1njpuUiGbqKGUa",
"BlockIndex": 13190
},
{
"SecondBlockToken": "ABgBARbXo7zFhu7IEQ/9VMYFCTCtCuQ+iSlWVpBIshmeyeS5FD/M0i64U+a9",
"BlockIndex": 13191
},
{
"SecondBlockToken": "ABgBAZ8DhMk+rROXa4dZlNK45rMYnVIGGSyTeiMli/sp/JXUVZKJ9sMKIsGF",
"BlockIndex": 13192
},
{
"SecondBlockToken": "ABgBATh6MBVE904l6sqOC27s1nVntFUpDwiMcRWGyJHy8sIgGL5yuYXHAVty",
"BlockIndex": 13193
},
{
"SecondBlockToken": "ABgBARuZykaFBWpCWrJPXaPCneQMbyVgnITJqj4c1kJWPIj5Gn61OQyy+giN",
"BlockIndex": 13194
}
],
"ExpiryTime": 1637692677.286,
"VolumeSize": 8
}
```
1. Compare the output returned by both commands in the previous step. If the same block index appears in both command outputs, it indicates that the block contains unreferenced data.
For example, the command output in the previous step indicates that blocks 4, 5, 13, and 14 are unique to snapshot `snap-09c9114207084f0d9` and that they are not referenced by any other snapshots in the snapshot lineage.
To determine the reduction in standard tier storage, multiply the number of blocks that appear in both command outputs by 512 KiB, which is the snapshot block size.
For example, if 9,950 block indexes appear in both command outputs, it indicates that you will decrease standard tier storage by around 4.85 GiB (9,950 blocks \$1 512 KiB = 4.85 GiB).
1. Determine the storage costs for storing the unreferenced blocks in the standard tier for 90 days. Compare this value with the cost of storing the full snapshot, described in step 1, in the archive tier. You can determine your costs savings by comparing the values, assuming that you do not restore the full snapshot from the archive tier during the minimum 90-day period. For more information, see [Pricing and billing for archiving Amazon EBS snapshots](snapshot-archive-pricing.md).
# Required IAM permissions for archiving Amazon EBS snapshots
By default, users don't have permission to use snapshot archiving. To allow users to use snapshot archiving, you must create IAM policies that grant permission to use specific resources and API actions. For more information, see [Creating IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html) in the IAM User Guide.
To use snapshot archiving, users need the following permissions.
+ `ec2:DescribeSnapshotTierStatus`
+ `ec2:ModifySnapshotTier`
+ `ec2:RestoreSnapshotTier`
Console users might need additional permissions such as `ec2:DescribeSnapshots`.
To archive and restore encrypted snapshots, the following additional AWS KMS permissions are required.
+ `kms:CreateGrant`
+ `kms:Decrypt`
+ `kms:DescribeKey`
The following is an example IAM policy that gives IAM users permission to archive, restore, and view encrypted and unencrypted snapshots. It includes the `ec2:DescribeSnapshots` permission for console users. If some permissions are not needed, you can remove them from the policy.
**Tip**
To follow the principle of least privilege, do not allow full access to `kms:CreateGrant`. Instead, use the `kms:GrantIsForAWSResource` condition key to allow the user to create grants on the KMS key only when the grant is created on the user's behalf by an AWS service, as shown in the following example.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"ec2:DescribeSnapshotTierStatus",
"ec2:ModifySnapshotTier",
"ec2:RestoreSnapshotTier",
"ec2:DescribeSnapshots",
"kms:CreateGrant",
"kms:Decrypt",
"kms:DescribeKey"
],
"Resource": "*",
"Condition": {
"Bool": {
"kms:GrantIsForAWSResource": true
}
}
}]
}
```
------
To provide access, add permissions to your users, groups, or roles:
+ Users and groups in AWS IAM Identity Center:
Create a permission set. Follow the instructions in [Create a permission set](https://docs.aws.amazon.com//singlesignon/latest/userguide/howtocreatepermissionset.html) in the *AWS IAM Identity Center User Guide*.
+ Users managed in IAM through an identity provider:
Create a role for identity federation. Follow the instructions in [Create a role for a third-party identity provider (federation)](https://docs.aws.amazon.com//IAM/latest/UserGuide/id_roles_create_for-idp.html) in the *IAM User Guide*.
