How to Backup Your AWS Accounts with N2WS Backup & Recovery

As we all know in the world of IT, nothing goes exactly according to plan. Every smart planner know how to develop a system that can adapt to different situations. The world, as we know, is full of uncertainty and you, as an entrepreneur or CXO would not want your business to be vulnerable to any of that uncertainty. As part of your application SLA, it is mandatory for a company to have a business continuity plan that ensures short recovery time objective (RTO) and recovery point object (RPO).

Your IT infrastructure also needs a business continuity plan (BCP) where you can plan how you will back up your data and ensure a fast recovery in any disaster scenario. A company’s data is the most important factor; without it they cannot function.

Therefore, it is essential to have a plan in action which ensures that the database back up is carried out timely and across multiple geographical regions: this way, if one region is affected the business can be recovered in another region, as determined RPO.

AWS Elastic Block Store offers persistent block level storage that is used with Amazon Elastic Compute Cloud (Amazon EC2) instances for persistent data storage. Additionally, EBS offers the option to create point-in-time snapshots that are ideally suited to back up and restore data, protecting against logical data loss and achieving DR capabilities.

Companies as prominent as Linkedin and Sony Pictures have recently been victims of data theft. These cases should prompt every enterprise to design a highly available system with a well-designed backup plan.

One option, using AWS, is to copy snapshots to a separate AWS account as a backup. This backup will help for DR in case some disaster strikes the first account. In this article, we will show you how to move data from one AWS account to another without any loss of data with the help of the N2WS CLI tool.

Backing Up Snapshots from One AWS Account to Another with N2WS CLI

When an account owner wants to share data from one AWS account with another AWS account, the account owner can do so by sharing snapshots. This is done by modifying the snapshot permission attributes, which requires the AWS account ID of the second account. Alternately, you can use a tool such as N2WS Backup & Recovery, which provides application-consistent backup options and ensures that data is consistent and copied to a separate AWS account. This action can also be achieved with UI, but here the process will be automated using CLI.

This section will provide a step-by-step guide to performing the following steps:

1. Creating a VPC in the first AWS account
2. Setting up a database and web server in that VPC
3. Creating a second AWS account and adding its details to N2WS
4. Setting up a N2WS Policy to back up both instances
5. Write a script using N2WS CLI that will do cross-account recovery to the second AWS.

1. Creating a VPC in the First AWS Account

You can create a virtual private cloud (VPC) in two ways:

• Via the AWS Console: AWS provides a VPC creation wizard which will automatically launch a VPC with subnets, internet gateway, and route tables. You can find a detailed step-by-step guide to do this here.
• Via the AWS CLI: Before creating a VPC you’ll need to install and configure AWS CLI on your workstation to get started. Once AWS CLI is ready you’ll need to create the following resources after creating the VPC:
  • Subnets
  • Create and associate IGW (Internet Gateways)
  • Create and associate route tables

For more information on this process, refer to this step-by-step guide on how to create VPC via AWS CLI.

2. Setting Up a Database and Web Server in the VPC

In this step you’ll need to create two things:

• Web server (EC2 instance) with WordPress installation: In order to set up a web server you’ll need to launch an Amazon EC2 instance and install WordPress on it. Follow this documentation for a detailed step-by-step guide.
• Database server (MySQL installed on EC2 instance):
  • You need to launch an instance in the same VPC. Next, install and configure MySQL.
  • Use this MySQL as a WordPress database.

This concludes the creation process for the web and database servers. You should now be able to open the site using the EC2 instance DNS name from a browser.

3. Registering AWS accounts on the N2WS Console

Before you can start to register the two AWS account in the N2WS console there are a number of prerequisites:

• Either get your AWS Account details or Create an IAM user in accounts you want to register N2WS with proper privileges for eg: EC2 full permission.
• Save access key and secret key as you will require it to register an account in next steps.

Once you do those things you can begin the process of registering the two accounts by following the steps below:

1. Navigate to N2WS console and click on “Manage AWS accounts”
2. Next, you will add two new accounts. Start with your main account, the account where your web server and database server are located.
3. Next create account for DR. Here you will register another AWS account. 

Once this is done now you’re all set to create backup policy in N2WS.

4. Setting Up a N2WS Policy to Backup Both Instances

Here we will create a policy which will backup both the web server and the database server.

1. In order to create a policy, navigate to the Main tab and select Policy tab. Now, create a new policy.
2. Once the policy is created, it’s time to add both instances under the same policy. In the Configure column click on Backup Targets option.
3. Select and add an instance to the policy.
4. Next, it is necessary to run the backup policy we just created. We will move same backup snapshots to another AWS account. Navigate back to the Main tab and from there to the Policy tab, where you will select your policy and run the same policy ASAP. 

