AWS Recovery

Recovering Resources

To create the recovery from Cloud Assembly, follow the steps below.

  1. Navigate to "Cloud Assemblies" and click one assembly you want to recover
  2. Select the timeline tab then select a protected timeline
  3. From timeline view, in the header section click "RECOVER"
  4. Fill the name and select the recovery type
  5. Select the recovery regions and choose the resources to recover
  6. Click the "Recover" to create a new recovery

Recovery Scenarios

Appranix covers the following recovery scenarios during the recovery of the protected resources.

Same region recovery

Using Appranix, the user can recover the entire assembly, only the selected resources or choose the resources using tags in the same region.

Recovery of the VPC in the same region can be achieved using the three use cases,

  1. Create a new VPC
  2. Same VPC
  3. Use existing VPC

NOTE:

  • When recovering in the same region - same VPC, the EC2 instance, RDS instance, and the EFS will get recovered. If there is any Load Balancer associated with the EC2 instance, it will not get recreated, or the EC2 will not be attached to the existing Load Balancer. Appranix carefully avoided this so that the SRE can manually add the recovered EC2 instance to the Load Balancer if intended.

  • Recovering the resources in the same region might have resource conflicts with existing production environment resources. Appranix avoids creating overlapping resources with different IP addresses for the instances.

Cross-region recovery / Cross-account recovery

Using Appranix, the users can recover the entire assembly, the selected resources or choose resources using tags. The cross-region recovery or cross-account recovery can be chosen from the recovery option list.

There are two use cases covered under the other region recovery,

  1. Create new VPC
  2. Use existing VPC

NOTE:

  • If the user has attached a certificate to the AWS Load Balancer in the primary region, it is mandatory to copy the certificate manually to other recovery regions. The certificates in both primary and recovery regions should have a tag with the key “Name.” The same value should be present in primary and recovery regions for Appranix identification. During recovery, Appranix attaches the certificates in the recovery regions automatically using these tags. This setting has to be done before protection so that the metadata information is correctly captured for the recovery to be successful.

  • AWS does not support creating snapshots for the RDS instance read replicas. If the RDS instance has a read replica, it will be excluded during the protection and recovery by Appranix.

  • For cross-account recovery, RDS instances, RDS clusters, and EFS are yet to be supported.

  • Only EBS volumes with custom keys are supported in cross-account recovery. EBS volumes with the default AWS encryption key are not supported.

Advanced recovery options

  1. Skip protection for recovered resources: By enabling this option, the following tag will added in the recovered resources (KEY: ax-aps-protection, VALUE: ignore). Any resource with the above mentioned tag will be ignored by Appranix protection. The mentioned tag need to be removed from the recovered resource to protect it again. This option will mostly benefit in same VPC recovery.

  2. Isolated network
    Disable outbound internet communication: By enabling this option, Appranix removes all the outbound internet traffic connecting to the recovered VPC. This is achieved by modifying the recovered VPC security groups without affecting the internal VPC traffic.
    Disable inbound internet communication: By enabling this option, Appranix removes all the inbound traffic from the recovered VPC connecting to the internet. This is achieved by modifying the recovered VPC security groups without affecting the internal VPC traffic.

  3. Use existing loadbalancer: This option is available only for same VPC and cross-zone recovery. By enabling this option, the recovered resource will use the existing load balancer, avoiding load balancer duplication as well.

  4. DNS Record Update (Route 53): When you choose to enable this option, Appranix will initiate the process of creating and updating the DNS records in your Hosted Zone within the specified recovery region. This action ensures that your domain's routing and accessibility are securely maintained, aligning with the chosen DR region. Know more

Delete recovered resources

Appranix allows deletion of recovered resources using the RESET option. The Reset of the recovered instances can be either scheduled or it can be performed on demand.

Reset helps in deleting the recovered resources and rolling back the AWS resources to the original state before the recovery is triggered. This helps to reduce the AWS billing that can incur due to recovery testing.

Delete Recovered Resources
  1. Recovery can be deleted by either scheduling a reset or triggering a reset immediately
  2. The reset schedule can either be set while configuring recovery or after the completion of recovery
  3. Schedule a reset by choosing the number of hours or days after which the reset has to be triggered
  4. Select the “Reset Now” option to trigger the reset immediately
  5. The “Recovery Details” tab has the status of the reset
  6. Once the reset action is triggered, the reset status changes to “Reset In Progress.” When deleted, it changes to “Reset completed”
  7. “Recovery Logs” tab contains recovery and reset logs. It provides all the details of the execution for creating a copy of the application environment with copies of the application data from the snapshots and the reset process details

NOTE: Appranix safely fails the reset request on the recovered resources if any configuration drift is noted from the original recovered resource configuration.

Need more help? Submit a ticket