+ IAM users:
+ Create a role that your user can assume. Follow the instructions in [Create a role for an IAM user](https://docs.aws.amazon.com//IAM/latest/UserGuide/id_roles_create_for-user.html) in the *IAM User Guide*.
+ (Not recommended) Attach a policy directly to a user or add a user to a user group. Follow the instructions in [Adding permissions to a user (console)](https://docs.aws.amazon.com//IAM/latest/UserGuide/id_users_change-permissions.html#users_change_permissions-add-console) in the *IAM User Guide*.
# Archive an Amazon EBS snapshot
You can archive any snapshot that is in the `completed` state and that you own in your account. You can't archive snapshots that are in the `pending` or `error` states, or snapshots that are shared with you. For more information, see [Considerations and limitations for archiving Amazon EBS snapshots](snapshot-archive-considerations.md).
If the snapshot is associated with one or more AMIs, then you must first disable those associated AMIs before you can archive the snapshot. For more information, see [Disable an AMI](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/disable-an-ami.html).
Archived snapshots retain their snapshot ID, encryption status, AWS Identity and Access Management (IAM) permissions, owner information, and resource tags. However, fast snapshot restore and snapshot sharing are automatically disabled after the snapshot is archived.
You can continue to use the snapshot while the archive is in process. As soon as the snapshot tiering status reaches the `archival-complete` state, you can no longer use the snapshot.
------
#### [ Console ]
**To archive a snapshot**
1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/).
1. In the navigation pane, choose **Snapshots**.
1. In the list of snapshots, select the snapshot to archive and then choose **Actions**, **Archive snapshot**.
1. To confirm, choose **Archive snapshot**.
------
#### [ AWS CLI ]
**To archive a snapshot**
Use the [ modify-snapshot-tier](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-snapshot-tier.html) AWS CLI command. For `--snapshot-id`, specify the ID of the snapshot to archive. For `--storage-tier`, specify `archive`.
```
aws ec2 modify-snapshot-tier \
--snapshot-id snap-0abcdef1234567890 \
--storage-tier archive
```
The following is example output. The `TieringStartTime` response parameter indicates the date and time at which the archive process was started, in UTC time format (YYYY-MM-DDTHH:MM:SSZ).
```
{
"SnapshotId": "snap-0abcdef1234567890",
"TieringStartTime": "2021-09-15T16:44:37.574Z"
}
```
------
#### [ PowerShell ]
**To archive a snapshot**
Use the [Edit-EC2SnapshotTier](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2SnapshotTier.html) cmdlet. The following example archives the specified snapshot.
```
Edit-EC2SnapshotTier `
-SnapshotId snap-0abcdef1234567890 `
-StorageTier "archive"
```
------
# Restore an archived Amazon EBS snapshot
Before you can use an archived snapshot, you must first restore it to the standard tier. The restored snapshot has the same snapshot ID, encryption status, IAM permissions, owner information, and resource tags that it had before it was archived. After it is restored, you can use it in the same way that you use any other snapshot in your account. The restored snapshot is always a full snapshot.
When you restore a snapshot, you can choose to restore it **permanently** or **temporarily**.
If you restore a snapshot permanently, the snapshot is moved from the archive tier to the standard tier permanently. The snapshot remains restored and ready for use until you manually re-archive it or you manually delete it. When you permanently restore a snapshot, the snapshot is removed from the archive tier.
If you restore a snapshot temporarily, the snapshot is copied from the archive tier to the standard tier for a restore period that you specify. The snapshot remains restored and ready for use for the restore period only. During the restore period, a copy of the snapshot remains in the archive tier. After the period expires, the snapshot is automatically removed from the standard tier. You can increase or decrease the restore period or change the restore type to permanent at any time during the restore period. For more information, see [Modify the restore period for a temporarily restored Amazon EBS snapshot](modify-temp-restore-period.md).
If you are restoring snapshots that are associated with a disabled AMI, and you intend to use that AMI, you must first **permanently restore** all of the associated snapshots and then [ re-enable a disabled AMI](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/disable-an-ami.html#re-enable-a-disabled-ami) before you can use it. You can't enable an AMI if the associated snapshots are temporarily restored. You can use the following command to find all of the snapshots associated with an AMI.
```
aws ec2 describe-images --image-id ami_id \
--query Images[*].BlockDeviceMappings[*].Ebs[].SnapshotId[]
```
------
#### [ Console ]
**To restore a snapshot from the archive**
Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/).
