Goal of this post
Backup EC2 instances with multiple ENIs attached with AWS Backup
Restore EC2 instances with multiple ENIs attached, when restored from a recovery point
How?
Run the StartRestoreJob API, e.g., from the AWS CLI or SDK
Restore jobs launched from the console cannot customize the network i\nterface
EC2 instance backup with multiple ENIs attached
EC2 instances with multiple ENIs attached can also be backed up with AWS Backup. Backup data is stored as AMI, but AMI does not contain network interface information.
However, the metadata of the recovery point includes the network interface information. Recovery point metadata can be checked with the GetRecoveryPointRestoreMetadata API.
The following is an example of execution with the AWS CLI.
$ aws backup get-recovery-point-restore-metadata --backup-vault-name Default --recovery-point-arn arn:aws:ec2:us-west-2::image/ami-xxxxxxxxxxxxxxxxx
{
"BackupVaultArn": "arn:aws:backup:us-west-2:123456789012:backup-vault:Default",
"RecoveryPointArn": "arn:aws:ec2:us-west-2::image/ami-xxxxxxxxxxxxxxxxx",
"RestoreMetadata": {
"CapacityReservationSpecification": "{\"CapacityReservationPreference\":\"open\"}",
"CpuOptions": "{\"CoreCount\":2,\"ThreadsPerCore\":1}",
"CreditSpecification": "{\"CpuCredits\":\"unlimited\"}",
"DisableApiTermination": "false",
"EbsOptimized": "true",
"HibernationOptions": "{\"Configured\":false}",
"InstanceInitiatedShutdownBehavior": "stop",
"InstanceType": "t4g.micro",
"Monitoring": "{\"State\":\"disabled\"}",
"NetworkInterfaces": "[{\"AssociatePublicIpAddress\":true,\"DeleteOnTermination\":true,\"Description\":\"\",\"DeviceIndex\":0,\"Groups\":[\"sg-xxxxxxxxxxxxxxxxx\"],\"Ipv6AddressCount\":0,\"Ipv6Addresses\":[],\"NetworkInterfaceId\":\"eni-aaaaaaaaaaaaaaaaa\",\"PrivateIpAddress\":\"172.31.62.169\",\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateIpAddress\":\"172.31.62.169\"}],\"SecondaryPrivateIpAddressCount\":0,\"SubnetId\":\"subnet-xxxxxxxxxxxxxxxxx\",\"InterfaceType\":\"interface\",\"Ipv4Prefixes\":[],\"Ipv6Prefixes\":[]},{\"AssociatePublicIpAddress\":true,\"DeleteOnTermination\":false,\"Description\":\"\",\"DeviceIndex\":1,\"Groups\":[\"sg-xxxxxxxxxxxxxxxxx\"],\"Ipv6AddressCount\":0,\"Ipv6Addresses\":[],\"NetworkInterfaceId\":\"eni-bbbbbbbbbbbbbbbbb\",\"PrivateIpAddress\":\"172.31.54.130\",\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateIpAddress\":\"172.31.54.130\"}],\"SecondaryPrivateIpAddressCount\":0,\"SubnetId\":\"subnet-xxxxxxxxxxxxxxxxx\",\"InterfaceType\":\"interface\",\"Ipv4Prefixes\":[],\"Ipv6Prefixes\":[]}]",
"Placement": "{\"AvailabilityZone\":\"us-west-2d\",\"GroupName\":\"\",\"Tenancy\":\"default\"}",
"RequireIMDSv2": "false",
"SecurityGroupIds": "[\"sg-xxxxxxxxxxxxxxxxx\"]",
"SubnetId": "subnet-xxxxxxxxxxxxxxxxx",
"VpcId": "vpc-xxxxxxxxxxxxxxxxx",
"aws:backup:request-id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
}
In the above, you can see that eni-aaaaaaaaaaaaaaaaa and eni-bbbbbbbbbbbbbbbbb information is included.
How to restore from a recovery point
When launching a restore job in the AWS Backup console, it is not possible to restore an EC2 instance with multiple ENIs attached. This is because the console limits the customizable parameters to the following.
https://docs.aws.amazon.com/aws-backup/latest/devguide/restoring-ec2.html
The AWS Backup console allows you to restore Amazon EC2 recovery points with the following parameters and settings you can customize:
- Instance type
- Amazon VPC
- Subnet
- Security groups
- IAM role
- Shutdown behavior
- Stop–hibernate behavior
- Termination protection
- T2/T3 unlimited
- Placement group name
- EBS-optimized instance
- Tenancy
- RAM disk ID
- Kernel ID
- User data
- Deletion on termination
To restore an EC2 instance with other customized parameters, including the network interface, you must execute the StartRestoreJob API with metadata, e.g., from the AWS CLI or SDK.
