AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2026-07-10 · Documentation low

File: prescriptive-guidance/latest/backup-recovery/ec2-backup.md

Summary

Updated documentation with editorial improvements including: corrected breadcrumb navigation links, expanded section titles, punctuation fixes (apostrophes), replaced 'scope of impact' with 'blast radius' terminology, abbreviated RPO/RTO after initial definition, capitalized 'Tagging Best Practices', removed backticks from API operation names, and improved page titles.

Security assessment

Changes are editorial improvements and terminology updates without introducing new security concepts or addressing vulnerabilities. The existing security content about tagging enforcement remains unchanged except for minor formatting adjustments.

Diff

diff --git a/prescriptive-guidance/latest/backup-recovery/ec2-backup.md b/prescriptive-guidance/latest/backup-recovery/ec2-backup.md
index 4d3661d46..fc6f91850 100644
--- a//prescriptive-guidance/latest/backup-recovery/ec2-backup.md
+++ b//prescriptive-guidance/latest/backup-recovery/ec2-backup.md
@@ -5 +5 @@
-[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[Backup and recovery approaches on AWS](welcome.html)
+[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[Backup and recovery approaches on AWS](introduction.html)
@@ -7 +7 @@
-AMIs or snapshotsServer volumesSeparate server volumesInstance store volumesTagging and enforcing standards
+Using AMIs or Amazon EBS snapshots for backupsServer volumesEstablishing separate server volumesConsiderations for instance store volumesTagging and enforcing standards for EBS snapshots and AMIs
@@ -21 +21 @@ An AMI includes the following:
-  * A block device mapping that specifies the volumes to attach to the instance when it’s launched.
+  * A block device mapping that specifies the volumes to attach to the instance when it's launched.
@@ -32 +32 @@ You can use AMIs to launch new instances with preconfigured software and data. Y
-You can’t use snapshots to launch a new instance, but you can use them to replace volumes on an existing instance. If you experience data corruption or a volume failure, you can create a volume from a snapshot that you have taken and replace the old volume. You can also use snapshots to provision new volumes and attach them during a new instance launch.
+You can't use snapshots to launch a new instance, but you can use them to replace volumes on an existing instance. If you experience data corruption or a volume failure, you can create a volume from a snapshot that you have taken and replace the old volume. You can also use snapshots to provision new volumes and attach them during a new instance launch.
@@ -69 +69 @@ Amazon EBS snapshots can also be copied between AWS Regions by using the Amazon
-You may already use a standard set of separate volumes for the operating system, logs, applications, and data. By establishing separate server volumes, you can reduce the scope of impact when there are application or platform failures caused by disk space exhaustion. This risk is usually greater with physical hard drives, because you don’t have the flexibility to expand volumes quickly. With physical drives, you must purchase the new drives, back up the data, and then restore the data on the new drives. With AWS, this risk is greatly reduced because you can use Amazon EBS to expand your provisioned volumes. For more information, see the [AWS documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/modify-volume-requirements.html).
+You may already use a standard set of separate volumes for the operating system, logs, applications, and data. By establishing separate server volumes, you can reduce the blast radius of application or platform failures due to disk space exhaustion. This risk is usually greater with physical hard drives, because you don't have the flexibility to expand volumes quickly. With physical drives, you must purchase the new drives, back up the data, and then restore the data on the new drives. With AWS, this risk is greatly reduced because you can use Amazon EBS to expand your provisioned volumes. For more information, see the [AWS documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/modify-volume-requirements.html).
@@ -90 +90 @@ Therefore, do not rely on an instance store for valuable, long-term data. Instea
-A common strategy with instance store volumes is to persist necessary data to Amazon S3 regularly as needed, based on the recovery point objective (RPO) and recovery time objective (RTO). You can then download the data from Amazon S3 to your instance store when a new instance is launched. You can also upload the data to Amazon S3 before an instance is stopped. For persistence, create an EBS volume, attach it to your instance, and copy the data from the instance store volume to the EBS volume on a periodic basis. For more information, see the [AWS Knowledge Center](https://aws.amazon.com/premiumsupport/knowledge-center/back-up-instance-store-ebs/).
+A common strategy with instance store volumes is to persist necessary data to Amazon S3 regularly as needed, based on the RPO and RTO. You can then download the data from Amazon S3 to your instance store when a new instance is launched. You can also upload the data to Amazon S3 before an instance is stopped. For persistence, create an EBS volume, attach it to your instance, and copy the data from the instance store volume to the EBS volume on a periodic basis. For more information, see the [AWS Knowledge Center](https://aws.amazon.com/premiumsupport/knowledge-center/back-up-instance-store-ebs/).
@@ -94 +94 @@ A common strategy with instance store volumes is to persist necessary data to Am
-Tagging all your AWS resources is an important practice for cost allocation, auditing, troubleshooting, and notification. Tagging is important for EBS volumes so that the pertinent information required to manage and restore volumes is present. Tags are not automatically copied from EC2 instances to AMIs or from source volumes to snapshots. Make sure that your backup process includes the relevant tags from these sources. This helps you to set the snapshot metadata, such as access policies, attachment information, and cost allocation, to use these backups in the future. For more information on tagging your AWS resources, refer to the [tagging best practices technical paper](https://d1.awsstatic.com/whitepapers/aws-tagging-best-practices.pdf).
+Tagging all your AWS resources is an important practice for cost allocation, auditing, troubleshooting, and notification. Tagging is important for EBS volumes so that the pertinent information required to manage and restore volumes is present. Tags are not automatically copied from EC2 instances to AMIs or from source volumes to snapshots. Make sure that your backup process includes the relevant tags from these sources. This helps you to set the snapshot metadata, such as access policies, attachment information, and cost allocation, to use these backups in the future. For more information on tagging your AWS resources, refer to the [Tagging Best Practices technical paper](https://d1.awsstatic.com/whitepapers/aws-tagging-best-practices.pdf).
@@ -107 +107 @@ In addition to the tags you use for all AWS resources, use the following backup-
-You can enforce tagging policies by using AWS Config rules and IAM permissions. IAM supports enforced tag usage, so you can write IAM policies that mandate the use of specific tags when acting on Amazon EBS snapshots. If a `CreateSnapshot` operation is attempted without the tags defined in the IAM permissions policy granting rights, the snapshot creation fails with access denied. For more information, see the [blog post on tagging Amazon EBS snapshots on creation and implementing stronger security policies](https://aws.amazon.com/blogs/compute/tag-amazon-ebs-snapshots-on-creation-and-implement-stronger-security-policies/).
+You can enforce tagging policies by using AWS Config rules and IAM permissions. IAM supports enforced tag usage, so you can write IAM policies that mandate the use of specific tags when acting on Amazon EBS snapshots. If a CreateSnapshot operation is attempted without the tags defined in the IAM permissions policy granting rights, the snapshot creation fails with access denied. For more information, see the [blog post on tagging Amazon EBS snapshots on creation and implementing stronger security policies](https://aws.amazon.com/blogs/compute/tag-amazon-ebs-snapshots-on-creation-and-implement-stronger-security-policies/).
@@ -117 +117 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please
-Amazon EC2 with EBS volumes
+Backup and recovery for Amazon EC2 with EBS volumes
@@ -119 +119 @@ Amazon EC2 with EBS volumes
-Create EBS volume backups
+Creating EBS volume backups with AMIs and EBS snapshots