Enable item-level search and recovery for Amazon EC2 with AWS Backup

Users often use backups to help recover data after a disaster or security incident. However, what is often overlooked is the need to restore data due to an operational incident such as a data corruption event or deleted file. The ability to identify files and directories within a backup and restore them is an important requirement for a backup solution. This capability is a faster, more efficient method than restoring the entire backup and searching through the directories and files.

AWS Backup provides search and item-level recovery for Amazon Elastic Block Store (Amazon EBS) snapshots and Amazon Simple Storage Service (Amazon S3) backups. This feature makes it easier for you to centrally search for and restore specific items, such as files or objects, across your AWS Backup managed EBS snapshots and S3 backups. You can now search for files or objects with just a few clicks, reducing recovery cost and time.

In this post, we show you how to extend AWS Backup search and item-level recovery to Amazon Elastic Compute Cloud (Amazon EC2). As part of the walkthrough we index an EBS volume, search for a specific file, and restore it to the EBS volume that is attached to the EC2 instance.

Solution overview

AWS Backup allows you to create backups, also known as recovery points, of AWS resources. For Amazon EC2, you can schedule or perform on-demand backup jobs that include entire EC2 instances, including its EBS volumes. Therefore, you can restore an entire EC2 instance from a single recovery point, including the root volume, data volumes, and some instance configuration settings, such as the instance type and key pair.

AWS Backup search and item-level recovery enables you to search the metadata of your backups of supported resource types at a granular level for files or objects that match the properties you define in your search, such as size, creation date, and file path. This feature is limited to Amazon EBS and Amazon S3, but we will show you how to extend it to Amazon EC2.

In this solution, we start by tagging the EBS volumes associated with an EC2 instance to which we want to extend the item-level search and recovery capabilities. This helps to identify which EBS volumes are associated with the EC2 instance you want to enable search and recovery for. Then, we create an on-demand backup of the EBS volume with indexing enabled. This can also be configured as part of a Backup Plan, but we will create an on-demand backup for this example. This backup will not create a new lineage. It will create a new incremental recovery point from the last incremental backup of the EBS Volume as long as it shares the same encryption key. For this walkthrough, we choose a backup recovery point and create a backup search job with search criteria based on “File size” with variables “File size is >or =to 2MB”. Then, we review the search results and choose item(s) to restore to the designated S3 bucket. When the items have been restored, we copy them from the S3 bucket to the EBS volume associated with our EC2 instance. We conclude the walkthrough by cleaning up the environment.

Prerequisites

The following prerequisites are necessary to complete this solution:

An EC2 instance with an attached EBS volume
A designated S3 bucket for data restores
An AWS Identity and Access Management (IAM) role with search and item-level recovery permissions

Walkthrough

The following summarizes the high-level steps required for this solution:

Use tagging to associate an EC2 instance with an EBS volume.
Create an on-demand indexed backup of the EBS volume associated with the EC2 instance.
Locate the backup recovery point and create the backup search job.
Review search results and choose the item(s) to restore to the designated S3 bucket.
Copy items from the S3 bucket to the EBS volume associated with the EC2 instance.

1. Use tagging to associate an EC2 instance with an EBS volume

1.1. In the Amazon EC2 console, choose Instances from the left-hand menu. Choose the instance for which you want to enable search and item-level recovery.

1.2. On the Instances page choose the Tags tab. Create a tag with the following values as seen in Figure 1: key = name value = ab2demo (the value can be any specific name related to the EC2 instance).

screenshot in which user is adding tag to EC2 instance

Figure 1: Adding a tag to an EC2 instance

1.3. Choose the Storage tab and open the associated EBS volume. On the Volumes page, go to the Tags tab and create a tag with the same values as seen in Figure 2: key = name value = ab2demo.

screenshot of adding tag to ebs volume

Figure 2: Add the same tag to the associated EBS volume

2. Create an on-demand backup of the EBS volume associated with the EC2 instance

2.1. In the AWS Backup console choose Protected Resources from the menu page located on the left, as shown in Figure 3.

screenshot of the protected resources page

Figure 3: The Protected resources page

2.2. Choose Create On-Demand Backup and choose EBS in the Resource type dropdown menu.

2.3. For the Volume ID dropdown menu, choose the EBS volume associated with the EC2 instance you want to enable search and item-level recovery. Volume ID has an associated name tag beneath it.

