Deploy in 5 minutes via CloudFormation. Your snapshots are restored, tested and cleaned up entirely inside your own AWS account. Based on research*, regular automated backup testing is essential for reliable data protection.
A small IAM role you control, then a full validation pipeline deployed by SnapshotShield in your account.
You stay in control
ExternalIdsnapshotshield* or tagged SnapshotShieldResourceWe deploy in your account
A single IAM role with least privilege, scoped by resource prefix and tag conditions, protected by an ExternalId.
Validation runs in your VPC, in your region. Reports land in your S3 bucket. Nothing is exfiltrated.
No agents to install, no databases to expose. Validations run on every tagged snapshot, automatically.
An AWS Step Functions workflow orchestrates everything. From detection to cleanup, in 5 to 20 minutes.
An EventBridge rule reacts to RDS snapshot creation events for instances and clusters carrying the snapshotshield tag, then starts the Step Functions workflow.
A dedicated VPC, two private subnets, three security groups, a DB subnet group and VPC endpoints (SSM, Secrets Manager, S3) are created on the fly. You can also pin validation to an existing VPC.
The snapshot is restored into a temporary RDS instance or Aurora cluster. Aurora Serverless v2 is used by default to scale ACUs only during the test window.
A short-lived inspector Lambda is launched inside the VPC. It connects to the restored database, lists schemas and tables, counts rows, and runs sample queries.
A detailed report is generated in three formats and dropped on your S3 bucket. An SNS notification is published with the validation outcome.
All temporary resources are deleted in dependency order: inspector Lambda, IAM role, RDS, subnet group, VPC endpoints, security groups, subnets, VPC.
Understanding the importance of regular backup validation based on industry research
Multiple comprehensive studies reveal critical gaps in backup testing:
have never undertaken a test restore*
of enterprises never test their backups* at all
of organizations have lost data over the last year*, despite 73% having a backup solution in place
who test backups encounter failures* during restoration attempts
Additional finding: Among organizations that suffered data loss, only 42% successfully restored all their data*.
Having backups doesn't guarantee they work when you need them most
Backup corruption or incomplete data often goes undetected
Discovering backup issues during disasters leads to prolonged recovery
Many regulations require documented backup testing procedures
Know your exact Recovery Time and Recovery Point Objectives
Identify and fix backup issues before they become critical
Maintain audit trails and documentation for regulatory requirements
Minimize downtime and ensure reliable disaster recovery
Research* shows that automation is key to reliable backup testing. Manual processes are prone to human error and often skipped due to time constraints. Only about half of enterprises test their disaster recovery plans annually*.
No bespoke runtime, no agents. Just managed services orchestrated by Step Functions.
Tag-filtered RDS event triggers and an hourly safety scheduler.
Orchestrates the full workflow with built-in retries, waits, and error handling.
Container-based Lambdas on Graviton — efficient and cost-optimized.
Restore in instance or cluster mode. Serverless v2 by default for per-second billing.
Tracks every validation with TTL retention and a status index.
Encrypted, versioned bucket for JSON, HTML and CSV reports.
Notifications routable to email, Slack, webhooks or downstream Lambdas.
Database credentials and runtime configuration, all in your account.
Connect an AWS account and tag your databases. We do the rest.
Download the pre-filled CloudFormation template from your dashboard and execute it.
Click Launch Deployment. We assume the role and provision the pipeline in your account.
Add the snapshotshield tag on the RDS instances or clusters you want monitored. Every new snapshot is validated automatically.
Deploy in 5 minutes. Validate every snapshot automatically. Sleep better.
Data never leaves your AWS account • CloudFormation deployment • Developer plan includes 14-day free trial