DR Commander - Multi-Region Disaster Recovery Orchestration

DR Commander v1.0.1 - Initial Release (patched)

Release Date: May 2026 Platform: Amazon Linux 2023 | Python 3.12 | Node.js 22 | React 18

DR Commander is an agentless multi-region disaster recovery orchestration solution for AWS. This initial release provides full-stack DR protection for EC2, RDS, S3, Route53, and Elastic Load Balancers through a single web dashboard deployed via CloudFormation.

DEPLOYMENT

• Three deployment options via a single unified CloudFormation template: PublicSubnet (HTTP with security group restriction), PublicALB (HTTPS via ACM certificate with auto-discovered public subnets), and PrivateInstance (VPC-only access via SSM, bastion, or VPN)
• Amazon Cognito authentication with admin account auto-provisioned during stack creation. Temporary password delivered via email. Supports password reset and forgot-password flows.
• IAM role with least-privilege cross-region permissions created automatically
• IMDSv2 enforced with hop limit 2 on all instances
• 50 GB encrypted gp3 EBS root volume
• SSM Session Manager access enabled by default (no SSH key required)

RESOURCE DISCOVERY

• Automatic discovery of DR-tagged resources across EC2, RDS, S3, and Elastic Load Balancers
• Tag-based inclusion: resources tagged DR=true, DR=critical, or DR=production are included in DR protection
• Auto Scaling Group instance deduplication to avoid counting ASG-managed instances twice
• Load balancer discovery includes target groups with health status of registered targets
• Route53 DNS record matching shows which DNS records point to each discovered resource
• Parallel discovery using ThreadPoolExecutor for faster resource enumeration

REPLICATION

• EC2: Point-in-time AMI snapshots with cross-region copy to DR region. Intermediate primary-region AMI deleted after DR copy confirmed. Configurable scheduled snapshots (hourly, 4h, 12h, 24h) with automatic purge keeping a maximum of 8 AMIs per instance.
• RDS: Cross-region read replica creation for continuous replication. Supports all RDS engines that support read replicas.
• S3: Cross-region replication (CRR) rule configuration on customer-specified buckets, versioning enablement, and IAM replication role management. Batch replication available for pre-existing objects via S3 Batch Operations.
• Load Balancers: DR readiness evaluation with per-LB networking validation for mixed ALB/NLB environments. LBs are provisioned in the DR region during failover execution.
• Option to include stopped/offline EC2 instances in snapshots (disabled by default)

FAILOVER

• One-click failover execution from the dashboard with resource picker and parallel resource fetch
• EC2: Launches instances from DR AMIs with configurable DR networking (public/private subnet selection based on source instance, round-robin across subnets for multi-AZ distribution)
• RDS: Promotes read replicas to standalone databases
• Load Balancers: Provisions DR load balancers with correct type (ALB/NLB), target groups, listeners, and health checks
• Route53: Automatic DNS update across all hosted zones - supports alias A records (with correct ALB hosted zone ID), plain A records for EC2 public IPs, and CNAME records for RDS endpoints. TTL lowered to 60 seconds during failover.
• SNS notifications at failover start and completion with full resource details
• Post-failover runbook guidance including region swap, networking update, and DR replication re-establishment steps
• Test failover mode validates DR readiness without creating or modifying any resources

HEALTH MONITORING

• Multi-layer health checks: EC2 instance state and status checks, RDS availability (including backing-up and modifying as healthy states), load balancer target health, CloudWatch alarms with EC2 quorum logic (high-severity alarms downgraded to medium if less than 50% of instances affected), AWS Health Events, Route53 health checks, and AWS API reachability
• Configurable failure threshold (2-10, default 5) and health check interval (30-300 seconds, default 60)
• Auto-failover disabled by default. Enabled via dashboard after replication is confirmed working.
• Health status persisted to local file for API access between check cycles

DASHBOARD

• React 18 with TypeScript SPA served via nginx reverse proxy
• Five tabs: Dashboard (overview, health signals, getting started), Resources (discovered resources with DNS records), Replication (status, setup, snapshots, LB readiness), Failover (execute, test, history), Configuration (regions, networking, scheduling, auto-failover)
• Light and dark mode with theme toggle persisted in localStorage
• Dark mode features neon cyan/blue styling with glowing status badges and monospace table fonts
• 15-second server-side response cache for status, resources, and replication endpoints with automatic invalidation after write operations
• Frontend parallel API calls with Promise.allSettled for faster page loads
• Pagination for EC2 AMI snapshots (25 per page)
• AMI deletion with optimistic UI removal, 1.5-second visual indicator, and 60-second grace period for AWS eventual consistency
• Orchestrator restart banner with progress bar after configuration save
• Certificate ARN live validation via ACM API
• Comma-separated input fields use decoupled raw string state to prevent blanking during typing

MARKETPLACE INTEGRATION

• Usage-based pricing at $0.045 per protected EC2 instance per hour
• RDS, S3, and load balancer protection included at no additional charge
• Hourly metering via AWS Marketplace Metering Service with retry logic
• IMDSv2 metadata for region-aware metering client initialization
• Entitlement validation script for diagnostic checks

SECURITY

• Cognito User Pool with admin-only user creation, 8-character minimum password policy, 7-day temporary password validity
• JWT verification via aws-jwt-verify with 8-hour token validity and 30-day refresh tokens
• Authentication required in production (503 returned if Cognito not configured). DISABLE_AUTH=true available for local development only.
• Security group least-privilege ingress based on deployment option and AllowedSourceCidr
• SSH hardened: root login disabled, key-based authentication only
• SELinux contexts applied, secure umask configured, unnecessary services disabled
• Log rotation configured for all application logs

INFRASTRUCTURE

• Python 3.12 orchestrator with boto3 1.42.x, PyYAML, schedule, psutil
• Express.js 4.22.0 API on Node.js 22 with winston logging and CORS support
• nginx reverse proxy with 300-second proxy_read_timeout for long-running operations
• Background job execution for replication setup, EC2 snapshots, and S3 batch operations with job polling API
• Packer-built AMI on Amazon Linux 2023 with automated validation suite

KNOWN LIMITATIONS

• EC2 AMI snapshots are point-in-time and go stale immediately. Scheduled snapshots mitigate this but RPO depends on snapshot frequency.
• RDS cross-region read replica creation typically takes 20-60 minutes depending on database size. Dashboard advises waiting for available status before testing failover.
• S3 bucket names must be specified in CloudFormation in order for CRR (Cross Region Replication) to work. CloudFormation template needs to be updated and re-deployed via a Stack update any time primary and DR bucket names are changed.
• Failback is manual: swap primary/DR regions in configuration, then re-run Set Up DR Replication.
• Auto-failover should only be enabled after Set Up DR Replication is confirmed working.