Create a Recycle Bin retention rule
When you create a retention rule, you must specify the following required
parameters:
-
The resource type that is to be protected by the retention rule.
-
The resources that are to be protected by the retention rule. You can create retention
rules at the tag level and the Region level.
-
To create a tag-level retention rule, specify the resource tags that identify the
resources to protect. You can specify up to 50 tags for each rule,
and add the same tag key and value pair to a maximum of five
retention rules.
-
To create a Region-level retention rule, do not specify any tag key and value pairs. In
this case, all resources of the specified type are protected.
-
The period to retain the resources in the Recycle Bin after they are deleted. The
period can be up to 1 year (365 days).
You can also specify the following optional parameters:
-
An optional name for the retention rule. The name can be up to 255 characters long.
-
An optional description for the retention rule. The description can be up to 255
characters long.
We recommend that you do not include personally identifying, confidential, or sensitive
information in the retention rule description.
-
Optional retention rule tags to help identify and organize your retention rules. You
can assign up to 50 tags to each rule.
You can also optionally lock retention rules on creation. If you lock a retention rule on creation,
you must also specify the unlock delay period, which can be 7 to 30 days. Retention rules remain
unlocked by default unless you explicitly lock them.
Retention rules function only in the Regions in which they are created. If you intend to use
Recycle Bin in other Regions, you must create additional retention rules in those Regions.
You can create a Recycle Bin retention rule using one of the following methods.
- Recycle Bin console
-
To create a retention rule
-
Open the Recycle Bin console at https://console.aws.amazon.com/rbin/home/
-
In the navigation pane, choose Retention rules, and then choose
Create retention rule.
-
In the Rule details section, do the following:
-
(Optional) For Retention rule name, enter
a descriptive name for the retention rule.
-
(Optional) For Retention rule description,
enter a brief description for the retention rule.
-
In the Rule settings section, do the following:
-
For Resource type, select choose the type of resource for the retention
rule to protect. The retention rule will retain only resources of this type in the Recycle Bin.
-
Do one of the following:
-
To create a Region-level retention rule that matches all deleted resources of the
specified type in the Region, select Apply to all resources. The
retention rule will retain all deleted resources of the specified in the Recycle Bin
upon deletion, even if the resources do not have any tags.
-
To create a tag-level retention rule, for Resource tags to match,
enter the tag key and value pairs to use to identify resource of the specified type that
are to be retained in the Recycle Bin. Only resources of the specified type that have
at least one of the specified tag key and value pairs will be retained by the retention
rule.
-
For Retention period, enter the number of days for which the retention
rule is to retain resources in the Recycle Bin.
-
(Optional) To lock the retention rule, for Rule lock settings,
select Lock, and then for Unlock delay period, specify the
unlock delay period in days. A locked retention rule can't be modified or deleted. To modify or delete
the rule, you must first unlock it and then wait for the unlock delay period to expire. For more
information, see Lock a Recycle Bin retention rule to prevent
it from being updated or deleted
To leave the retention rule unlocked, for Rule lock settings, keep
Unlock selected. An unlocked retention rule can be modified or deleted at any time.
For more information, see Unlock a Recycle Bin retention rule to allow
it to be updated or deleted.
-
(Optional) In the Tags section, do the following:
-
To tag the rule with custom tags, choose Add tag and then
enter the tag key and value pair.
-
Choose Create retention rule.
- AWS CLI
-
To create a retention rule
Use the create-rule
AWS CLI command. For --retention-period
, specify the number of days to retain deleted snapshots
in the Recycle Bin. For --resource-type
, specify EBS_SNAPSHOT
for snapshots or
EC2_IMAGE
for AMIs. To create a tag-level retention rule, for --resource-tags
,
specify the tags to use to identify the snapshots that are to be retained. To create a Region-level
retention rule, omit --resource-tags
. To lock a retention rule, include --lock-configuration
,
and specify the unlock delay period in days.
aws rbin create-rule \
--retention-period RetentionPeriodValue=number_of_days
,RetentionPeriodUnit=DAYS \
--resource-type EBS_SNAPSHOT|EC2_IMAGE
\
--description "rule_description
" \
--lock-configuration 'UnlockDelay={UnlockDelayUnit=DAYS,UnlockDelayValue=unlock_delay_in_days
}' \
--resource-tags ResourceTagKey=tag_key
,ResourceTagValue=tag_value
Example 1
The following example command creates an unlocked
Region-level retention rule that retains all deleted
snapshots for a period of 7
days.
aws rbin create-rule \
--retention-period RetentionPeriodValue=7,RetentionPeriodUnit=DAYS \
--resource-type EBS_SNAPSHOT \
--description "Match all snapshots"
Example 2
The following example command creates a tag-level rule that retains deleted snapshots
that are tagged with purpose=production
for a period of
7
days.
aws rbin create-rule \
--retention-period RetentionPeriodValue=7,RetentionPeriodUnit=DAYS \
--resource-type EBS_SNAPSHOT \
--description "Match snapshots with a specific tag" \
--resource-tags ResourceTagKey=purpose,ResourceTagValue=production
Example 3
The following example command creates a locked
Region-level retention rule that retains all deleted snapshots for a
period of 7
days. The
retention rule is locked with an unlock delay period of 7
days.
aws rbin create-rule \
--retention-period RetentionPeriodValue=7,RetentionPeriodUnit=DAYS \
--resource-type EBS_SNAPSHOT \
--description "Match all snapshots" \
--lock-configuration 'UnlockDelay={UnlockDelayUnit=DAYS,UnlockDelayValue=7}'