Reference Guide
Table of Contents
elastio
elastio 0.31.81 (94b2a4d 2024-09-06T10:54:44.000000000Z)
The possible operations implemented by the Elastio CLI.
While primarily intended to operate as a structop subcommand in the CLI, this is also used by Rust-based automated tests to perform the same operations as the CLI albeit under automation.
To execute an operation, you must instantiate an [`OperationExecutor`]
USAGE:
elastio [FLAGS] [OPTIONS] <SUBCOMMAND>
FLAGS:
-h, --help
Prints help information
--no-progress
Do not print the progress bar for foreground operations
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--log-filter <filter>
An optional env-logger style filter expression which determines what log events will be output.
See the `EnvFilter` docs for detailed syntax and examples.
This value, if present, overrides whatever is in the `ELASTIO_LOG` environment variable [env: ELASTIO_LOG=]
--file-path <log-file-path>
Override path for log file.
Default is /tmp/log.json
--log-output <log-output>
Defines the level of detail to include in the human-readable log output or selects JSON output format (doesn't support levels of detail)
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--log-rate-limit <rate-limit>
The maximum rate at which log events will be output, as measured in bytes per minute. This can take the form of a number of bytes (ie "123456") or unit suffixes like "1M" for 1 megabyte.
If this rate limit is exceeded, then log events will be dropped.
If this argument is not specified, then log events will be output without any rate limit. Be careful when using this with a log management tool like Cloudwatch which can become very expensive if a large
volume of log events are generated. [env: ELASTIO_LOG_RATE_LIMIT=]
SUBCOMMANDS:
aws-backup Operate on AWS recovery points
block Backup or restore block devices
device Display information about devices on local system
driver Interact with the change tracking driver on the local system
ebs Backup or restore AWS EBS volumes
ec2 Backup or restore AWS EC2 instances
file Backup, restore or scan files, folders and directories
fs-check Checks the filesystem(s) in the recovery point
help Prints this message or the help of the given subcommand(s)
integrity-check An enumeration representing the subcommands for the integrity check
iscan Scan filesystem volume for the signs of detonated ransomware and dormant malware
job List and manage Elastio jobs
leases Manage leases
mount Mount recovery points as local NBD devices
postgres Backup or restore postgres database
recovery-point Browse recovery points with various search filters
s3 Backup, restore and scan AWS S3 objects
stream Backup or restore files or data from stdin-stream
test Execute driver test
umount Dismount mounted recovery points
vault Manage vaults in the target AWS account and region
version Get Elastio components versions
elastio aws-backup
elastio-aws-backup 0.31.81
Operate on AWS recovery points
USAGE:
elastio aws-backup [FLAGS] [OPTIONS] <SUBCOMMAND>
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
-v, --verbose Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--output-format <output-format> The output format for cli results [default: text] [possible values: json, text]
SUBCOMMANDS:
help Prints this message or the help of the given subcommand(s)
import Import AWS backup
scan Run scan operation without importing of the AWS RP
elastio aws-backup import
elastio-aws-backup-import 0.31.81
Import AWS backup
USAGE:
elastio aws-backup import [FLAGS] [OPTIONS] --rp-arn <rp-arn>
FLAGS:
--fixed-retry-delay
Change default behaviour of exponential delay increase between retries to fixed. This can be helpful in case if you have a very bad connection and set `max_retries` option to a high value. In case of
exponential delay high `max_retries` value may lead to years of delay. Using `fixed_retry_delay` will fix this problem
--allow-incremental-malware-scan
Allows to run incremental malware scan. By default it is not allowed except for EFS and S3 assets (see the reasoning in `--no-incremental-malware-scan`)
--fail-on-marketplace-volumes
EBS snapshot-based AWS resources (EBS, EC2, Backup RP, AMI) scans only: If `true`, will fail to scan a snapshot if it was created from a AWS Marketplace volume. Otherwise, will perform snapshot IO using
EBS Direct API and scan as usual
--force-full-scan
Forcibly runs full scan, even if incremental scan is possible
--force-rescan-ebs-snapshots
When `iscan` of EBS volume snapshots is requested, if set to `true`, will rescan all the snapshots regardless of their previous scan status. Otherwise, will scan only the snapshots that have not been
successfully scanned before.
Warning: this can be a very long and expensive process. Do not use this unless you know what you are doing!
--foreground
Override the default behavior of launching a background job to perform this operation, and instead run it locally.
This will only work if the command is run on a compatible EC2 instance in the correct region, and is not recommended for general use.
--fs-check
Checks the filesystem(s) in the recovery point after completion with the corresponding filesystem check tools
-h, --help
Prints help information
--metadata-only
If set to `true`, disables the actual upload of data, performing only a metadata ingest.
This is only ever used for certain benchmark testing and debugging. Using it in a production environment guarantees data loss!
--monitor
After this operation is submitted as a background job, immediately switch to monitor mode to monitor the progress of the job
--no-incremental-malware-scan
Disallows to run incremental malware scan. This option makes sense only for scans of the asset that supports the concept of tiered storage, like S3 or EFS. For such assets, this option will make the scan
pull objects from the cold storage to the hot storage incurring additional costs.
By default incremental malware scan is allowed for EFS/S3 assets.
--send-event
Is sending events enabled
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--max-retries <max-retries>
Maximum number of times to retry failed network operations before giving up.
See also `retry_delay` which controls the time delay between retries. [default: 6]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--retry-delay <retry-delay>
Delay (in seconds) between an initial upload failure and the first retry.
This parameter sets the initial delay for repeating failed operations. If `fixed_retry_delay` is not set, with each failed attempt, the delay time will increase exponentially, up to the max retry limit.
The exponent is 2.71. [default: 3.0]
--tag <tags>...
Set a tag on recovery point or list only recovery points that have this tag. This parameter can be specified multiple times; when filtering, the tags are “AND”-ed (conjunction)
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--event-bridge-bus <event-bridge-bus>
Name of the event bridge bus to use when sending events
--event-bridge-endpoint-id <event-bridge-endpoint-id>
Id of the EventBridge to use when sending events
--iscan <iscan>
Automatically run `elastio iscan` against the backup after completion to detect malware threats and ransomware attacks.
This is equivalent to manually running `elastio iscan full --rp $RP_ID` on the recovery point produced after a successful backup. [possible values: ransomware, ransomware-and-entropy-detection, malware,
full, full-and-entropy-detection]
--max-ebs-retries <max-ebs-retries>
The maximum number of times to retry getting state of an operation in progress. For example, when we create snapshot we then send every 2 seconds request to get snapshot state If this request fails we
don't know if snapshot failed or succeeded. This parameter tells how many times we'll try to resend that request [default: 10]
--max-scan-errors-allowed <max-scan-errors-allowed>
How many scan errors are allowed before the scan is forcibly aborted [env: ELASTIO_MAX_SCAN_ERRORS_ALLOWED=]
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--parallel-compressors <parallel-compressors>
Same as `parallel_hashers`, but for compression (and also encryption since they happen together) [default: 0]
--parallel-extents <parallel-extents>
How many extents to ingest in parallel [default: 0]
--parallel-hashers <parallel-hashers>
How many hash workers to run in parallel (meaning how many parallel threads should be computing hashes) [default: 0]
--parallel-segments <parallel-segments>
The number of compressed, deduped, encrypted segments to upload in parallel [default: 0]
--rp-arn <rp-arn>
The AWS Recovery Point ARN to import
--rp-vault <rp-vault>
The name of AWS Backup vault for Recovery Point to import By default the "Default" vault is assumed
--timeout-seconds <timeout-seconds>
Overrides job execution params. Note that this setting currently affect only jobs started in background mode
--event-bridge-user-data <user-data>
Data that will not be parsed and will simply be reproduced in the resulting `EventBridge` scan results event
--vault <vault>
The name of the vault to store the backup. When doing Elastio integrity check of AWS resources, vault is used for storing scans metadata which is needed to perform incremental scans
elastio aws-backup scan
elastio-aws-backup-scan 0.31.81
Run scan operation without importing of the AWS RP
USAGE:
elastio aws-backup scan [FLAGS] [OPTIONS] --aws-backup-rp <aws-backup-rp> [restored-resource-id]
FLAGS:
--allow-incremental-malware-scan
Allows to run incremental malware scan. By default it is not allowed except for EFS and S3 assets (see the reasoning in `--no-incremental-malware-scan`)
--fail-on-marketplace-volumes
EBS snapshot-based AWS resources (EBS, EC2, Backup RP, AMI) scans only: If `true`, will fail to scan a snapshot if it was created from a AWS Marketplace volume. Otherwise, will perform snapshot IO using
EBS Direct API and scan as usual
--force-full-scan
Forcibly runs full scan, even if incremental scan is possible
--force-rescan-ebs-snapshots
When `iscan` of EBS volume snapshots is requested, if set to `true`, will rescan all the snapshots regardless of their previous scan status. Otherwise, will scan only the snapshots that have not been
successfully scanned before.
Warning: this can be a very long and expensive process. Do not use this unless you know what you are doing!
--foreground
Override the default behavior of launching a background job to perform this operation, and instead run it locally.
This will only work if the command is run on a compatible EC2 instance in the correct region, and is not recommended for general use.
-h, --help
Prints help information
--monitor
After this operation is submitted as a background job, immediately switch to monitor mode to monitor the progress of the job
--no-incremental-malware-scan
Disallows to run incremental malware scan. This option makes sense only for scans of the asset that supports the concept of tiered storage, like S3 or EFS. For such assets, this option will make the scan
pull objects from the cold storage to the hot storage incurring additional costs.
By default incremental malware scan is allowed for EFS/S3 assets.
--send-event
Is sending events enabled
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-backup-rp <aws-backup-rp>
The AWS Backup Recovery Point ARN to scan
--aws-backup-vault <aws-backup-vault>
The AWS Backup vault which contains the recovery point to scan. By default the "Default" vault is assumed
--event-bridge-bus <event-bridge-bus>
Name of the event bridge bus to use when sending events
--event-bridge-endpoint-id <event-bridge-endpoint-id>
Id of the EventBridge to use when sending events
--iscan <iscan>
The type of iscan operation, it is 'full' scan by default [possible values: ransomware, ransomware-and-entropy-detection, malware, full, full-and-entropy-detection]
--max-scan-errors-allowed <max-scan-errors-allowed>
How many scan errors are allowed before the scan is forcibly aborted [env: ELASTIO_MAX_SCAN_ERRORS_ALLOWED=]
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--s3-changelog-queue <s3-changelog-queue>
Changelog queue for the restored S3 bucket that allows us to read the bucket in parallel with AWS Backup filling it with restored objects. We can't just do `ListObjects` while objects are being restored
because we will get incomplete results, but with the changelog queue we get the objects as they are being restored.
This is optional, and if not provided, the scan will be done without using the S3 changelog queue.
--event-bridge-user-data <user-data>
Data that will not be parsed and will simply be reproduced in the resulting `EventBridge` scan results event
--vault <vault>
Specifies an Elastio vault that will be used as a context for the operation. Elastio vault determines the compute environment that will be used to run the background job.
The default vault will be used if not specified
ARGS:
<restored-resource-id>
In AWS Backup recovery test scenario, contains the ID of the temporary restored resource created from the AWS Backup recovery point.
It may be one of the following: - EFS filesystem ID (required for EFS RP) - S3 bucket name (required for S3 RP) - EBS volume ID - EC2 instance ID
This restored resource is used for reading the data. However, the reported scan results will be associated with the originally backed up resource, that is discovered from the `--aws-backup-rp`.
More info: <https://github.com/elastio/contrib/tree/master/aws-backup-elastio-integration/elastio-api#request>
elastio block
elastio-block 0.31.81
Backup or restore block devices
USAGE:
elastio block [FLAGS] [OPTIONS] <SUBCOMMAND>
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
-v, --verbose Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--output-format <output-format> The output format for cli results [default: text] [possible values: json, text]
SUBCOMMANDS:
backup Perform a block backup of an instance or localhost using the Elastio agent
help Prints this message or the help of the given subcommand(s)
mount Mount a block device backup locally
restore Restore block device instance from the recovery point
elastio block backup
elastio-block-backup 0.31.81
Perform a block backup of an instance or localhost using the Elastio agent
USAGE:
elastio block backup [FLAGS] [OPTIONS] <devices>...
FLAGS:
--fixed-retry-delay
Change default behaviour of exponential delay increase between retries to fixed. This can be helpful in case if you have a very bad connection and set `max_retries` option to a high value. In case of
exponential delay high `max_retries` value may lead to years of delay. Using `fixed_retry_delay` will fix this problem
--all-blocks
Force ingest of all blocks on the block device regardless of whether or not they are allocated by the filesystem.
This is almost always wasteful and unnecessary, and is used only for diagnostic purposes
--allow-incremental-malware-scan
Allows to run incremental malware scan. By default it is not allowed except for EFS and S3 assets (see the reasoning in `--no-incremental-malware-scan`)
-u, --allow-unsafe
Allow ingest of block devices that are not read-only and cannot be snapshotted.
Normally this is an error because it virtually guarantees that the resulting backup is inconsistent and potentially unusable.
--fail-on-marketplace-volumes
EBS snapshot-based AWS resources (EBS, EC2, Backup RP, AMI) scans only: If `true`, will fail to scan a snapshot if it was created from a AWS Marketplace volume. Otherwise, will perform snapshot IO using
EBS Direct API and scan as usual
-b, --force-base
Force a full ingest of all allocated blocks (or all blocks if `all_blocks` is enabled).
If this is `false`, elastio attempts to use the platform's change block tracking feature to ingest only blocks which have changed since the last successful ingest. If this is set to `true`, change logs are
ignored and a new full ingest is performed unconditionally. Also, new blob ID is generated for the snapshot so it will be detached from current snapshot chain.
Generally this is only used when testing or in rare cases where the change logs are known to be incomplete.
-f, --force-full
Force a full ingest of all allocated blocks
If this is `false`, elastio attempts to use the platform's change block tracking feature to ingest only blocks which have changed since the last successful ingest. If this is set to `true`, change logs are
ignored and a new full ingest is performed unconditionally. Unlike a base snapshot, the snapshot created as result of full ingest is still a part of existing snapshot chain
--force-full-scan
Forcibly runs full scan, even if incremental scan is possible
--force-rescan-ebs-snapshots
When `iscan` of EBS volume snapshots is requested, if set to `true`, will rescan all the snapshots regardless of their previous scan status. Otherwise, will scan only the snapshots that have not been
successfully scanned before.
Warning: this can be a very long and expensive process. Do not use this unless you know what you are doing!
--fs-check
Checks the filesystem(s) in the recovery point after completion with the corresponding filesystem check tools
-h, --help
Prints help information
--metadata-only
If set to `true`, disables the actual upload of data, performing only a metadata ingest.
This is only ever used for certain benchmark testing and debugging. Using it in a production environment guarantees data loss!
--no-incremental-malware-scan
Disallows to run incremental malware scan. This option makes sense only for scans of the asset that supports the concept of tiered storage, like S3 or EFS. For such assets, this option will make the scan
pull objects from the cold storage to the hot storage incurring additional costs.
By default incremental malware scan is allowed for EFS/S3 assets.
--send-event
Is sending events enabled
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--hostname-override <hostname-override>
The string to use instead of the system's hostname (foreground mode only)
--max-retries <max-retries>
Maximum number of times to retry failed network operations before giving up.
See also `retry_delay` which controls the time delay between retries. [default: 6]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--retry-delay <retry-delay>
Delay (in seconds) between an initial upload failure and the first retry.
This parameter sets the initial delay for repeating failed operations. If `fixed_retry_delay` is not set, with each failed attempt, the delay time will increase exponentially, up to the max retry limit.
The exponent is 2.71. [default: 3.0]
-t, --snapshot-type <snapshot-type>
The snapshot technology to use when ingesting block devices. Possible values: [`cbt`, `none`, `auto`].
cbt: always use the Elastio change block tracking driver. If the driver isn't present or not supported on the target platform the ingest will fail.
none: don't use any snapshot technology (requires that all block devices to ingest are unmounted and will not be written to during the ingest, unless `allow_unsafe` is set to `true`) [default: auto]
--tag <tags>...
Set a tag on recovery point or list only recovery points that have this tag. This parameter can be specified multiple times; when filtering, the tags are “AND”-ed (conjunction)
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--event-bridge-bus <event-bridge-bus>
Name of the event bridge bus to use when sending events
--event-bridge-endpoint-id <event-bridge-endpoint-id>
Id of the EventBridge to use when sending events
--iscan <iscan>
Automatically run `elastio iscan` against the backup after completion to detect malware threats and ransomware attacks.
This is equivalent to manually running `elastio iscan full --rp $RP_ID` on the recovery point produced after a successful backup. [possible values: ransomware, ransomware-and-entropy-detection, malware,
full, full-and-entropy-detection]
--max-scan-errors-allowed <max-scan-errors-allowed>
How many scan errors are allowed before the scan is forcibly aborted [env: ELASTIO_MAX_SCAN_ERRORS_ALLOWED=]
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--parallel-compressors <parallel-compressors>
Same as `parallel_hashers`, but for compression (and also encryption since they happen together) [default: 0]
--parallel-extents <parallel-extents>
How many extents to ingest in parallel [default: 0]
--parallel-hashers <parallel-hashers>
How many hash workers to run in parallel (meaning how many parallel threads should be computing hashes) [default: 0]
--parallel-segments <parallel-segments>
The number of compressed, deduped, encrypted segments to upload in parallel [default: 0]
--timeout-seconds <timeout-seconds>
Overrides job execution params. Note that this setting currently affect only jobs started in background mode
--event-bridge-user-data <user-data>
Data that will not be parsed and will simply be reproduced in the resulting `EventBridge` scan results event
--vault <vault>
The name of the vault to store the backup. When doing Elastio integrity check of AWS resources, vault is used for storing scans metadata which is needed to perform incremental scans
ARGS:
<devices>...
Block devices to back up
EXAMPLE:
elastio block backup /dev/fd0 --tag ubuntu:staging
elastio block mount
elastio-block-mount 0.31.81
Mount a block device backup locally
USAGE:
elastio block mount [FLAGS] [OPTIONS] --rp <rp-id> [from[:to]]...
FLAGS:
--fixed-retry-delay
Change default behaviour of exponential delay increase between retries to fixed. This can be helpful in case if you have a very bad connection and set `max_retries` option to a high value. In case of
exponential delay high `max_retries` value may lead to years of delay. Using `fixed_retry_delay` will fix this problem
--attach-only
Attach backup block devices via NBD but do not attempt to mount any filesystems
--fail-on-marketplace-volumes
If `true`, will fail to mount the snapshot if it was created from a AWS Marketplace volume. Otherwise, will perform mount using EBS Direct API
-h, --help
Prints help information
--no-verify-chunks
Disable verification of chunk hashes on read.
By default each chunk's hash is computed after reading, and compared with the expected hash, to detect corruption anywhere in the read path. This should not be disabled except in cases where the
performance impact of the hash computation would be unacceptable.
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--max-retries <max-retries>
Maximum number of times to retry failed network operations before giving up.
See also `retry_delay` which controls the time delay between retries. [default: 6]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--retry-delay <retry-delay>
Delay (in seconds) between an initial upload failure and the first retry.
This parameter sets the initial delay for repeating failed operations. If `fixed_retry_delay` is not set, with each failed attempt, the delay time will increase exponentially, up to the max retry limit.
The exponent is 2.71. [default: 3.0]
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--backing-file-dir <backing-file-dir>
A path to a directory where special file that will accumulate written data will be placed. The underlying device should have enough free space depending on how many changes are going to be written. If
writable mount is requested and path is not specified, temp directory will be used instead
--bitmap-file-dir <bitmap-file-dir>
A path to a directory where special bitmap file which stores information about written areas will be placed. If writable mount is requested and path is not specified, temp directory will be used instead
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--host <hostname>
Specify the recovery point of an asset from certain host
--ec2 <instance-id>
Specify the recovery point of an asset from EC2 instance
--max-cached-chunks <max-cached-chunks>
The maximum number of chunks to cache during read operations. The default value of `0` means use reasonable defaults [default: 0]
--max-cached-slices <max-cached-slices>
The maximum number of segment slices to cache during read operations. The default value of `0` means use reasonable defaults [default: 0]
--max-concurrency <max-concurrency>
The value describes how many data blocks of `write_buffer_len` length CLI will read in parallel. The default value of `0` means use reasonable defaults [default: 0]
--max-download-concurrency <max-download-concurrency>
The value describes how many concurrent data chunk download operations CLI may initiate. The default value of `0` means use reasonable defaults [default: 0]
--max-process-concurrency <max-process-concurrency>
The value describes how many concurrent data chunk decompress/decrypt operations CLI may initiate. The default value of `0` means use reasonable defaults [default: 0]
--mount-options <mount-options="">
Options which will be used to mount devices. Specify in the following way: `--mount-options="$OPTIONS"`
--mount-type <mount-type>
How to perform the mount, possible values:
'ro' - mounts devices in read-only mode, no writes are allowed.
'rw' - mounts devices in writable mode, the changed data is stored in the special backing
file, the recovery point stays unmodified. If the same recovery point was mounted in
writable mode before, all previous changes are discarded.
'pw' - mounts devices in read-only mode, but the changes done during previous writable mount
are preserved and available.
[default: ro] [possible values: ro, rw, pw]
--nbd-client-args <nbd-client-args="">
Arguments which will be used to attach devices via NBD. Specify in the following way: `--nbd-client-args="$OPTIONS"`
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--read-instructions-cache-line-size <read-instructions-cache-line-size>
Minimum size of read data instructions. If not explicitly set, will use the reasonable default. Default is 64MB.
To change size insert value in bytes. It is not recommended to make this value smaller than default.
Any reads less than this size are expanded into the minimum size for better performance.
--read-instructions-cache-size <read-instructions-cache-size>
The size of the read instructions cache. If not set, a reasonable default will automatically be used. Default is 256
-r, --region <region>
Specify a recovery point from a certain region
--rp <rp-id>
Recovery point to restore from (see SPECIFYING RECOVERY POINT)
--stride-len <stride-len>
The size in bytes of each metadata read operation. The default value of `0` means use reasonable defaults [default: 0]
--vault <vault>
The name of the vault to store the backup. When doing Elastio integrity check of AWS resources, vault is used for storing scans metadata which is needed to perform incremental scans
--write-buffer-len <write-buffer-len>
The size (in bytes) of single data portion that allows to achieve the best write performance. It may depend on the nature of restore target and environment parameters. The default value of `0` means use
reasonable defaults [default: 0]
ARGS:
<from[:to]>...
Source and destination file paths, separated with ':'.
Multiple <from[:to]> pairs are space-separated.
If destination is not specified the command will be automatically generate
a mount point under `/media/elastio/` directory
SPECIFYING RECOVERY POINT:
<rp-id>, e.g. r-dfa1xkmb7bqordtqpedc1wgu
Recovery point ID.
@
The most recent recovery point.
@~[<n>], e.g. @~, @~5
The <n>th recovery point before the latest one.
@~ is equivalent to @~1; @~0 is equivalent to @.
@{<date>}, e.g. @{2021-04-30 11:15}
Specifies the value of the recovery point at a prior point in time.
Note that this looks up the latest recovery point at a given time.
EXAMPLES:
# Mount block devices from the latest recovery point of a specific EC2 instance
elastio block mount --rp @ --ec2 i-0ac31968815b0060e
# Mount specific block device from a recovery point with known ID
# (note that there is no need to specify instance ID or hostname in this case)
elastio block mount --rp r-dfcq4cye5ddq9hvssfgoubr3 /dev/sda1
elastio block restore
elastio-block-restore 0.31.81
Restore block device instance from the recovery point
USAGE:
elastio block restore [FLAGS] [OPTIONS] <restore-entries>... --rp <rp-id>
FLAGS:
--fixed-retry-delay
Change default behaviour of exponential delay increase between retries to fixed. This can be helpful in case if you have a very bad connection and set `max_retries` option to a high value. In case of
exponential delay high `max_retries` value may lead to years of delay. Using `fixed_retry_delay` will fix this problem
--auto-remount
Automatically remount partitions after the restore.
The operation will unmount block devices. This flag will try to mount partitions back after the operation. If it is not used, nothing will be remounted after restore.
-n, --dry-run
Do everything except actual restoration
-h, --help
Prints help information
--no-verify-chunks
Disable verification of chunk hashes on read.
By default each chunk's hash is computed after reading, and compared with the expected hash, to detect corruption anywhere in the read path. This should not be disabled except in cases where the
performance impact of the hash computation would be unacceptable.
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
-y, --yes
Automatically confirm any interactive requests. Suppress interactive requests to confirm unmounting and destructive actions
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--max-retries <max-retries>
Maximum number of times to retry failed network operations before giving up.
See also `retry_delay` which controls the time delay between retries. [default: 6]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--retry-delay <retry-delay>
Delay (in seconds) between an initial upload failure and the first retry.
This parameter sets the initial delay for repeating failed operations. If `fixed_retry_delay` is not set, with each failed attempt, the delay time will increase exponentially, up to the max retry limit.
The exponent is 2.71. [default: 3.0]
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--backing-file-dir <backing-file-dir>
A path to a directory where special file that will accumulate written data will be placed. The underlying device should have enough free space depending on how many changes are going to be written. If
writable mount is requested and path is not specified, temp directory will be used instead.
Applies only to restore operations which have enabled shrink before restore.
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--host <hostname>
Specify the recovery point of an asset from certain host
--ec2 <instance-id>
Specify the recovery point of an asset from EC2 instance
--max-cached-chunks <max-cached-chunks>
The maximum number of chunks to cache during read operations. The default value of `0` means use reasonable defaults [default: 0]
--max-cached-slices <max-cached-slices>
The maximum number of segment slices to cache during read operations. The default value of `0` means use reasonable defaults [default: 0]
--max-concurrency <max-concurrency>
The value describes how many data blocks of `write_buffer_len` length CLI will read in parallel. The default value of `0` means use reasonable defaults [default: 0]
--max-download-concurrency <max-download-concurrency>
The value describes how many concurrent data chunk download operations CLI may initiate. The default value of `0` means use reasonable defaults [default: 0]
--max-process-concurrency <max-process-concurrency>
The value describes how many concurrent data chunk decompress/decrypt operations CLI may initiate. The default value of `0` means use reasonable defaults [default: 0]
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--read-instructions-cache-line-size <read-instructions-cache-line-size>
Minimum size of read data instructions. If not explicitly set, will use the reasonable default. Default is 64MB.
To change size insert value in bytes. It is not recommended to make this value smaller than default.
Any reads less than this size are expanded into the minimum size for better performance.
--read-instructions-cache-size <read-instructions-cache-size>
The size of the read instructions cache. If not set, a reasonable default will automatically be used. Default is 256
-r, --region <region>
Specify a recovery point from a certain region
--rp <rp-id>
Recovery point to restore from (see SPECIFYING RECOVERY POINT)
--shrinking-concurrency <shrinking-concurrency>
How many shrink operations may run concurrently.
Applies only to restore operations which have enabled shrink before restore. [default: 4]
--stride-len <stride-len>
The size in bytes of each metadata read operation. The default value of `0` means use reasonable defaults [default: 0]
--timeout-seconds <timeout-seconds>
Overrides job execution params. Note that this setting currently affect only jobs started in background mode
--vault <vault>
The name of the vault to store the backup. When doing Elastio integrity check of AWS resources, vault is used for storing scans metadata which is needed to perform incremental scans
--write-buffer-len <write-buffer-len>
The size (in bytes) of single data portion that allows to achieve the best write performance. It may depend on the nature of restore target and environment parameters. The default value of `0` means use
reasonable defaults [default: 0]
ARGS:
<restore-entries>...
Path to the files to be restored from the saved recovery point and (optionally) their output paths.
There are two possible options to represent each entry: `input` or `input:output`. By default, output file path is the same as input file path by default.
SPECIFYING RECOVERY POINT:
<rp-id>, e.g. r-dfa1xkmb7bqordtqpedc1wgu
Recovery point ID.
@
The most recent recovery point.
@~[<n>], e.g. @~, @~5
The <n>th recovery point before the latest one.
@~ is equivalent to @~1; @~0 is equivalent to @.
@{<date>}, e.g. @{2021-04-30 11:15}
Specifies the value of the recovery point at a prior point in time.
Note that this looks up the latest recovery point at a given time.
EXAMPLES:
# Restore a local block device backup given an RP ID which contains a backup of
# /dev/nvme0n1p1, restoring to /dev/foo
elastio block restore --rp $RP_ID /dev/nvme0n1p1:/dev/foo
# Restore a local block device backup given an RP ID which contains a backup of
# /dev/nvme0n1p1 and /dev/nvme0n1p2, restoring to /dev/foo and /dev/bar respectively
$ elastio block restore --rp $RP_ID /dev/nvme0n1p1:/dev/foo /dev/nvme0n1p2:/dev/bar
# Restore a local block device given an asset name `example.localdomain` and a timestamp
$ elastio block restore --host example.localdomain --rp '@{2021-01-28 13:21}' /dev/nvme0n1p1:/dev/foo
# Restore from the latest backup made at host `example.localdomain`
$ elastio block restore --host example.localdomain --rp @ -- /dev/nvme0n1p1:/dev/foo
elastio device
elastio-device 0.31.81
Display information about devices on local system
USAGE:
elastio device [FLAGS] [OPTIONS] <SUBCOMMAND>
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
-v, --verbose Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--output-format <output-format> The output format for cli results [default: text] [possible values: json, text]
SUBCOMMANDS:
block-device Display information about block device with path (could be disk or partition)
help Prints this message or the help of the given subcommand(s)
list-disks Display information about disks
list-partitions Display information about partitions
elastio device block-device
elastio-device-block-device 0.31.81
Display information about block device with path (could be disk or partition)
USAGE:
elastio device block-device [FLAGS] [OPTIONS] --path <path>
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
-v, --verbose Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--output-format <output-format> The output format for cli results [default: text] [possible values: json, text]
-p, --path <path>
elastio device list-disks
elastio-device-list-disks 0.31.81
Display information about disks
USAGE:
elastio device list-disks [FLAGS] [OPTIONS]
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
-v, --verbose Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--output-format <output-format> The output format for cli results [default: text] [possible values: json, text]
elastio device list-partitions
elastio-device-list-partitions 0.31.81
Display information about partitions
USAGE:
elastio device list-partitions [FLAGS] [OPTIONS]
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
-v, --verbose Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
-d, --disk <disk>
--output-format <output-format> The output format for cli results [default: text] [possible values: json, text]
elastio driver
elastio-driver 0.31.81
Interact with the change tracking driver on the local system
USAGE:
elastio driver [FLAGS] [OPTIONS] <SUBCOMMAND>
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
-v, --verbose Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--output-format <output-format> The output format for cli results [default: text] [possible values: json, text]
SUBCOMMANDS:
disable Disable change tracking on a local volume
enable Enable change tracking on a local volume
help Prints this message or the help of the given subcommand(s)
info Get the change tracking information for a local volume
snapshot Take (and immediately discards) a snapshot of one or more local volumes
status Get the current status of the driver, including version of loaded drivers
elastio driver disable
elastio-driver-disable 0.31.81
Disable change tracking on a local volume
USAGE:
elastio driver disable [FLAGS] [OPTIONS] <volume>
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
-v, --verbose Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--output-format <output-format> The output format for cli results [default: text] [possible values: json, text]
ARGS:
<volume> The mount point of the volume to operate on
elastio driver enable
elastio-driver-enable 0.31.81
Enable change tracking on a local volume
USAGE:
elastio driver enable [FLAGS] [OPTIONS] <volume>
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
-v, --verbose Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--output-format <output-format> The output format for cli results [default: text] [possible values: json, text]
ARGS:
<volume> The mount point of the volume to operate on
elastio driver info
elastio-driver-info 0.31.81
Get the change tracking information for a local volume
USAGE:
elastio driver info [FLAGS] [OPTIONS] <volume>
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
-v, --verbose Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--output-format <output-format> The output format for cli results [default: text] [possible values: json, text]
ARGS:
<volume> The mount point of the volume to operate on
elastio driver snapshot
elastio-driver-snapshot 0.31.81
Take (and immediately discards) a snapshot of one or more local volumes
USAGE:
elastio driver snapshot [FLAGS] [OPTIONS] <volumes>...