Once the backup is completed for both instances—web server and database server—you can use the N2WS CLI to move data from one AWS account to another AWS account.

5. Scripting with N2WS CLI to Perform Cross-Account Recovery to the Second AWS Account

Before you start it is necessary for you to perform the following actions in second AWS account:

1. Create a VPC (subnet and route tables): You can follow the same steps as we did for creating the VPC for the first account, or you can use Default AWS VPC, depending on where you would like to store your backup.
2. Note down following information:
   • From Account #1
     • Instance IDs: IDs of both web server and database server instances
   • From Account #2
     • Subnet ID: Subnet ID will be required to copy instance to particular subnet
     • Region: You will need to define which region you would like to copy data
     • Key pair: In order to launch copied instances you will require key pair so make sure you already have one
     • Instance type: You can put any instance type as your business need
3. If you’re performing recovery via CLI then get backup ID of both instances:
   • The only way to get this is by using N2WS CLI. You can download N2WS CLI here.
   • Use
     

     get-backup-bytimeparameter in N2WS CLI to get backup id

   • You will also need Security group Ids of the account to be backed up

Recover Instance Using N2WS CLI

You can use any instance/workstation to setup a backup via N2WS CLI. Before you get started, there are two prerequisites you need to have ready: Python 2.7 and N2WS CLI. Download and configured N2WS CLI.

First of all, check that you have Python installed by using the command python, then download and configure N2WS CLI. There will be three files:

• cpm_cli.cfg: N2WS CLI enables using a configuration file named cpm_cli.cfg. The file must be located in the same directory where the cpm_cli.py is located
• cpm_cli: This supports several API calls to automate backup and recovery related tasks
• CPM_CLI: PDF documentation

The cpm_cli.cfg file contains the following lines:

		[general]
		apikey= #api key generated showed in below step
		address= # N2WS ip address e.g 52.90.143.110
		port= 443 # N2WS ip address
		user=admin # N2WS console username
		verifycert= # yes/no
		timeout= # timeout in seconds, default is 60

How to Generate an API Key

1. Click on “Notifications,” then click on “Configure API Authentication Key”
2. Next, you need to enable API calls and create the authentication key. 
3. Please copy that key and use it as the “apikey” for any CLI/API call. You can always disable or create a new key, which will cancel the previous one.

Fetch backup ID:

Use the following command to get a backup ID:

get-backup-by-time –-policy

Recover an Instance in the Second Account

Once you’ve set up all the above items, you should be ready to perform a test. Here you will use N2WS CLI utility

recover-instance

to perform this action.

1. Replace the values in snippet given below:
   

   python cpm_cli.py recover-instance --instance-id
   --backup-id  --from-account "" --to-account “” --region
   --placement subnet --subnet   --ip-address new
   --root-device-source snapshot --security-groups
   "[‘Security-Group-Id1,Security-Group-Id2’]"
   --key-pair “” --instance-type=
   

   
   

   Here is a sample of how yours would appear:

   
   

   cpm_cli.py recover-instance --instance-id
   i-0ec876229c7d5032432 --backup-id=01212
   --from-account "Main Account" --to-account
   "BackupAccount" --region=us-west-2 --placement
   subnet --subnet "subnet-6fa7rf36"  --ip-address "new"
   --root-device-source "snapshot" --security-groups
   "[sg-f0c84b8b]"--key-pair "newkeypair"
   --instance-type=t2.micro
   

   
   
2. Once you run this command for the web server and database server, you should get the following output confirming that the recovery has started: 
3. You will also notice both the database and web server instances have launched in the backup account. If you receive any error message, check your command for possible errors. After this, you can use the script to schedule the recovery of instances using crontab or a Lambda function which will execute whenever required.
4. You have just learned how to successfully move data from one account to another AWS account using N2WS CLI.
5. You will be able to see the website once you’ve changed necessary parameters such as the database IP address (but that is only required if you have a MySQL database hosted on an AWS EC2 instance). After recovery, you should be able to access the same website as the first account via a browser.

Conclusion

It is important that every organization have a disaster recovery plan in place. Although it rare that an organization would come across a scenario where they would have to put their disaster recovery plan in practice, there is always the chance of a system failure.

In this article, we have demonstrated how you can ensure DR by moving data from one AWS account to another by using N2WS CLI. The script can restore the backup instance as well verify the data on that instance. N2WS Backup & Recovery is an enterprise-class backup, recovery and disaster recovery solution for AWS EC2 instances. It uses snapshots created by policies automatically at regular intervals.

Additionally, we saw you can perform instance recovery into another account using N2WS’ DR functionality, all of which makes N2WS an ideal option for backup and DR strategies. Try N2WS Backup & Recovery for FREE!