Ensure that Amazon DLM is used to automate the creation, retention and deletion of the EBS snapshots taken to back up EBS volumes within your AWS account. Amazon Data Lifecycle Manager (DLM) provides a straightforward, automated way to back up data stored on your AWS EBS volumes so you don't have to rely anymore on custom scripts to create and manage your backups.
With AWS DLM service, you can manage the lifecycle of your EBS volume snapshots. By automating the EBS volume backup management using lifecycle policies, you can protect your EBS data by enforcing a regular backup schedule, retain backups as required by auditors or internal compliance, and reduce Amazon EBS storage costs by deleting outdated snapshots.
Audit
To determine if Amazon DLM is used to automate EBS volume snapshots lifecycle in your AWS account, perform the following actions:
Remediation / Resolution
To use Amazon Data Lifecycle Manager (DLM) service to manage the lifecycle of your EBS volume snapshots, you have to tag your AWS EBS volumes and create data lifecycle policies via Amazon DLM. To tag the necessary volume(s) and create the required lifecycle policy, perform the following actions:
References
- AWS Documentation
- Amazon Elastic Block Store (Amazon EBS)
- Amazon EBS Snapshots
- Automating the Amazon EBS Snapshot Lifecycle
- AWS Command Line Interface (CLI) Documentation
- dlm
- get-lifecycle-policies
- create-lifecycle-policy
- ec2
- create-tags