Creating Snapshots of AWS Instances
Backing up virtual machines residing in the public cloud has always been something of a challenge. One of the methods that Amazon Web Services (AWS) recommends for protecting Elastic Compute Cloud (EC2) instances is the creation of snapshots.
Before I explain the snapshot process, it is important to understand that snapshots differ from traditional backups in that a snapshot is not a full copy of an AWS instance. It is not even a full copy of a volume within an instance. Instead, a snapshot is a copy of the storage blocks that have been modified since the previous snapshot was created. Like an incremental backup, the first snapshot that is taken of a volume will contain a full copy of the volume. Subsequent snapshots contain only the modified storage blocks.
The process of creating a snapshot is really simple and straightforward. When an administrator creates an EC2 instance, AWS typically creates an Elastic Block Store (EBS) volume that is to be used by the instance. To create a snapshot of such a volume, simply select the AWS console's Volumes container, right-click on the volume and choose the Create Snapshot option from the shortcut menu, as shown in Figure 1.
At this point, the console will display a dialog box asking you to provide a name and a description of the snapshot, as shown in Figure 2. After entering this information, click Create to create the snapshot. Upon doing so, you will see a message indicating that snapshot creation was started, as shown in Figure 3.
You can view the snapshot's status on the console's Snapshots tab, which you can see in Figure 4 below.
Although the process of creating a snapshot could not be easier, there are a few things that are important to know about snapshots. For starters, snapshots are something of a generic term. There are a number of different types of snapshots that exist in the world of IT (storage snapshots, differencing disk snapshots, pointer snapshots, et cetera). Some types of snapshots do not actually create a copy of the storage volume that is being protected.
Differencing disk snapshots, for instance, flag the virtual hard disk as read-only, and then create a differencing disk that has a parent/child relationship with the original virtual hard disk. This approach ensures that the original virtual hard disk remains unmodified once the snapshot is created. All write operations are directed, instead, to the differencing disk. Rolling back such a snapshot is simply a matter of removing the differencing disk, and making the original virtual hard disk read/write.
Although this form of snapshot preserves the virtual hard disk contents by making the virtual hard disk read-only, it does not actually create a backup copy of the virtual hard disk. In contrast, the AWS documentation refers to snapshots as being "incremental backups." Although the documentation does not explicitly indicate the type of snapshot mechanism that AWS is using, it appears as though AWS may be performing storage snapshots.
It is also important to understand how the snapshotting process handles encryption. If you look back at Figure 2, you will notice that the dialog box contains an encryption option. This option is not configurable (at least not from the dialog box). The mention of encryption within the dialog box exists solely for informational purposes.
When you create a snapshot, the snapshot's encryption mimics the volume's encryption. If the volume is encrypted, then AWS will automatically encrypt snapshots of the volume. If the volume is not encrypted, then snapshots will not be encrypted, either. If you need to encrypt an unencrypted snapshot, then you can do so in a roundabout manner by copying the snapshot and then encrypting the snapshot as a part of the copy process.
To copy a snapshot, just right-click on it and choose the Copy command from the shortcut menu, as shown in Figure 5. Notice in this figure that this shortcut menu also contains options for creating a volume or an image from the snapshot. You can also use the shortcut menu to modify the snapshot's permissions or tags.
When you choose the option to copy the snapshot, you will see a dialog box like the one shown in Figure 6. Notice that this dialog box contains a checkbox that you can use to encrypt the snapshot copy (but not the original snapshot).
It is also worth noting that the dialog box shown in the figure above contains an option to copy the snapshot to another region. When you create a snapshot, the snapshot must reside in the same region as the volume from which the snapshot was made. A snapshot copy, however, can be sent to any region.
As you can see, AWS makes it easy to create snapshots of EBS volumes. The most important thing to understand about the snapshot process is that AWS provides almost no options that can be configured within the snapshot creation process, but you can make snapshot copies that are configured to meet your needs.
Brien Posey is a 22-time Microsoft MVP with decades of IT experience. As a freelance writer, Posey has written thousands of articles and contributed to several dozen books on a wide variety of IT topics. Prior to going freelance, Posey was a CIO for a national chain of hospitals and health care facilities. He has also served as a network administrator for some of the country's largest insurance companies and for the Department of Defense at Fort Knox. In addition to his continued work in IT, Posey has spent the last several years actively training as a commercial scientist-astronaut candidate in preparation to fly on a mission to study polar mesospheric clouds from space. You can follow his spaceflight training on his Web site.