Amazon Elastic Compute Cloud
CLI Reference (API Version 2015-10-01)



Creates a snapshot of an Amazon EBS volume and stores it in Amazon S3. You can use snapshots for backups, to make copies of instance store volumes, and to save data before shutting down an instance.

When a snapshot is created from a volume with an AWS Marketplace product code, the product code is propagated to the snapshot.

You can take a snapshot of an attached volume that is in use. However, snapshots only capture data that has been written to your Amazon EBS volume at the time the snapshot command is issued. This might exclude any data that has been cached by any applications or the operating system. If you can pause any file writes to the volume long enough to take a snapshot, your snapshot should be complete. However, if you can't pause all file writes to the volume, you should unmount the volume from within the instance, issue the snapshot command, and then remount the volume to ensure a consistent and complete snapshot. You can remount and use your volume while the snapshot status is pending.

To create a snapshot for Amazon EBS volumes that serve as root devices, you should stop the instance before taking the snapshot.

Snapshots that are taken from encrypted volumes are automatically encrypted. Volumes that are created from encrypted snapshots are also automatically encrypted. Your encrypted volumes and any associated snapshots always remain protected. For more information, see Amazon EBS encryption in the Amazon EC2 User Guide for Linux Instances.

For more information, see Amazon Elastic Block Store in the Amazon EC2 User Guide for Linux Instances.

The short version of this command is ec2addsnap.


If you are using the AWS CLI, see create-snapshot instead.


ec2-create-snapshot volume_id [-d description]




The ID of the Amazon EBS volume.

Type: String

Default: None

Required: Yes

Example: vol-4d826724

-d, --description description

A description for the snapshot.

Type: String

Default: None

Constraints: Up to 255 characters

Required: No

Example: -d "Daily backup"

Common Options


--region region

The region. Overrides the default region, the region specified by the EC2_URL environment variable, and the URL specified by the -U option.

Default: The region specified by the EC2_URL environment variable, or us-east-1 if EC2_URL isn't set.

-U, --url url

The uniform resource locator (URL) of the Amazon EC2 web service entry point.

Default: The endpoint specified by the EC2_URL environment variable, or if EC2_URL isn't set.

-O, --aws-access-key aws_access_key_id

Your access key ID. For more information, see Tell the Tools Who You Are.

Default: The value of the AWS_ACCESS_KEY environment variable. If AWS_ACCESS_KEY isn't set, you must specify this option.


-W, --aws-secret-key aws_secret_access_key

Your secret access key.

Default: The value of the AWS_SECRET_KEY environment variable. If AWS_SECRET_KEY isn't set, you must specify this option.


-T, --security-token delegation_token

The delegation token to pass along to the AWS request. This is only required when you are using temporary security credentials. For more information, see Using Temporary Security Credentials.

Default: The value of the AWS_DELEGATION_TOKEN environment variable (if set).

Example: -T AQoDYXdzEJr...<remainder of security token>

--connection-timeout timeout

The connection timeout, in seconds.

Example: --connection-timeout 30

--request-timeout timeout

The request timeout, in seconds.

Example: --request-timeout 45

-H, --headers

Includes column headers in the command output.


Shows empty columns as (nil).


Omits tags for tagged resources.


Displays internal debugging information. This can assist us when helping you troubleshooting problems.

-D, --auth-dry-run

Checks whether you have the required permissions for the command, without actually running the command. If you have the required permissions, the command returns DryRunOperation; otherwise, it returns UnauthorizedOperation.

-v, --verbose

Displays verbose output, including the API request and response on the command line. This is useful if you are building tools to talk directly to the Query API.


Reads arguments from standard input. This is useful when piping the output from one command to the input of another.

Example: ec2-describe-instances | grep stopped | cut -f 2 | ec2-start-instances -

-?, --help, -h

Displays usage information for the command.

Deprecated Options

We have deprecated the SOAP API for Amazon EC2. For more information, see SOAP Requests. From version onwards of the Amazon EC2 CLI tools, the private key (-K, --private-key) and X.509 certificate (-C, --cert) options are not supported. Use your access key ID (-O, --aws-access-key) and secret access key (-W, --aws-secret-key) instead. For more information, see Setting Up the Amazon EC2 CLI and AMI Tools.


-K, --private-key ec2_private_key

The private key to use when constructing requests to Amazon EC2.

Default: The value of the EC2_PRIVATE_KEY environment variable.


-C, --cert ec2_cert

The X.509 certificate to use when constructing requests to Amazon EC2.

Default: The value of the EC2_CERT environment variable.



This command returns a table that contains the following information:

  • The SNAPSHOT identifier

  • The ID of the snapshot

  • The ID of the volume. Snapshots created by the CopySnapshot action have an arbitrary volume ID that should not be used for any purpose.

  • The state of the snapshot (pending, completed, error)

  • The time stamp when the snapshot initiated

  • The percentage of completion

  • The ID of the snapshot owner

  • The size of the volume

  • The description of the snapshot

  • The encryption status of the snapshot

  • The full ARN of the AWS Key Management Service (AWS KMS) master key that was used to protect the volume encryption key for the volume.

Amazon EC2 command line tools display errors on stderr.



This example command creates a snapshot of the volume with the ID vol-1a2b3c4d.

PROMPT> ec2-create-snapshot vol-1a2b3c4d --description "Daily Backup"
SNAPSHOT	snap-1a2b3c4d	vol-1a2b3c4d	pending	YYYY-MM-DDTHH:MM:SS+0000		111122223333	30	Daily Backup	Not Encrypted

Related Topics

Setting Up

IAM Policies

You can create an IAM policy to grant users permission to use this command. For more information, see IAM Policies for Amazon EC2 in the Amazon EC2 User Guide for Linux Instances.

Related Action