3.3.2. Snapshot Automation: EC2, RDS, EBS, S3, DynamoDB
š” First Principle: Manual snapshots are a liability disguised as a process. The only reliable backup is one that runs automatically on a schedule, because humans consistently forget, deprioritize, or skip manual tasks under operational pressure.
Resource-Specific Backup Mechanisms:
| Resource | Automated Backup Method | Manual Backup |
|---|---|---|
| RDS/Aurora | Automated backups (1ā35 day retention; enabled by default) | Manual DB snapshots (kept until deleted) |
| EC2 | Data Lifecycle Manager (DLM) or AWS Backup | Manual AMI creation |
| EBS | DLM policies or AWS Backup | Manual snapshot |
| DynamoDB | Point-in-Time Recovery (PITR) + AWS Backup | On-demand backup |
| S3 | Versioning + replication + S3 Backup in AWS Backup | Individual object copy |
AWS Data Lifecycle Manager (DLM): Automates EBS snapshot creation and retention through lifecycle policies. You define:
- Target resource: EC2 instances or volumes with specific tags
- Schedule: Every N hours/days
- Retain: Keep last N snapshots or for N days
- Cross-region copy: Automatically copy snapshots to another region
- Fast snapshot restore: Pre-warm snapshots for near-instant restore
DLM is simpler than AWS Backup for EBS-only use cases but doesn't provide the cross-service management or compliance reporting of AWS Backup.
RDS Automated Backups vs. Manual Snapshots:
| Feature | Automated Backup | Manual Snapshot |
|---|---|---|
| Retention | 1ā35 days (deleted automatically) | Indefinite (until you delete) |
| Point-in-time restore | ā Yes (to any second within retention period) | ā No (restores to snapshot time only) |
| Deleted with DB? | ā Yes (unless you export first) | ā No (persists after DB deletion) |
DynamoDB Point-in-Time Recovery (PITR): When enabled, DynamoDB continuously backs up your table, allowing restore to any point in the past 35 days with second-level granularity. PITR is not enabled by default ā you must explicitly enable it per table. Enabling PITR is a best practice for any production DynamoDB table.
ā ļø Exam Trap: When you delete an RDS instance, automated backups are also deleted (unless you take a final snapshot). If you want to preserve the ability to restore after deletion, always take a manual snapshot before deleting an RDS instance, or configure deletion protection.
Reflection Question: A developer accidentally ran DROP TABLE on a production DynamoDB table 6 hours ago. PITR was not enabled. What recovery options exist, and what would you configure immediately to prevent this from happening again?
