EC2 Backup Configuration and Restoration

INTRODUCTION 

AWS Backup is a fully managed service that simplifies data backup and restoration across AWS services, providing a centralized, automated, and policy-driven approach to data protection. By configuring AWS Backup, organizations can easily set up backup plans that define schedules, retention policies, and lifecycle rules, ensuring consistent and reliable backups for resources like Amazon EC2, RDS, EFS, and more. The service offers robust security features, including encryption and access controls, and helps meet compliance requirements by maintaining audit trails and backup logs. In the event of data loss, AWS Backup’s restoration capabilities allow users to quickly recover data to its original state or a new resource, minimizing downtime and ensuring business continuity. Overall, AWS Backup is essential for enhancing data resilience, reducing manual intervention, and maintaining data availability in the cloud.

WORKING MECHANISM 

AWS Backup simplifies the backup process by creating plans for when and how often backups occur. It applies them to resources like EC2 instances, RDS databases, EFS file systems, and DynamoDB tables. Backups are securely stored in vaults with encryption and access controls. It supports lifecycle management by transitioning older backups to cost-effective storage tiers like Amazon S3 Glacier. Monitoring and alerts are integrated via AWS CloudWatch. Restoration can be done through the AWS Management Console, CLI, or APIs, with minimal downtime. It also offers compliance and reporting features and integration with AWS Identity and Access Management (IAM) for enhanced security and control. 

WORKFLOWS 

EC2 Backup Configuration & Restoration Guide 

What You Will Accomplish 

In this section, you will see how to: 

• Create an on-demand backup job of an Amazon EC2 instance. 
• Automate EC2 backups using AWS Backup plans.

Backup Configuration Steps 

Step 1: Login to the AWS Console 

Access the AWS Console, and log in with your credentials. 

Step 2: Access AWS Backup Service

Search for "AWS Backup" in the search bar and click on the service. 

Step 3: Protect Your Resources 

Navigate to the Protected Resources section on the left sidebar. 

Step 4: Create an On-Demand Backup 

Click Create On-Demand Backup and configure the following settings as per your requirements: 

Resource Type & Instance ID: Choose EC2 and select the instance to back up.         

Retention Period: Set the backup retention period (e.g., 35 days).         

Backup Vault: Select or create a backup vault for storage.         

IAM Role: Use the default role or create a new one.         

Advanced Settings: Optionally enables application-consistent backups with Windows VSS.         

After configuration, click Create On-Demand Backup. 

Step 5: Backup Vault Encryption Using KMS 

AWS Backup offers encryption for backup data stored in Backup Vaults, managed through AWS Key Management Service (KMS). Backups are encrypted by default, but customers can also utilize their keys for added control. 

• Steps to Enable KMS Encryption 

Create a Backup Vault 

      Click on Backup Vaults from the left sidebar. 

      Choose Create Backup Vault.         

Select Encryption Key 

      In the encryption settings, select a KMS Key. 

      You can choose the default key provided by AWS or a customer-managed key if you prefer more control.         

Save the Vault 

      Name your vault and then click "Create Backup Vault".         

Once configured, all backups stored in the vault will be encrypted using the chosen KMS key. You can manage the key permissions and rotations through AWS KMS. 

Step 6: Monitoring Backup Jobs 

• Once the backup process starts, you can monitor the job.
• To view details, click on the Backup Job ID. 

Automating Backups with Backup Plans  

Step 7: Creating a Backup Plan 

• Click on Backup Plans from the left sidebar 

•  To create a backup then click on the Create backup plans. 
• You have three options for creating a backup plan: 

Start with a Template: Use predefined templates.         

Build a New Plan: Manually create a backup plan using the GUI.         

Define a Plan Using JSON: Write your backup plan in JSON format.         

Step 8: Configure the Backup Plan 

We will proceed with the "Build a New Plan" option. 

Step 1: Backup Plan 

      Choose to start with a template or create a new plan. 

      Name your backup plan (e.g., ec2-server-backup).         

Step 2: Configure Backup 

      Name the backup rule (e.g., Webserver-backup). 

      Select a backup vault and choose the backup frequency (e.g., Daily).         

Step 3: Set Backup Time 

      Define the start time and duration of the backup.         

Step 4: Additional Options 

      Enable Point-in-Time Recovery (PITR) if needed. 
      Configure cold storage and set the retention period (e.g., 35 days).         

Step 5: Advanced Settings & Tags (Optional) 

      Copy to Destination: Optionally copy the backup to another region or account. 

      Tags: Add up to 50 tags for easy recovery point identification.         

Step 09: Review and Create the Plan 

After configuring the settings, click Create Plan to finalize the backup plan. 

Backup Restoration Process 

Step 1: Accessing the Backup Vault 

• Click on Vaults from the left sidebar. 

• Select the vault where your backup is stored. 

Step 2: Recover the Backup 

• Click on the Recovery Point ID of the backup you wish to restore.
• Click Restore to initiate the restoration process. 

Step 3: Restore Settings  

• Configure the following settings: 

Instance Type: Select the instance type for the restored EC2 (e.g., t3.medium). 

VPC: Choose the VPC for the instance networking (e.g., CentOS). 

Subnet: Choose the subnet (e.g., Public Subnet). 

Security Groups: Add a security group to control traffic (e.g., anyname-website-sg). 

Instance IAM Role: Choose to restore with or without an IAM role.         

• After reviewing, click Restore Backup to complete the process.