Manual Archive of EBS Snapshots to Amazon S3 Storage
You can now transition your Amazon EBS snapshots to Amazon S3 storage classes such as Amazon S3 Standard, S3 Standard-IA, S3 One Zone-IA, S3 Glacier, and S3 Glacier Deep Archive, significantly reducing costs while retaining long-term availability.
Note: The Archive Snapshots to S3 feature is currently available only for EC2 and EBS backups.
Archiving EBS snapshots to S3 offers the following benefits:
- Cost benefits: Transitioning snapshots to lower-cost storage offers significant savings on long-term retention.
- Recovery: Seamless recovery of individual files or snapshots from S3.
- File-level search in snapshots: Metadata-based file search to locate files from the snapshots, without having to recover snapshots in S3.
Note: The Archive Snapshots to S3 feature is currently available only for EC2 snapshots and AMIs.
Before you can archive snapshots to S3, ensure that you have set up the following:
- Update your AWS Access Role by deploying the latest CloudFormation template for each account in which you intend to archive snapshots. Navigate to Account Settings > AWS Access, and update your AWS CloudFormation stack/stackset.
For more information, see Update Existing AWS Access Roles in Druva CloudRanger.
- Select the subnets for all account(s) in which you wish to archive snapshots:
- Navigate to Account Settings > Network Settings.
- Select the AWS Region in which the backups are to be archived.
- Select the Subnet corresponding to the Region specified.
The instances that upload data to S3 storage are created within the Subnet(s) selected.
The subnet must have at least three available IPs at any given time.
The subnet here must be part of a VPC with outbound Internet access or an S3 VPC Endpoint. This will enable the instance(s) to archive the data to S3 storage.
The subnet network ACL must not block outbound access to DNS or HTTPS requests. In addition, the default security group for your selected subnet's VPC must not block outbound access for DNS or HTTPS requests.
This is to facilitate access to DNS requests to locate the IP of the S3 bucket by the URL and HTTPS requests, thus enabling the instance(s) to upload to S3 storage.
Assign preferred Security Group to an instance
A security group controls the inbound and outbound traffic for the EC2 instance and helps secure your cloud environment. Each VPC is associated with a default security group, and you can create additional security groups, as needed. You can assign a security group only with resources in the VPC for which it is created.
Druva CloudRanger assigns the default Security Groups for the selected subnet’s VPC. To assign a preferred Security Group to an instance, you will need to add tags unique to each security group.
- To assign tags, navigate to your Amazon VPC console and select Security Groups.
- Select a particular security group and click Manage tags.
- Select Add tag and set the tag key and value.
The Security Group with this tag will now override the default security group for that subnet’s VPC. In the absence of this tag, the instances that upload data to S3 storage are created within the default security group.
Manual Archive of EBS Snapshots to S3 Storage
To manually archive your EBS snapshots to Amazon S3 storage:
- Login to the Druva CloudRanger console and navigate to Backups.
- Select the snapshot that you would like to archive and then click Select Move to S3 from the drop-down menu.
- Select the backup policy to be applied to the archive.
The options available here will depend on the backup policies associated with the chosen snapshot.
Note: The snapshots will be transitioned to the storage class defined in the policy selected here.
4. Click Archive.
Once the backup is archived to S3, Druva CloudRanger deletes the original snapshot. However, any policy-based retention remains active.
Note: Selecting an AMI will also move any associated EBS snapshots to S3.
Archiving an individual snapshot with an AMI association displays the following error:
For more information about available AWS storage classes, refer to the AWS documentation.
Note: The availability of this feature may be limited based on the license type, region, and other criteria. To access this feature, contact your Druva Account Manager or Support.