Restore an Amazon EC2 instance - AWS Backup

Restore an Amazon EC2 instance

When you restore an EC2 instance, AWS Backup creates an Amazon Machine Image (AMI), an instance, the Amazon EBS root volume, Amazon EBS data volumes (if the protected resource had data volumes), and Amazon EBS snapshots. You can customize some instance settings using the AWS Backup console, or a larger number of settings using the AWS CLI or an AWS SDK.

The following considerations apply to restoring EC2 instances:

  • AWS Backup configures the restored instance to use the same key pair that the protected resource used originally. You can't specify a different key pair for the restored instance during the restore process.

  • AWS Backup does not back up and restore user-data that is used while launching an Amazon EC2 instance.

  • When configuring the restored instance, you can choose between using the same instance profile that the protected resource used originally or launching without an instance profile. This is to prevent the possibility of privilege escalations. You can update the instance profile for the restored instance using the Amazon EC2 console.

    If you use the original instance profile, you must grant AWS Backup the following permissions, where the resource ARN is the ARN of the IAM role associated with the instance profile.

    { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "arn:aws:iam::account-id:role/role-name" },
  • During a restore, all Amazon EC2 quotas and configuration restrictions apply.

  • If the vault containing your Amazon EC2 recovery points has a vault lock, see Additional security considerations for more information.

Use the AWS Backup console to restore Amazon EC2 recovery points

you can restore an entire Amazon EC2 instance from a single recovery point, including the root volume, data volumes, and some instance configuration settings, such as the instance type and key pair.

To restore Amazon EC2 resources using the AWS Backup console
  1. Open the AWS Backup console at https://console.aws.amazon.com/backup.

  2. In the navigation pane, choose Protected resources, then choose the ID of the Amazon EC2 resource to open the resource details page.

  3. In the Recovery points pane, choose the radio button next to the ID of the recovery point to restore. In the upper-right corner of the pane, choose Restore.

  4. In the Network settings pane, we use the settings from the protected instance to select the default values for the instance type, VPC, subnet, security group, and instance IAM role. You can use these default values or change them as needed.

  5. In the Restore role pane, use the Default role or use Choose an IAM role to specify an IAM role that grants AWS Backup permission to restore the backup.

  6. In the Protected resource tags pane, we select Copy tags from the protected resource to the restored resource by default. If you do not want to copy these tags, clear the check box.

  7. In the Advanced settings pane, accept the default values for the instance settings or change them as needed. For information about these settings, choose Info for the setting to open its help pane.

  8. When you are finishing configuring the instance, choose Restore backup.

Restore Amazon EC2 with AWS CLI

In the command line interface, start-restore-job allows you to restore with up to 32 parameters (including some parameters that are not customizable through the AWS Backup console).

The following list is the accepted metadata you can pass to restore an Amazon EC2 recovery point.

InstanceType KeyName SubnetId Architecture EnaSupport SecurityGroupIds IamInstanceProfileName CpuOptions InstanceInitiatedShutdownBehavior HibernationOptions DisableApiTermination CreditSpecification Placement RootDeviceType RamdiskId KernelId UserData Monitoring NetworkInterfaces ElasticGpuSpecification CapacityReservationSpecification InstanceMarketOptions LicenseSpecifications EbsOptimized VirtualizationType Platform RequireIMDSv2 aws:backup:request-id

AWS Backup accepts the following information-only attributes. However, including them will not affect the restore:

vpcId

You can also restore an Amazon EC2 instance without including any stored parameters. This option is available on the Protected resource tab on the AWS Backup console.