Amazon Elastic Block Store (EBS) is a managed service that provides block storage to compute services like AWS Fargate and Amazon EC2. One of the capabilities EBS provides is to take snapshots of volumes. This enables you to quickly create point-in-time backups of storage volumes and restore them as needed. EBS snapshots can be used as part of a production data backup strategy, or for restoring test data to run automated software tests against.
While Amazon EBS offers competitive pricing, it's easy to get carried away taking snapshot backups of your volumes. These snapshots can add up over time and increase your monthly AWS cloud invoice. It's a good idea to regularly remove any unneeded EBS snapshots, to cut down on wasted spend.
In order to cost optimize Amazon EBS snapshots in your AWS environment, you'll first need to identify which snapshots are candidates for optimization.
Stratusphere is a SaaS tool from StratusGrid that helps you to rapidly identify Amazon EBS snapshots that are flagged as orphaned. If you're managing multiple AWS Organizations, and have many AWS accounts, Stratusphere provides a centralized view of all the potential cost optimization findings. This centralized view reduces the administrative burden of manually evaluating resources across your AWS environment.
If you'd rather manually identify orphaned EBS snapshots, you can use the built-in metadata that AWS provides. In the AWS Management Console, you can see the date that an EBS snapshot was taken, under the Started property. Check out the screenshot below for an example.
If your snapshots are older than a certain threshold, that you define, then those could be good candidates for cleanup. For example, let's say you set a threshold of 60 days for snapshot retention. Any EBS snapshots with a Start date older than 60 days would be flagged for cleanup.
Another mechanism that you could use to flag orphaned EBS snapshots is to assign custom resource tags to your snapshots. Just like other AWS cloud resource, EBS snapshots enable you to assign arbitrary, user-defined key-value tags. Whenever you create a new EBS snapshot, you could assign a standardized tag. An example tag for an EBS snapshot might be NeededUntil=2028-01-28. Using a custom tag, you could indicate how long that snapshot is needed for, rather than relying on the built-in Start timestamp.
After creating an EBS snapshot, to assign a custom resource tag, you can right-click on the snapshot and select the Manage Tags menu option. Then you can add your custom tag to the list and click on the Save button. Up to 50 custom resource tags are supported for EBS snapshots. Feel free to use whatever tag name and value makes sense for your use case.
While the AWS Recycle Bin isn't a mechanism to identify orphaned EBS snapshots, it is a service that you should consider using in conjunction with them. Enabling retention rules in the AWS Recycle Bin service will allow you to un-delete EBS snapshots that were accidentally deleted by an engineer. You can create a retention rule that targets specific EBS snapshots, based on custom resource tags associated with them. You can also opt to target all EBS volumes, regardless of which tags they have associated.
Keep in mind that EBS snapshots continue to accrue costs at standard EBS costs, while they're retained by the AWS Recycle Bin.
If you'd like to utilize the AWS Recycle Bin, to retain your EBS snapshots, follow these steps:
To remediate orphaned EBS snapshots, you can simply delete the snapshots or move them to the EBS archive storage tier.
Deleting the EBS snapshots will stop costs from continuing to accrue. Once an EBS snapshot is deleted, it cannot be restored unless you're using the AWS Recycle Bin feature.
If you move the EBS snapshots to the archive storage tier, you will continue to accrue costs for the snapshots, at a lower cost per GB. However, keep in mind that the archive storage tier creates a snapshot of all written EBS snapshot blocks, not just the incremental blocks. The standard EBS snapshot tier only charges you for the incrementally changed blocks in the snapshot. Additionally, archive tier EBS snapshot storage requires billing you for a minimum of 90 days. If you don't need to preserve your EBS snapshots for more than 90 days, it's generally advisable to avoid the use of archive tier storage.
Once you've identified all of the Amazon EBS snapshots that you want to clean up, you can use the following directions to remove the orphaned snapshots, or move them to archive tier snapshot storage.
You can use the AWS Management Console to delete Amazon EBS volumes or move them to archive tier storage. You'll need to know the AWS account and AWS region where the snapshot exists in order to modify it.
You can use the AWS CLI tool to automate the remediation of one or more EBS snapshots.
You can list your Amazon EBS snapshots in the desired AWS region with the following CLI command. You can omit the --region parameter to use the "current" region.
aws ec2 describe-snapshots --region us-west-2
To delete an EBS snapshot, you can use this command. You should know the EBS snapshot ID by identifying it in Stratusphere or AWS Management Console.
aws ec2 delete-snapshot --snapshot-id snap-1234567890 --region us-west-2
To move an Amazon EBS volume to the EBS archive storage tier, you can use this AWS CLI command.
aws ec2 modify-snapshot-tier \
--snapshot-id snap-01234567890abcedf \
--storage-tier archive
If you need to restore an EBS snapshot from the archive tier to the standard tier, you can use this AWS CLI command.
aws ec2 restore-snapshot-tier \
--snapshot-id snap-01234567890abcedf \
--permanent-restore
The AWS PowerShell module provide an object-oriented automation interface for AWS cloud resources. Using PowerShell to automate the remediation of multiple Amazon EBS snapshots can minimize the amount of effort required for your cost optimization efforts. Let's explore a few of the PowerShell commands provided by AWS, for EBS snapshot management.
To list your Amazon EBS snapshots for a given AWS region, use the command below. By default, the Get-EC2Snapshot command returns a very large list of snapshots, including EBS snapshots available from AWS directly. You'll have to limit the results to only snapshots owned by your "current" AWS account, hence the -OwnerId parameter being specified.
Get-EC2Snapshot -OwnerId (Get-STSCallerIdentity).Account
To delete a specific Amazon EBS snapshot, use this command:
Remove-EC2Snapshot -SnapshotId snap-1234567890 -Force
If you'd like to delete an array of snapshot IDs, you can define the array up front and then iterate over each snapshot ID. Only a single snapshot ID is supported per API call.
$SnapshotList = @(
'snap-12345'
'snap-99887'
'snap-88321'
)
$SnapshotList | ForEach-Object -Process {
Remove-EC2Snapshot -Force -SnapshotId $PSItem
}
If you'd like to move EBS snapshots to the archive storage tier, as we previously discussed, there is a PowerShell command for that as well. Remember that you will be billed for a minimum of 90 days of archive tier storage for your EBS snapshots.
Edit-EC2SnapshotTier -SnapshotId snap-12345 -StorageTier archive
Remediating Amazon EBS snapshots can reduce your AWS cloud spend significantly, depending on how much data you're storing. You can use Stratusphere to simplify identification of orphaned EBS snapshots, or manually analyze your AWS environment using tools like the AWS Management Console, AWS CLI, and AWS PowerShell module. In the long term, it is a good idea for your organization to craft a strategy for proactively managing EBS snapshots, versus reactively cleaning them up.