Virtual Private Cloud resource replication with Arpio
Arpio replicates the following resource types from Amazon's Virtual Private Cloud service.
DHCP Options
Arpio replicates selected DHCP Options objects from your primary environment to your recovery environment. No fields are translated during replication.
Internet Gateway
Arpio replicates selected Internet Gateways from your primary environment to your recovery environment. The following attributes are translated during replication:
Attribute | Translation |
---|---|
Attached VPCs | Translated to corresponding VPCs that Arpio manages in the recovery environment |
The following resources are automatically selected into recovery points when an Internet Gateway is selected:
- The VPCs that the Internet Gateway is attached to
NAT Gateway
Arpio replicates selected NAT Gateways from your primary environment to your recovery environment. NAT Gateways are created during recovery tests and actual failover. The do not run when the recovery environment is not being used.
The following attributes are translated during replication:
Attribute | Translation |
Attached VPCs | Translated to the corresponding VPCs that Arpio manages in the recovery environment. |
Subnet IDs | Translated to the corresponding subnet(s) that Arpio manages in the recovery environment. |
IP Addresses | Translated to the corresponding Elastic IPs that Arpio manages in the recovery environment. |
The following resources are automatically selected into recovery points when a NAT Gateway is selected:
- The Elastic IPs that the NAT Gateway relies upon
- The Subnets that contain the NAT Gateway's endpoints
- The VPCs that the NAT Gateway is attached to
Network ACL
Arpio replicates selected Network ACLs from your primary environment to your recovery environment.
If a Network ACL in your primary environment is the "default" for its VPC, its replica in the recovery environment will be the default for the corresponding VPC.
The following attributes are translated during replication:
Attribute | Translation |
---|---|
IPv6 CIDR blocks | If the CIDR block falls within a VPC that is being replicated, it will be translated to a corresponding CIDR block within the IPv6 range of the replicated VPC |
VPC Subnet Associations |
Translated to the corresponding entity that Arpio manages in the recovery environment |
The following resources are automatically selected into recovery points when a Network ACL is selected:
- Subnets with which the Network ACL is associated
Route Table
Arpio replicates selected Route Tables from your primary environment to your recovery environment.
If a Route Table in your primary environment is the "main" route table for its VPC, its replica in the recovery environment will be the main route table for the corresponding VPC.
Arpio currently automates creation of the following route targets:
- Local (the local network)
- Internet Gateways
- EC2 Instances
You may manually add routes to other target types. For example, you can add a VPC peer to the recovery environment, and add routes to that VPC peer. Arpio will retain those routes when it applies new recovery points to the environment.
The following attributes are translated during replication:
Attribute | Translation |
---|---|
IPv6 Route Destinations | If the route destination's CIDR block falls within a VPC that is being replicated, it will be translated to a corresponding CIDR block within the IPv6 range of the replicated VPC |
Prefix List Route Destinations | Translated to the corresponding prefix list in the recovery region |
Internet Gateway route target | Translated to the corresponding Arpio managed Internet Gateway in the recovery environment |
EC2 Instance route target | Translated to the corresponding Arpio managed EC2 Instance in the recovery environment |
Subnet Associations | Translated to the corresponding subnets that Arpio manages in the recovery environment |
The following resources are automatically selected into recovery points when a Route Table is selected:
- The VPC containing the Route Table
- Any Internet Gateways referenced as route targets
Security Group
Arpio replicates Security Groups, and all of their rules, to the recovery environment.
If a Security Group in your primary environment is the "default" for its VPC, its replica in the recovery environment will be the default for the corresponding VPC.
The following attributes are translated when replicating Security Groups to the recovery environment:
Attribute | Translation |
---|---|
Other Security Groups | If a Security Group rule references another Security Group that is being replicated, it is translated to the corresponding Arpio managed Security Group in the recovery environment |
IPv6 CIDR Blocks | If the CIDR block falls within a VPC that is being replicated, it will be translated to a corresponding CIDR block within the IPv6 range of the replicated VPC |
Prefix Lists | Translated to the corresponding prefix list in the recovery region |
The following resources are automatically selected into recovery points when a Security Group is selected:
- The VPC containing the Security Group
- Any other Security Groups referenced by rules on this Security Group
Subnet
Arpio replicates subnets to the recovery environment.
Subnets live in availability zones, and you've probably chosen them carefully in your primary environment. Arpio maps these to availability zones in the recovery environment, ensuring that the resources used in your subnets are available in the mapped availability zones while maximizing availability zone diversity in the recovery environment.
The following attributes are translated when replicating Subnets to the recovery environment:
Attribute | Translation |
---|---|
IPv6 CIDR Blocks | Translated to a corresponding CIDR block within the IPv6 range of the replicated VPC |
VPC | Translated to the corresponding Arpio-managed VPC in the recovery environment |
Availability Zone | Translated to an availability zone in the recovery environment that supports the resources defined within the Subnet while maximizing availability zone diversity of the recovery environment |
The following resources are automatically selected into recovery points when a Subnet is selected:
- Associated Network ACLs
- Associated Route Tables
- The VPC containing the Subnet
VPC
Arpio replicates VPCs to the recovery environment.
The replicated VPC is setup to maximize similarity with the primary environment. In addition to containing replicas of the primary environment's resources, it retains the IPv4 CIDR blocks of the primary environment. Instances that Arpio launches within the recovery environment retain the IPv4 addresses of the corresponding instance in the primary environment.
There may be occasions where you need network connectivity between your primary environment's VPC and the recovery environment's VPC. This is possible through network address translation, and Arpio support can help you set that up.
The following attributes are translated when replicating VPCs to the recovery environment:
Attribute | Translation |
---|---|
IPv6 CIDR Block | AWS will grant a new IPv6 CIDR block for the recovery environment VPC |
DHCP Options | Translated to the corresponding Arpio-managed DHCP Options in the recovery environment |
The following resources are automatically selected into recovery points when a VPC is selected:
- Associated DHCP Options
- The "default" Security Group
- The "main" Route Table
- The "default" Network ACL
- Attached Internet Gateways
VPC Endpoints
Arpio replicates selected VPC gateway and interface endpoints from your primary environment to your recovery environment.
The following interface endpoint attributes are translated during replication:
Attribute |
Translation |
VPC |
Translated to the corresponding VPC that Arpio manages in the recovery environment |
Subnets |
Translated to the corresponding subnets that Arpio manages in the recovery environment. |
Security Groups |
Translated to the corresponding security groups that Arpio manages in the recovery environment. |
Endpoint Notifications |
Translated to the corresponding SNS topics Arpio manages in the recovery environment. |
Policy Document |
Translated to the corresponding policy document that Arpio manages in the recovery environment |
The following gateway endpoint attributes are translated during replication:
Attribute |
Translation |
VPC |
Translated to the corresponding VPC that Arpio manages in the recovery environment |
Route Tables |
Translated to the corresponding route tables that Arpio manages in the recovery environment. |
Policy Document |
Translated to the corresponding policy document that Arpio manages in the recovery environment. |
The following resources are automatically selected into recovery points when a VPC Endpoint is selected:
All Endpoints:
- The VPC that the endpoint is attached to
- The Endpoint Policy Document attached to the endpoint
Interface Endpoints:
- Subnets attached to the endpoint
- Security groups attached to the endpoint
- SNS Topics attached as Notification Connections to the endpoint
Gateway Endpoints:
- Route tables the gateway endpoint lives in