Check if Instances Have Automated Snapshots Enabled

Overview

This check verifies that your Amazon Lightsail instances have automatic daily snapshots enabled. Automatic snapshots create point-in-time backups of your instances without any manual intervention.

Risk

Without automatic snapshots, you risk losing data if something goes wrong with your instance. This includes:

• Accidental deletion of important files or the instance itself
• Data corruption from failed updates or software issues
• Security incidents like ransomware that encrypt your data
• Extended downtime because there's no quick way to restore your system

Enabling automatic snapshots gives you a safety net to recover quickly.

Remediation Steps

Prerequisites

You need access to the AWS Console with permissions to manage Lightsail instances. No special tools are required for the console method.

AWS Console Method

1. Open the Amazon Lightsail console
2. Click Instances in the left navigation
3. Select the instance you want to protect
4. Click the Snapshots tab
5. Under Automatic snapshots, toggle the switch to Enabled
6. (Optional) Choose a preferred snapshot time from the dropdown
7. Click Save to confirm

The instance will now create automatic daily snapshots at your chosen time (or AWS's default time if you didn't specify one).

AWS CLI (optional)

Enable automatic snapshots for an existing instance:

aws lightsail enable-add-on \
  --region us-east-1 \
  --resource-name my-instance-name \
  --add-on-request addOnType=AutoSnapshot

To specify a snapshot time (in UTC, hourly increments only):

aws lightsail enable-add-on \
  --region us-east-1 \
  --resource-name my-instance-name \
  --add-on-request 'addOnType=AutoSnapshot,autoSnapshotAddOnRequest={snapshotTimeOfDay=06:00}'

Replace my-instance-name with your actual instance name.

To check current add-on status for an instance:

aws lightsail get-instance \
  --region us-east-1 \
  --instance-name my-instance-name \
  --query 'instance.addOns'

CloudFormation (optional)

Use this template to create a new Lightsail instance with automatic snapshots enabled:

AWSTemplateFormatVersion: '2010-09-09'
Description: Lightsail instance with automatic snapshots enabled

Parameters:
  InstanceName:
    Type: String
    Description: Name for the Lightsail instance
    Default: my-lightsail-instance

  AvailabilityZone:
    Type: String
    Description: Availability zone for the instance
    Default: us-east-1a

  BlueprintId:
    Type: String
    Description: Blueprint ID (OS image)
    Default: amazon_linux_2

  BundleId:
    Type: String
    Description: Bundle ID (instance size)
    Default: nano_3_0

  SnapshotTime:
    Type: String
    Description: Time for daily automatic snapshot (HH:00 in UTC)
    Default: '06:00'
    AllowedPattern: '^[0-2][0-9]:00$'

Resources:
  LightsailInstance:
    Type: AWS::Lightsail::Instance
    Properties:
      InstanceName: !Ref InstanceName
      AvailabilityZone: !Ref AvailabilityZone
      BlueprintId: !Ref BlueprintId
      BundleId: !Ref BundleId
      AddOns:
        - AddOnType: AutoSnapshot
          Status: Enabled
          AutoSnapshotAddOnRequest:
            SnapshotTimeOfDay: !Ref SnapshotTime

Outputs:
  InstanceArn:
    Description: ARN of the Lightsail instance
    Value: !GetAtt LightsailInstance.InstanceArn

Deploy the stack:

aws cloudformation deploy \
  --region us-east-1 \
  --template-file template.yaml \
  --stack-name lightsail-instance-with-snapshots \
  --parameter-overrides InstanceName=my-instance

Terraform (optional)

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
}

provider "aws" {
  region = "us-east-1"
}

resource "aws_lightsail_instance" "example" {
  name              = "my-lightsail-instance"
  availability_zone = "us-east-1a"
  blueprint_id      = "amazon_linux_2"
  bundle_id         = "nano_3_0"

  add_on {
    type          = "AutoSnapshot"
    snapshot_time = "06:00"
    status        = "Enabled"
  }

  tags = {
    Environment = "production"
  }
}

Apply the configuration:

terraform init
terraform plan
terraform apply

Verification

After enabling automatic snapshots:

1. Return to the Snapshots tab for your instance in the Lightsail console
2. Confirm that Automatic snapshots shows as Enabled
3. Note the scheduled snapshot time displayed

Your first automatic snapshot will be created at the next scheduled time. After that, you'll see snapshots listed under Automatic snapshots on the Snapshots tab.

CLI verification

aws lightsail get-instance \
  --region us-east-1 \
  --instance-name my-instance-name \
  --query 'instance.addOns[?addOnType==`AutoSnapshot`]'

Expected output when enabled:

[
    {
        "name": "AutoSnapshot",
        "status": "Enabled",
        "snapshotTimeOfDay": "06:00"
    }
]

Additional Resources

• Enabling or disabling automatic snapshots for instances or disks in Amazon Lightsail
• Snapshots in Amazon Lightsail
• AWS::Lightsail::Instance CloudFormation reference

Notes

• Snapshot timing: The snapshot time is specified in UTC. Choose a time during low-traffic periods for your application.
• Retention: Lightsail keeps the 7 most recent automatic snapshots by default. Older snapshots are automatically deleted.
• Cost: Automatic snapshots are included at no additional cost beyond your instance plan. Manual snapshots may incur additional charges.
• Restoration: You can create a new instance from any automatic snapshot, or use it to restore data to an existing instance.
• Existing instances: Enabling automatic snapshots on an existing instance does not disrupt the instance; it continues running normally.