Use the AWS Backup API, CLI, or SDK to restore Amazon EC2 recovery points
Use StartRestoreJob. This option allows you to restore all 38 parameters, including the 22 parameters that are not customizable on the console.
The following is an example of execution with the AWS CLI.
$ aws backup start-restore-job \
--recovery-point-arn "arn:aws:ec2:us-west-2::image/ami-xxxxxxxxxxxxxxxxx" \
--iam-role-arn "arn:aws:iam::123456789012:role/service-role/AWSBackupDefaultServiceRole" \
--metadata file://metadata.json
{
"RestoreJobId": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
}
You can specify parameters in metadata.json as follows.
Example of specifying a private IP address
Please note that if a backup source instance exists, the private IP address must be changed to avoid duplicate addresses.
{
"VpcId": "vpc-xxxxxxxxxxxxxxxxx",
"Monitoring": "{\"State\":\"disabled\"}",
"CapacityReservationSpecification": "{\"CapacityReservationPreference\":\"open\"}",
"InstanceInitiatedShutdownBehavior": "stop",
"DisableApiTermination": "false",
"CreditSpecification": "{\"CpuCredits\":\"unlimited\"}",
"HibernationOptions": "{\"Configured\":false}",
"EbsOptimized": "true",
"Placement": "{\"AvailabilityZone\":\"us-west-2d\",\"GroupName\":\"\",\"Tenancy\":\"default\"}",
"aws:backup:request-id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"InstanceType": "t4g.micro",
"NetworkInterfaces": "[{\"DeleteOnTermination\":true,\"Description\":\"\",\"DeviceIndex\":0,\"Groups\":[\"sg-xxxxxxxxxxxxxxxxx\"],\"Ipv6AddressCount\":0,\"Ipv6Addresses\":[],\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateIpAddress\":\"172.31.62.169\"}],\"SubnetId\":\"subnet-xxxxxxxxxxxxxxxxx\",\"InterfaceType\":\"interface\"},{\"DeleteOnTermination\":false,\"Description\":\"\",\"DeviceIndex\":1,\"Groups\":[\"sg-xxxxxxxxxxxxxxxxx\"],\"Ipv6AddressCount\":0,\"Ipv6Addresses\":[],\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateIpAddress\":\"172.31.54.130\"}],\"SubnetId\":\"subnet-xxxxxxxxxxxxxxxxx\",\"InterfaceType\":\"interface\"}]"
}
Example of specifying ENI-ID
Please note that the ENI must be detached from the instance and in Available status if the backup source ENI is to be used.
{
"VpcId": "vpc-xxxxxxxxxxxxxxxxx",
"Monitoring": "{\"State\":\"disabled\"}",
"CapacityReservationSpecification": "{\"CapacityReservationPreference\":\"open\"}",
"InstanceInitiatedShutdownBehavior": "stop",
"DisableApiTermination": "false",
"CreditSpecification": "{\"CpuCredits\":\"unlimited\"}",
"HibernationOptions": "{\"Configured\":false}",
"EbsOptimized": "true",
"Placement": "{\"AvailabilityZone\":\"us-west-2d\",\"GroupName\":\"\",\"Tenancy\":\"default\"}",
"aws:backup:request-id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"InstanceType": "t4g.micro",
"NetworkInterfaces": "[{\"DeleteOnTermination\":true,\"Description\":\"\",\"DeviceIndex\":0,\"Groups\":[\"sg-xxxxxxxxxxxxxxxxx\"],\"Ipv6AddressCount\":0,\"Ipv6Addresses\":[],\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateIpAddress\":\"172.31.62.169\"}],\"SubnetId\":\"subnet-xxxxxxxxxxxxxxxxx\",\"InterfaceType\":\"interface\"},{\"DeleteOnTermination\":false,\"Description\":\"\",\"DeviceIndex\":1,\"Ipv6AddressCount\":0,\"Ipv6Addresses\":[],\"NetworkInterfaceId\":\"eni-bbbbbbbbbbbbbbbbb\"}]"
}
Reference
https://aws.amazon.com/premiumsupport/knowledge-center/aws-backup-ec2-restore-cli/
I hope this will be of help to someone else.
Top comments (0)