EC2 resource replication with Arpio
Arpio replicates the following resource types from Amazon's Elastic Compute Cloud service.
Jump to:
- Amazon Machine Image
- AutoScaling Group
- AutoScaling Policy
- Classic Load Balancer
- EC2 Instance
- Elastic Load Balancer (ALB and NLB)
- Launch Template
- Security Group
- Target Group
Amazon Machine Image
Arpio copies selected AMIs from the primary environment to the recovery environment.
When an AMI is first selected into an application, it is copied once to the recovery environment. If the AMI references encrypted EBS snapshots, the snapshots are re-encrypted during the copy operation with a KMS key that Arpio provisions in the recovery environment.
The copied AMI is retained in the recovery environment until all recovery points that reference it are removed.
AutoScaling Group
Arpio creates AutoScaling Groups that match selected AutoScaling Groups in the primary environment.
The following attributes are translated when replicating an AutoScaling Group to the recovery environment:
- Desired capacity, minimum size, and maximum size are set to zero if your applications are not in test or recovery mode. If they are in test or recovery mode, these parameters match the primary environment.
- Availability zones are updated to maintain AZ diversity in the recovery environment.
- Load balancers are dropped if your applications are not in test or recovery mode (the load balancers are also not instantiated). If they are in test or recovery mode, their replicas are referenced.
- Notifications to SNS topics are preserved if an SNS topic exists with the same name as the referenced topic in the primary environment. If the topic does not exist, the SNS notification is dropped.
- Lifecycle hooks to SQS queues are updated to reference the corresponding standard queues in the recovery environment.
- Lifecycle hooks to SNS topics are updated to reference the corresponding topic in the recovery environment.
The following resources are automatically selected into recovery points when an AutoScaling group is selected:
- Referenced AutoScaling Policies
- The referenced Launch Template
- Referenced Subnets
- The AutoScaling IAM role if not using the standard AWS service-linked role
- Referenced Classic Load Balancers
- SQS queues referenced by lifecycle hooks
- SNS topics referenced by lifecycle hooks and notification configurations
- Referenced Target Groups
AutoScaling Policy
Arpio creates AutoScaling Policies that match the AutoScaling Policies in the primary environment. AutoScaling Policies are only created if your application is under test or in recovery.
The following resources are automatically selected into recovery points when an AutoScaling Policy is selected:
- Any AutoScaling Group that references the policy
- CloudWatch Alarms referenced by the policy
Classic Load Balancer
Arpio creates Classic ELBs that match the Classic ELBs in the primary environment. Classic ELBs are only created if your application is under test or in recovery.
The following attributes are translated when replicating a Classic ELB to the recovery environment:
- EC2 instances are translated to the corresponding instances in the recovery environment, if those instances are not part of an AutoScaling Group
- Subnets are translated to the corresponding subnets in the recovery environment
- Security Groups are translated to the corresponding Security Groups in the recovery environment
- The access log configuration is dropped.
- If using SSL, the Classic ELB's listeners are updated to reference the appropriate SSL certificate in the recovery environment
The following resources are automatically selected into recovery points when a Classic ELB is selected:
- Any AutoScaling Groups that reference the Classic ELB
- Any EC2 Instance behind the Classic ELB, if that instance is not part of an AutoScaling Group
- The Subnets that the Classic ELB lives in
- The Security Groups assigned to the Classic ELB
- Any ACM Certificates configured on the Classic ELB
EC2 Instance
Arpio replicates EC2 Instances to the recovery environment. Replication happens by creating a snapshot of the instance in your primary environment and copying the snapshot to the recovery environment. The snapshot exists in the recovery environment as an AMI that Arpio will launch as needed for a test or a recovery.
Arpio can also replicate EC2 instances to the recovery environment in near real-time with no data loss, if you are an enterprise customer and enable Real-time RPO replication. This replication works not with snapshots, but via integration with AWS Disaster Recovery Service using their replication agent. You can read more about real-time recovery of your EC2 instances here.
Snapshots of EC2 Instances are incremental from the prior snapshot. If 10 MB of data has changed on disk since the prior snapshot, only 10 MB of data must be copied to the recovery environment, regardless of how large the instance is.