1. In the navigation pane, choose **Snapshots**.
1. In the list of snapshots, select the archived snapshot to restore, and then choose **Actions**, **Restore snapshot from archive**.
1. Specify the type of restore to perform. For **Restore type**, do one of the following:
+ To restore the snapshot permanently, select **Permanent**.
+ To restore the snapshot temporarily, select **Temporary**, and then for **Temporary restore period**, enter the number of days for which to restore the snapshot.
1. To confirm, choose **Restore snapshot**.
------
#### [ AWS CLI ]
**To permanently restore an archived snapshot**
Use the [ restore-snapshot-tier](https://docs.aws.amazon.com/cli/latest/reference/ec2/restore-snapshot-tier.html) AWS CLI command with the `--permanent-restore` option. For `--snapshot-id`, specify the ID of the snapshot to restore.
```
aws ec2 restore-snapshot-tier \
--snapshot-id snap-0abcdef1234567890 \
--permanent-restore
```
The following is example output.
```
{
"SnapshotId": "snap-0abcdef1234567890",
"IsPermanentRestore": true
}
```
**To temporarily restore an archived snapshot**
Use the [ restore-snapshot-tier](https://docs.aws.amazon.com/cli/latest/reference/ec2/restore-snapshot-tier.html) AWS CLI command. Omit the `--permanent-restore` option. For `--temporary-restore-days`, specify the number of days for which to restore the snapshot. The allowed range is 1 to 180 days. If you do not specify a value, the default is 1 day.
The following example temporarily restores the specified snapshot for a restore period of 5 days.
```
aws ec2 restore-snapshot-tier \
--snapshot-id snap-0abcdef1234567890 \
--temporary-restore-days 5
```
The following is example output.
```
{
"SnapshotId": "snap-0abcdef1234567890",
"RestoreDuration": 5,
"IsPermanentRestore": false
}
```
------
#### [ PowerShell ]
**To permanently restore an archived snapshot**
Use the [Restore-EC2SnapshotTier](https://docs.aws.amazon.com/powershell/latest/reference/items/Restore-EC2SnapshotTier.html) cmdlet.
```
Restore-EC2SnapshotTier `
-SnapshotId snap-0abcdef1234567890 `
-PermanentRestore $true
```
**To temporarily restore an archived snapshot**
Use the [Restore-EC2SnapshotTier](https://docs.aws.amazon.com/powershell/latest/reference/items/Restore-EC2SnapshotTier.html) cmdlet.
```
Restore-EC2SnapshotTier `
-SnapshotId snap-0abcdef1234567890 `
-TemporaryRestoreDays 5
```
------
# Modify the restore period for a temporarily restored Amazon EBS snapshot
When you restore a snapshot temporarily, you must specify the number of days for which the snapshot is to remain restored in your account. After the restore period expires, the snapshot is automatically removed from the standard tier.
You can change the restore period for a temporarily restored snapshot at any time.
You can choose to either increase or decrease the restore period, or you can change the restore type from temporary to permanent.
If you change the restore period, the new restore period is effective from the current date. For example, if you specify a new restore period of `5` days, the snapshot will remain restored for five days from the current date.
**Note**
You can end a temporary restore early by setting the restore period to 1 day.
If you change the restore type from temporary to permanent, the snapshot copy is deleted from the archive tier, and the snapshot remains available in your account until you manually re-archive it or delete it.
------
#### [ Console ]
**To modify the restore period or restore type**
1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/).
1. In the navigation pane, choose **Snapshots**.
1. In the list of snapshots, select the snapshot that you previously temporarily restored, and then choose **Actions**, **Restore snapshot from archive**.
1. For **Restore type**, do one of the following:
+ To change the restore type from temporary to permanent, select **Permanent**.
+ To increase or decrease the restore period, keep **Temporary**, and then for **Temporary restore period**, enter the new restore period in days.
1. To confirm, choose **Restore snapshot**.
------
#### [ AWS CLI ]
**To modify the restore period or change the restore type**
Use the [ restore-snapshot-tier](https://docs.aws.amazon.com/cli/latest/reference/ec2/restore-snapshot-tier.html) command. For `--snapshot-id`, specify the ID of the snapshot that you previously temporarily restored. To change the restore type from temporary to permanent, specify `--permanent-restore` and omit `--temporary-restore-days`. To increase or decrease the restore period, omit `--permanent-restore` and for `--temporary-restore-days`, specify the new restore period in days.
**Example: Increase or decrease the restore period**
The following command changes the restore period for the specified snapshot to `10` days.
```
aws ec2 restore-snapshot-tier \
--snapshot-id snap-0abcdef1234567890 \
--temporary-restore-days 10
```
The following is example output.
```
{
"SnapshotId": "snap-0abcdef1234567890",
"RestoreDuration": 10,
"IsPermanentRestore": false
}
```
**Example: Change restore type to permanent**
The following command changes the restore type for the specified snapshot from temporary to permanent.
```
aws ec2 restore-snapshot-tier \
--snapshot-id snap-0abcdef1234567890 \
--permanent-restore
```
The following is example output.
```
{
"SnapshotId": "snap-0abcdef1234567890",
"IsPermanentRestore": true
}
```
------
#### [ PowerShell ]
**To modify the restore period or change the restore type**
Use the [Restore-EC2SnapshotTier](https://docs.aws.amazon.com/powershell/latest/reference/items/Restore-EC2SnapshotTier.html) cmdlet. For `-SnapshotId`, specify the ID of the snapshot that you previously temporarily restored. To change the restore type from temporary to permanent, specify `-PermanentRestore` and omit `-TemporaryRestoreDays`. To increase or decrease the restore period, omit `-PermanentRestore` and for `-TemporaryRestoreDays`, specify the new restore period in days.
**Example: Increase or decrease the restore period**
The following command changes the restore period for the specified snapshot to `10` days.
```
Restore-EC2SnapshotTier `
-SnapshotId snap-0abcdef1234567890 `
-TemporaryRestoreDays 10
```
**Example: Change restore type to permanent**
The following command changes the restore type for the specified snapshot from temporary to permanent.
```
Restore-EC2SnapshotTier `
-SnapshotId snap-0abcdef1234567890 `
-PermanentRestore $true
```
------
# View archived Amazon EBS snapshots
------
#### [ Console ]
**To view storage tier information for a snapshot**
1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/).
1. In the navigation pane, choose **Snapshots**.
1. In the list of snapshots, select the snapshot and choose the **Storage tier** tab.
The tab provides the following information:
+ **Last tier change started on** — The date and time when the last archive or restore was started.
+ **Tier change progress** — The progress of the last archive or restore action, as a percentage.
+ **Storage tier** — The storage tier for the snapshot. Always `archive` for archived snapshots, and `standard` for snapshots stored on the standard tier, including temporarily restored snapshots.
+ **Tiering status** — The status of the last archive or restore action.
+ **Archive completed on** — The date and time when the archive completed.
+ **Temporary restore expires on** — The date and time when a temporarily restored snapshot is set to expire.
------
#### [ AWS CLI ]
**To view archival information about an archived snapshot**
Use the [ describe-snapshot-tier-status](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-snapshot-tier-status.html) command. Specify the `snapshot-id` filter, and for the filter value, specify the snapshot ID. Alternatively, to view all archived snapshots, omit the filter.
```
--filters "Name=snapshot-id, Values=snapshot_id"
```
The output includes the following response parameters:
+ `Status` — The status of the snapshot. Always `completed` for archived snapshots. Only snapshots that are in the `completed` state can be archived.
+ `LastTieringStartTime` — The date and time that the archival process started, in UTC time format (YYYY-MM-DDTHH:MM:SSZ).
+ `LastTieringOperationState` — The current state of the archival process. Possible states include: `archival-in-progress` \$1 `archival-completed` \$1 `archival-failed` \$1 `permanent-restore-in-progress` \$1 `permanent-restore-completed` \$1 `permanent-restore-failed` \$1 `temporary-restore-in-progress` \$1 `temporary-restore-completed` \$1 `temporary-restore-failed`
+ `LastTieringProgress` — The progress of the snapshot archival process, as a percentage.
+ `StorageTier` — The storage tier for the snapshot. Always `archive` for archived snapshots, and `standard` for snapshots stored on the standard tier, including temporarily restored snapshots.
+ `ArchivalCompleteTime` — The date and time that the archival process completed, in UTC time format (YYYY-MM-DDTHH:MM:SSZ).
**Example: Describe a snapshot**
The following example displays information about the specified snapshot.
```
aws ec2 describe-snapshot-tier-status \
--filters "Name=snapshot-id, Values=snap-0abcdef1234567890"
```
The following is example output.
