Data Lifecycle Manager (DLM) policies are your go-to for automating EBS snapshot creation and retention, effectively managing your storage costs and ensuring compliance.
Let’s see it in action. Imagine you have a critical database on an EC2 instance. You need daily snapshots for recovery and weekly ones for longer-term archiving, but you don’t want to manually trigger these or worry about deleting old ones. DLM handles this.
Here’s a sample DLM policy configuration:
{
"State": "ENABLED",
"Description": "Daily and Weekly EBS Snapshots for Production DB",
"ExecutionRoleArn": "arn:aws:iam::123456789012:role/aws-service-role/drs.amazonaws.com/AWSServiceRoleForAWSBackupDrs",
"DefaultPolicyType": "EBS_SNAPSHOT_POLICY",
"PolicyDetails": {
"Parameters": {
"Description": "Automated EBS Snapshots",
"Location": "AWS_USER_MANAGED",
"Schedule": {
"Name": "DailySnapshots",
"ScheduleExpression": "cron(0 2 * * ? *)",
"CreationRule": {
"Interval": 24,
"IntervalUnit": "HOURS",
"Times": ["02:00"]
}
},
"StorageLocation": {
"Bucket": "my-ebs-snapshot-bucket"
},
"TagsForProtection": [
{
"Key": "Environment",
"Value": "Production"
},
{
"Key": "Application",
"Value": "Database"
}
],
"RetainInterval": {
"Count": 7
}
},
"Lifecycle": [
{
"Name": "DailyRetention",
"Description": "Keep daily snapshots for 7 days",
"RuleType": "RETENTION",
"RetainInterval": {
"Count": 7
},
"Location": "AWS_USER_MANAGED"
},
{
"Name": "WeeklyArchive",
"Description": "Keep weekly snapshots for 30 days",
"RuleType": "RETENTION",
"RetainInterval": {
"Count": 30
},
"Interval": 7,
"IntervalUnit": "DAYS",
"Location": "AWS_USER_MANAGED"
}
]
}
}
This policy does a few key things:
- Tagging for Protection: It identifies EBS volumes to protect based on specific tags (
Environment: Production,Application: Database). DLM will only apply this policy to volumes with both these tags. - Scheduling: It defines a schedule,
cron(0 2 * * ? *), meaning the snapshot will be created every day at 2:00 AM UTC. - Creation Rule: The
CreationRulespecifies that a snapshot should be created every 24 hours. - Retention Rules: The
Lifecyclesection defines how long snapshots are kept. Here,DailyRetentionkeeps snapshots for 7 days, andWeeklyArchivekeeps snapshots for 30 days. TheIntervalinWeeklyArchiveensures that this rule only applies to snapshots taken on a weekly basis (though in this specific example, theScheduleis daily, so theWeeklyArchiverule would effectively apply to the oldest daily snapshot that’s still within its 7-day retention, which isn’t ideal for a true weekly archive. For a true weekly archive, you’d typically use a separate policy or a more complex schedule).
The core problem DLM solves is the operational burden of managing backups. Instead of writing scripts to list volumes, create snapshots, tag them, and then delete old ones, you declaratively define your backup strategy in a DLM policy. AWS then orchestrates the execution of these policies.
Internally, when a DLM policy is enabled, AWS uses a scheduler to trigger snapshot creation at the defined times. For EBS snapshots, it leverages the AWS Backup service under the hood. The policy’s TagsForProtection are used to query for eligible EBS volumes. Once a snapshot is created, it’s tagged with metadata that DLM uses to track its age and apply retention rules. When a snapshot reaches the end of its retention period, DLM initiates its deletion.
The Location parameter, whether AWS_USER_MANAGED or AWS_MANAGED, dictates where the snapshots are stored. AWS_USER_MANAGED means you specify a target S3 bucket for cross-region or cross-account backup if desired, otherwise, they are stored in the standard EBS snapshot repository. AWS_MANAGED implies that AWS handles the storage location.
Most people don’t realize that DLM policies can be applied at the AMI level as well, not just EBS volumes. This allows you to create a backup of an entire EC2 instance, including its root and attached EBS volumes, by creating an AMI and then applying a DLM policy to that AMI. The policy will then create automated snapshots of the EBS volumes that constitute that AMI.
After you’ve successfully automated your EBS snapshots, you’ll likely want to explore automating the creation of AMIs from those snapshots.