You can recover Amazon EC2 instances and related Amazon VPC resources, without delays.
Specifically, you can back up key VPC resources across regions and accounts, recover deleted resources in minutes, and recover known good Amazon EC2 and Amazon VPC configurations in place.
Before using this capability, verify that the amazon_restricted_role_permissions.json policy is assigned to the IAM user or IAM role that is used to authenticate to the Amazon EC2 hypervisor that contains the VPC resources that you want to protect. For more information, see Requirements and Usage for AWS IAM Policies and Permissions.
Commvault recommends controlling access to AWS resources using tags or TagKeys to further restrict the scope of access for Commvault data protection operations.
VPC Resources That Are Protected
Commvault protects the following VPC resources and all associated attributes (unless noted below) when performing Amazon EC2 instance backups:
-
DHCP options
-
DNS attributes
-
Elastic network interfaces
-
Internet gateways
-
Egress-only internet gateways
-
Managed prefix lists
-
NAT gateways
-
Network ACLs (main, per subnet)
-
Route tables (main, custom)
-
Security groups (VPC, instance)
-
Subnets (public, private, IPv4, IPv6)
-
VPCs
-
VPC flow logs
-
VPC peering connections
Commvault protects the following AWS PrivateLink resources:
- VPC endpoints
Commvault protects the following AWS Transit Gateway resources:
- Transit gateways
Commvault protects the following AWS Site-to-Site VPN resources:
-
VPN gateways
-
VPN connections
-
Customer gateways
Commvault protects the following AWS Wavelength resources:
- Carrier gateways
VPC Resources That Are Restored by a Full In-Place Restore
To restore supported VPC resources and attributes, run a full in-place restore of the Amazon EC2 instance.
A full in-place restore restores VPC resources as follows:
Resource |
Re-created |
Re-used (if existing) |
---|---|---|
Amazon VPC |
Yes |
Yes |
Route tables (main, custom) |
-- |
Yes |
DHCP option sets |
-- |
Yes |
Network ACLs |
-- |
Yes |
Network CIDR reservations |
-- |
Yes |
Subnets |
Yes |
Yes |
Security groups (VPC, instance) |
Yes |
Yes |
Amazon EC2 network interfaces |
Yes |
Yes |
Elastic IPs (public IPs) |
-- |
Yes |
VPC Peering relationships |
-- |
Yes |
Elastic Fabric Adapters |
-- |
Yes |