```
{
"SnapshotTierStatuses": [
{
"Status": "completed",
"ArchivalCompleteTime": "2021-09-15T17:33:16.147Z",
"LastTieringProgress": 100,
"Tags": [],
"VolumeId": "vol-01234567890abcdef",
"LastTieringOperationState": "archival-completed",
"StorageTier": "archive",
"OwnerId": "123456789012",
"SnapshotId": "snap-0abcdef1234567890",
"LastTieringStartTime": "2021-09-15T16:44:37.574Z"
}
]
}
```
**To view archived and standard tier snapshots**
Use the [describe-snapshots](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-snapshots.html) command. For `--snapshot-ids`, specify the ID of the snapshot.
```
aws ec2 describe-snapshots --snapshot-ids snap-0abcdef1234567890
```
The following is example output. The `StorageTier` response parameter indicates whether the snapshot is currently archived. `archive` indicates that the snapshot is currently archived and stored in the archive tier, and `standard` indicates that the snapshot is currently not archived and that it is stored in the standard tier.
In the following example output, only `Snap A` is archived. `Snap B` and `Snap C` are not archived.
Additionally, the `RestoreExpiryTime` response parameter is returned only for snapshots that are temporarily restored from the archive. It indicates when temporarily restored snapshots are to be automatically removed from the standard tier. It is **not** returned for snapshots that are permanently restored.
In the following example output, `Snap C` is temporarily restored, and it will be automatically removed from the standard tier at 2021-09-19T21:00:00.000Z (September 19, 2021 at 21:00 UTC).
```
{
"Snapshots": [
{
"Description": "Snap A",
"Encrypted": false,
"VolumeId": "vol-01234567890aaaaaa",
"State": "completed",
"VolumeSize": 8,
"StartTime": "2021-09-07T21:00:00.000Z",
"Progress": "100%",
"OwnerId": "123456789012",
"SnapshotId": "snap-01234567890aaaaaa",
"StorageTier": "archive",
"Tags": []
},
{
"Description": "Snap B",
"Encrypted": false,
"VolumeId": "vol-09876543210bbbbbb",
"State": "completed",
"VolumeSize": 10,
"StartTime": "2021-09-14T21:00:00.000Z",
"Progress": "100%",
"OwnerId": "123456789012",
"SnapshotId": "snap-09876543210bbbbbb",
"StorageTier": "standard",
"RestoreExpiryTime": "2019-09-19T21:00:00.000Z",
"Tags": []
},
{
"Description": "Snap C",
"Encrypted": false,
"VolumeId": "vol-054321543210cccccc",
"State": "completed",
"VolumeSize": 12,
"StartTime": "2021-08-01T21:00:00.000Z",
"Progress": "100%",
"OwnerId": "123456789012",
"SnapshotId": "snap-054321543210cccccc",
"StorageTier": "standard",
"Tags": []
}
]
}
```
**To view only snapshots that are stored in the archive tier or the standard tier**
Use the [describe-snapshots](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-snapshots.html) command. Include the `--filter` option, with the filter name `storage-tier`. For the filter value specify either `archive` or `standard`. The following example displays only archived snapshots.
```
aws ec2 describe-snapshots --filters "Name=storage-tier,Values=archive"
```
------
#### [ PowerShell ]
**To view archival information about an archived snapshot**
Use the [Get-EC2SnapshotTierStatus](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2SnapshotTierStatus.html) cmdlet.
```
Get-EC2SnapshotTierStatus `
-Filter @{Name="snapshot-id"; Values="snap-0abcdef1234567890"}
```
**To view archived and standard tier snapshots**
Use the [Get-EC2Snapshot](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2Snapshot.html) cmdlet.
```
Get-EC2Snapshot `
-SnapshotId snap-0abcdef1234567890
```
**To view only snapshots that are stored in the archive tier or the standard tier**
Use the [Get-EC2Snapshot](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2Snapshot.html) cmdlet. The following example displays only archived snapshots.
```
Get-EC2Snapshot `
-Filter @{Name="storage-tier"; Values="archive"}
```
------
# Monitor Amazon EBS snapshot archiving using CloudWatch Events
Amazon EBS emits events related to snapshot archiving actions. You can use AWS Lambda and Amazon CloudWatch Events to handle event notifications programmatically. Events are emitted on a best effort basis. For more information, see the [Amazon EventBridge User Guide](https://docs.aws.amazon.com/eventbridge/latest/userguide/).
