Posted On: Nov 2, 2022

Amazon Backup now offers a new Amazon Backup Vault Lock console experience in Amazon Web Services China (Beijing) Region, operated by Sinnet, and Amazon Web Services China (Ningxia) Region, operated by NWCD. The new Amazon Backup Vault Lock console experience not only provides you an intuitive way to configure your vault lock details, but also allows you to deploy and manage your immutability policies to protect your backups from accidental or malicious deletions using a write-once, read-many (WORM) format. Depending on your data retention needs, you can now use Amazon Backup Vault Lock in governance mode or compliance mode to configure your vault’s immutability policies with greater flexibility and multiple levels of security. Under governance mode, users with the appropriate role-based permissions can test and change retention policies or even remove the lock completely. In compliance mode, the user can specify a lock date after which the vault is locked immutably. Once locked, the acceptable retention periods cannot be changed and the lock cannot be disabled even by the root user. With this feature, the console also provides you with visibility into your vaults’ lock status and facilitates reporting across all locked vaults. 

To get started with Amazon Backup Vault Lock, begin by selecting the backup vault you want to lock. Then, you can select your desired retention period and specify the acceptable retention periods for your vault lock configuration. With Amazon Backup, you can set up multiple layers of data protection, including independent copies of backups across multiple Amazon Web Services Regions and accounts, separate resource access policies, and long-term data retention. 

To learn more about Amazon Backup Vault Lock, visit the Amazon Backup product page and documentation. Get started with Amazon Backup Vault Lock using the Amazon Web Services Management console, Amazon SDKs, or Amazon CLI.