Earlier this week, Amazon Web Services announced that you can now copy encrypted Amazon EBS snapshots between accounts, a capability previously supported only for unencrypted snapshots. Now you can easily copy encrypted snapshots between your development, test and production environments or between different departments and project accounts. This will now also make it easier for you to follow AWS security best practices which include copying encrypted snapshots to separately managed accounts, in the same or other regions, to provide an extra level of account isolation.
Amazon EBS now supports cross-account copying of encrypted snapshots
It has been confirmed that the copying of encrypted snapshots is supported for snapshots created from a customer-managed customer master key (CMK) and not those created with the default CMK. This protects you from needing to share your default CMK with another account in order to decrypt a resource.
The cross-account copying of encrypted EBS snapshots will be supported in the US East (Northern Virginia), US West (Northern California), US West (Oregon), Europe (Ireland), Europe (Frankfurt), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Seoul), AWS Gov Cloud (US), South America (São Paolo), and Asia Pacific (Tokyo) regions. To learn more about how it works, please see Jeff Barr’s Blog or Amazon EBS documentation.
EBS Snapshot Automation
If you are looking for information on how to automate EBS snapshots, have a look at our previous blog post on how to Automate AWS snapshots of your EBS volumes.
CloudRanger is a cost-effective SaaS app that reduces cloud computing costs by optimizing AWS resources through automation. CloudRanger enables AWS customers to manage your snapshot process and schedule automatic start/stop times for idle cloud computing services, so you pay only for the AWS resource you actually use.
We offer a 14-day free trial, so you can try out our range of AWS features and benefits for yourselves.