How do I delete Amazon EBS snapshots when deletion fails?
I can't delete my Amazon Elastic Block Store (Amazon EBS) snapshot.
Resolution
Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.
Choose a resolution based on the error message that you receive or issue that you experience.
Encoded authorization failure error
In AWS CloudTrail, you receive the following error message:
"You are not authorized to perform this operation. Encoded authorization failure message: Bght_tAZ..."
This error occurs because the AWS Identity and Access Management (IAM) user or role doesn't have permission to run the DeleteSnapshot API operation.
To decode the authorization failure message, run the following command:
aws sts decode-authorization-message --encoded-message your_encoded_message
Note: Replace your_encoded_message with the encoded authorization failure message that you received.
You can also use the IAM policy simulator to troubleshoot the error. Check whether the policy that's attached to the IAM user or role has a rule that denies the ec2:DeleteSnapshot action.
Example JSON policy that denies the ec2:DeleteSnapshot action:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Deny", "Action": "ec2:DeleteSnapshot", "Resource": "*" } ] }
Also, check for rules that deny conditions that must be satisfied for the operation to complete, such as ec2:SnapshotID. Update the IAM user or role policy to allow snapshot deletion.
Snapshot doesn't exist error
You receive the following error message:
"The snapshot 'snap-abcdef1234567890' does not exist."
This error occurs because another AWS account owns the snapshot and shares it with your account.
If you have access to the account that's sharing the snapshot, then you can delete the snapshot. Otherwise, you must ask the owner of the other account to delete the snapshot.
To check the owner of the snapshot, run the following describe-snapshots AWS CLI command:
aws ec2 describe-snapshots --snapshot-ids snap-abcdef1234567890
Note: Replace snap-abcdef1234567890 with your snapshot's ID.
You can also use the Amazon Elastic Compute Cloud (Amazon EC2) console to get information about the snapshot.
If you own the snapshot and no longer want to share the snapshot with other accounts, then complete the following steps:
- Open the Amazon EC2 console.
- In the navigation pane, choose Snapshots.
- Select the snapshot that you shared, and then choose Actions.
- Choose Snapshot settings, and then choose Modify permissions.
- Under Shared accounts, select the ID of the account that you want to revoke snapshot sharing from.
- Choose Remove selected.
- Choose Save changes.
Snapshot in use by AMI error
You receive the following error message:
"The snapshot 'snap-abcdef1234567890' is currently in use by ami-abcdef1234567890."
This error occurs because a registered Amazon Machine Image (AMI) is using the snapshot of the EBS volume's root device.
To resolve this issue, deregister your AMI, and then delete the snapshot.
If you can no longer view the error message that contains the AMI ID, then run the following describe-snapshots AWS CLI command:
aws ec2 describe-snapshots --snapshot-ids snap-abcdef1234567890
Note: Replace snap-abcdef1234567890 with your snapshot's ID.
You can find the AMI ID in the Description section of your JSON file:
{ "Snapshots": [ { "Description": "Created by CreateImage(i-abcdef1234567890) for ami-abcdef1234567890", "Encrypted": false, "OwnerId": "111122223333", "Progress": "100%", "SnapshotId": "snap-abcdef1234567890", "StartTime": "2022-11-12T03:15:16.272000+00:00", "State": "completed", "VolumeId": "vol-abcdef1234567890", "VolumeSize": 8, "StorageTier": "standard" } ] }
DeleteSnapshot operation error
You receive the following error message:
"An error occurred (InvalidSnapshot.NotFound) when calling the DeleteSnapshot operation. The snapshot 'snap-abcdef1234567890' does not exist."
If you use the AWS CLI to delete a snapshot and receive the preceding error message, then the snapshot might be in the Recycle Bin.
You can't delete a snapshot that's in the Recycle Bin. You can delete the snapshot only when the retention period expires.
To check if the snapshot is in the Recycle Bin, run the list-snapshots-in-recycle-bin AWS CLI command:
aws ec2 list-snapshots-in-recycle-bin --snapshot-id snap-abcdef1234567890 --region region
Note: Replace snap-abcdef1234567890 with your snapshot's ID and region with your AWS Region.
Example output:
{ "Snapshots": [ { "SnapshotId": "snap-0460a240fc523552e", "RecycleBinEnterTime": "2022-11-13T16:33:54.707000+00:00", "RecycleBinExitTime": "2022-11-14T16:33:54.707000+00:00", "Description": "", "VolumeId": "vol-08d1428974b817a18" } ] }
If you must delete the snapshot while it's still in the Recycle Bin, then restore the snapshot from the Recycle Bin. Make sure that your IAM user or role has the correct permissions to view and recover snapshots that are in the Recycle Bin.
Then, check your Region's retention rules. For a tag-level retention rule, modify the snapshot tags so that they don't match the retention rule. Then, use the AWS CLI to delete the snapshot. For a Region-level rule, delete the retention rule, and then use the AWS CLI to delete the snapshot. You can't use the AWS Backup console to delete a snapshot that you created in AWS Backup and restored from the Recycle Bin.
Note: When you delete the retention rule for a snapshot, other snapshots in the Recycle Bin aren't affected.
Snapshot managed by AWS Backup error
You receive the following error message:
"snap-abcdef1234567890 This snapshot is managed by AWS Backup service and cannot be deleted via EC2 APIs. If you wish to delete this snapshot, please do so via the Backup console."
This error occurs when you use the Amazon EC2 console or AWS CLI to delete a snapshot that AWS Backup created. Or, the snapshot that AWS Backup created is in the Recycle Bin and you try to restore the snapshot.
You must use the AWS Backup console to manually delete the snapshot.
Important: You can't use the AWS Backup console to delete a snapshot that AWS Backup created, sent to the Recycle Bin, and then restored. You must use the Amazon EC2 console or AWS CLI to delete the snapshot.
ResourceNotFound error
When you tried to delete the snapshot, you received the "ResourceNotFound" error. This error occurs when you use Amazon Data Lifecycle Manager to create and then delete the snapshot, while Amazon EBS retains it the in the Recycle Bin.
Amazon Data Lifecycle Manager doesn't manage snapshots in the Recycle Bin that you created through Amazon Data Lifecycle Manager or snapshot policies. You must use the Amazon EC2 console or AWS CLI to delete the snapshot.
DeleteSnapshot API results not immediately visible
Because Amazon EC2 APIs follow an eventual consistency model, the results might not be immediately visible to subsequent commands that you run after DeleteSnapshot.
To check the status of a recently deleted snapshot, run the following describe-snapshots AWS CLI command:
aws ec2 describe-snapshots --region region --snapshot-ids snap-abcdef1234567890
Note: Replace region with your Region and snap-abcdef1234567890 with your snapshot's ID.
If you receive the following error message, then you successfully deleted the snapshot:
"An error occurred (InvalidSnapshot.NotFound) when calling the DescribeSnapshots operation: The snapshot 'snap-abcdef1234567890' does not exist."
- Topics
- Storage
- Language
- English
Relevant content
- asked 2 years ago
- asked 2 years ago
- asked 3 years ago
- AWS OFFICIALUpdated 2 years ago
