How To Restore A Backup Using AWS Backup Service
Hello Everyone
Welcome to CloudAffaire and this is Debjeet.
In case of a disaster, having proper backup plan is not enough. You should also have the ability to recover from the disaster swiftly by restoring the backups in your disposal. In this blog post, we will discuss how to restore a backup using AWS backup service. We are going to first take a backup of an EC2 instance and then simulate a disaster by terminating the EC2 instance and finally recover from the disaster by restoring the backup of the EC2 instance. We will use AWS CLI for all the API actions in this demo.
How To Restore A Backup Using AWS Backup Service:
Prerequisites:
- AWS CLI installed and configured with proper access. You can use below link to install and configure AWS CLI.
- One running EC2 instance
https://cloudaffaire.com/how-to-install-aws-cli/
https://cloudaffaire.com/how-to-configure-aws-cli/
Step 1: Create an IAM role for AWS backup service.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
## Create assume role policy definition cat <<'EOF'> backup_assume_role_policy.json { "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": "backup.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } EOF ## Create IAM role aws iam create-role \ --role-name backup_iam_role \ --assume-role-policy-document file://backup_assume_role_policy.json ## Add AWS managed AWS_backupRole policy to the role aws iam attach-role-policy \ --role-name backup_iam_role \ --policy-arn arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup && aws iam attach-role-policy \ --role-name backup_iam_role \ --policy-arn arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForRestores ## Get the role ARN ACCOUNT_ID=$(aws sts get-caller-identity | jq -r .Account) && IAM_ROLE_ARN=arn:aws:iam::$ACCOUNT_ID:role/backup_iam_role && echo $IAM_ROLE_ARN |
Step 2: Create a backup of the running EC2 instance in your account.
|
1 2 3 4 5 6 7 8 9 10 11 12 |
## Create a backup aws backup start-backup-job \ --backup-vault-name Default \ --resource-arn arn:aws:ec2: --iam-role-arn $IAM_ROLE_ARN \ --start-window-minutes 60 \ --complete-window-minutes 120 ## Get the backup job status aws backup list-backup-jobs \ --query 'BackupJobs[?ResourceArn == `arn:aws:ec2: --output text |
Note: It may take some time to complete the backup job, proceed to next step when “State”: “COMPLETED” in the output of the above command.
Step 3: Get the recovery point ARN for the above EC2 instance backup.
|
1 2 3 4 5 |
## Get recovery point ARN RECOVERY_POINT_ARN=$(aws backup list-backup-jobs \ --query 'BackupJobs[?ResourceArn == `arn:aws:ec2: --output text) && echo $RECOVERY_POINT_ARN |
Next, we will terminate the EC2 instance to simulate a disaster.
Step 4: Terminate the EC2 instance running in your account.
|
1 2 3 |
## Terminate the EC2 instance aws ec2 terminate-instances \ --instance-ids |
Next, we need to configure the restore metadata (In this case EC2 instance configuration). You can use the metadata section in the output of get-recovery-point-restore-metadata AWS CLI command to get the current instance metadata and edit this as per your requirement.
Step 5: Create a restore point metadata file used with the restore.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
## Get restore metadata aws backup get-recovery-point-restore-metadata \ --backup-vault-name Default \ --recovery-point-arn $RECOVERY_POINT_ARN ## Create a restore point metadata definition file cat << EOF > backup_restore_metadata.json { "CapacityReservationSpecification": "{\"CapacityReservationPreference\":\"open\"}", "CreditSpecification": "{\"CpuCredits\":\"standard\"}", "DisableApiTermination": "false", "EbsOptimized": "false", "HibernationOptions": "{\"Configured\":false}", "InstanceInitiatedShutdownBehavior": "stop", "InstanceType": "t2.micro", "KeyName": " "Monitoring": "{\"State\":\"disabled\"}", "NetworkInterfaces": "[{\"DeleteOnTermination\":true,\"Description\":\"\",\"DeviceIndex\":0,\"Groups\":[\" "Placement": "{\"AvailabilityZone\":\" "VpcId": " "aws:backup:request-id": " } EOF |
Note: Edit the above metadata as per your EC2 instance configuration obtained from get-recovery-point-restore-metadata command output.
Step 6: Restore the EC2 instance using the recovery point and restore metadata obtained in last step.
|
1 2 3 4 5 6 7 8 9 |
## Start the restore job aws backup start-restore-job \ --recovery-point-arn $RECOVERY_POINT_ARN \ --metadata file://backup_restore_metadata.json \ --iam-role-arn $IAM_ROLE_ARN \ --resource-type EC2 ## List restore jobs aws backup list-restore-jobs |
Note: It may take some time to complete the restore job, proceed to next step when “State”: “COMPLETED” in the output of the above command.
Step 7: Get the restore job details.
|
1 2 3 4 5 6 |
## Get restore job details RESTORE_JOB_ID=$(aws backup list-restore-jobs \ --query 'RestoreJobs[?Status == `COMPLETED`].RestoreJobId' \ --output text) && aws backup describe-restore-job \ --restore-job-id $RESTORE_JOB_ID |
We have successfully restored the EC2 instance from the backup. You can now validate the Instance configuration my logging into your EC2 instance or from the console.
Next, we are going to delete all the resources created in this demo.
Step 8: Clean up.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
## Get the restored instance ARN aws backup describe-restore-job \ --restore-job-id $RESTORE_JOB_ID | jq -r .CreatedResourceArn ## Terminate the restored instance aws ec2 terminate-instances \ --instance-ids ## Delete the recovery point aws backup delete-recovery-point \ --backup-vault-name Default \ --recovery-point-arn $RECOVERY_POINT_ARN ## Delete the IAM role aws iam detach-role-policy \ --role-name backup_iam_role \ --policy-arn arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup && aws iam detach-role-policy \ --role-name backup_iam_role \ --policy-arn arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForRestores && aws iam delete-role \ --role-name backup_iam_role |
Hope you have enjoyed this article. To know more about AWS Backup, please refer below official documentation
https://docs.aws.amazon.com/aws-backup/index.html