- Newest
- Most votes
- Most comments
Once a backup vault is locked in compliance mode after the grace period, the retention period settings become immutable and cannot be changed or removed by anyone, including the customer or AWS. The blog mentions:
"Note that the vault lock may be deleted in Compliance mode if it's in the grace period. Once the vault is locked in compliance mode, no one, including the root user or AWS, can manage or remove it. The only method to remove the lock is to terminate the account. However, doing so also deletes all previous backups."
So, if the compliance vault lock you mentioned has already passed the grace period (cooling-off period), then unfortunately there is no way to remove or modify the lock or the retention settings. The backup data in that vault will be retained for the configured retention period, and you cannot get rid of those backup points before the retention period expires.
The blog recommends setting the retention period carefully during the vault lock configuration, as it cannot be changed once the grace period is over and the vault lock is in compliance mode.
If the vault lock is still within the grace period, you may be able to delete the vault lock configuration as shown in the blog. However, if the grace period has passed, the only option mentioned is to terminate the entire AWS account, which will also delete all previous backups.
In summary, if the compliance vault lock has already become immutable after the grace period, there is no way to modify or remove it or the configured retention settings. The backup data will need to be retained as per the set retention period.
[+] https://aws.amazon.com/blogs/storage/protecting-data-with-aws-backup-vault-lock/
[+] https://repost.aws/knowledge-center/backup-configure-vault-lock
Immutable Compliance Vault Lock: Once the vault is locked in compliance mode after the grace period, the lock and retention settings cannot be modified or removed by anyone, including the customer or AWS.
1.Retention Period: Backup data will be retained for the set period. If marked with "Forever" retention, it cannot be deleted.
2.Grace Period: During the grace period, you can delete or modify the vault lock. After this period, the lock becomes permanent.
3.Only Removal Option: The only way to remove the lock after the grace period is to terminate the AWS account, which deletes all backups.
Hii
The specific documentation and resources will vary depending on your backup software. However, here are some general resources that might be helpful:
Veeam Software: https://www.veeam.com/support/help-center-technical-documentation.html Acronis Backup: https://www.acronis.com/en-us/support/documentation/ Symantec Backup Exec:
https://dl.dell.com/manuals/all-products/esuprt_electronics/esuprt_software/esuprtl_utility/sym-bckup-exec_administrator%20guide_en-us.pdf Microsoft Azure Backup: https://learn.microsoft.com/en-us/azure/backup/
Relevant content
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago