EBS volumes are evaluated for the existence of at least one associated snapshot, identifying volumes without any point-in-time backup available.
Risk
Missing EBS snapshots removes point-in-time recovery. Accidental deletion, corruption, or ransomware can cause irrecoverable data loss and prolonged service outages, degrading data integrity and availability and complicating recovery and forensics.
Run this check with Prowler CLI
prowler aws --checks ec2_ebs_volume_snapshots_exists
Recommendation
Establish automated, policy-based EBS snapshot coverage for all volumes aligned to business RPO/RTO.
- Schedule regular snapshots with retention controls
- Encrypt snapshots and enforce least privilege access
- Replicate to another Region/account for DR
- Periodically test restores and document procedures
Remediation
CLI
aws ec2 create-snapshot --region <REGION> --volume-id <VOLUME_ID>
Native IaC
Terraform
Other
- In the AWS Console, go to EC2
- Click Volumes, select the target EBS volume
- Choose Actions > Create snapshot
- Click Create snapshot to confirm
Source Code
Resource Type
AwsEc2Volume