FLAGS:
-h, --help Prints help information
-s, --skip-delete If true snapshots are not deleted immediately
-V, --version Prints version information
-v, --verbose Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--output-format <output-format> The output format for cli results [default: text] [possible values: json, text]
ARGS:
<volumes>... The mount point of the volume to operate on
elastio driver status
elastio-driver-status 0.31.81
Get the current status of the driver, including version of loaded drivers
USAGE:
elastio driver status [FLAGS] [OPTIONS]
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
-v, --verbose Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--output-format <output-format> The output format for cli results [default: text] [possible values: json, text]
elastio ebs
elastio-ebs 0.31.81
Backup or restore AWS EBS volumes
USAGE:
elastio ebs [FLAGS] [OPTIONS] <SUBCOMMAND>
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
-v, --verbose Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--output-format <output-format> The output format for cli results [default: text] [possible values: json, text]
SUBCOMMANDS:
backup Backup AWS EBS volumes
help Prints this message or the help of the given subcommand(s)
import-snapshot Import an EBS snapshot(s)
mount Mount a backup of an EBS volume
restore Restore an EBS volume from the recovery point
elastio ebs backup
elastio-ebs-backup 0.31.81
Backup AWS EBS volumes
USAGE:
elastio ebs backup [FLAGS] [OPTIONS] --volume-id <volume-id>
FLAGS:
--fixed-retry-delay
Change default behaviour of exponential delay increase between retries to fixed. This can be helpful in case if you have a very bad connection and set `max_retries` option to a high value. In case of
exponential delay high `max_retries` value may lead to years of delay. Using `fixed_retry_delay` will fix this problem
--allow-incremental-malware-scan
Allows to run incremental malware scan. By default it is not allowed except for EFS and S3 assets (see the reasoning in `--no-incremental-malware-scan`)
--fail-on-marketplace-volumes
EBS snapshot-based AWS resources (EBS, EC2, Backup RP, AMI) scans only: If `true`, will fail to scan a snapshot if it was created from a AWS Marketplace volume. Otherwise, will perform snapshot IO using
EBS Direct API and scan as usual
-b, --force-base
Force a full ingest of all allocated blocks of EBS volume.
If this is `false`, elastio attempts to use the platform's change block tracking feature to ingest only blocks which have changed since the last successful ingest. If this is set to `true`, change logs are
ignored and a new full ingest is performed unconditionally. Also, new blob ID will be generated for the snapshot so it is detached from current snapshot chain.
Generally this is only used when testing or in rare cases where the change logs are known to be incomplete.
-f, --force-full
Force a full ingest of all allocated blocks
If this is `false`, elastio attempts to use the platform's change block tracking feature to ingest only blocks which have changed since the last successful ingest. If this is set to `true`, change logs are
ignored and a new full ingest is performed unconditionally.
Unlike a base snapshot, the snapshot created as result of full ingest is still a part of existing snapshot chain
--force-full-scan
Forcibly runs full scan, even if incremental scan is possible
--force-rescan-ebs-snapshots
When `iscan` of EBS volume snapshots is requested, if set to `true`, will rescan all the snapshots regardless of their previous scan status. Otherwise, will scan only the snapshots that have not been
successfully scanned before.
Warning: this can be a very long and expensive process. Do not use this unless you know what you are doing!
--foreground
Override the default behavior of launching a background job to perform this operation, and instead run it locally.
This will only work if the command is run on a compatible EC2 instance in the correct region, and is not recommended for general use.
--fs-check
Checks the filesystem(s) in the recovery point after completion with the corresponding filesystem check tools
-h, --help
Prints help information
--metadata-only
If set to `true`, disables the actual upload of data, performing only a metadata ingest.
This is only ever used for certain benchmark testing and debugging. Using it in a production environment guarantees data loss!
--monitor
After this operation is submitted as a background job, immediately switch to monitor mode to monitor the progress of the job
--no-incremental-malware-scan
Disallows to run incremental malware scan. This option makes sense only for scans of the asset that supports the concept of tiered storage, like S3 or EFS. For such assets, this option will make the scan
pull objects from the cold storage to the hot storage incurring additional costs.
By default incremental malware scan is allowed for EFS/S3 assets.
--reuse-snapshot
When preparing to ingest, try to find a snapshot created by previously unsuccessful job run. If found, reuse it instead of creating a new one
--send-event
Is sending events enabled
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--max-retries <max-retries>
Maximum number of times to retry failed network operations before giving up.
See also `retry_delay` which controls the time delay between retries. [default: 6]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--retry-delay <retry-delay>
Delay (in seconds) between an initial upload failure and the first retry.
This parameter sets the initial delay for repeating failed operations. If `fixed_retry_delay` is not set, with each failed attempt, the delay time will increase exponentially, up to the max retry limit.
The exponent is 2.71. [default: 3.0]
--tag <tags>...
Set a tag on recovery point or list only recovery points that have this tag. This parameter can be specified multiple times; when filtering, the tags are “AND”-ed (conjunction)
--asset-account-id <asset-account-id>
AWS account ID where EBS volume is located (if different from account where Elastio is deployed)
You need to deploy Asset Stack into the asset-account before backup. Asset Stack can be deployed through your Tenant.
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--event-bridge-bus <event-bridge-bus>
Name of the event bridge bus to use when sending events
--event-bridge-endpoint-id <event-bridge-endpoint-id>
Id of the EventBridge to use when sending events
--iscan <iscan>
Automatically run `elastio iscan` against the backup after completion to detect malware threats and ransomware attacks.
This is equivalent to manually running `elastio iscan full --rp $RP_ID` on the recovery point produced after a successful backup. [possible values: ransomware, ransomware-and-entropy-detection, malware,
full, full-and-entropy-detection]
--max-ebs-retries <max-ebs-retries>
The maximum number of times to retry getting state of an operation in progress. For example, when we create snapshot we then send every 2 seconds request to get snapshot state If this request fails we
don't know if snapshot failed or succeeded. This parameter tells how many times we'll try to resend that request [default: 10]
--max-scan-errors-allowed <max-scan-errors-allowed>
How many scan errors are allowed before the scan is forcibly aborted [env: ELASTIO_MAX_SCAN_ERRORS_ALLOWED=]
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--parallel-compressors <parallel-compressors>
Same as `parallel_hashers`, but for compression (and also encryption since they happen together) [default: 0]
--parallel-extents <parallel-extents>
How many extents to ingest in parallel [default: 0]
--parallel-hashers <parallel-hashers>
How many hash workers to run in parallel (meaning how many parallel threads should be computing hashes) [default: 0]
--parallel-segments <parallel-segments>
The number of compressed, deduped, encrypted segments to upload in parallel [default: 0]
--snapshot-to-reuse-max-age <snapshot-to-reuse-max-age>
Max age of snapshot to reuse in hours. If snapshot is older than this value, it will not be reused
--timeout-seconds <timeout-seconds>
Overrides job execution params. Note that this setting currently affect only jobs started in background mode
--event-bridge-user-data <user-data>
Data that will not be parsed and will simply be reproduced in the resulting `EventBridge` scan results event
--vault <vault>
The name of the vault to store the backup. When doing Elastio integrity check of AWS resources, vault is used for storing scans metadata which is needed to perform incremental scans
--volume-id <volume-id>
The ID of volume to take snapshot of
elastio ebs import-snapshot
elastio-ebs-import-snapshot 0.31.81
Import an EBS snapshot(s)
USAGE:
elastio ebs import-snapshot [FLAGS] [OPTIONS] <--instance-id <instance-id>|--volume-id <volume-ids>...|--snapshot-id <snapshot-ids>...>
FLAGS:
--fixed-retry-delay
Change default behaviour of exponential delay increase between retries to fixed. This can be helpful in case if you have a very bad connection and set `max_retries` option to a high value. In case of
exponential delay high `max_retries` value may lead to years of delay. Using `fixed_retry_delay` will fix this problem
--allow-incremental-malware-scan
Allows to run incremental malware scan. By default it is not allowed except for EFS and S3 assets (see the reasoning in `--no-incremental-malware-scan`)
--fail-on-marketplace-volumes
EBS snapshot-based AWS resources (EBS, EC2, Backup RP, AMI) scans only: If `true`, will fail to scan a snapshot if it was created from a AWS Marketplace volume. Otherwise, will perform snapshot IO using
EBS Direct API and scan as usual
--force-full-scan
Forcibly runs full scan, even if incremental scan is possible
--force-rescan-ebs-snapshots
When `iscan` of EBS volume snapshots is requested, if set to `true`, will rescan all the snapshots regardless of their previous scan status. Otherwise, will scan only the snapshots that have not been
successfully scanned before.
Warning: this can be a very long and expensive process. Do not use this unless you know what you are doing!
--foreground
Override the default behavior of launching a background job to perform this operation, and instead run it locally.
This will only work if the command is run on a compatible EC2 instance in the correct region, and is not recommended for general use.
--fs-check
Checks the filesystem(s) in the recovery point after completion with the corresponding filesystem check tools
-h, --help
Prints help information
--latest
Import only latest snapshot(s) of volume(s)
--metadata-only
If set to `true`, disables the actual upload of data, performing only a metadata ingest.
This is only ever used for certain benchmark testing and debugging. Using it in a production environment guarantees data loss!
--monitor
After this operation is submitted as a background job, immediately switch to monitor mode to monitor the progress of the job
--no-incremental-malware-scan
Disallows to run incremental malware scan. This option makes sense only for scans of the asset that supports the concept of tiered storage, like S3 or EFS. For such assets, this option will make the scan
pull objects from the cold storage to the hot storage incurring additional costs.
By default incremental malware scan is allowed for EFS/S3 assets.
--send-event
Is sending events enabled
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--max-retries <max-retries>
Maximum number of times to retry failed network operations before giving up.
See also `retry_delay` which controls the time delay between retries. [default: 6]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--retry-delay <retry-delay>
Delay (in seconds) between an initial upload failure and the first retry.
This parameter sets the initial delay for repeating failed operations. If `fixed_retry_delay` is not set, with each failed attempt, the delay time will increase exponentially, up to the max retry limit.
The exponent is 2.71. [default: 3.0]
--tag <tags>...
Set a tag on recovery point or list only recovery points that have this tag. This parameter can be specified multiple times; when filtering, the tags are “AND”-ed (conjunction)
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--event-bridge-bus <event-bridge-bus>
Name of the event bridge bus to use when sending events
--event-bridge-endpoint-id <event-bridge-endpoint-id>
Id of the EventBridge to use when sending events
--instance-id <instance-id>
The instance ID for which volumes snapshots should be imported
--iscan <iscan>
Automatically run `elastio iscan` against the backup after completion to detect malware threats and ransomware attacks.
This is equivalent to manually running `elastio iscan full --rp $RP_ID` on the recovery point produced after a successful backup. [possible values: ransomware, ransomware-and-entropy-detection, malware,
full, full-and-entropy-detection]
--max-ebs-retries <max-ebs-retries>
The maximum number of times to retry getting state of an operation in progress. For example, when we create volume we then send every 2 seconds request to get volume state. If this request fails we don't
know if operation failed or succeeded. This parameter tells how many times we'll try to resend that request [default: 10]
--max-scan-errors-allowed <max-scan-errors-allowed>
How many scan errors are allowed before the scan is forcibly aborted [env: ELASTIO_MAX_SCAN_ERRORS_ALLOWED=]
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--parallel-compressors <parallel-compressors>
Same as `parallel_hashers`, but for compression (and also encryption since they happen together) [default: 0]
--parallel-extents <parallel-extents>
How many extents to ingest in parallel [default: 0]
--parallel-hashers <parallel-hashers>
How many hash workers to run in parallel (meaning how many parallel threads should be computing hashes) [default: 0]
--parallel-segments <parallel-segments>
The number of compressed, deduped, encrypted segments to upload in parallel [default: 0]
--snapshot-id <snapshot-ids>...
The snapshot ID(s) to import of
--timeout-seconds <timeout-seconds>
Overrides job execution params. Note that this setting currently affect only jobs started in background mode
--event-bridge-user-data <user-data>
Data that will not be parsed and will simply be reproduced in the resulting `EventBridge` scan results event
--vault <vault>
The name of the vault to store the backup. When doing Elastio integrity check of AWS resources, vault is used for storing scans metadata which is needed to perform incremental scans
--volume-id <volume-ids>...
The volume ID(s) which snapshots should be imported
EXAMPLES:
# Import a specific snapshot $X by snapshot ID
elastio ebs import-snapshot --snapshot-id $X
elastio ebs mount
elastio-ebs-mount 0.31.81
Mount a backup of an EBS volume
USAGE:
elastio ebs mount [FLAGS] [OPTIONS] --rp <rp-id> [from[:to]]...
FLAGS:
--fixed-retry-delay
Change default behaviour of exponential delay increase between retries to fixed. This can be helpful in case if you have a very bad connection and set `max_retries` option to a high value. In case of
exponential delay high `max_retries` value may lead to years of delay. Using `fixed_retry_delay` will fix this problem
--attach-only
Attach backup block devices via NBD but do not attempt to mount any filesystems
--fail-on-marketplace-volumes
If `true`, will fail to mount the snapshot if it was created from a AWS Marketplace volume. Otherwise, will perform mount using EBS Direct API
-h, --help
Prints help information
--ignore-name-tag
Skip adding the 'Name' tag value, if it exists, to the mount point after the volume id
--no-verify-chunks
Disable verification of chunk hashes on read.
By default each chunk's hash is computed after reading, and compared with the expected hash, to detect corruption anywhere in the read path. This should not be disabled except in cases where the
performance impact of the hash computation would be unacceptable.
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--max-retries <max-retries>
Maximum number of times to retry failed network operations before giving up.
See also `retry_delay` which controls the time delay between retries. [default: 6]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--retry-delay <retry-delay>
Delay (in seconds) between an initial upload failure and the first retry.
This parameter sets the initial delay for repeating failed operations. If `fixed_retry_delay` is not set, with each failed attempt, the delay time will increase exponentially, up to the max retry limit.
The exponent is 2.71. [default: 3.0]
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--backing-file-dir <backing-file-dir>
A path to a directory where special file that will accumulate written data will be placed. The underlying device should have enough free space depending on how many changes are going to be written. If
writable mount is requested and path is not specified, temp directory will be used instead
--bitmap-file-dir <bitmap-file-dir>
A path to a directory where special bitmap file which stores information about written areas will be placed. If writable mount is requested and path is not specified, temp directory will be used instead
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--ec2 <instance-id>
ID of the EC2 instance this EBS was attached to when the backup was created
--max-cached-chunks <max-cached-chunks>
The maximum number of chunks to cache during read operations. The default value of `0` means use reasonable defaults [default: 0]
--max-cached-slices <max-cached-slices>
The maximum number of segment slices to cache during read operations. The default value of `0` means use reasonable defaults [default: 0]
--max-concurrency <max-concurrency>
The value describes how many data blocks of `write_buffer_len` length CLI will read in parallel. The default value of `0` means use reasonable defaults [default: 0]
--max-download-concurrency <max-download-concurrency>
The value describes how many concurrent data chunk download operations CLI may initiate. The default value of `0` means use reasonable defaults [default: 0]
--max-process-concurrency <max-process-concurrency>
The value describes how many concurrent data chunk decompress/decrypt operations CLI may initiate. The default value of `0` means use reasonable defaults [default: 0]
--mount-options <mount-options="">
Options which will be used to mount devices. Specify in the following way: `--mount-options="$OPTIONS"`
--mount-type <mount-type>
How to perform the mount, possible values:
'ro' - mounts devices in read-only mode, no writes are allowed.
'rw' - mounts devices in writable mode, the changed data is stored in the special backing
file, the recovery point stays unmodified. If the same recovery point was mounted in
writable mode before, all previous changes are discarded.
'pw' - mounts devices in read-only mode, but the changes done during previous writable mount
are preserved and available.
[default: ro] [possible values: ro, rw, pw]
--nbd-client-args <nbd-client-args="">
Arguments which will be used to attach devices via NBD. Specify in the following way: `--nbd-client-args="$OPTIONS"`
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--read-instructions-cache-line-size <read-instructions-cache-line-size>
Minimum size of read data instructions. If not explicitly set, will use the reasonable default. Default is 64MB.
To change size insert value in bytes. It is not recommended to make this value smaller than default.
Any reads less than this size are expanded into the minimum size for better performance.
--read-instructions-cache-size <read-instructions-cache-size>
The size of the read instructions cache. If not set, a reasonable default will automatically be used. Default is 256
-r, --region <region>
Filter the recovery points to only those taken from this region
--rp <rp-id>
Recovery point to restore from (see SPECIFYING RECOVERY POINT)
--stride-len <stride-len>
The size in bytes of each metadata read operation. The default value of `0` means use reasonable defaults [default: 0]
--vault <vault>
The name of the vault to store the backup. When doing Elastio integrity check of AWS resources, vault is used for storing scans metadata which is needed to perform incremental scans
--volume-id <volume-id>
EBS volume to mount. This parameter is required if `<rp-id>` starts with '@'
--write-buffer-len <write-buffer-len>
The size (in bytes) of single data portion that allows to achieve the best write performance. It may depend on the nature of restore target and environment parameters. The default value of `0` means use
reasonable defaults [default: 0]
ARGS:
<from[:to]>...
Source and destination file paths, separated with ':'.
Multiple <from[:to]> pairs are space-separated.
If destination is not specified the command will be automatically generate
a mount point under `/media/elastio/` directory
SPECIFYING RECOVERY POINT:
<rp-id>, e.g. r-dfa1xkmb7bqordtqpedc1wgu
Recovery point ID.
@
The most recent recovery point.
@~[<n>], e.g. @~, @~5
The <n>th recovery point before the latest one.
@~ is equivalent to @~1; @~0 is equivalent to @.
@{<date>}, e.g. @{2021-04-30 11:15}
Specifies the value of the recovery point at a prior point in time.
Note that this looks up the latest recovery point at a given time.
EXAMPLES:
# Mount the latest recovery point of a specific EBS volume
elastio ebs mount --rp @ --volume-id vol-0176d0d70e419c686
elastio ebs restore
elastio-ebs-restore 0.31.81
Restore an EBS volume from the recovery point
USAGE:
elastio ebs restore [FLAGS] [OPTIONS] --rp <rp-id> [--] [volume-id]
FLAGS:
--fixed-retry-delay
Change default behaviour of exponential delay increase between retries to fixed. This can be helpful in case if you have a very bad connection and set `max_retries` option to a high value. In case of
exponential delay high `max_retries` value may lead to years of delay. Using `fixed_retry_delay` will fix this problem
--accelerated-restore
Restore EBS volumes by restoring snapshots first, and after creating volumes directly from snapshots. This option is applied only if volumes should be created in a different availability zone. Thus,
reducing time spent moving volumes between availability zones. NOTE: This will use the EBS Direct API to create the snapshot, which costs approximately USD12/TB of restored data. In most cases the amount
of restored data is much smaller than the size of the backup due to incremental restore optimizations, but the cost of using this option is likely to be higher than if the restore is performed without this
option enabled
-n, --dry-run
Do everything except actual restoration
--foreground
Override the default behavior of launching a background job to perform this operation, and instead run it locally.
This will only work if the command is run on a compatible EC2 instance in the correct region, and is not recommended for general use.
-h, --help
Prints help information
-k, --keep-attached
If this parameter is false (which it is by default) we detach volume after restore if true - the new volume remains attached to the current instance
--keep-xfs-orphanage
Disables auto-moving files from "orphanage" folder after restore for XFS filesystem.
If you backed up an EBS volume or EC2 instance which uses XFS filesystem and you're performing extensive read/write operations then on restore the files will be placed in folder "orphanage" on the root of
your volume, the EBS and EC2 restore automatically moves they to their original location but you can specify this flag to override it can keep the originally restored tree.
For more info you can lookup info about "xfsrestore orphanage"
--monitor
After this operation is submitted as a background job, immediately switch to monitor mode to monitor the progress of the job
--no-verify-chunks
Disable verification of chunk hashes on read.
By default each chunk's hash is computed after reading, and compared with the expected hash, to detect corruption anywhere in the read path. This should not be disabled except in cases where the
performance impact of the hash computation would be unacceptable.
--restore-asset-tags
If enabled, all tags that were present on the original asset (EC2 instance, EBS volume, EBS snapshot, whatever) will be applied to the restored asset.
Regardless of the value of this flag, tags from the Elastio RP are always applied to restored assets.
--restore-snapshots
Restore EBS snapshots instead of volumes. If `true` all filters like `volume_id` or `volumes_filter` are still applied. Shrinking of restored snapshots specified in `shrink_strategy` is not supported so
it'd not allowed to specify `shrink` strategy when restoring snapshots
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--max-retries <max-retries>
Maximum number of times to retry failed network operations before giving up.
See also `retry_delay` which controls the time delay between retries. [default: 6]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--retry-delay <retry-delay>
Delay (in seconds) between an initial upload failure and the first retry.
This parameter sets the initial delay for repeating failed operations. If `fixed_retry_delay` is not set, with each failed attempt, the delay time will increase exponentially, up to the max retry limit.
The exponent is 2.71. [default: 3.0]
--asset-account-id <asset-account-id>
AWS account ID where EBS volume will be located (if different from account where Elastio is deployed)
You need to deploy Asset Stack into the asset-account before backup. Asset Stack can be deployed through your Tenant.
--az <availability-zone>
Restore the EBS volume(s) to a specific availability zone.
If this is not specified the EBS volume(s) will be restored to an availability zone selected at random by AWS at restore time.
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--backing-file-dir <backing-file-dir>
A path to a directory where special file that will accumulate written data will be placed. The underlying device should have enough free space depending on how many changes are going to be written. If
writable mount is requested and path is not specified, temp directory will be used instead.
Applies only to restore operations which have enabled shrink before restore.
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--encryption <encryption>
If this parameter is not specified or set to `auto` - restore volume with previous encryption (if any). If it is set to `disabled` - restore the volume without any encryption. If it is set to `enabled` and
--kms-key is set - encrypt restored volume with provided KMS key. If it is set to `enabled` and --kms-key is not set - encrypt restored volume with the default AWS managed KMS key [default: auto]
[possible values: auto, disabled, enabled]
--exclude-volumes <exclude-volumes>...
Exclude the specified volumes from the restore. All other volumes in the recovery point will be restored
--include-volumes <include-volumes>...
Include only the specified volumes in the restore. All other volumes in the recovery point will not be restored
--ec2 <instance-id>
ID of the EC2 instance this EBS was attached to when the backup was created
-i, --iops <iops>
iops for restored volume; defaults to the value stored in the catalog
--kms-key <kms-key>
KMS key ID, alias or ARN to encrypt restored volume with. Should only be set when --encryption attribute is set to `enabled`
--max-cached-chunks <max-cached-chunks>
The maximum number of chunks to cache during read operations. The default value of `0` means use reasonable defaults [default: 0]
--max-cached-slices <max-cached-slices>
The maximum number of segment slices to cache during read operations. The default value of `0` means use reasonable defaults [default: 0]
--max-concurrency <max-concurrency>
The value describes how many data blocks of `write_buffer_len` length CLI will read in parallel. The default value of `0` means use reasonable defaults [default: 0]
--max-download-concurrency <max-download-concurrency>
The value describes how many concurrent data chunk download operations CLI may initiate. The default value of `0` means use reasonable defaults [default: 0]
-m, --max-ebs-retries <max-ebs-retries>
The number of max retry for getting state of an operation in progress. For example, when we create snapshot we then send a request every 2 seconds to get snapshot state If this request fails we don't know
if snapshot failed or succeeded. This parameter tells how many times we'll try to resend that request [default: 10]
--max-process-concurrency <max-process-concurrency>
The value describes how many concurrent data chunk decompress/decrypt operations CLI may initiate. The default value of `0` means use reasonable defaults [default: 0]
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--read-instructions-cache-line-size <read-instructions-cache-line-size>
Minimum size of read data instructions. If not explicitly set, will use the reasonable default. Default is 64MB.
To change size insert value in bytes. It is not recommended to make this value smaller than default.
Any reads less than this size are expanded into the minimum size for better performance.
--read-instructions-cache-size <read-instructions-cache-size>
The size of the read instructions cache. If not set, a reasonable default will automatically be used. Default is 256
--region <region>
Filter the recovery points to only those taken from this region
--rp <rp-id>
Recovery point to restore from (see SPECIFYING RECOVERY POINT)
--shrink <shrink>
Defines how EBS volume must be shrunk. Possible values: `len` - Try to shrink the volume to X bytes, but if it's not possible to shrink it that much, shrink as much as possible. `max` - Shrink the volume
as much as possible while still fitting the data on the disk. `leave` - Shrink the volume as much as possible plus X bytes of additional space free for future writes. It's possible to specify units e.g.
`42 MiB`, `100500 GB`, `512`, etc
--shrinking-concurrency <shrinking-concurrency>
How many shrink operations may run concurrently.
Applies only to restore operations which have enabled shrink before restore. [default: 4]
--stride-len <stride-len>
The size in bytes of each metadata read operation. The default value of `0` means use reasonable defaults [default: 0]
--tag <tags>...
Tag to be placed on restored EC2 instance This parameter can be specified multiple times; the values are "AND"-ed (conjunction)
--timeout-seconds <timeout-seconds>
Overrides job execution params. Note that this setting currently affect only jobs started in background mode
--vault <vault>
The name of the vault to store the backup. When doing Elastio integrity check of AWS resources, vault is used for storing scans metadata which is needed to perform incremental scans
-t, --volume-type <volume-type>
Type of the restored volume; defaults to the value stored in the catalog
--write-buffer-len <write-buffer-len>
The size (in bytes) of single data portion that allows to achieve the best write performance. It may depend on the nature of restore target and environment parameters. The default value of `0` means use
reasonable defaults [default: 0]
ARGS:
<volume-id>
EBS volume to restore. This parameter is required if `<rp-id>` starts with '@'
SPECIFYING RECOVERY POINT:
<rp-id>, e.g. r-dfa1xkmb7bqordtqpedc1wgu
Recovery point ID.
@
The most recent recovery point.
@~[<n>], e.g. @~, @~5
The <n>th recovery point before the latest one.
@~ is equivalent to @~1; @~0 is equivalent to @.
@{<date>}, e.g. @{2021-04-30 11:15}
Specifies the value of the recovery point at a prior point in time.
Note that this looks up the latest recovery point at a given time.
EXAMPLES:
# Restore a specific EBS volume from the latest recovery point,
# optionally overriding parameters that default to their value
# in the catalog
elastio ebs restore [--region eu-north-1] --rp @ vol-0176d0d70e419c686
# Restore an EBS volume from a recovery point with known ID
# (note that there is no need to specify volume ID in this case)
elastio ebs restore --rp r-dfcq4cye5ddq9hvssfgoubr3
elastio ec2
elastio-ec2 0.31.81
Backup or restore AWS EC2 instances
USAGE:
elastio ec2 [FLAGS] [OPTIONS] <SUBCOMMAND>
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
-v, --verbose Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--output-format <output-format> The output format for cli results [default: text] [possible values: json, text]
SUBCOMMANDS:
backup Backup volumes attached to an EC2 instance and EC2 instance image
help Prints this message or the help of the given subcommand(s)
mount Mount volumes from backed up EC2 instance
restore Restore an EC2 instance from the recovery point
elastio ec2 backup
elastio-ec2-backup 0.31.81
Backup volumes attached to an EC2 instance and EC2 instance image
USAGE:
elastio ec2 backup [FLAGS] [OPTIONS] --instance-id <instance-id>
FLAGS:
--fixed-retry-delay
Change default behaviour of exponential delay increase between retries to fixed. This can be helpful in case if you have a very bad connection and set `max_retries` option to a high value. In case of
exponential delay high `max_retries` value may lead to years of delay. Using `fixed_retry_delay` will fix this problem
--allow-incremental-malware-scan
Allows to run incremental malware scan. By default it is not allowed except for EFS and S3 assets (see the reasoning in `--no-incremental-malware-scan`)
--fail-on-marketplace-volumes
EBS snapshot-based AWS resources (EBS, EC2, Backup RP, AMI) scans only: If `true`, will fail to scan a snapshot if it was created from a AWS Marketplace volume. Otherwise, will perform snapshot IO using
EBS Direct API and scan as usual
-b, --force-base
Force a full ingest of all allocated blocks of EBS volume.
If this is set to `false`, elastio attempts to use the platform's change block tracking feature to ingest only blocks which have changed since the last successful ingest. If this is set to `true`, change
logs are ignored and a new full ingest is performed unconditionally. Also, new blob ID is generated for the snapshot so it is detached from current snapshot chain.
Generally this is only used when testing or in rare cases where the change logs are known to be incomplete.
-f, --force-full
Force a full ingest of all allocated blocks
If this is set to `false`, elastio attempts to use the platform's change block tracking feature to ingest only blocks which have changed since the last successful ingest. If this is set to `true`, change
logs are ignored and a new full ingest is performed unconditionally. Unlike a base snapshot, the snapshot created as result of full ingest is still a part of existing snapshot chain
--force-full-scan
Forcibly runs full scan, even if incremental scan is possible
--force-rescan-ebs-snapshots
When `iscan` of EBS volume snapshots is requested, if set to `true`, will rescan all the snapshots regardless of their previous scan status. Otherwise, will scan only the snapshots that have not been
successfully scanned before.
Warning: this can be a very long and expensive process. Do not use this unless you know what you are doing!
--foreground
Override the default behavior of launching a background job to perform this operation, and instead run it locally.
This will only work if the command is run on a compatible EC2 instance in the correct region, and is not recommended for general use.
--fs-check
Checks the filesystem(s) in the recovery point after completion with the corresponding filesystem check tools
-h, --help
Prints help information
--metadata-only
If set to `true`, disables the actual upload of data, performing only a metadata ingest.
This is only ever used for certain benchmark testing and debugging. Using it in a production environment guarantees data loss!
--monitor
After this operation is submitted as a background job, immediately switch to monitor mode to monitor the progress of the job
--no-incremental-malware-scan
Disallows to run incremental malware scan. This option makes sense only for scans of the asset that supports the concept of tiered storage, like S3 or EFS. For such assets, this option will make the scan
pull objects from the cold storage to the hot storage incurring additional costs.
By default incremental malware scan is allowed for EFS/S3 assets.
--reuse-snapshot
When preparing to ingest, try to find a snapshot created by previously unsuccessful job run. If found, reuse it instead of creating a new one
--send-event
Is sending events enabled
-a, --skip-app-consistent
If this value is set to 'true' the check if it's possible to create application consistent snapshot for an instance is skipped and crash consistent snapshot is created
-k, --skip-boot-volume
If this value is set to 'true' and it's possible to create application consistent snapshots for an instance, snapshot is not created for boot volume (only applicable for application consistent snapshots)
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--max-retries <max-retries>
Maximum number of times to retry failed network operations before giving up.
See also `retry_delay` which controls the time delay between retries. [default: 6]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--retry-delay <retry-delay>
Delay (in seconds) between an initial upload failure and the first retry.
This parameter sets the initial delay for repeating failed operations. If `fixed_retry_delay` is not set, with each failed attempt, the delay time will increase exponentially, up to the max retry limit.
The exponent is 2.71. [default: 3.0]
--tag <tags>...
Set a tag on recovery point or list only recovery points that have this tag. This parameter can be specified multiple times; when filtering, the tags are “AND”-ed (conjunction)
--asset-account-id <asset-account-id>
AWS account ID where EC2 volume is located (if different from account where Elastio is deployed)
You need to deploy Asset Stack into the asset-account before backup. Asset Stack can be deployed through your Tenant.
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--event-bridge-bus <event-bridge-bus>
Name of the event bridge bus to use when sending events
--event-bridge-endpoint-id <event-bridge-endpoint-id>
Id of the EventBridge to use when sending events
-i, --instance-id <instance-id>
Ec2 instance to backup
--iscan <iscan>
Automatically run `elastio iscan` against the backup after completion to detect malware threats and ransomware attacks.
This is equivalent to manually running `elastio iscan full --rp $RP_ID` on the recovery point produced after a successful backup. [possible values: ransomware, ransomware-and-entropy-detection, malware,
full, full-and-entropy-detection]
-m, --max-ebs-retries <max-ebs-retries>
The number of max retry for getting state of an performing operation. For example, when we create snapshot we then send a request every 2 seconds to get snapshot state If this request fails we don't know
if snapshot failed or succeeded. This parameter tells how many times we'll try to resend that request [default: 10]
--max-scan-errors-allowed <max-scan-errors-allowed>
How many scan errors are allowed before the scan is forcibly aborted [env: ELASTIO_MAX_SCAN_ERRORS_ALLOWED=]
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--parallel-compressors <parallel-compressors>
Same as `parallel_hashers`, but for compression (and also encryption since they happen together) [default: 0]
--parallel-extents <parallel-extents>
How many extents to ingest in parallel [default: 0]
--parallel-hashers <parallel-hashers>
How many hash workers to run in parallel (meaning how many parallel threads should be computing hashes) [default: 0]
--parallel-segments <parallel-segments>
The number of compressed, deduped, encrypted segments to upload in parallel [default: 0]
--snapshot-to-reuse-max-age <snapshot-to-reuse-max-age>
Max age of snapshot to reuse in hours. If snapshot is older than this value, it will not be reused
--timeout-seconds <timeout-seconds>
Overrides job execution params. Note that this setting currently affect only jobs started in background mode
--event-bridge-user-data <user-data>
Data that will not be parsed and will simply be reproduced in the resulting `EventBridge` scan results event
--vault <vault>
The name of the vault to store the backup. When doing Elastio integrity check of AWS resources, vault is used for storing scans metadata which is needed to perform incremental scans
--volume-ids <volume-ids>...