2.4. Choose the Create backup index box and choose Create Backup Now under the Backup Window section.

2.5. Set Total Retention Period to one day and use Default for Backup vault and Default Role for IAM role. Ensure your IAM role has the correct permissions to create a backup index.

2.6. Expand Tags added to recovery point – optional and create a new tag. Use the same values from the first step: key = name value = ab2demo.

2.7. Choose Create On-Demand Backup at the bottom of page as shown in Figure 4.

screenshot of create on demand backup screen

Figure 4: Configure EBS backup while choosing Create backup index

3. Locate the backup recovery point and create the backup search job

3.1. In the AWS Backup console, choose Jobs from the left-hand menu as shown in Figure 5.

jobs dashboard

Figure 5: The AWS Backup jobs dashboard

3.2. Locate the backup job from the previous step and choose it as shown in Figure 6. In this example we choose most recent backup with the resource name of the tags we created (AB2demo).

an aws backup job description screen

Figure 6: The backup job that was created earlier in this blog

3.3. Choose the Recovery point ARN, which provides more details on the backup job, as shown in Figure 7.

screenshot of the recovery point arn

Figure 7: The Recovery point ARN of the backup job

3.4. Under Backup Index make sure that the index status is active. Choose the Search Backup button as shown in Figure 7.

3.5. In the Search Criteria page, backup properties are populated with recovery point details.

3.6. In the Item properties dropdown you can choose File Path, File size, or File creation date for search criteria. For this exercise use File creation date and File size is >or =to 2MB.

3.7. When the search criteria has been entered, choose Start Search as shown in the Figure 8.

Create search page from the “Search backup” selection from recovery point ARN properties page

Figure 8: Create search page from the “Search backup” selection from recovery point ARN properties page

4. Review the search results and choose the item(s) to restore to the designated S3 bucket

4.1. Expand Result details on the Search page. (Search results will only be available for 7 days. Result details will only display the first 1,000 results. To see the full list, you will need to export it). Choose the item(s) to restore and choose Restore as shown in Figure 9.

view of search results

Figure 9: Results of a backup Search job

4.2. In the Restore EBS snapshot window, select Bucket Name to restore to in the Restore destination bucket box. Choose Restore backup as shown Figure 10.

Selections in the “Restore EBS Snapshot” page

Fig 10: Restore EBS snapshot featuring the items selected in the Search job

5. Copy items from the S3 bucket to the EBS volume associated with the EC2 instance

5.1. In the Amazon S3 console, choose General purpose buckets from the left-hand menu.

5.2. Choose the designated recovery bucket. Locate the item recovered and copy it to the EBS volume associated with the EC2 instance as shown in Figure 11.

Copy items from designated recovery bucket

Figure 11: Copying restored items from the recovery S3 bucket to the EBS volume associated with the EC2 instance

Cleaning up

To avoid accruing any unexpected charges, you should delete any resources no longer needed. This could include the EC2 instance, EBS volume, and any AWS Backup resources that were created. If you were following this post and created indexes that are no longer needed, then delete them to avoid more charges. You can delete indexes from the Recovery Point page.

Conclusion

A good backup solution supports multiple use cases including recovery from system outages or operational events, such as data corruption or deleted files. The ability to search for files and directories within a backup and restore them is a valuable feature in a backup solution.

AWS Backup provides search and item-level recovery for Amazon EBS snapshots and Amazon S3 backups. This feature makes it easier for you to centrally search for and restore specific items, such as files or objects, across your AWS Backup managed EBS snapshots and S3 backups. In this post, we demonstrated how to extend this functionality to Amazon Elastic Compute Cloud (Amazon EC2). This will provide a faster and more streamlined approach in restoring specific items.

AWS Backup search and item-level recovery is now available in all commercial AWS Regions and streamlines the process for item-level restores, decreasing the time it takes to recover your important data.

Thank you for reading this post. To learn more, go to the AWS Backup Developer Guide.

Select your cookie preferences

AWS Storage Blog