Resolution
Note: If you receive errors when running AWS CLI commands, make sure that you're using the most recent version of the AWS CLI.
1. Run the list-recovery-points-by-backup-vault command to list all the recovery points in your vault:
aws backup list-recovery-points-by-backup-vault --backup-vault-name Default --output json --query 'RecoveryPoints[].[BackupVaultName,RecoveryPointArn]'
2. In the command output, copy the RecoveryPointArn for the recovery point that you want to restore.
3. Run the get-recovery-point-restore-metadata command to get the metadata of the Amazon EC2 instance that you want to restore:
aws backup get-recovery-point-restore-metadata --backup-vault-name Default --recovery-point-arn arn:aws:ec2:eu-west-1::image/ami-012ab3456789c0123
4. Copy the command output, which is similar to the following:
{
"BackupVaultArn": "arn:aws:backup:eu-west-1:123456789012:backup-vault:Default",
"RecoveryPointArn": "arn:aws:ec2:eu-west-1::image/ami-012ab3456789c0123",
"RestoreMetadata": {
"CapacityReservationSpecification": "{\"CapacityReservationPreference\":\"open\"}",
"CpuOptions": "{\"CoreCount\":1,\"ThreadsPerCore\":1}",
"CreditSpecification": "{\"CpuCredits\":\"standard\"}",
"DisableApiTermination": "false",
"EbsOptimized": "false",
"HibernationOptions": "{\"Configured\":false}",
"IamInstanceProfileName": "ServerAccess",
"InstanceInitiatedShutdownBehavior": "stop",
"InstanceType": "t2.micro",
"KeyName": "BackupTesting",
"Monitoring": "{\"State\":\"disabled\"}",
"NetworkInterfaces": "[{\"AssociatePublicIpAddress\":true,\"DeleteOnTermination\":true,\"Description\":\"\",\"DeviceIndex\":0,\"Groups\":[\"sg-0babcd1234567890f\"],\"Ipv6AddressCount\":0,\"Ipv6Addresses\":[],\"NetworkInterfaceId\":\"eni-12345678a9b0cd1e2\",\"PrivateIpAddress\":\"192.0.2.206\",\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateIpAddress\":\"192.0.2.206\"}],\"SecondaryPrivateIpAddressCount\":0,\"SubnetId\":\"subnet-1a2b3c4d\",\"InterfaceType\":\"interface\"}]",
"Placement": "{\"AvailabilityZone\":\"eu-west-1b\",\"GroupName\":\"\",\"Tenancy\":\"default\"}",
"SecurityGroupIds": "[\"sg-0babcd1234567890f\"]",
"SubnetId": "subnet-1a2b3c4d",
"VpcId": "vpc-1a2b3c4d",
"aws:backup:request-id": "c1234567-ee7c-4896-beeb-ee123b456789"
}
}
5. Edit the command output to retain only the following metadata fields and values:
{
"VpcId": "vpc-1a2b3c4d",
"Monitoring": "{\"State\":\"disabled\"}",
"CapacityReservationSpecification": "{\"CapacityReservationPreference\":\"open\"}",
"InstanceInitiatedShutdownBehavior": "stop",
"DisableApiTermination": "false",
"KeyName": "BackupTesting",
"CreditSpecification": "{\"CpuCredits\":\"standard\"}",
"HibernationOptions": "{\"Configured\":false}",
"EbsOptimized": "false",
"Placement": "{\"AvailabilityZone\":\"eu-west-1b\",\"GroupName\":\"\",\"Tenancy\":\"default\"}",
"aws:backup:request-id": "c1234567-ee7c-4896-beeb-ee123b456789",
"InstanceType": "t2.micro",
"NetworkInterfaces": "[{\"DeleteOnTermination\":true,\"Description\":\"Primary network interface\",\"DeviceIndex\":0,\"Groups\":[\"sg-0babcd1234567890f\"],\"Ipv6AddressCount\":0,\"Ipv6Addresses\":[],\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateIpAddress\":\"192.0.2.210\"}],\"SecondaryPrivateIpAddressCount\":1,\"SubnetId\":\"subnet-1a2b3c4d\",\"InterfaceType\":\"interface\"}]"
}
6. If the original instance is still in use, then you must also change the primary private IP address in the metadata output. In the NetworkInterfaces metadata field, change the Primary PrivateIpAddress to a different IP address than what was originally returned by the get-recovery-point-restore-metadata command. You don't need to change the primary private IP address in the metadata under the following conditions:
- Your instance was terminated.
- You want to use the original IP address (in-place restore).
7. Save the edited metadata into a JSON file. You can name the file ec2-restore-metadata.json.
8. Run the start-restore-job command with --recovery-point-arn set to the RecoveryPointArn that you copied in step 2, and --metadata set to the JSON file that you created in step 5.
aws backup start-restore-job --region eu-west-1 --recovery-point-arn "arn:aws:ec2:eu-west-1::image/ami-012ab3456789c0123" --iam-role-arn "arn:aws:iam::123456789012:role/service-role/AWSBackupDefaultServiceRole" --metadata file://ec2-restore-metadata.json
Note: You can define the instance metadata as parameters within the start-restore-job command, instead of using a JSON file. To do so, run the start-restore-job command in this format:
aws backup start-restore-job --region eu-west-1 --recovery-point-arn "arn:aws:ec2:eu-west-1::image/ami-012ab3456789c0123" --iam-role-arn "arn:aws:iam::123456789012:role/service-role/AWSBackupDefaultServiceRole" --metadata '{"VpcId": "vpc-1a2b3c4d", "Monitoring": "{\"State\":\"disabled\"}", "CapacityReservationSpecification": "{\"CapacityReservationPreference\":\"open\"}", "InstanceInitiatedShutdownBehavior": "stop", "DisableApiTermination": "false", "KeyName": "BackupTesting", "CreditSpecification": "{\"CpuCredits\":\"standard\"}", "HibernationOptions": "{\"Configured\":false}", "EbsOptimized": "false", "Placement": "{\"AvailabilityZone\":\"eu-west-1b\",\"GroupName\":\"\",\"Tenancy\":\"default\"}", "aws:backup:request-id": "c1234567-ee7c-4896-beeb-ee123b456789", "InstanceType": "t2.micro", "NetworkInterfaces": "[{\"DeleteOnTermination\":true,\"Description\":\"Primary network interface\",\"DeviceIndex\":0,\"Groups\":[\"sg-0babcd1234567890f\"],\"Ipv6AddressCount\":0,\"Ipv6Addresses\":[],\"PrivateIpAddresses\":[{\"Primary\":true,\"PrivateIpAddress\":\"172.31.32.210\"}],\"SecondaryPrivateIpAddressCount\":1,\"SubnetId\":\"subnet-1a2b3c4d\",\"InterfaceType\":\"interface\"}]"}'