AWS Cloud Assembly

Cloud Assembly allows you to select and assemble all of the resources intended to be protected and recovered.

AWS Cloud Assembly Creation

To create a new AWS Cloud Assembly in Cloud Rewind, complete the steps shown below.

General Information

1. Enter the Cloud Assembly name and description.

2. Select the AWS Cloud Connection for which the resources have to be protected.

3. Select the desired primary region.

4. Click the "Allow cross-region recovery" toggle button for doing a same account another region recovery. And choose the desired recovery region.

5. Click the "Allow cross-account protection" toggle button for doing a cross-account recovery. And choose the desired recovery region.

Resources

1. For AWS, select the VPC that has to be protected in this Cloud Assembly.

2. The resource can be chosen by the entire VPC or from the selected resources or using the Tags.

3. Selection using tags can be made by matching all the tags or matching at least one tag.

Protection Strategy

1. Lambda protection (the option is applicable only when Lambda resources are selected for protection).

2. Choose the primary region storage bucket (AWS S3) for storing Lambda protection backups.

3. Choose the recovery region storage bucket (AWS S3) for storing Lambda replication backups.

4. For instructions on creating an S3 bucket for Lambda backups, click here.

5. Users can also enable or disable backups for other configuration-only resources such as Route53, SNS, SQS, and DynamoDB in this step.

Protection Policy

1. Select a protection policy to protect the resources.

2. Protection policy can be used to define the time at which the snapshot has to be taken and the number of snapshots to be retained using a retention count.

3. A policy template can be created to fit the protection needs best.

4. To create a new protection policy template, click here.

5. The policy can be activated as by the scheduled policy, immediately triggering one policy or by delaying to the specific time.

Review

1. Review the general information, resource information, and the protection policy details provided.

2. Edit the details if required and proceed to finish and create a Cloud Assembly.

Actions

Once an AWS Cloud Assembly is created, you can find the following actions in the upper right corner:

• Edit: In the Cloud Assembly Edit section, users can modify the cloud assembly's name and description under General Information. Additionally, users can update the recovery region and enable cross-account functionality as required. They can also adjust resource protection options and the protection strategy under the Resources and Protection Strategy sections, respectively.

• Configuration:

  • In the webhook section, users can set up custom automation scripts using the webhook options. Webhooks are HTTP/HTTPS callbacks that can be triggered pre- or post-recovery or post-reset. Click here to know more about webhooks.
  • In the Protection sections, users have the ability to enable AMI visibility and the "Protect Boot Disk Only" option.

• Recovery Profile: Users can create different recovery profiles with associated webhooks for various recovery scenarios. This functionality streamlines the selection of webhook recovery templates based on specific needs.

• Disable: This option allows users to temporarily disable cloud assembly protection, which can be re-enabled as needed.

• Config Drift: This option effortlessly compares two or more protection timelines, enabling users to identify configuration differences between them.

• Delete: This option allows users to permanently remove the cloud assembly from the system.

Ad Hoc Backups

Cloud Rewind offers ad hoc backup capability for AWS, enabling users to trigger an immediate protection action outside of the scheduled backup cycle. Ad hoc backup provides flexibility by enabling immediate, policy-driven protection for AWS workloads, ensuring that business-critical workloads can be protected instantly when required. This feature allows enterprises to safeguard workloads while maintaining governance and consistency across multiple cloud environments.

Key benefits:

• On-demand backups complement scheduled protection.

• Policy-based retention ensures consistency.

• Concurrency checks prevent conflicts with in-progress protection jobs.

Ad hoc backup is available through the following:

• Cloud Assembly Actions (initiate backup directly on a selected assembly).

  

• Protection Policy Actions (trigger backup based on an existing policy attached to the assembly.

  

How Ad Hoc Backup Works

1. Policy Selection

   1. If multiple protection policies exist for a Cloud Assembly, the user must select the appropriate policy to initiate the ad hoc backup.

      

   2. The backup will follow the retention rules of the selected policy (retention count applied as per policy configuration).

2. Execution

   1. Once triggered, an ad hoc backup behaves like a scheduled protection job, creating a recovery point consistent with the selected policy.

   2. The backup is logged and tracked in the Cloud Rewind job execution history.

Constraints and Limitations

• Concurrency Restriction:

  • If a scheduled backup or an ad hoc backup job currently is in progress for the same protection policy, an ad hoc backup cannot be triggered.

• Policy Dependency:

  • An ad hoc backup requires an existing protection policy.

  • An ad hoc backup cannot be initiated without selecting a valid policy.

• Retention Enforcement:

  • An ad hoc backup is subject to the retention count defined in the selected policy. Older backups will be pruned according to standard policy retention rules.