If you are using encrypted EBS volumes, Arpio handles provisioning an appropriate KMS key in the recovery environment, and AWS re-encrypts the volumes with this key during the copy operation.
The following resources are automatically selected into recovery points when an EC2 Instance is selected:
- The Subnet the instance lives in
- The Security Groups attached to the instance
- The Instance Profile of the instance
Elastic Load Balancer (ALB and NLB)
Arpio creates Application Load Balancers and Network Load Balancers that match the ELBs in the primary environment. These load balancers are only created if your application is under test or in recovery.
The following attributes are translated when replicating an Elastic Load Balancer to the recovery environment:
- Listener configurations are updated to reference the appropriate target groups in the recovery environment.
- Listener configurations that use SSL are updated to reference the appropriate SSL certificate in the recovery environment.
- Availability zones are translated to the corresponding availability zones in the recovery environment. Note that elastic load balancers do not support multiple endpoints in the same availability zone, even if they are in different subnets. If it is not possible to map all subnets to unique availability zones in the recovery environment, some load balancer endpoints will be dropped to satisfy this constraint. Your resulting recovery environment will reflect the maximum AZ diversity that can be achieved in the recovery region.
- Security Groups are translated to the corresponding Security Groups in the recovery environment
- The access log configuration is dropped.
The following resources are automatically selected into recovery points when an Elastic Load Balancer is selected:
- Any AutoScaling Groups that reference target groups attached to the ELB
- The Subnets associated with the ELB
- The Security Groups assigned to the ELB
- Any ACM Certificates configured on the listeners on the ELB
- Target Groups referenced by the ELB
- The VPC that the ELB is associated with
Launch Template
Arpio replicates Launch Templates, and all of their versions, to the recovery environment. Arpio ensures that the special Launch Template versions "default" and "latest" are correctly configured.
The following attributes are translated when replicating a Launch Template to the recovery environment:
- Security Groups are translated to the corresponding Security Groups in the recovery environment
- The IAM Instance Profile is translated to the corresponding Instance Profile in the recovery environment
- The Subnets are translated to the corresponding Subnets in the recovery environment
- The AMI is translated to the corresponding AMI in the recovery environment
The following resources are automatically selected into recovery points when a Launch Template is selected, if they still exist in the primary environment. Because Launch Templates retain historical versions, they may reference other resources that have been deleted:
- Security Groups referenced by any version of the Launch Template
- Subnets referenced by any version of the Launch Template
- IAM Instance Profiles referenced by any version of the Launch Template
- EC2 Images (AMIs) referenced by any version of the Launch Template
Security Group
Arpio replicates Security Groups, and all of their rules, to the recovery environment. If a Security Group is the "default" for a given VPC, the replicated Security Group becomes the default for the replicated VPC in the recovery environment.
The following attributes are translated when replicating Security Groups to the recovery environment:
- Rules that reference other Security Groups that are being replicated are translated to reference the replicated Security Group in the recovery environment.
- Rules that reference IPv6 CIDR blocks within a VPC that is being replicated are translated to reference the corresponding IPv6 CIDR block within the replicated VPC. IPv6 CIDR blocks outside of replicated VPCs are not translated, and the rules are replicated identically.
- IPv4 CIDR blocks are not translated. Because IPv4 CIDR blocks are retained for replicated VPCs, the blocks you've specified in your primary environment are still relevant in the recovery environment.
- Prefix Lists are translated to the corresponding Prefix List in the recovery environment's region
The following resources are automatically selected into recovery points when a Security Group is selected:
- The VPC containing the Security Group
- Any other Security Groups referenced by rules on this Security Group
Target Group
Arpio replicates Target Groups to the recovery environment. Target Groups are only created if your application is under test or in recovery.
The following attributes are translated when replicating Target Groups to the recovery environment:
- EC2 instance targets that are not part of an AutoScaling Group. EC2 instances in AutoScaling groups are separately added to (and removed from) the target group as AutoScaling starts (and terminates) them.
- Arpio does not currently support AWS Lambda as a target within a Target Group.
The following resources are automatically selected into recovery points when a Target Group is selected:
- EC2 instances that are not part of an AutoScaling Group
- AutoScaling Groups that reference the Target Group
- Load Balancers that reference the Target Group
-
Lambda functions, versions, or aliases that registered as a Target Group target