Skip to main content

Backup and Restore of Terraform Statefile & EC2

Backup & Restore Of Member StateFile

Overview

This runbook provides detailed instructions for backing up a replicated Terraform statefile from the eu-west-1 region and restoring it to a new folder in the eu-west-2 region. The statefile is stored in an S3 bucket with DynamoDB for state locking.

Step 1: Create a New Folder for Testing in S3

  1. Log into AWS Management Console:

    • Access the Modernisation Platform Account and navigate to the S3 service.

  2. Navigate to the S3 Bucket:

    • Go to the modernisation-platform-terraform-state bucket located in the eu-west-2 region.

  3. Create a New Folder for Testing:

    • Create a new folder within this bucket specifically for testing. This ensures the production state file remains isolated, preventing accidental overwrites.

Step 2: Copy the Backup State File for Testing

  1. Locate and Copy the Backup State File:

    • In the S3 bucket located in the eu-west-1 region, find the backup state file.

  2. Set the Destination:

    • Use the “Copy” function for the state file.
    • Under “Destination type,” select “General purpose bucket.”
    • Use the “Browse S3” feature to navigate to the destination bucket and folder created in the previous step.

  3. Specify Destination Path:

    • Ensure the destination path is correctly set, such as s3://modernisation-platform-terraform-state/environments/accounts/cooker/cooker-development/test-restore/.

Note: This method is applicable for objects encrypted with SSE-S3 (Amazon S3 managed keys). It is not suitable for objects encrypted with AWS KMS keys (SSE-KMS) or customer-provided encryption keys (SSE-C) due to additional restrictions.

Step 3: Verify the Copied State File in eu-west-2

  1. Confirm State File Availability:
    • Navigate to the modernisation-platform-terraform-state bucket in the eu-west-2 region.
    • Verify that the copied state file exists in the specified test folder.

Step 4: Configure Terraform Backend for Testing

  1. Update Terraform Configuration:
    • Modify Terraform configuration file (e.g., backend.tf) to point the backend key to the new test path where the copied state file resides.

Step 5: Initialise and Test the Configuration

  1. Reinitialise the Terraform Backend:

    • Run terraform init -reconfigure to reinitialize the backend with the new test configuration. This step ensures that Terraform recognises the state file at the new location.

  2. Verify the Setup:

    • Execute terraform plan to confirm that the state file is correctly recognised and that no changes will be applied unintentionally.

EC2 Backup and Restore

1. Set Up and Launch an EC2 Instance

  • Create an EC2 instance with a “Test” file.

2. Set Up AWS Backup

  • You can set up AWS Backup manually through the AWS Management Console or automate the process using Terraform. The setup involves creating a Backup Vault, an IAM role with necessary policies, and defining a backup plan.

Create Backup Vault

IAM Role and Policy Setup (create a new one or use default)

  1. Create IAM Role for AWS Backup:

    • Create a new role with AWS Backup service as the trusted entity.
    • Attach the AWSBackupServiceRolePolicyForBackup managed policy.

  2. Create and Attach IAM Policy:

    • Create a custom IAM policy with permissions for EC2 and backup operations.
    • Attach this policy to the IAM role created for AWS Backup.

3. Backup Plan Setup

Create a Backup Plan: - In the AWS Backup Console, go to “Backup plans” and click “Create backup plan.” - Choose a predefined plan or create a custom one. - Set backup frequency (e.g., daily) and retention period (e.g., 7 days).

4. Create On-Demand Backup

  • Select protected resources and create on-demand backup.
  • Select EC2 as the resource type that you want to back up.
  • Choose the Instance ID of the EC2 resource that you want to protect.

5. Restore EC2 Instance

  • Go to the AWS Backup console
  • Click on “Backup vaults” and select your vault.
  • Select the recovery point ARN and choose Restore.
  • This will bring you to a Restore backup screen that will have the configurations for the EC2 instance using the backed-up AMI.
  • Follow the prompts to complete the restoration.
  • Check for your restored backup job under Restore jobs in the the AWS Backup console.

6. Verify the restored instance

  • Connect to the restored EC2 instance using SSH or AWS Systems Manager (SSM).
  • Navigate to the location of the test file.

- Verify that the test file exists and contains the expected content.

References

This page was last reviewed on 6 August 2024. It needs to be reviewed again on 6 February 2025 by the page owner #modernisation-platform .
This page was set to be reviewed before 6 February 2025 by the page owner #modernisation-platform. This might mean the content is out of date.