Performing File-Level Restore
In case a disaster strikes, you can recover corrupted or missing files of an EC2 instance from a cloud-native snapshot or image-level backup. Veeam Backup for AWS allows you to download the necessary files and folders to a local machine or restore the files and folders to the source EC2 instance using the file-level recovery browser.
Important |
You can restore files and folders from the following file systems:
Veeam Backup for AWS supports file-level restore only for Microsoft Windows basic volumes. |
How EC2 File-Level Restore Works
To recover files and folders of a backed-up EC2 instance, Veeam Backup for AWS performs the following steps:
- Launches a worker instance in either of the following AWS Regions:
- To restore files and folders from a cloud-native snapshot or a snapshot replicas, Veeam Backup for AWS launches the worker instance in the AWS Region where the source EC2 snapshot or snapshot replica resides.
- To restore files and folders from an image-level backup, Veeam Backup for AWS launches the worker instance in the AWS Region where the backup repository with backed-up data resides.
- Attaches and mounts EBS volumes of the EC2 instance to the worker instance.
EBS volumes are not physically extracted from the backup — Veeam Backup for AWS emulates their presence on the worker instance. The source backup itself remains in the read-only state.
- [This step applies only if you perform restore to the original location] Installs the Veeam restore tool to the source EC2 instance.
- Launches the file-level recovery browser.
The file-level recovery browser displays the file system tree of the backed-up EC2 instance. In the browser, you select the necessary files and folders to restore.
- Saves the selected files and folders to the local machine or restores them to the source EC2 instance if the Additional restore mode is enabled.
- Unmounts and detaches EBS volumes of the backed-up EC2 instance from the worker instance.
- [This step applies only if you perform restore to the original location] Removes the Veeam restore tool from the source EC2 instance if the Keep the restore tool at the target instance option is not selected.
- Removes the worker instance from Amazon EC2.
To recover files and folders of an EC2 instance from a backup that is stored in the archive backup repository, you must retrieve the archived data manually before you begin the file-level recovery operation. For more information on data retrieval, see Retrieving Data From Archive.
Before you start file-level restore, check the following prerequisites:
- The 443 port must be open on worker instances to allow inbound network access from the machine from which you plan to open the file-level recovery browser. To enable access for a worker instance, update the security group specified in worker instance settings to add an inbound rule. To learn how to add rules to security groups, see AWS Documentation.
- The IAM role attached to the source EC2 instance has permissions to communicate with the SSM.
- If the source EC2 instance and backup appliance reside in the same AWS account, the IAM role attached to the source EC2 instance has the following permissions: sqs:ListQueues, sqs:GetQueueUrl, kinesis:List*, kinesis:Describe*, kinesis:Get*, sqs:GetQueueAttributes, sqs:ListDeadLetterSourceQueues.
- If the source EC2 instance and backup appliance reside in different AWS accounts, the IAM role attached to the source EC2 instance has permissions to assume the following role: arn:aws:iam::<service-account-id>:role/veeam_rto_<original-instance-id>, where the <service-account-id> is an AWS ID of the trusted AWS account, <original-instance-id> is an AWS ID of the source EC2 instance.
How to Perform EC2 File-Level Restore
To recover files and folders of a protected EC2 instance, do the following: