Configuring an Amazon EC2 Instance as an Agentless File Recovery Destination

You can configure an Amazon EC2 instance as a destination for agentless file recovery.

You can restore files and folders directly to the original instance or a different instance, from streaming or IntelliSnap backups of Windows or Linux instances. The destination instance or guest instance must be running.

You can use a Windows or Linux access node.

This feature is supported only in the Command Center.

Before You Begin

The destination instance or guest instance must be running, and the instance metadata must be accessible from the destination instance. For more information, see Retrieve instance metadata in the AWS documentation.


  1. On the destination instance or guest instance, install AWS Systems Manager (SSM) Agent if it is not already installed.

    In AWS, SSM is installed by default on instances that run Windows Server 2016 and more recent versions of Windows Server.

    For Windows Server 2003 to Windows Server 2012 R2, SSM is installed by default on instances created from AMIs published in November 2016 and more recently.

  2. Attach an IAM role with the AmazonSSMManagedInstanceCore managed policy and the vsa_SSMInstanceProfileS3Policy to the Amazon EC2 instance.

    If the Amazon S3 bucket is encrypted with a custom managed key, give the IAM role access to the key by adding it in AWS key policy as a key user.

  3. Install PowerShell Core on the destination instance:

  4. Install AWS Tools and AWSPowerShell NetCore with scope set to all users on the destination instance:

  5. To verify that the instance can be used as a destination for agentless file recovery, complete the following steps:

    1. From the AWS Console, go to SYSTEMS MANAGER SERVICES > Run Command.

    2. Click Run a command.

    3. From Manage your Instances, click Run a command.

    4. Select AWS-RunPowerShellScript.

    5. In the Select Targets by section, click Select instances.

    The instances that are displayed can be used as destinations for agentless file recovery.

Agentless File Restore Process

When performing an agentless restore, the software uses the following process:

  1. Restore the data to the access node.

  2. If an Amazon S3 bucket does not already exist, create one.

  3. Upload the data to the Amazon S3 bucket.

  4. Download the data to the destination instance.

  5. Delete the temporary data from the Amazon S3 bucket and the access node.