The IDs of volumes we want to take snapshot of. If no ids are given snapshots of all volumes will be taken
elastio ec2 mount
elastio-ec2-mount 0.31.81
Mount volumes from backed up EC2 instance
USAGE:
elastio ec2 mount [FLAGS] [OPTIONS] --rp <rp-id> [from[:to]]...
FLAGS:
--fixed-retry-delay
Change default behaviour of exponential delay increase between retries to fixed. This can be helpful in case if you have a very bad connection and set `max_retries` option to a high value. In case of
exponential delay high `max_retries` value may lead to years of delay. Using `fixed_retry_delay` will fix this problem
--attach-only
Attach backup block devices via NBD but do not attempt to mount any filesystems
--fail-on-marketplace-volumes
If `true`, will fail to mount the snapshot if it was created from a AWS Marketplace volume. Otherwise, will perform mount using EBS Direct API
-h, --help
Prints help information
--ignore-name-tag
Skip adding the 'Name' tag value to the mount point after the instance-id or volume-id, if either or both exist
--no-verify-chunks
Disable verification of chunk hashes on read.
By default each chunk's hash is computed after reading, and compared with the expected hash, to detect corruption anywhere in the read path. This should not be disabled except in cases where the
performance impact of the hash computation would be unacceptable.
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--max-retries <max-retries>
Maximum number of times to retry failed network operations before giving up.
See also `retry_delay` which controls the time delay between retries. [default: 6]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--retry-delay <retry-delay>
Delay (in seconds) between an initial upload failure and the first retry.
This parameter sets the initial delay for repeating failed operations. If `fixed_retry_delay` is not set, with each failed attempt, the delay time will increase exponentially, up to the max retry limit.
The exponent is 2.71. [default: 3.0]
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--backing-file-dir <backing-file-dir>
A path to a directory where special file that will accumulate written data will be placed. The underlying device should have enough free space depending on how many changes are going to be written. If
writable mount is requested and path is not specified, temp directory will be used instead
--bitmap-file-dir <bitmap-file-dir>
A path to a directory where special bitmap file which stores information about written areas will be placed. If writable mount is requested and path is not specified, temp directory will be used instead
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--ec2 <instance-id>
Specify the recovery point from a certain EC2 instance
--max-cached-chunks <max-cached-chunks>
The maximum number of chunks to cache during read operations. The default value of `0` means use reasonable defaults [default: 0]
--max-cached-slices <max-cached-slices>
The maximum number of segment slices to cache during read operations. The default value of `0` means use reasonable defaults [default: 0]
--max-concurrency <max-concurrency>
The value describes how many data blocks of `write_buffer_len` length CLI will read in parallel. The default value of `0` means use reasonable defaults [default: 0]
--max-download-concurrency <max-download-concurrency>
The value describes how many concurrent data chunk download operations CLI may initiate. The default value of `0` means use reasonable defaults [default: 0]
--max-process-concurrency <max-process-concurrency>
The value describes how many concurrent data chunk decompress/decrypt operations CLI may initiate. The default value of `0` means use reasonable defaults [default: 0]
--mount-options <mount-options="">
Options which will be used to mount devices. Specify in the following way: `--mount-options="$OPTIONS"`
--mount-type <mount-type>
How to perform the mount, possible values:
'ro' - mounts devices in read-only mode, no writes are allowed.
'rw' - mounts devices in writable mode, the changed data is stored in the special backing
file, the recovery point stays unmodified. If the same recovery point was mounted in
writable mode before, all previous changes are discarded.
'pw' - mounts devices in read-only mode, but the changes done during previous writable mount
are preserved and available.
[default: ro] [possible values: ro, rw, pw]
--nbd-client-args <nbd-client-args="">
Arguments which will be used to attach devices via NBD. Specify in the following way: `--nbd-client-args="$OPTIONS"`
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--read-instructions-cache-line-size <read-instructions-cache-line-size>
Minimum size of read data instructions. If not explicitly set, will use the reasonable default. Default is 64MB.
To change size insert value in bytes. It is not recommended to make this value smaller than default.
Any reads less than this size are expanded into the minimum size for better performance.
--read-instructions-cache-size <read-instructions-cache-size>
The size of the read instructions cache. If not set, a reasonable default will automatically be used. Default is 256
-r, --region <region>
Specify a recovery point from this region
--rp <rp-id>
Recovery point to restore from (see SPECIFYING RECOVERY POINT)
--stride-len <stride-len>
The size in bytes of each metadata read operation. The default value of `0` means use reasonable defaults [default: 0]
--vault <vault>
The name of the vault to store the backup. When doing Elastio integrity check of AWS resources, vault is used for storing scans metadata which is needed to perform incremental scans
--write-buffer-len <write-buffer-len>
The size (in bytes) of single data portion that allows to achieve the best write performance. It may depend on the nature of restore target and environment parameters. The default value of `0` means use
reasonable defaults [default: 0]
ARGS:
<from[:to]>...
Source and destination file paths, separated with ':'.
Multiple <from[:to]> pairs are space-separated.
If destination is not specified the command will be automatically generate
a mount point under `/media/elastio/` directory
SPECIFYING RECOVERY POINT:
<rp-id>, e.g. r-dfa1xkmb7bqordtqpedc1wgu
Recovery point ID.
@
The most recent recovery point.
@~[<n>], e.g. @~, @~5
The <n>th recovery point before the latest one.
@~ is equivalent to @~1; @~0 is equivalent to @.
@{<date>}, e.g. @{2021-04-30 11:15}
Specifies the value of the recovery point at a prior point in time.
Note that this looks up the latest recovery point at a given time.
EXAMPLES:
# Mount all volumes from backed up EC2 from the latest recovery point
elastio ec2 mount --rp @ --ec2 i-0ac31968815b0060e
# Mount specific EBS volume from a recovery point with known ID
# (note that there is no need to specify instance ID in this case)
elastio ec2 mount --rp r-dfcq4cye5ddq9hvssfgoubr3 vol-0176d0d70e419c686
elastio ec2 restore
elastio-ec2-restore 0.31.81
Restore an EC2 instance from the recovery point
USAGE:
elastio ec2 restore [FLAGS] [OPTIONS] --rp <rp-id> [--] [instance-id]
FLAGS:
--fixed-retry-delay
Change default behaviour of exponential delay increase between retries to fixed. This can be helpful in case if you have a very bad connection and set `max_retries` option to a high value. In case of
exponential delay high `max_retries` value may lead to years of delay. Using `fixed_retry_delay` will fix this problem
--accelerated-restore
Restore EBS volumes by restoring snapshots first, and after creating volumes directly from snapshots. This option is applied only if volumes should be created in a different availability zone. Thus,
reducing time spent moving volumes between availability zones. NOTE: This will use the EBS Direct API to create the snapshot, which costs approximately USD12/TB of restored data. In most cases the amount
of restored data is much smaller than the size of the backup due to incremental restore optimizations, but the cost of using this option is likely to be higher than if the restore is performed without this
option enabled
-n, --dry-run
Do everything except actual restoration
--foreground
Override the default behavior of launching a background job to perform this operation, and instead run it locally.
This will only work if the command is run on a compatible EC2 instance in the correct region, and is not recommended for general use.
-h, --help
Prints help information
--keep-xfs-orphanage
Disables auto-moving files from "orphanage" folder after restore for XFS filesystem.
If you backed up an EBS volume or EC2 instance which uses XFS filesystem and you're performing extensive read/write operations then on restore the files will be placed in folder "orphanage" on the root of
your volume, the EBS and EC2 restore automatically moves they to their original location but you can specify this flag to override it can keep the originally restored tree.
For more info you can lookup info about "xfsrestore orphanage"
--monitor
After this operation is submitted as a background job, immediately switch to monitor mode to monitor the progress of the job
--no-verify-chunks
Disable verification of chunk hashes on read.
By default each chunk's hash is computed after reading, and compared with the expected hash, to detect corruption anywhere in the read path. This should not be disabled except in cases where the
performance impact of the hash computation would be unacceptable.
--restore-asset-tags
If enabled, all tags that were present on the original asset (EC2 instance, EBS volume, EBS snapshot, whatever) will be applied to the restored asset.
Regardless of the value of this flag, tags from the Elastio RP are always applied to restored assets.
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--max-retries <max-retries>
Maximum number of times to retry failed network operations before giving up.
See also `retry_delay` which controls the time delay between retries. [default: 6]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--retry-delay <retry-delay>
Delay (in seconds) between an initial upload failure and the first retry.
This parameter sets the initial delay for repeating failed operations. If `fixed_retry_delay` is not set, with each failed attempt, the delay time will increase exponentially, up to the max retry limit.
The exponent is 2.71. [default: 3.0]
--ami-id <ami-id>
Alternative AMI ID which will be used instead of original AMI when restoring the EC2 instance
--asset-account-id <asset-account-id>
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--backing-file-dir <backing-file-dir>
A path to a directory where special file that will accumulate written data will be placed. The underlying device should have enough free space depending on how many changes are going to be written. If
writable mount is requested and path is not specified, temp directory will be used instead.
Applies only to restore operations which have enabled shrink before restore.
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--encryption <encryption>
If this parameter is not specified or set to `auto` - restore volumes with previous encryption (if any). If it was set to `disabled` - restore the volumes without any encryption. If it was set to `enabled`
and --kms-key is set - encrypt ALL restored volumes with provided KMS key. If it was set to `enabled` and --kms-key is not set - encrypt ALL restored volumes with the default AWS managed KMS key [default:
auto] [possible values: auto, disabled, enabled]
--exclude-volumes <exclude-volumes>...
Exclude the specified volumes from the restore. All other volumes in the recovery point will be restored.
If the boot volume is excluded then the original boot volume is not restored, and instead the restored instance's boot volume will come from the instance AMI.
--host-id <host-id>
Dedicated host ID in case if EC2 instance requires one.
If the EC2 instance being restored previously was assigned to a dedicated host ID, and no host ID is provided this time, it's possible the restore can fail if the EC2 instance type requires a dedicated
host ID (for example, macOS instances must always have a dedicated host).
--include-volumes <include-volumes>...
Include only the specified volumes in the restore. All other volumes in the recovery point will not be restored.
If the boot volume is not included then the original boot volume is not restored, and instead the restored instance's boot volume will come from the instance AMI.
--instance-keypair-name <instance-keypair-name>
Keypair name, which will override the original and will be used for connecting to the EC2 instance after it is restored
--kms-key <kms-key>
KMS key ID, alias or ARN to encrypt restored volume with. Should only be set when --encryption attribute is set to `enabled`
--max-cached-chunks <max-cached-chunks>
The maximum number of chunks to cache during read operations. The default value of `0` means use reasonable defaults [default: 0]
--max-cached-slices <max-cached-slices>
The maximum number of segment slices to cache during read operations. The default value of `0` means use reasonable defaults [default: 0]
--max-concurrency <max-concurrency>
The value describes how many data blocks of `write_buffer_len` length CLI will read in parallel. The default value of `0` means use reasonable defaults [default: 0]
--max-download-concurrency <max-download-concurrency>
The value describes how many concurrent data chunk download operations CLI may initiate. The default value of `0` means use reasonable defaults [default: 0]
-m, --max-ebs-retries <max-ebs-retries>
The number of max retry for getting state of an performing operation. For example, when we create snapshot we then send every 2 seconds request to get snapshot state If this request fails we don't know if
snapshot failed or succeeded. This parameter tells how many times we'll try to resend that request [default: 10]
--max-process-concurrency <max-process-concurrency>
The value describes how many concurrent data chunk decompress/decrypt operations CLI may initiate. The default value of `0` means use reasonable defaults [default: 0]
--name <name>
Name for the restored EC2 instance
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--read-instructions-cache-line-size <read-instructions-cache-line-size>
Minimum size of read data instructions. If not explicitly set, will use the reasonable default. Default is 64MB.
To change size insert value in bytes. It is not recommended to make this value smaller than default.
Any reads less than this size are expanded into the minimum size for better performance.
--read-instructions-cache-size <read-instructions-cache-size>
The size of the read instructions cache. If not set, a reasonable default will automatically be used. Default is 256
-r, --region <region>
Filter the recovery points to only those taken from this region
--rp <rp-id>
Recovery point to restore from (see SPECIFYING RECOVERY POINT)
--sg-ids <security-group-ids>...
IDs of the security group(s) to apply to the restored EC2 instance.
If not specified, the security group(s) which were applied to the source EC2 instance at the time of backup will be used. If any of those groups no longer exist, then the restore will fail.
--shrink <shrink>
Defines shrinking strategies on per-volume basis. Must be specified as a comma-separated list of volumes and shrinking strategies for them. E.g. `--shrink "vol-0c502c44792770b1f=max, vol-
1f736f32792270c2d=len 50GiB, vol-2b424d46137363b4a=leave 42GiB"` For volumes, which are not present in the list, no shrinking is applied
--shrinking-concurrency <shrinking-concurrency>
How many shrink operations may run concurrently.
Applies only to restore operations which have enabled shrink before restore. [default: 4]
--stride-len <stride-len>
The size in bytes of each metadata read operation. The default value of `0` means use reasonable defaults [default: 0]
--subnet-id <subnet-id>
ID of the subnet into which to place the restored EC2 instance.
If not specified, the EC2 instance will be restored into a ransom subnet in the vault's VPC. If the specified subnet does not exist, then the restore will fail.
--tag <tags>...
Tag to be placed on restored EC2 instance This parameter can be specified multiple times; the values are "AND"-ed (conjunction)
--timeout-seconds <timeout-seconds>
Overrides job execution params. Note that this setting currently affect only jobs started in background mode
--vault <vault>
The name of the vault to store the backup. When doing Elastio integrity check of AWS resources, vault is used for storing scans metadata which is needed to perform incremental scans
--write-buffer-len <write-buffer-len>
The size (in bytes) of single data portion that allows to achieve the best write performance. It may depend on the nature of restore target and environment parameters. The default value of `0` means use
reasonable defaults [default: 0]
ARGS:
<instance-id>
EC2 instance to restore. This parameter is required if `<rp-id>` starts with '@'
SPECIFYING RECOVERY POINT:
<rp-id>, e.g. r-dfa1xkmb7bqordtqpedc1wgu
Recovery point ID.
@
The most recent recovery point.
@~[<n>], e.g. @~, @~5
The <n>th recovery point before the latest one.
@~ is equivalent to @~1; @~0 is equivalent to @.
@{<date>}, e.g. @{2021-04-30 11:15}
Specifies the value of the recovery point at a prior point in time.
Note that this looks up the latest recovery point at a given time.
EXAMPLES:
# Restore a specific EC2 instance from the latest recovery point,
# optionally overriding parameters that default to their value
# in the catalog
elastio ec2 restore [--region eu-north-1] --rp @ i-0ac31968815b0060e
# Restore an EC2 instance from a recovery point with known ID
# (note that there is no need to specify EC2 instance ID in this case)
elastio ec2 restore --rp r-dfcq4cye5ddq9hvssfgoubr3
elastio file
elastio-file 0.31.81
Backup, restore or scan files, folders and directories
USAGE:
elastio file [FLAGS] [OPTIONS] <SUBCOMMAND>
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
-v, --verbose Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--output-format <output-format> The output format for cli results [default: text] [possible values: json, text]
SUBCOMMANDS:
backup Backup file(s), folder(s) and/or directory(ies)
help Prints this message or the help of the given subcommand(s)
restore Restore a previously backed-up file(s), folder(s) and/or directory(ies)
elastio file backup
elastio-file-backup 0.31.81
Backup file(s), folder(s) and/or directory(ies)
USAGE:
elastio file backup [FLAGS] [OPTIONS] <paths>...
FLAGS:
--fixed-retry-delay
Change default behaviour of exponential delay increase between retries to fixed. This can be helpful in case if you have a very bad connection and set `max_retries` option to a high value. In case of
exponential delay high `max_retries` value may lead to years of delay. Using `fixed_retry_delay` will fix this problem
--allow-incremental-malware-scan
Allows to run incremental malware scan. By default it is not allowed except for EFS and S3 assets (see the reasoning in `--no-incremental-malware-scan`)
--fail-fast
Fail the entire operation on first item ingest error. When recursing into directories during the operation, unless this flag is used, failed files or directories are skipped and respective errors are
printed out
--fail-on-marketplace-volumes
EBS snapshot-based AWS resources (EBS, EC2, Backup RP, AMI) scans only: If `true`, will fail to scan a snapshot if it was created from a AWS Marketplace volume. Otherwise, will perform snapshot IO using
EBS Direct API and scan as usual
--follow-link
Whether to follow symbolic links or not
--force-full-scan
Forcibly runs full scan, even if incremental scan is possible
--force-rescan-ebs-snapshots
When `iscan` of EBS volume snapshots is requested, if set to `true`, will rescan all the snapshots regardless of their previous scan status. Otherwise, will scan only the snapshots that have not been
successfully scanned before.
Warning: this can be a very long and expensive process. Do not use this unless you know what you are doing!
-h, --help
Prints help information
--ignore-broken-link
If `--follow-link` is enabled and a symbolic link points to a non-existent path, ignore the link instead of raising an error
--ignore-hidden-files
Enable ignoring hidden files
--metadata-only
If set to `true`, disables the actual upload of data, performing only a metadata ingest.
This is only ever used for certain benchmark testing and debugging. Using it in a production environment guarantees data loss!
--no-incremental-malware-scan
Disallows to run incremental malware scan. This option makes sense only for scans of the asset that supports the concept of tiered storage, like S3 or EFS. For such assets, this option will make the scan
pull objects from the cold storage to the hot storage incurring additional costs.
By default incremental malware scan is allowed for EFS/S3 assets.
--send-event
Is sending events enabled
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--hostname-override <hostname-override>
The string to use instead of the system's hostname (foreground mode only)
--max-retries <max-retries>
Maximum number of times to retry failed network operations before giving up.
See also `retry_delay` which controls the time delay between retries. [default: 6]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--retry-delay <retry-delay>
Delay (in seconds) between an initial upload failure and the first retry.
This parameter sets the initial delay for repeating failed operations. If `fixed_retry_delay` is not set, with each failed attempt, the delay time will increase exponentially, up to the max retry limit.
The exponent is 2.71. [default: 3.0]
--tag <tags>...
Set a tag on recovery point or list only recovery points that have this tag. This parameter can be specified multiple times; when filtering, the tags are “AND”-ed (conjunction)
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--event-bridge-bus <event-bridge-bus>
Name of the event bridge bus to use when sending events
--event-bridge-endpoint-id <event-bridge-endpoint-id>
Id of the EventBridge to use when sending events
--exclude-glob <exclude-glob>
Glob to exclude files which match the glob
-i, --gitignore <gitignore>
Path to gitignore file (path must include filename too). This has lower precedence to the glob
--iscan <iscan>
Automatically run `elastio iscan` against the backup after completion to detect malware threats and ransomware attacks.
This is equivalent to manually running `elastio iscan full --rp $RP_ID` on the recovery point produced after a successful backup. [possible values: ransomware, ransomware-and-entropy-detection, malware,
full, full-and-entropy-detection]
-m, --max-in-memory-items <max-in-memory-items>
Max number of file system items that can be in memory simultaneously.
For file it's 512 bytes + file path (4096).
For directories it's 512 bytes.
Default is 100000
--max-scan-errors-allowed <max-scan-errors-allowed>
How many scan errors are allowed before the scan is forcibly aborted [env: ELASTIO_MAX_SCAN_ERRORS_ALLOWED=]
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--parallel-compressors <parallel-compressors>
Same as `parallel_hashers`, but for compression (and also encryption since they happen together) [default: 0]
--parallel-extents <parallel-extents>
How many extents to ingest in parallel [default: 0]
--parallel-hashers <parallel-hashers>
How many hash workers to run in parallel (meaning how many parallel threads should be computing hashes) [default: 0]
--parallel-segments <parallel-segments>
The number of compressed, deduped, encrypted segments to upload in parallel [default: 0]
--timeout-seconds <timeout-seconds>
Overrides job execution params. Note that this setting currently affect only jobs started in background mode
--event-bridge-user-data <user-data>
Data that will not be parsed and will simply be reproduced in the resulting `EventBridge` scan results event
--vault <vault>
The name of the vault to store the backup. When doing Elastio integrity check of AWS resources, vault is used for storing scans metadata which is needed to perform incremental scans
ARGS:
<paths>...
File(s) or folder(s) to backup
elastio file restore
elastio-file-restore 0.31.81
Restore a previously backed-up file(s), folder(s) and/or directory(ies)
USAGE:
elastio file restore [FLAGS] [OPTIONS] --rp <rp-id> [filesystems]...
FLAGS:
--fixed-retry-delay
Change default behaviour of exponential delay increase between retries to fixed. This can be helpful in case if you have a very bad connection and set `max_retries` option to a high value. In case of
exponential delay high `max_retries` value may lead to years of delay. Using `fixed_retry_delay` will fix this problem
-n, --dry-run
Do everything except actual restoration
--fail-fast
Fail the entire operation on first item restore error. Unless this flag is used, failing to write a file or create a directory will not cause the restore to stop
-h, --help
Prints help information
--no-verify-chunks
Disable verification of chunk hashes on read.
By default each chunk's hash is computed after reading, and compared with the expected hash, to detect corruption anywhere in the read path. This should not be disabled except in cases where the
performance impact of the hash computation would be unacceptable.
--overwrite
Enable overwriting the files without prompt
--to-stdout
Don't actually restore the backed up files, instead write the tar archive containing the backup to the standard output stream.
NOTE: Due to limitations in Windows Powershell, this will not work reliably. On that platform use `--target-file` instead.
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--max-retries <max-retries>
Maximum number of times to retry failed network operations before giving up.
See also `retry_delay` which controls the time delay between retries. [default: 6]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--retry-delay <retry-delay>
Delay (in seconds) between an initial upload failure and the first retry.
This parameter sets the initial delay for repeating failed operations. If `fixed_retry_delay` is not set, with each failed attempt, the delay time will increase exponentially, up to the max retry limit.
The exponent is 2.71. [default: 3.0]
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--backing-file-dir <backing-file-dir>
A path to a directory where special file that will accumulate written data will be placed. The underlying device should have enough free space depending on how many changes are going to be written. If
writable mount is requested and path is not specified, temp directory will be used instead.
Applies only to restore operations which have enabled shrink before restore.
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--exclude <exclude>
Only restore files in this backup which do NOT match this glob.
The default behavior is to restore all files in the backup.
--host <hostname>
Specify the recovery point of an asset from certain host
--include <include>
Only restore files in this backup which match this glob.
The default behavior is to restore all files in the backup.
--ec2 <instance-id>
Specify the recovery point of an asset from EC2 instance
--max-cached-chunks <max-cached-chunks>
The maximum number of chunks to cache during read operations. The default value of `0` means use reasonable defaults [default: 0]
--max-cached-slices <max-cached-slices>
The maximum number of segment slices to cache during read operations. The default value of `0` means use reasonable defaults [default: 0]
--max-concurrency <max-concurrency>
The value describes how many data blocks of `write_buffer_len` length CLI will read in parallel. The default value of `0` means use reasonable defaults [default: 0]
--max-download-concurrency <max-download-concurrency>
The value describes how many concurrent data chunk download operations CLI may initiate. The default value of `0` means use reasonable defaults [default: 0]
--max-process-concurrency <max-process-concurrency>
The value describes how many concurrent data chunk decompress/decrypt operations CLI may initiate. The default value of `0` means use reasonable defaults [default: 0]
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--read-instructions-cache-line-size <read-instructions-cache-line-size>
Minimum size of read data instructions. If not explicitly set, will use the reasonable default. Default is 64MB.
To change size insert value in bytes. It is not recommended to make this value smaller than default.
Any reads less than this size are expanded into the minimum size for better performance.
--read-instructions-cache-size <read-instructions-cache-size>
The size of the read instructions cache. If not set, a reasonable default will automatically be used. Default is 256
-r, --region <region>
Specify a recovery point from this region
--rp <rp-id>
Recovery point to restore from (see SPECIFYING RECOVERY POINT)
--shrinking-concurrency <shrinking-concurrency>
How many shrink operations may run concurrently.
Applies only to restore operations which have enabled shrink before restore. [default: 4]
--stride-len <stride-len>
The size in bytes of each metadata read operation. The default value of `0` means use reasonable defaults [default: 0]
--tarball <tarball>
Don't actually restore the backed up files, instead write the tar archive containing the backup to the specified filepath.
The default behavior if this is not provided is to restore the backed up files to the local file system, automatically extracting the tar archive in the process.
--target-dir <target-dir>
Restore the backup to a specific target directory.
If not specified, the backup is restored to the current directory.
--timeout-seconds <timeout-seconds>
Overrides job execution params. Note that this setting currently affect only jobs started in background mode
--vault <vault>
The name of the vault to store the backup. When doing Elastio integrity check of AWS resources, vault is used for storing scans metadata which is needed to perform incremental scans
--write-buffer-len <write-buffer-len>
The size (in bytes) of single data portion that allows to achieve the best write performance. It may depend on the nature of restore target and environment parameters. The default value of `0` means use
reasonable defaults [default: 0]
ARGS:
<filesystems>...
Path(s) to restore. Multiple entries are space-separated
SPECIFYING RECOVERY POINT:
<rp-id>, e.g. r-dfa1xkmb7bqordtqpedc1wgu
Recovery point ID.
@
The most recent recovery point.
@~[<n>], e.g. @~, @~5
The <n>th recovery point before the latest one.
@~ is equivalent to @~1; @~0 is equivalent to @.
@{<date>}, e.g. @{2021-04-30 11:15}
Specifies the value of the recovery point at a prior point in time.
Note that this looks up the latest recovery point at a given time.
EXAMPLES:
# Restore the file(s) from a recovery point with known ID
# (note that there is not need to specify <--ec2 [--region] | --host> in this case)
elastio file restore --rp r-dfm6nsl0fu0vggqo5qzc3uox
# Create a tarball with the backed-up files, restored from a recovery point with known ID
elastio file restore --rp r-dfm4p8iyozdu8fwlwx8j89f0 $FILESYSTEM --target-file restored-fs.tar
# Restore the file(s) from the latest recovery point of the particular host
elastio file restore --host $HOSTNAME --rp @
# Restore the file(s) from the second last recovery point of the particular host
# and unpack this
elastio file restore --host $HOSTNAME --rp @~ --to-stdout | tar -x
# Restore the file(s) with a recovery point timestamp of the particular EC2 instance
elastio file restore --ec2 $INSTANCE_ID --rp '@{2021-06-29 13:45:19}'
elastio fs-check
elastio-fs-check 0.31.81
Checks the filesystem(s) in the recovery point
USAGE:
elastio fs-check [FLAGS] [OPTIONS] --rp <rp-id>
FLAGS:
--fixed-retry-delay
Change default behaviour of exponential delay increase between retries to fixed. This can be helpful in case if you have a very bad connection and set `max_retries` option to a high value. In case of
exponential delay high `max_retries` value may lead to years of delay. Using `fixed_retry_delay` will fix this problem
--foreground
Run the command locally.
This will only work if the command is run on a Linux
-h, --help
Prints help information
--monitor
After this operation is submitted as a background job, immediately switch to monitor mode to monitor the progress of the job
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
--without-fs-traversal
If it is present the number of files and directories will be not gathered
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--max-retries <max-retries>
Maximum number of times to retry failed network operations before giving up.
See also `retry_delay` which controls the time delay between retries. [default: 6]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--retry-delay <retry-delay>
Delay (in seconds) between an initial upload failure and the first retry.
This parameter sets the initial delay for repeating failed operations. If `fixed_retry_delay` is not set, with each failed attempt, the delay time will increase exponentially, up to the max retry limit.
The exponent is 2.71. [default: 3.0]
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--rp <rp-id>
ID of the recovery point to mount (can be obtained from `elastio rp list`).
Allowed types of recovery points: block, EBS, EC2.
--timeout-seconds <timeout-seconds>
Overrides job execution params. Note that this setting currently affect only jobs started in background mode
--vault <vault>
The name of the vault to store the backup. When doing Elastio integrity check of AWS resources, vault is used for storing scans metadata which is needed to perform incremental scans
elastio integrity-check
elastio-integrity-check 0.31.81
An enumeration representing the subcommands for the integrity check
USAGE:
elastio integrity-check [FLAGS] [OPTIONS] <SUBCOMMAND>
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
-v, --verbose Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--output-format <output-format> The output format for cli results [default: text] [possible values: json, text]
SUBCOMMANDS:
help Prints this message or the help of the given subcommand(s)
rp A subcommand that performs a recovery point-level (RP-level) integrity check. This check ensures the data at specific recovery points in the system is consistent and recoverable
store A subcommand that performs a store-level integrity check. This check is more general and ensures overall data integrity across the entire system
elastio integrity-check rp
elastio-integrity-check-rp 0.31.81
A subcommand that performs a recovery point-level (RP-level) integrity check. This check ensures the data at specific recovery points in the system is consistent and recoverable
USAGE:
elastio integrity-check rp [FLAGS] [OPTIONS] <SUBCOMMAND>
FLAGS:
--fixed-retry-delay
Change default behaviour of exponential delay increase between retries to fixed. This can be helpful in case if you have a very bad connection and set `max_retries` option to a high value. In case of
exponential delay high `max_retries` value may lead to years of delay. Using `fixed_retry_delay` will fix this problem
--foreground
Override the default behavior of launching a background job to perform this operation, and instead run it locally
-h, --help
Prints help information
--data
If specified, integrity check will validate data integrity performing segments decompression and decryption. This type of check may take a lot of time
--segments
If specified, integrity check will validate ScaleZ segments integrity
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--max-retries <max-retries>
Maximum number of times to retry failed network operations before giving up.
See also `retry_delay` which controls the time delay between retries. [default: 6]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--retry-delay <retry-delay>
Delay (in seconds) between an initial upload failure and the first retry.
This parameter sets the initial delay for repeating failed operations. If `fixed_retry_delay` is not set, with each failed attempt, the delay time will increase exponentially, up to the max retry limit.
The exponent is 2.71. [default: 3.0]
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--timeout-seconds <timeout-seconds>
Overrides job execution params. Note that this setting currently affect only jobs started in background mode
SUBCOMMANDS:
filter Allows to specify recovery points for check via complex filtering
help Prints this message or the help of the given subcommand(s)
recovery-points Allows to specify recovery points for check directly by passing their IDs
elastio integrity-check rp filter
elastio-integrity-check-rp-filter 0.31.81
Allows to specify recovery points for check via complex filtering
USAGE:
elastio integrity-check rp filter [FLAGS] [OPTIONS]
FLAGS:
-h, --help Prints help information
--self Filters recovery points that belong to the host where the CLI is running
-V, --version Prints version information
-v, --verbose Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--tag <tags>... Set a tag on recovery point or list only recovery points that have this tag. This parameter can be specified multiple times; when filtering, the tags are “AND”-ed
(conjunction)
--type <backup-types>... Backup type. Supported values: block, ebs, ec2, stream, file, s3 bucket This parameter can be specified multiple times; the values are "OR"-ed (disjunction)
--s3 <bucket-name> List recovery points of the S3 bucket with given name. Passing `--s3` with no value will list all backups which come from an S3 bucket
--db-name <db-name> List recovery points with given database name
--host <hostname> List recovery points of the given host. Passing `--host` with no value will list all backups which come from a generic host
--ec2 <instance-id> List recovery points of the EC2 instance with given ID. Passing `--ec2` with no value will list all backups which come from an EC2 instance
--newer-than <newer-than> Filters recovery points newer than this timestamp
--older-than <older-than> Filters recovery points older than this timestamp
--output-format <output-format> The output format for cli results [default: text] [possible values: json, text]
--pg-instance <pg-instance> List recovery points with given PG instance
--rds <rds-instance-id> List recovery points with given RDS instance ID
-r <region> Filters recovery points from assets located in this region
--vault <vault> Filters recovery points stored in this vault. If none is specified, the default vault is used
--ebs <volume-id> List recovery points of the EBS volume with given ID. Passing `--ebs` with no value will list all backups which come from an EBS volume
elastio integrity-check rp recovery-points
elastio-integrity-check-rp-recovery-points 0.31.81
Allows to specify recovery points for check directly by passing their IDs
USAGE:
elastio integrity-check rp recovery-points [FLAGS] [OPTIONS] --rp <rp>...
