Performing File-Level Restore
In case a disaster strikes, you can recover corrupted or missing files of an EC2 instance from a cloud-native snapshot or image-level backup. Veeam Backup for AWS allows you to download the necessary files and folders to a local machine or restore the files and folders to the source EC2 instance using the File Level Recovery for Veeam Backup browser.
You can restore files and folders from the following file systems:
Veeam Backup for AWS supports file-level restore only for data deduplication-disabled simple volumes.
How File-Level Restore Works
To recover files and folders of a backed-up EC2 instance, Veeam Backup for AWS performs the following steps:
- Launches a worker instance in either of the following AWS Regions:
- To restore files and folders from a cloud-native snapshot or a snapshot replicas, Veeam Backup for AWS launches the worker instance in the AWS Region where the source EC2 instance resides.
- To restore files and folders from an image-level backup, Veeam Backup for AWS launches the worker instance in the AWS Region where the target S3 repository resides.
- Attaches and mounts EBS volumes of the EC2 instance to the worker instance.
EBS volumes are not physically extracted from the backup — Veeam Backup for AWS emulates their presence on the worker instance. The source backup itself remains in the read-only state.
- [This step applies only if you perform restore to the original location] Installs the Veeam restore tool to the source EC2 instance.
- Launches the File Level Recovery for Veeam Backup browser.
The File Level Recovery for Veeam Backup browser displays the file system tree of the backed-up EC2 instance. In the browser, you select the necessary files and folders to restore.
- Saves the selected files and folders to the local machine or restores them to the original EC2 instance if the Additional restore mode is enabled.
- Unmounts and detaches EBS volumes of the backed-up EC2 instance from the worker instance.
- [This step applies only if you perform restore to the original location] Removes the Veeam restore tool from the original EC2 instance if the Keep the restore tool at the target instance option is not selected.
- Removes the worker instance from Amazon EC2.
Before you start file-level restore, check the following prerequisites:
- The machine from which you plan to open the File Level Recovery for Veeam Backup browser must be allowed to access the worker instances over the internet. To enable internet access for a worker instance, update the security group specified in worker instance settings to add an inbound rule for HTTPS traffic on the port 443. To learn how to add rules to security groups, see AWS Documentation.
- The IAM role attached to the source EC2 instance has permissions to communicate with the SSM.
- If the source EC2 instance and backup appliance reside in the same AWS account, the IAM role attached to the source EC2 instance has the following permissions: sqs:ListQueues, sqs:GetQueueUrl, kinesis:List*, kinesis:Describe*, kinesis:Get*, sqs:GetQueueAttributes, sqs:ListDeadLetterSourceQueues.
- If the source EC2 instance and backup appliance reside in different AWS accounts, the IAM role attached to the source EC2 instance has permissions to assume the following role: arn:aws:iam::<service-account-id>:role/veeam_rto_<original-instance-id>, where the <service-account-id> is an AWS ID of the trusted AWS account, <original-instance-id> is an AWS ID of the source EC2 instance.
How to Perform File-Level Recovery
To recover files and folders of a protected VM instance, do the following: