Versions Compared

Old Version 18

changes.mady.by.user Daria Lebedeva

Saved on

compared with

New Version Current

changes.mady.by.user Daria Lebedeva

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...


To enable EC2 images replication, add the tag gig-replicate in the following format to an instance:


  • AWS backup tag name is: gig-replicate
  • AWS backup tag value is: N@REGION (multiple policies should be separated by semicolon) where N is a number of images to replicate and REGION is the destination region.


Tip

For example, a replication policy 2@us-west-1; 3@us-west-2 will replicate 2 latest AMIs of the instance to the us-west-1 region and 3 AMIs - to the us-west-2.


Examples of valid replicate tag values:


Tip

10@us-west-1
5@us-west-2; 3@eu-west-1



RDS Instance Backup


RDS Instance backup works exactly the same as EC2 Instance Backup described above with one exception: RDS Snapshots only have tag-based metadata.


S3 Bucket Backup


S3 buckets can be backed up to another S3 bucket within the same or another AWS account. Both source and target accounts have to be added to Cloudaware.


CloudAware IAM user which is used to access the source bucket must have write access to the target bucket in the target AWS account.

S3 Backups are using tags. The buckets that need to be backed up must have tags applied in the following format: 1d0w0m@cf-templates-1ajskw0nz6e8-us-east-1


  • AWS backup tag name is: gig-backup
  • AWS backup tag value is: Nd-Nw-Nm@BucketName-region


Tip

For example, the tag 1d0w0m@mybucket-us-east-1 takes  takes the source bucket and copies its content to the target bucket once a day.


Cloudaware creates a directory gig-backup in the target bucket. Inside this directory you can see directories for each source bucket.


Cloudaware automatically deletes folders with data that falls outside the backup policy retention criteria.


  1. Create a target bucket.

  2. Apply the following IAM policy to the target bucket.

BUCKET_NAME is the target bucket. It is assumed that a Cloudaware user already has access to the source buckets.


Ensure that every source Cloudaware account is granted access to the target bucket.


Code Block
{
  "AWSTemplateFormatVersion" : "2010-09-09",
  "Description" : "Backup Bucket Policies",

  "Resources" : {
    "S3BucketPolicy" : {
      "Type" : "AWS::S3::BucketPolicy",
      "Properties" : {
        "Bucket" : "BUCKET_NAME",
        "PolicyDocument" : {
          "Statement" : [
            {
              "Principal" : { "AWS" : [
                "arn:aws:iam::ACCOUNT_ID_A:user/CloudawareIAMUserA",
                "arn:aws:iam::ACCOUNT_ID_B:user/CloudawareIAMUserB"
              ] },
              "Resource" : [ "arn:aws:s3:::BUCKET_NAME" ],
              "Effect" : "Allow",
              "Action" : [ "s3:List*" ]
            },
            {
              "Principal" : { "AWS" : [
                 "arn:aws:iam::ACCOUNT_ID_A:user/CloudawareIAMUserA",
                "arn:aws:iam::ACCOUNT_ID_B:user/CloudawareIAMUserB"
              ] },
              "Resource" : [ "arn:aws:s3:::BUCKET_NAME/*" ],
              "Effect" : "Allow",
              "Action" : [ "s3:Get*", "s3:Put*", "s3:Delete*" ]
            }
          ]
        }
      }
    }
  }
}