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
-v, --verbose Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--output-format <output-format> The output format for cli results [default: text] [possible values: json, text]
--rp <rp>...
elastio integrity-check store
elastio-integrity-check-store 0.31.81
A subcommand that performs a store-level integrity check. This check is more general and ensures overall data integrity across the entire system
USAGE:
elastio integrity-check store [FLAGS] [OPTIONS] --shard <shard-name> --vault <vault-name>
FLAGS:
--fixed-retry-delay
Change default behaviour of exponential delay increase between retries to fixed. This can be helpful in case if you have a very bad connection and set `max_retries` option to a high value. In case of
exponential delay high `max_retries` value may lead to years of delay. Using `fixed_retry_delay` will fix this problem
--foreground
Override the default behavior of launching a background job to perform this operation, and instead run it locally
-h, --help
Prints help information
--isolate
If true, the integrity check will isolate any discovered chain of references that are irrecoverable due to severe integrity issues. It will remove them from the deduplication tables so that they will be
re-ingested next time as new data. This ensures that new blob versions are valid
--safe-recovery
If true, the integrity check will attempt to fix any detected integrity issues when it's possible without data loss. This means that the system will try to repair corrupted data on-the-fly during the
check, if it's safe to do so
--extents
If specified, integrity check will validate ScaleZ extent references
--segments
If specified, integrity check will validate ScaleZ segments/chunks integrity
--validate_deletion_queue
If true, the integrity check will validate the segment deletion queue. This means it will ensure that the segments marked for deletion are indeed safe to delete (not referenced elsewhere)
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--max-retries <max-retries>
Maximum number of times to retry failed network operations before giving up.
See also `retry_delay` which controls the time delay between retries. [default: 6]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--retry-delay <retry-delay>
Delay (in seconds) between an initial upload failure and the first retry.
This parameter sets the initial delay for repeating failed operations. If `fixed_retry_delay` is not set, with each failed attempt, the delay time will increase exponentially, up to the max retry limit.
The exponent is 2.71. [default: 3.0]
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--shard <shard-name>
Shard to check
--timeout-seconds <timeout-seconds>
Overrides job execution params. Note that this setting currently affect only jobs started in background mode
--vault <vault-name>
Vault to check
elastio iscan
elastio-iscan 0.31.81
Scan filesystem volume for the signs of detonated ransomware and dormant malware
USAGE:
elastio iscan [FLAGS] [OPTIONS] <--path <path>...|--mount-point <mount-point>...|--rp <rp-id>|--ebs-snapshot <ebs-snapshot>|--ami <ami>|--aws-rp <aws-rp>|--efs-id <efs-id>|--s3-bucket <s3-bucket>|--ebs-volume-id <ebs-volume-id>|--ec2-instance-id <ec2-instance-id>|--azure-managed-disk-snap-id <azure-managed-disk-snap-id>|--azure-managed-disk-id <azure-managed-disk-id>|--azure-vm-id <azure-vm-id>|--azure-data-protection-rp-id <azure-data-protection-rp-id>|--azure-recovery-services-rp-id <azure-recovery-services-rp-id>|--snapshots-of-ebs-volume-id <snapshots-of-ebs-volume-id>> [SUBCOMMAND]
FLAGS:
--fixed-retry-delay
Change default behaviour of exponential delay increase between retries to fixed. This can be helpful in case if you have a very bad connection and set `max_retries` option to a high value. In case of
exponential delay high `max_retries` value may lead to years of delay. Using `fixed_retry_delay` will fix this problem
--all-ebs-volume-snapshots
If `--ebs-volume-snapshots` is specified: scan all snapshots of the EBS volume in chronological order
--allow-incremental-malware-scan
Allows to run incremental malware scan. By default it is not allowed except for EFS and S3 assets (see the reasoning in `--no-incremental-malware-scan`)
--background
Don't run this job locally, spawn a new background job in the vault compute to do this work
--fail-on-marketplace-volumes
EBS snapshot-based AWS resources (EBS, EC2, Backup RP, AMI) scans only: If `true`, will fail to scan a snapshot if it was created from a AWS Marketplace volume. Otherwise, will perform snapshot IO using
EBS Direct API and scan as usual
--force-full-scan
Forcibly runs full scan, even if incremental scan is possible
--force-rescan-ebs-snapshots
When `iscan` of EBS volume snapshots is requested, if set to `true`, will rescan all the snapshots regardless of their previous scan status. Otherwise, will scan only the snapshots that have not been
successfully scanned before.
Warning: this can be a very long and expensive process. Do not use this unless you know what you are doing!
-h, --help
Prints help information
--keep-last-clean
Keep last clean snapshot after scan. If both scan ransomware and malware were successful the created snapshot will be considered as clean and if this flag is used that snapshot will be preserved from
cleanup and if previous clean snapshot exists it will be deleted
--keep-last-infected
Keep last infected snapshot after scan. If one of scan either ransomware or malware was failed the created snapshot will be considered as infected and if this flag is used that snapshot will be preserved
from cleanup and if previous infected snapshot exists it will be deleted
--latest-ebs-volume-snapshot
If `--ebs-volume-snapshots` is specified: scan only the latest snapshot of the EBS volume
--monitor
After this operation is submitted as a background job, immediately start monitoring progress of the job
--no-incremental-malware-scan
Disallows to run incremental malware scan. This option makes sense only for scans of the asset that supports the concept of tiered storage, like S3 or EFS. For such assets, this option will make the scan
pull objects from the cold storage to the hot storage incurring additional costs.
By default incremental malware scan is allowed for EFS/S3 assets.
--send-event
Is sending events enabled
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--hostname-override <hostname-override>
The string to use instead of the system's hostname (foreground mode only)
--job-description-override <job-description-override>
The string to use instead of the job description generated from scan targets' names (foreground mode only)
--max-retries <max-retries>
Maximum number of times to retry failed network operations before giving up.
See also `retry_delay` which controls the time delay between retries. [default: 6]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--retry-delay <retry-delay>
Delay (in seconds) between an initial upload failure and the first retry.
This parameter sets the initial delay for repeating failed operations. If `fixed_retry_delay` is not set, with each failed attempt, the delay time will increase exponentially, up to the max retry limit.
The exponent is 2.71. [default: 3.0]
--ami <ami>
The ID for AMI to scan in format `ami-0beaa649c482330f7`. All EBS snapshots which are included in the AMI are scanned
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--aws-rp <aws-rp>
The ARN of the AWS recovery point to scan in format `arn:aws:ec2:us-east-2::image/ami-088bd3a021b0f7992`. All EBS snapshots which are included in the recovery point are scanned
--aws-vault <aws-vault>
The AWS vault in which to look for AWS Backup recovery point, or the Default vault if unspecified
--azure-data-protection-rp-id <azure-data-protection-rp-id>
ID of the Azure Data Protection Vault recovery point to scan
--azure-managed-disk-id <azure-managed-disk-id>
ID of the Azure managed disk to scan
--azure-managed-disk-snap-id <azure-managed-disk-snap-id>
ID of the Azure managed disk snapshot to scan
--azure-managed-disks-ids <azure-managed-disks-ids>...
A list of Azure managed disk IDs attached to the Azure VM to scan. If empty, all attached disks will be scanned
--azure-recovery-services-rp-id <azure-recovery-services-rp-id>
ID of the Azure Recovery Services Vault recovery point to scan
--azure-staging-storage-account-id <azure-staging-storage-account-id>
ID of the staging Azure Storage account, used as a temporary storage by Recovery Services recovery point restore job
--azure-vm-id <azure-vm-id>
ID of the Azure VM to scan
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--ebs-snapshot <ebs-snapshot>
The ID of the EBS snapshot to scan
--ebs-volume-id <ebs-volume-id>
The ID of the EBS volume to scan
--ec2-instance-id <ec2-instance-id>
The ID of the EC2 instance to scan
--efs-glob <efs-glob>
The glob pattern to filter files to scan in the EFS file system
--efs-id <efs-id>
The ID of the EFS file system to scan
--efs-path <efs-path>
The path to the directory to scan recursively in the EFS file system.
If no path is provided, and no glob via `--efs-glob`, then the entire EFS filesystem is scanned.
--event-bridge-bus <event-bridge-bus>
Name of the event bridge bus to use when sending events
--event-bridge-endpoint-id <event-bridge-endpoint-id>
Id of the EventBridge to use when sending events
--max-scan-errors-allowed <max-scan-errors-allowed>
How many scan errors are allowed before the scan is forcibly aborted [env: ELASTIO_MAX_SCAN_ERRORS_ALLOWED=]
--max-tar-entry-len <max-tar-entry-len>
When scanning TAR archive, allows to specify explicitly how many bytes of each file should be extracted from archive. Higher values may increase scan accuracy, lower values increase scan speed. Defaults to
512 KiB [default: 524288]
--mount-point <mount-point>...
Path to a mounted filesystem to scan.
Also can include optional name and description by using custom syntax with delimiters: "path=/mount/point/path/,name=mount_point_name,descr=mount point descr"
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
-p, --path <path>...
Path to directory or block device to scan
--reports-dir <reports-dir>
Specifies the directory where generated reports will be stored. If not specified, reports will not be written to the filesystem and will only be stored as attachments in an S3 bucket [env:
ELASTIO_REPORTS_DIR=]
--restored-resource-id <restored-resource-id>
In AWS Backup recovery test scenario, contains the ID of the temporary restored resource created from the AWS Backup recovery point.
It may be one of the following: - EFS filesystem ID (required for EFS RP) - S3 bucket name (required for S3 RP) - EBS volume ID - EC2 instance ID
This restored resource is used for reading the data. However, the reported scan results will be associated with the originally backed up resource, that is discovered from the `--aws-rp`.
More info: <https://github.com/elastio/contrib/tree/master/aws-backup-elastio-integration/elastio-api#request>
--rp <rp-id>
The ID of the recovery point to scan (can be obtained from `elastio rp list`)
--s3-bucket <s3-bucket>
The name of S3 bucket to scan
--s3-changelog-queues <s3-changelog-queues>...
URLs of the SQS queues where S3 changelog events are sent. This is used to optimize the scan by only scanning objects that have changed since the last scan.
If this parameter is not specified, then no changelogs are available, and thus the scan will list the bucket directly, which is inefficient for large buckets.
--s3-globs <s3-globs>...
One or more globs (using `*` and `?` characters as wildcards) to scan. By default the entire bucket will be scanned.
EXAMPLES: foo/*.tx? - Read all objects in the root directory `foo` with extension `.txa`, `.txb`, etc. foo/**/*.txt - Read all objects in any subdirectory of directory `foo` with extension `.txt`
--s3-keys <s3-keys>...
One or more S3 object keys, in the unlikely event that you want to only scan specific objects in the bucket
--s3-prefixes <s3-prefixes>...
One or more S3 prefixes (ending with a trailing `/`) to scan. By default the entire bucket will be scanned
--s3-timestamp-newer <s3-timestamp-newer>
Limit scan to objects with a timestamp equal to or newer than this specified timestamp.
The timestamp must be in RFC3339 format, e.g. `2021-01-01T00:00:00Z`.
--s3-timestamp-older <s3-timestamp-older>
Limit scan to objects with a timestamp equal to or older than this specified timestamp.
The timestamp must be in RFC3339 format, e.g. `2021-01-01T00:00:00Z`.
--scan-metadata-json <scan-metadata-json>
A JSON object with arbitrary metadata about the circumstances surrounding the scan, e.g. the kind of backup it came from and details about that backup
--snapshots-of-ebs-volume-id <snapshots-of-ebs-volume-id>
ID of the EBS volume whose snapshots should be scanned (does not scan this live volume; only one or more of its snapshots). Concrete snapshots to scan can be specified using `--latest`, `--all` or
`--fixed` options
--specific-ebs-volume-snapshot-ids <specific-ebs-volume-snapshot-ids>...
If `--ebs-volume-snapshots` is specified: scan only the specified snapshots of the EBS volume in chronological order
--timeout-seconds <timeout-seconds>
Overrides job execution params. Note that this setting currently affect only jobs started in background mode
--event-bridge-user-data <user-data>
Data that will not be parsed and will simply be reproduced in the resulting `EventBridge` scan results event
--vault <vault>
The name of the vault to store the backup. When doing Elastio integrity check of AWS resources, vault is used for storing scans metadata which is needed to perform incremental scans
--volume-ids <volume-ids>...
A list of EBS volume IDs attached to EC2 instance to scan. If empty, all attached volumes will be scanned
SUBCOMMANDS:
full Scan for malware binaries and signs of detonated ransomware
full-and-entropy-detection Assorted incremental model options which affect detection accuracy. At some extent intersect with [`crate::ransomware::models::base_model::contracts::config::ScanConfig`]
because: - Base model may be used if incremental analysis is impossible. - Incremental model uses the same algorithms as the base model. See
<https://docs.google.com/document/d/1u1KSeU_F2YL0KipZPSCbIsQixu0QauCkm0Gs_6DxbBE> for explanation what each option means
help Prints this message or the help of the given subcommand(s)
malware Scan for malware binaries
ransomware Scan for signs of detonated ransomware (files encrypted or corrupted by ransomware)
ransomware-and-entropy-detection Assorted incremental model options which affect detection accuracy. At some extent intersect with [`crate::ransomware::models::base_model::contracts::config::ScanConfig`]
because: - Base model may be used if incremental analysis is impossible. - Incremental model uses the same algorithms as the base model. See
<https://docs.google.com/document/d/1u1KSeU_F2YL0KipZPSCbIsQixu0QauCkm0Gs_6DxbBE> for explanation what each option means
EXAMPLES:
# Scan the recovery point using default scan parameters
elastio iscan --rp r-dfcq4cye5ddq9hvssfgoubr3
# Scan the recovery point for signs of dormant malware
elastio iscan --rp r-dfcq4cye5ddq9hvssfgoubr3 malware
elastio iscan full
elastio-iscan-full 0.31.81
Scan for malware binaries and signs of detonated ransomware
USAGE:
elastio iscan <--path <path>...|--mount-point <mount-point>...|--rp <rp-id>|--ebs-snapshot <ebs-snapshot>|--ami <ami>|--aws-rp <aws-rp>|--efs-id <efs-id>|--s3-bucket <s3-bucket>|--ebs-volume-id <ebs-volume-id>|--ec2-instance-id <ec2-instance-id>|--azure-managed-disk-snap-id <azure-managed-disk-snap-id>|--azure-managed-disk-id <azure-managed-disk-id>|--azure-vm-id <azure-vm-id>|--azure-data-protection-rp-id <azure-data-protection-rp-id>|--azure-recovery-services-rp-id <azure-recovery-services-rp-id>|--snapshots-of-ebs-volume-id <snapshots-of-ebs-volume-id>> full [FLAGS] [OPTIONS]
FLAGS:
-h, --help
Prints help information
--skip-archives
Don't look inside archives and return "clean" verdict for them.
Note that ZIP archives in "store" mode will still be scanned.
Q: What is an archive? A: For the antimalware engine, an archive is not just a "zip" or a "rar". This is any file type which could (but not necessarily does) contain one or more files. For example, an e-
mail message with BASE64-encoded attachments is a typical archive.
Q: How are archives scanned if `--skip-archives` flag is not set? A: Archives are scanned recursively, which means that if there is another archive found inside the initial archive, it will also be
entered, scanned, and so on.
--skip-email
Don't scan e-mail or databases files
--skip-packed
Don't unpack or deobfuscate the content of scanned objects.
This includes, but is not limited to, the following types of files:
- Packed or obfuscated executables, which are packed with an executable packer (such as UPX) or obfuscated with an executable protector (such as ASProtect);
- Packed or obfuscated PowerShell scripts. This includes not only standalone scripts, but also scripts and PowerShell invoking command-lines extracted from documents, installers or registry;
- Packed or obfuscated VBScript, JavaScript and AutoIt scripts, including standalone scripts and those extracted from documents, installers or registry.
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--amdb-path <amdb-path>
Full path to the anti-malware database directory. The path must be absolute, must exist and be writable
--max-parallel-file-scans <max-parallel-file-scans>
The number of directory traversal jobs to run in parallel [default: 4]
--max-parallel-scans <max-parallel-scans>
Maximum number of simultaneous parallel scans [env: ISCAN_ANTI_MALWARE_MAX_PARALLEL_SCANS=]
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--path-log <path-log>
The absolute path to the log file created by `iscan-am-server`. If not present, no log will be written
--ransomware-debug-info <settings>
Whether to collect debugging information.
