How can we know who has accessed AWS EBS snapshot which was publicly available?
I am not able to find the option in AWS management console
AWS CloudTrail would contain information about how Amazon EBS snapshots are used whithin your own AWS Account.
It is not possible to obtain information about how public/shared Amazon EBS snapshots have been used outside of your AWS Account.
Related
I am in doubt if the Amazon RDS Snapshot system has retention and if it is the same as automated backup?
When you create an Amazon RDS Snapshot, it is retained forever (until you delete it). This snapshot can be triggered through the management console, AWS CLI or programmatically via an AWS SDK.
Amazon RDS can also perform automated snapshots, which are retained for the period of time configured when the RDS instance was launched (up to 35 days).
Is it possible to tag AWS Lightsail snapshots?
From Tags in Amazon Lightsail | Lightsail Documentation:
The following Lightsail resources can be tagged in the Lightsail console:
Instances
Databases
Disks
DNS zones
Load balancers
Important: Snapshots created using the Lightsail console automatically inherit tags from the source resource. A Lightsail resource created from that snapshot will have the same tags that were present on the source resource when the snapshot was created.
The following resources can be tagged using the Lightsail API, AWS Command Line Interface (AWS CLI), or SDKs:
Database snapshots
Databases
Disk snapshots
...
So, it appears that tagging Snapshots requires you to use the Lightsail API, or the AWS CLI or programmatically via an SDK.
I used the AWS CLI like this:
aws lightsail tag-resource --resource-name WordPress-1-1620563255 --tags key=Department,value=Finance
The tag does not appear in the Lightsail console, but when I later ran aws lightsail get-instance-snapshots, the tag showed in the response.
As per the 'important' notice above, any tags on the instance will automatically be copied to any Snapshots, so that's probably an easier way to add a tag (if appropriate to your situation).
I was reading upon the AWS documentation on Elasticsearch and in the latest versions they take snapshot of the AWS ES Cluster every 1 hour and store it in S3.
This can prove super useful in terms of recovery.
But I could not find if this snapshot just contains the cluster information or the data as well ?
Can someone confirm with if it stores the data as well or just the cluster information ?
Thanks !
From the AWS documentation:
On Amazon Elasticsearch Service, snapshots come in two forms: automated and manual.
Automated snapshots are only for cluster recovery. You can use them to restore your domain in the event of red cluster status or other data loss. Amazon ES stores automated snapshots in a preconfigured Amazon S3 bucket at no additional charge.
Manual snapshots are for cluster recovery or moving data from one cluster to another. As the name suggests, you have to initiate manual snapshots. These snapshots are stored in your own Amazon S3 bucket, and standard S3 charges apply. If you have a snapshot from a self-managed Elasticsearch cluster, you can even use that snapshot to migrate to an Amazon ES domain.
This will support cluster recovery for both and data migration from a manual snapshot. Any networking or configuration of the cluster from within the Elasticsearch service itself is managed entirely via the AWS API so these should be managed via infrastructure as code (such as CloudFormation or Terraform).
on AWS Elasticsearch, is there convienient way to load data from one cluster into another ?
thx
You can do so by restoring a snapshot of your AWS Elasticsearch cluster, if you have enabled automated snapshot, while configuring the cluster.
You may want to take a look at the Working with Manual Index Snapshots (AWS CLI) section the in the below AWS Elasticsearch document?
Managing Amazon Elasticsearch Service Domains
Below is an excerpt:
Amazon Elasticsearch Service (Amazon ES) takes daily automated
snapshots of the primary index shards in an Amazon ES domain, as
described in Configuring Snapshots. However, you must contact the AWS
Support team to restore an Amazon ES domain with an automated
snapshot. If you need greater flexibility, you can take snapshots
manually and manage them in a snapshot repository, an Amazon S3
bucket.
How do i copy a snapshot from aws to gcp?
Google is providing a service to import the data from s3, provided the s3 url. As the snapshots are not visible in the s3, i am not able to transfer the snapshots to gcp
It is not possible to export an EBS Snapshot from Amazon S3.
An EBS Snapshot can only be restored to an EBS volume, or copied to another Region as a Snapshot.
If you wish to take the contents of an EBS volume to another service, you could create an ISO image of the volume, transfer it to another service and then mount it or convert it into a disk volume.