The following events are available:
+ `archiveSnapshot` — Emitted when a snapshot archive action succeeds or fails.
The following is an example of an event that is emitted when a snapshot archive action succeeds.
```
{
"version": "0",
"id": "01234567-0123-0123-0123-012345678901",
"detail-type": "EBS Snapshot Notification",
"source": "aws.ec2",
"account": "123456789012",
"time": "2021-05-25T13:12:22Z",
"region": "us-east-1",
"resources": [
"arn:aws:ec2:us-east-1::snapshot/snap-01234567890abcdef"
],
"detail": {
"event": "archiveSnapshot",
"result": "succeeded",
"cause": "",
"request-id": "123456789",
"snapshot_id": "arn:aws:ec2:us-east-1::snapshot/snap-01234567890abcdef",
"startTime": "2021-05-25T13:12:22Z",
"endTime": "2021-05-45T15:30:00Z",
"recycleBinExitTime": "2021-10-45T15:30:00Z"
}
```
The following is an example of an event that is emitted when a snapshot archive action fails.
```
{
"version": "0",
"id": "01234567-0123-0123-0123-012345678901",
"detail-type": "EBS Snapshot Notification",
"source": "aws.ec2",
"account": "123456789012",
"time": "2021-05-25T13:12:22Z",
"region": "us-east-1",
"resources": [
"arn:aws:ec2:us-east-1::snapshot/snap-01234567890abcdef"
],
"detail": {
"event": "archiveSnapshot",
"result": "failed",
"cause": "Source snapshot ID is not valid",
"request-id": "1234567890",
"snapshot_id": "arn:aws:ec2:us-east-1::snapshot/snap-01234567890abcdef",
"startTime": "2021-05-25T13:12:22Z",
"endTime": "2021-05-45T15:30:00Z",
"recycleBinExitTime": "2021-10-45T15:30:00Z"
}
}
```
+ `permanentRestoreSnapshot` — Emitted when a permanent restore action succeeds or fails.
The following is an example of an event that is emitted when a permanent restore action succeeds.
```
{
"version": "0",
"id": "01234567-0123-0123-0123-012345678901",
"detail-type": "EBS Snapshot Notification",
"source": "aws.ec2",
"account": "123456789012",
"time": "2021-05-25T13:12:22Z",
"region": "us-east-1",
"resources": [
"arn:aws:ec2:us-east-1::snapshot/snap-01234567890abcdef"
],
"detail": {
"event": "permanentRestoreSnapshot",
"result": "succeeded",
"cause": "",
"request-id": "1234567890",
"snapshot_id": "arn:aws:ec2:us-east-1::snapshot/snap-01234567890abcdef",
"startTime": "2021-05-25T13:12:22Z",
"endTime": "2021-10-45T15:30:00Z"
}
}
```
The following is an example of an event that is emitted when a permanent restore action fails.
```
{
"version": "0",
"id": "01234567-0123-0123-0123-012345678901",
"detail-type": "EBS Snapshot Notification",
"source": "aws.ec2",
"account": "123456789012",
"time": "2021-05-25T13:12:22Z",
"region": "us-east-1",
"resources": [
"arn:aws:ec2:us-east-1::snapshot/snap-01234567890abcdef"
],
"detail": {
"event": "permanentRestoreSnapshot",
"result": "failed",
"cause": "Source snapshot ID is not valid",
"request-id": "1234567890",
"snapshot_id": "arn:aws:ec2:us-east-1::snapshot/snap-01234567890abcdef",
"startTime": "2021-05-25T13:12:22Z",
"endTime": "2021-05-45T15:30:00Z",
"recycleBinExitTime": "2021-10-45T15:30:00Z"
}
}
```
+ `temporaryRestoreSnapshot` — Emitted when a temporary restore action succeeds or fails.
The following is an example of an event that is emitted when a temporary restore action succeeds.
```
{
"version": "0",
"id": "01234567-0123-0123-0123-012345678901",
"detail-type": "EBS Snapshot Notification",
"source": "aws.ec2",
"account": "123456789012",
"time": "2021-05-25T13:12:22Z",
"region": "us-east-1",
"resources": [
"arn:aws:ec2:us-east-1::snapshot/snap-01234567890abcdef"
],
"detail": {
"event": "temporaryRestoreSnapshot",
"result": "succeeded",
"cause": "",
"request-id": "1234567890",
"snapshot_id": "arn:aws:ec2:us-us-east-1::snapshot/snap-01234567890abcdef",
"startTime": "2021-05-25T13:12:22Z",
"endTime": "2021-05-45T15:30:00Z",
"restoreExpiryTime": "2021-06-45T15:30:00Z",
"recycleBinExitTime": "2021-10-45T15:30:00Z"
}
}
```
The following is an example of an event that is emitted when a temporary restore action fails.
```
{
"version": "0",
"id": "01234567-0123-0123-0123-012345678901",
"detail-type": "EBS Snapshot Notification",
"source": "aws.ec2",
"account": "123456789012",
"time": "2021-05-25T13:12:22Z",
"region": "us-east-1",
"resources": [
"arn:aws:ec2:us-east-1::snapshot/snap-01234567890abcdef"
],
"detail": {
"event": "temporaryRestoreSnapshot",
"result": "failed",
"cause": "Source snapshot ID is not valid",
"request-id": "1234567890",
"snapshot_id": "arn:aws:ec2:us-east-1::snapshot/snap-01234567890abcdef",
"startTime": "2021-05-25T13:12:22Z",
"endTime": "2021-05-45T15:30:00Z",
"recycleBinExitTime": "2021-10-45T15:30:00Z"
}
}
```
+ `restoreExpiry` — Emitted when the restore period for a temporarily restored snapshot expires.
The following is an example.
```
{
"version": "0",
"id": "01234567-0123-0123-0123-012345678901",
"detail-type": "EBS Snapshot Notification",
"source": "aws.ec2",
"account": "123456789012",
"time": "2021-05-25T13:12:22Z",
"region": "us-east-1",
"resources": [
"arn:aws:ec2:us-east-1::snapshot/snap-01234567890abcdef"
],
"detail": {
"event": "restoryExpiry",
"result": "succeeded",
"cause": "",
"request-id": "1234567890",
"snapshot_id": "arn:aws:ec2:us-east-1::snapshot/snap-01234567890abcdef",
"startTime": "2021-05-25T13:12:22Z",
"endTime": "2021-05-45T15:30:00Z",
"recycleBinExitTime": "2021-10-45T15:30:00Z"
}
}
```
# Delete an Amazon EBS snapshot
After you no longer need an Amazon EBS snapshot of a volume, you can delete it. Deleting a snapshot has no effect on the volume. Deleting a volume has no effect on the snapshots made from it.
**Topics**
+ [Considerations for deleting snapshots](#ebs-delete-snapshot-considerations)
+ [How deleting incremental snapshots works](#ebs-deleting-snapshot-incremental)
+ [Delete a snapshot](#ebs-delete-snapshot)
+ [Delete multi-volume snapshots](#ebs-delete-snapshot-multi-volume)
## Considerations for deleting snapshots
The following considerations apply to deleting snapshots:
+ You can't delete a snapshot of the root device of an EBS volume used by a registered AMI. This consideration applies even if the registered AMI is deprecated or disabled. You must first deregister the AMI before you can delete the snapshot. For more information, see [ Deregister your AMI](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/deregister-ami.html).
+ You can't delete a snapshot that is managed by the AWS Backup service using Amazon EC2. Instead, use AWS Backup to delete the corresponding recovery points in the backup vault. For more information, see [Deleting backups](https://docs.aws.amazon.com/aws-backup/latest/devguide/deleting-backups.html) in the *AWS Backup Developer Guide*.
+ You can create, retain, and delete snapshots manually, or you can use Amazon Data Lifecycle Manager to manage your snapshots for you. For more information, see [Amazon Data Lifecycle Manager](snapshot-lifecycle.md).
+ Although you can delete a snapshot that is still in progress, the snapshot must complete before the deletion takes effect. This might take a long time. If you are also at your concurrent snapshot limit, and you attempt to take an additional snapshot, you might get a `ConcurrentSnapshotLimitExceeded` error. For more information, see the [ Service Quotas](https://docs.aws.amazon.com/general/latest/gr/ebs-service.html#limits_ebs) for Amazon EBS in the *Amazon Web Services General Reference*.
+ If you delete a snapshot that matches a Recycle Bin retention rule, the snapshot is retained in the Recycle Bin instead of being immediately deleted. For more information, see [Recycle Bin](recycle-bin.md).
+ You can't delete snapshots associated with disabled EBS-backed AMIs. For more information, see [Disable an AMI](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/disable-an-ami.html).
+ You can't delete snapshots that are shared with you.
+ If you delete a shared snapshot that you own, all accounts with which the snapshot is shared lose access to it.
## How deleting incremental snapshots works
If you make periodic snapshots of a volume, the snapshots are *incremental*. This means that only the blocks on the device that have changed after your most recent snapshot are saved in the new snapshot. Even though snapshots are saved incrementally, the snapshot deletion process is designed so that you need to retain only the most recent snapshot in order to create volumes.
If data was present on a volume held in an earlier snapshot or series of snapshots, and that data is subsequently deleted from the volume later on, the data is still considered to be unique data of the earlier snapshots. Unique data is only deleted from the sequence of snapshots if all snapshots that reference the unique data are deleted.
When you delete a snapshot, only the data that is referenced exclusively by that snapshot is removed. Unique data is only deleted if all of the snapshots that reference it are deleted. Deleting previous snapshots of a volume does not affect your ability to create volumes from later snapshots of that volume.
Deleting a snapshot might not reduce your organization's data storage costs. Other snapshots might reference that snapshot's data, and referenced data is always preserved. If you delete a snapshot containing data being used by a later snapshot, costs associated with the referenced data are allocated to the later snapshot. For more information about how snapshots store data, see [How Amazon EBS snapshots work](how_snapshots_work.md) and the following example.
In the following diagram, Volume 1 is shown at three points in time. A snapshot has captured each of the first two states, and in the third, a snapshot has been deleted.
+ In **state 1**, the volume has 10 GiB of data. Because Snap A is the first snapshot taken of the volume, the entire 10 GiB of data must be copied. In this state, you are charged for storing 10 GiB of snapshot data.
+ In **state 2**, the volume still contains 10 GiB of data, but 4 GiB have changed. Snap B stores only the 4 GiB that changed after Snap A was taken, and it references the 6 GiB of unchanged data that is already stored in Snap A. In this state, you are charged for storing 14 GiB of snapshot data (10 Gib from Snap A \$1 4 GiB from Snap B).
+ In **state 3**, the volume is unchanged but Snap A is deleted. Since the 6 GiB of unchanged data in Snap A is still referenced by Snap B, that data is retained and it is associated with Snap B. The 4 GiB of unique data in Snap A is deleted since it is no longer referenced by other snapshots. In this state, you are charged for storing 10 GiB of snapshot data (6 GiB of data retained from Snap A \$1 4 GiB of data in Snap B).
**Deleting a snapshot with some of its data referenced by another snapshot**
![\[Snap A contains 6 GiB of referenced data. When Snap A is deleted, that data is merged into Snap B.\]](http://docs.aws.amazon.com/ebs/latest/userguide/images/snapshot_1b.png)
## Delete a snapshot
------
#### [ Console ]
**To delete a snapshot**
1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/).
1. In the navigation pane, choose **Snapshots**.
1. Select the snapshot.
1. Choose **Actions**, **Delete snapshot**.
1. When prompted for confirmation, enter **delete** and then choose **Delete**.
------
#### [ AWS CLI ]
**To delete a snapshot**
Use the [delete-snapshot](https://docs.aws.amazon.com/cli/latest/reference/ec2/delete-snapshot.html) command.
```
aws ec2 delete-snapshot --snapshot-id snap-0abcdef1234567890
```
------
#### [ PowerShell ]
**To delete a snapshot**
Use the [Remove-EC2Snapshot](https://docs.aws.amazon.com/powershell/latest/reference/items/Remove-EC2Snapshot.html) cmdlet.
```
Remove-EC2Snapshot -SnapshotId snap-0abcdef1234567890
```
------
**Troubleshooting tip**
If you get a `Failed to delete snapshot` error indicating that the snapshot is currently in use by an AMI, you must [ deregister the associated AMI](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/deregister-ami.html) before you can delete the snapshot. You can't delete snapshots that are associated with an AMI.
If you're using the console and the associated AMI is disabled, you must select the **Disabled images** filter on the **AMIs** screen to view disabled AMIs.
## Delete multi-volume snapshots
To delete multi-volume snapshots, retrieve all of the snapshots for your multi-volume snapshot set using the tag you applied to the set when you created the snapshots. Then, delete the snapshots individually.
You will not be prevented from deleting individual snapshots in the multi-volume snapshot set. If you delete a snapshot while it is in the `pending state`, only that snapshot is deleted. The other snapshots in the multi-volume snapshot set still complete successfully.