How SnapshotShield Works

Deploy in 5 minutes. Data stays in your AWS account. Based on research*, regular automated backup testing is essential for reliable data protection.

CloudFormation Deployment
Data never leaves your AWS account
5-20 min validation Data Residency Compliant Least-privilege access

CloudFormation Deployment Workflow

Secure, automated deployment that keeps your data in your AWS account

How It Works

Download CloudFormation
Execute to create role
Launch deployment from backoffice
We deploy by assuming role
EventBridge detects snapshots
Step Function validates

CloudFormation Role

Least-privilege deployment

What gets deployed:

  • • Download CloudFormation template from your backoffice
  • • Execute it to create a least-privilege IAM role
  • • Role enables secure cross-account access
  • • Must remain deployed for solution to function
✓ Data never leaves your AWS account

Resource Deployment

We deploy from our account

How it works:

  • • Launch deployment from your client backoffice
  • • We assume the role to deploy resources in your account
  • • EventBridge rule detects snapshots with "snapshotshield" tag
  • • Step Function orchestrates validation with Lambda functions
🔒 Secure cross-account access

Why This Approach?

Security

Least-privilege role with minimal permissions required for validation

Data Residency

Your data never leaves your AWS account, ensuring compliance

Performance

5-20 minute validation times with unlimited daily validations

The Validation Process

From CloudFormation deployment to alerts, every step is automated and secure

1

Download CloudFormation

Get template from your backoffice

  • • One-click download
  • • Pre-configured
  • • Secure template
2

Execute Template

Create IAM role in your account

  • • Least-privilege role
  • • Cross-account trust
  • • Must stay deployed
3

Launch Deployment

Trigger from your backoffice

  • • One-click launch
  • • Configure VPC/region
  • • Set parameters
4

We Deploy Resources

Assume role and deploy infrastructure

  • • EventBridge rules
  • • Step Functions
  • • Lambda functions
5

Detect Snapshots

EventBridge monitors tagged snapshots

  • • Tag: "snapshotshield"
  • • Real-time detection
  • • Multi-region
6

Validate & Alert

Step Function tests in dedicated VPC

  • • Restore & test
  • • Generate reports
  • • Send alerts

Why Backup Testing is Critical

Understanding the importance of regular backup validation based on industry research

Industry Reality Check

Multiple comprehensive studies reveal critical gaps in backup testing:

46%

have never undertaken a test restore*

23%

of enterprises never test their backups* at all

78%

of organizations have lost data over the last year*, despite 73% having a backup solution in place

77%

who test backups encounter failures* during restoration attempts

Additional finding: Among organizations that suffered data loss, only 42% successfully restored all their data*.

The Problem with Untested Backups

False Security

Having backups doesn't guarantee they work when you need them most

Silent Failures

Backup corruption or incomplete data often goes undetected

Extended Downtime

Discovering backup issues during disasters leads to prolonged recovery

Compliance Violations

Many regulations require documented backup testing procedures

Benefits of Regular Testing

Predictable Recovery

Know your exact Recovery Time and Recovery Point Objectives

Early Problem Detection

Identify and fix backup issues before they become critical

Compliance Confidence

Maintain audit trails and documentation for regulatory requirements

Business Continuity

Minimize downtime and ensure reliable disaster recovery

The Solution: Automated Testing

Research* shows that automation is key to reliable backup testing. Manual processes are prone to human error and often skipped due to time constraints. Only about half of enterprises test their disaster recovery plans annually*.

100%
Consistent testing with automation
5-20min
Validation time vs hours manually
24/7
Continuous monitoring and alerts

Detailed Workflow

Step-by-step breakdown of the validation process

1

Download CloudFormation Template

Download the CloudFormation template from your client backoffice interface to create the necessary IAM role.

Template Features

  • • Pre-configured for your account
  • • One-click download from backoffice
  • • Least-privilege IAM role definition
  • • Ready to execute in AWS Console

Security Features

  • • External ID for additional security
  • • Condition-based access controls
  • • Audit trail via CloudTrail
  • • No data access permissions
2

Execute CloudFormation & Launch Deployment

Execute the CloudFormation template to create the IAM role, then launch the deployment from your backoffice interface.

Role Creation

  • • Execute template in AWS Console
  • • Creates cross-account trust role
  • • Enables SnapshotShield access
  • • Must remain deployed to function

Launch from Backoffice

  • • One-click deployment trigger
  • • Configure target VPC or use dedicated
  • • Specify region and parameters
  • • We assume role to deploy resources
3

EventBridge Detection & Step Function Validation

EventBridge rule detects RDS snapshots with "snapshotshield" tag, triggering a Step Function workflow with multiple Lambda functions for validation.

Snapshot Detection

  • • EventBridge monitors snapshot events
  • • Filters by "snapshotshield" tag
  • • Real-time detection across regions
  • • Triggers Step Function workflow

Validation Process

  • • Restore in dedicated or specified VPC
  • • Lambda functions test integrity
  • • Schema and data validation
  • • Performance and connectivity tests
4

Reporting & Cleanup

Detailed reports are generated and stored, notifications are sent, and all temporary resources are automatically cleaned up to minimize costs.

Report Generation

  • • JSON format for APIs
  • • CSV format for analysis
  • • S3 storage with encryption
  • • Historical data retention

Notifications

  • • Email alerts
  • • SNS topic publishing
  • • Slack/PagerDuty integration
  • • Custom webhook support

Technical Architecture

Built on AWS best practices with modern serverless architecture

Workflow Orchestration

AWS Step Functions manages the entire process with built-in error handling and retry logic

EventBridge

Event-driven triggers

Step Functions

Workflow orchestration

Lambda Functions

8 specialized functions

RDS Serverless

Cost-optimized testing

Getting Started

Deploy SnapshotShield CloudFormation role in your AWS account in just 5 minutes

1. Download & Execute

Download CloudFormation template from backoffice and execute it to create IAM role

2. Launch Deployment

Trigger deployment from your backoffice - we assume role to deploy resources

3. Auto-Validation Starts

EventBridge detects tagged snapshots, Step Function validates in dedicated VPC

What You Need

AWS Account
With RDS snapshots
CloudFormation Access
To execute template
SnapshotShield Subscription
Access to backoffice

Ready to Deploy SnapshotShield?

Deploy in 5 minutes and start validating your RDS snapshots automatically.

Deploy Now Schedule Demo

Data never leaves your AWS account • CloudFormation deployment • Developer plan includes 14-day free trial