Link Search Menu Expand Document

AWS Backup import into Elastio

Table of Contents

You now can import your AWS Backups from the AWS accounts linked to the Elastio tenant through Elastio CLI. This would allow to scan the AWS backups for various kins of threats, such as malware, ransomware and filesystem errors. The import can be done for AWS recovery points of the EC2 instances or EBS volumes. You would only need the recovery point ARN and the AWS vault ARN.

Import AWS Backup recovery point into Elastio

Run this command to import the AWS Backup into Elastio and scan it for malware and ransomware through Elastio CLI.

elastio aws-backup import --rp-arn <aws-rp-arn> --rp-vault <aws-vault-arn> --iscan

An example output can be viewed below:

elastio aws-backup import  --rp-vault Default --iscan --rp-arn arn:aws:ec2:us-west-2::image/ami-0d466c69cd08beee3 --iscan --monitor
This operation (elastio:aws:backup:rp:import) will run as a background job ID j-01gkkfatmhneqa6z4ppsw5er1y

The job j-01gkkfatmhneqa6z4ppsw5er1y has finished with status S:Successful

▪ (S:Successful)[00:01:19]            ######################################## 8.00GB/8.00GB (103.70MB/s)Ingesting
▪   (S:Successful)[00:01:18]          ######################################## 8.00GB/8.00GB (105.03MB/s)Ingesting
Job output:
{
  "details": {
    "ingest": {
      "counters": {
        "bytes_chunked": 8589934592,
        "bytes_compressed_and_encrypted": 0,
        "bytes_hashed": 8589934592,
        "bytes_included": 8589934592,
        "bytes_read": 8589934592,
        "bytes_skipped": 0,
        "bytes_uploaded": 0,
        "chunking_duration": {
          "nanos": 5021336,
          "secs": 0
        },
        "chunks_created": 131072,
        "chunks_hashed": 131072,
        "chunks_skipped": 0,
        "chunks_uploaded": 0,
        "compression_and_encryption_duration": {
          "nanos": 0,
          "secs": 0
        },
        "existing_bytes": 8589934592,
        "existing_chunks": 131072,
        "hashing_duration": {
          "nanos": 516395086,
          "secs": 496
        },
        "segments_uploaded": 0,
        "total_bytes_ingested": 8589934592,
        "total_bytes_to_ingest": 8589934592,
        "unique_bytes": 0,
        "unique_chunks": 0,
        "upload_duration": {
          "nanos": 0,
          "secs": 0
        }
      },
      "items": [
        {
          "counters": {
            "bytes_chunked": 8589934592,
            "bytes_compressed_and_encrypted": 0,
            "bytes_hashed": 8589934592,
            "bytes_included": 8589934592,
            "bytes_read": 8589934592,
            "bytes_skipped": 0,
            "bytes_uploaded": 0,
            "chunking_duration": {
              "nanos": 5021336,
              "secs": 0
            },
            "chunks_created": 131072,
            "chunks_hashed": 131072,
            "chunks_skipped": 0,
            "chunks_uploaded": 0,
            "compression_and_encryption_duration": {
              "nanos": 0,
              "secs": 0
            },
            "existing_bytes": 8589934592,
            "existing_chunks": 131072,
            "hashing_duration": {
              "nanos": 516395086,
              "secs": 496
            },
            "segments_uploaded": 0,
            "total_bytes_ingested": 8589934592,
            "total_bytes_to_ingest": 8589934592,
            "unique_bytes": 0,
            "unique_chunks": 0,
            "upload_duration": {
              "nanos": 0,
              "secs": 0
            }
          },
          "description": "/dev/nvme1n1",
          "succeeded": {
            "blob_id": "b-01gkc25b8dpwf8hzapg8k8phe7",
            "version_id": "b-01gkc25b8dpwf8hzapg8k8phe7:4"
          }
        }
      ],
      "schema": "v1"
    },
    "job_data": {
      "details": {
        "asset_source": {
          "asset_source": "elastio:asset:aws-ec2:s:101443934432:us-west-2:i-07d3c8700a7724d00",
          "schema": "v1"
        },
        "rp_id": {
          "rp_id": "rp-01gkkfendmyxmwkqjz6f4vea3g",
          "schema": "v1"
        }
      },
      "schema": "v1"
    }
  },
  "schema": "v1"
}

Restore EC2 from an AWS Backup import

After the AWS backup is imported in Elastio, it would appear in the recovery points list as an EC2 backup recovery point. Thus, it can be restored as a normal Elastio EC2 backup, see examples below.

Run this command to restore the EC2 instance from the recovery point imported from AWS Backup.

elastio ec2 restore --rp <rp-id> --monitor

Scan AWS backup and send result to Amazon EventBridge

You can find the instructions on how to scan the AWS backup for vulnerabilities and send result to EventBridge here.