You can recover full Amazon EC2 instances and related Amazon VPC resources and EC2 network configuration and security settings in AWS CloudFormation format.
You can do the following:
-
Back up EC2 instances with supported VPC resources in all supported AWS Regions and AWS accounts
-
Recover full Amazon EC2 instances, re-creating missing VPC resources
-
Recover known, good Amazon EC2 and Amazon VPC network configuration and security settings (network ACLs, Security groups) for forensic investigation in AWS CloudFormation format
Supported for Backup
The Commvault software protects the following VPC resources and all associated attributes (unless noted) when performing Amazon EC2 instance backups.
Note
Resources are listed in the order they appear in the Amazon VPC management console.
Virtual Private Cloud
-
Your VPCs
-
Subnets
-
Route tables
-
Internet gateways
-
Egress-only internet gateways
-
Carrier gateways
-
DHCP options sets
-
Elastic IPs
-
Managed prefix lists
-
Endpoints
-
NAT gateways
-
Peering connections
Security
-
Network ACLs
-
Security groups
Virtual Private Network (VPN)
-
Customer gateways
-
Virtual private gateways
-
Site-to-Site VPN connections
Transit Gateways
-
Transit gateways
-
Transit gateway attachments
Other
- VPC Flow logs
Supported for Restores with Re-Creation or Re-Use
Restores of Amazon EC2 instances re-create the following resources or re-use them if they exist in the destination AWS account at restore runtime.
Note
Resources are listed in the order they appear in the Amazon VPC management console.
Virtual Private Cloud
-
Your VPCs (default, additional)
-
Subnets (public, private, VPN only, isolated, CIDR reservations)
-
Internet gateways
-
Egress-only internet gateways
-
DHCP option sets
-
Managed prefix lists
-
NAT gateways
Security
-
Network ACLs
-
Security groups VPC, instance, including peer security groups up to 1 level
Virtual Private Network (VPN)
- Virtual private gateways
Transit Gateways
-
Transit gateways
-
Transit gateway attachments
Other
- VPC Flow logs
Supported for Restores without Re-Creation
Some resources associated with protected Amazon EC2 instances are not re-created if they are missing from the destination AWS account and restore runtime. For in-place restores, the Commvault software attempts to re-use these resources. If the resources are not available, you must perform an out-of-place restore, and then manually reconfigure the missing resources in the Amazon VPC management console.
For information about which resources are not re-created, see Restrictions and Known Limitations for Protecting Amazon EC2 with Commvault.
IAM Permissions Policy
To protect Amazon VPC resources, you must grant an IAM permissions policy to the IAM user or role that is used to protect the AWS account containing the VPC resources that you want to protect. For information, see AWS IAM Policies for Protecting Amazon EC2 and Amazon VPC with Commvault.
Amazon S3 Bucket for VPC Restores
During restores of VPC resources, the Commvault software creates an Amazon S3 bucket in the AWS account and Region that you are restoring the EC2 instance to. The S3 bucket supports the cleanup of Commvault-created VPC resources during failed restores.
Note
The software creates the S3 bucket on the first EC2 instance restore, and does not clean up or remove the bucket.