Note that without debugging information it will be difficult, if not impossible, to explain results of a particular ransomware scan and improve the detection model if the results are incorrect. [default:
enabled] [possible values: enabled, disabled]
-s, --socket <socket>
IPv4 IP address and port separated by colon, or a full absolute path to the Unix domain socket the server listens on. If not set - temporary socket file will be created
elastio iscan full-and-entropy-detection
elastio-iscan-full-and-entropy-detection 0.31.81
Assorted incremental model options which affect detection accuracy. At some extent intersect with [`crate::ransomware::models::base_model::contracts::config::ScanConfig`] because: - Base model may be used if
incremental analysis is impossible. - Incremental model uses the same algorithms as the base model. See <https://docs.google.com/document/d/1u1KSeU_F2YL0KipZPSCbIsQixu0QauCkm0Gs_6DxbBE> for explanation what each
option means.
NOTE: To prevent runtime conflicts in the Elastio CLI due to the flattening of configurations from both the base and incremental models, explicit renaming of arguments has been performed. This ensures that each
argument maintains a unique identifier, eliminating potential overlaps that could arise from the shared fields in the flattened structs.
USAGE:
elastio iscan <--path <path>...|--mount-point <mount-point>...|--rp <rp-id>|--ebs-snapshot <ebs-snapshot>|--ami <ami>|--aws-rp <aws-rp>|--efs-id <efs-id>|--s3-bucket <s3-bucket>|--ebs-volume-id <ebs-volume-id>|--ec2-instance-id <ec2-instance-id>|--azure-managed-disk-snap-id <azure-managed-disk-snap-id>|--azure-managed-disk-id <azure-managed-disk-id>|--azure-vm-id <azure-vm-id>|--azure-data-protection-rp-id <azure-data-protection-rp-id>|--azure-recovery-services-rp-id <azure-recovery-services-rp-id>|--snapshots-of-ebs-volume-id <snapshots-of-ebs-volume-id>> full-and-entropy-detection [FLAGS] [OPTIONS]
FLAGS:
-h, --help
Prints help information
--skip-archives
Don't look inside archives and return "clean" verdict for them.
Note that ZIP archives in "store" mode will still be scanned.
Q: What is an archive? A: For the antimalware engine, an archive is not just a "zip" or a "rar". This is any file type which could (but not necessarily does) contain one or more files. For example, an e-
mail message with BASE64-encoded attachments is a typical archive.
Q: How are archives scanned if `--skip-archives` flag is not set? A: Archives are scanned recursively, which means that if there is another archive found inside the initial archive, it will also be
entered, scanned, and so on.
--skip-email
Don't scan e-mail or databases files
--skip-packed
Don't unpack or deobfuscate the content of scanned objects.
This includes, but is not limited to, the following types of files:
- Packed or obfuscated executables, which are packed with an executable packer (such as UPX) or obfuscated with an executable protector (such as ASProtect);
- Packed or obfuscated PowerShell scripts. This includes not only standalone scripts, but also scripts and PowerShell invoking command-lines extracted from documents, installers or registry;
- Packed or obfuscated VBScript, JavaScript and AutoIt scripts, including standalone scripts and those extracted from documents, installers or registry.
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--amdb-path <amdb-path>
Full path to the anti-malware database directory. The path must be absolute, must exist and be writable
--incr-model-max-parallel-file-scans <incr-model-max-parallel-file-scans>
[default: 4]
--max-parallel-file-scans <max-parallel-file-scans>
The number of directory traversal jobs to run in parallel [default: 4]
--max-parallel-scans <max-parallel-scans>
Maximum number of simultaneous parallel scans [env: ISCAN_ANTI_MALWARE_MAX_PARALLEL_SCANS=]
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--path-log <path-log>
The absolute path to the log file created by `iscan-am-server`. If not present, no log will be written
--ransomware-debug-info <settings>
Whether to collect debugging information.
Note that without debugging information it will be difficult, if not impossible, to explain results of a particular ransomware scan and improve the detection model if the results are incorrect. [default:
enabled] [possible values: enabled, disabled]
-s, --socket <socket>
IPv4 IP address and port separated by colon, or a full absolute path to the Unix domain socket the server listens on. If not set - temporary socket file will be created
elastio iscan malware
elastio-iscan-malware 0.31.81
Scan for malware binaries
USAGE:
elastio iscan <--path <path>...|--mount-point <mount-point>...|--rp <rp-id>|--ebs-snapshot <ebs-snapshot>|--ami <ami>|--aws-rp <aws-rp>|--efs-id <efs-id>|--s3-bucket <s3-bucket>|--ebs-volume-id <ebs-volume-id>|--ec2-instance-id <ec2-instance-id>|--azure-managed-disk-snap-id <azure-managed-disk-snap-id>|--azure-managed-disk-id <azure-managed-disk-id>|--azure-vm-id <azure-vm-id>|--azure-data-protection-rp-id <azure-data-protection-rp-id>|--azure-recovery-services-rp-id <azure-recovery-services-rp-id>|--snapshots-of-ebs-volume-id <snapshots-of-ebs-volume-id>> malware [FLAGS] [OPTIONS]
FLAGS:
-h, --help
Prints help information
--skip-archives
Don't look inside archives and return "clean" verdict for them.
Note that ZIP archives in "store" mode will still be scanned.
Q: What is an archive? A: For the antimalware engine, an archive is not just a "zip" or a "rar". This is any file type which could (but not necessarily does) contain one or more files. For example, an e-
mail message with BASE64-encoded attachments is a typical archive.
Q: How are archives scanned if `--skip-archives` flag is not set? A: Archives are scanned recursively, which means that if there is another archive found inside the initial archive, it will also be
entered, scanned, and so on.
--skip-email
Don't scan e-mail or databases files
--skip-packed
Don't unpack or deobfuscate the content of scanned objects.
This includes, but is not limited to, the following types of files:
- Packed or obfuscated executables, which are packed with an executable packer (such as UPX) or obfuscated with an executable protector (such as ASProtect);
- Packed or obfuscated PowerShell scripts. This includes not only standalone scripts, but also scripts and PowerShell invoking command-lines extracted from documents, installers or registry;
- Packed or obfuscated VBScript, JavaScript and AutoIt scripts, including standalone scripts and those extracted from documents, installers or registry.
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--amdb-path <amdb-path>
Full path to the anti-malware database directory. The path must be absolute, must exist and be writable
--max-parallel-scans <max-parallel-scans>
Maximum number of simultaneous parallel scans [env: ISCAN_ANTI_MALWARE_MAX_PARALLEL_SCANS=]
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--path-log <path-log>
The absolute path to the log file created by `iscan-am-server`. If not present, no log will be written
-s, --socket <socket>
IPv4 IP address and port separated by colon, or a full absolute path to the Unix domain socket the server listens on. If not set - temporary socket file will be created
elastio iscan ransomware
elastio-iscan-ransomware 0.31.81
Scan for signs of detonated ransomware (files encrypted or corrupted by ransomware)
USAGE:
elastio iscan <--path <path>...|--mount-point <mount-point>...|--rp <rp-id>|--ebs-snapshot <ebs-snapshot>|--ami <ami>|--aws-rp <aws-rp>|--efs-id <efs-id>|--s3-bucket <s3-bucket>|--ebs-volume-id <ebs-volume-id>|--ec2-instance-id <ec2-instance-id>|--azure-managed-disk-snap-id <azure-managed-disk-snap-id>|--azure-managed-disk-id <azure-managed-disk-id>|--azure-vm-id <azure-vm-id>|--azure-data-protection-rp-id <azure-data-protection-rp-id>|--azure-recovery-services-rp-id <azure-recovery-services-rp-id>|--snapshots-of-ebs-volume-id <snapshots-of-ebs-volume-id>> ransomware [FLAGS] [OPTIONS]
FLAGS:
-h, --help
Prints help information
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--debug-info <settings>
Whether to collect debugging information.
Note that without debugging information it will be difficult, if not impossible, to explain results of a particular ransomware scan and improve the detection model if the results are incorrect. [default:
enabled] [possible values: enabled, disabled]
--max-parallel-file-scans <max-parallel-file-scans>
The number of directory traversal jobs to run in parallel [default: 4]
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
elastio iscan ransomware-and-entropy-detection
elastio-iscan-ransomware-and-entropy-detection 0.31.81
Assorted incremental model options which affect detection accuracy. At some extent intersect with [`crate::ransomware::models::base_model::contracts::config::ScanConfig`] because: - Base model may be used if
incremental analysis is impossible. - Incremental model uses the same algorithms as the base model. See <https://docs.google.com/document/d/1u1KSeU_F2YL0KipZPSCbIsQixu0QauCkm0Gs_6DxbBE> for explanation what each
option means.
NOTE: To prevent runtime conflicts in the Elastio CLI due to the flattening of configurations from both the base and incremental models, explicit renaming of arguments has been performed. This ensures that each
argument maintains a unique identifier, eliminating potential overlaps that could arise from the shared fields in the flattened structs.
USAGE:
elastio iscan <--path <path>...|--mount-point <mount-point>...|--rp <rp-id>|--ebs-snapshot <ebs-snapshot>|--ami <ami>|--aws-rp <aws-rp>|--efs-id <efs-id>|--s3-bucket <s3-bucket>|--ebs-volume-id <ebs-volume-id>|--ec2-instance-id <ec2-instance-id>|--azure-managed-disk-snap-id <azure-managed-disk-snap-id>|--azure-managed-disk-id <azure-managed-disk-id>|--azure-vm-id <azure-vm-id>|--azure-data-protection-rp-id <azure-data-protection-rp-id>|--azure-recovery-services-rp-id <azure-recovery-services-rp-id>|--snapshots-of-ebs-volume-id <snapshots-of-ebs-volume-id>> ransomware-and-entropy-detection [FLAGS] [OPTIONS]
FLAGS:
-h, --help
Prints help information
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--debug-info <settings>
Whether to collect debugging information.
Note that without debugging information it will be difficult, if not impossible, to explain results of a particular ransomware scan and improve the detection model if the results are incorrect. [default:
enabled] [possible values: enabled, disabled]
--incr-model-max-parallel-file-scans <incr-model-max-parallel-file-scans>
[default: 4]
--max-parallel-file-scans <max-parallel-file-scans>
The number of directory traversal jobs to run in parallel [default: 4]
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
elastio job
elastio-job 0.31.81
List and manage Elastio jobs
USAGE:
elastio job [FLAGS] [OPTIONS] <SUBCOMMAND>
FLAGS:
-h, --help
Prints help information
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
SUBCOMMANDS:
abort Abort the specified job
force-abort Abort jobs without specifying of an abort token
help Prints this message or the help of the given subcommand(s)
list List all active jobs for the given vault
monitor Monitor the specified job
output Get the job's output. The output is a JSON object with the job's results in the case of successful execution, or a JSON object with the error information in the job failure case
run Run a custom background job
elastio job abort
elastio-job-abort 0.31.81
Abort the specified job
USAGE:
elastio job abort [FLAGS] [OPTIONS] --abort-token <abort-token> --job-id <job-id>
FLAGS:
-h, --help
Prints help information
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--abort-token <abort-token>
Job's abort token
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--job-id <job-id>
Job's ID
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
elastio job force-abort
elastio-job-force-abort 0.31.81
Abort jobs without specifying of an abort token
USAGE:
elastio job force-abort [FLAGS] [OPTIONS]
FLAGS:
--all
Abort all jobs that exist in account
-h, --help
Prints help information
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--job-ids <job-ids>
The job ID(s) of the job(s) to forcibly abort. Separate multiple IDs with commas(',') like: id1,id2,id3
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--vaults <vaults>
Abort all job(s) associated with the specified vault(s). Separate multiple vaults with commas(',') like: vault1,vault2,vault3
elastio job list
elastio-job-list 0.31.81
List all active jobs for the given vault
USAGE:
elastio job list [FLAGS] [OPTIONS]
FLAGS:
--all
Lists all jobs
-h, --help
Prints help information
--terminal
List all jobs in any terminal state, successful and otherwise
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--exclude <exclude>...
List all jobs except one with specified status (standard or/and custom). Allowed standard statuses: `['P/pending', 'S/starting', 'R/running', 'F/failed', 'A/aborted', 'S/successful']`
--kind <kind>...
Job kind filter
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--status <status>...
Status filter. There can be specified standard or custom status. Allowed standard statuses: `['P/pending', 'S/starting', 'R/running', 'F/failed', 'A/aborted', 'S/successful']`
--vault <vault>
Name of the vault on which jobs are operating. If not specified the jobs of the default vault will be listed
elastio job monitor
elastio-job-monitor 0.31.81
Monitor the specified job
USAGE:
elastio job monitor [FLAGS] [OPTIONS] --job-id <job-id>
FLAGS:
-h, --help
Prints help information
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--job-id <job-id>
Id of a job to monitor
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--tick-rate <tick-rate>
A tick rate that determines how often jobs are polled for updates in seconds
elastio job output
elastio-job-output 0.31.81
Get the job's output. The output is a JSON object with the job's results in the case of successful execution, or a JSON object with the error information in the job failure case
USAGE:
elastio job output [FLAGS] [OPTIONS] --job-id <job-id>
FLAGS:
--data-only
Output only job data without job results. This option can be applied to jobs in any state, not only terminal
-h, --help
Prints help information
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--job-id <job-id>
Job's ID
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
elastio job run
elastio-job-run 0.31.81
Run a custom background job
If none of the --file --params --param arguments are specified reads JSON from STDIN
USAGE:
elastio job run [FLAGS] [OPTIONS] <job-kind>
FLAGS:
-h, --help
Prints help information
--no-progress
Don't monitor the job
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
-f, --file <file>
A JSON file with job parameters
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--param <param-list>...
A list of parameters in the "param_name=param_value" format from which JSON payload for the job will be constructed
--params <params>
A JSON string containing the job's parameters
--shard <shard>
Overrides a name of the shard in the "shard" parameter. If "shard" parameter is not specified takes no effect. This is useful when you want to try a command for a different vault/shard without changing a
configuration file or hardcoded JSON
--vault <vault>
Overrides a name of the vault in the "shard" parameter. If "shard" parameter is not specified takes no effect. This is useful when you want to try a command for a different vault/shard without changing a
configuration file or hardcoded JSON
ARGS:
<job-kind>
A job kind (like `elastio:aws:ebs:backup`) that identifies the job. There must be a job definition deployed in your account with "elastio:jd:kind" tag that contains a provided value
elastio leases
elastio-leases 0.31.81
Manage leases
USAGE:
elastio leases [FLAGS] [OPTIONS] <SUBCOMMAND>
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
-v, --verbose Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--output-format <output-format> The output format for cli results [default: text] [possible values: json, text]
SUBCOMMANDS:
help Prints this message or the help of the given subcommand(s)
list List all leases
elastio leases list
elastio-leases-list 0.31.81
List all leases
USAGE:
elastio leases list [FLAGS] [OPTIONS]
FLAGS:
-h, --help
Prints help information
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
elastio mount
elastio-mount 0.31.81
Mount recovery points as local NBD devices
USAGE:
elastio mount [FLAGS] [OPTIONS] <SUBCOMMAND>
FLAGS:
-h, --help
Prints help information
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
SUBCOMMANDS:
ami Mount a specific AMI. All EBS snapshots which are included in the AMI will be mounted
aws-rp Mount a specific AWS Backup recovery point. Supports EC2 and EBS backups. If the recovery point represents EC2 backup, mounts all EBS snapshots which are included in the recovery
point
azure-managed-disk-snapshot Mount a specific Azure managed disk snapshot
ebs-snapshot Mount a specific EBS snapshot
efs Mount a specific AWS EFS filesystem
help Prints this message or the help of the given subcommand(s)
list Show information about existing mounts
rp Mount a specific recovery point
s3-bucket Mount an S3 bucket
umount Dismount mounted recovery points
elastio mount ami
elastio-mount-ami 0.31.81
Mount a specific AMI. All EBS snapshots which are included in the AMI will be mounted
USAGE:
elastio mount ami [FLAGS] [OPTIONS] --id <ami> [from[:to]]...
FLAGS:
--attach-only
Attach backup block devices via NBD but do not attempt to mount any filesystems
--fail-on-marketplace-volumes
If `true`, will fail to mount the snapshot if it was created from a AWS Marketplace volume. Otherwise, will perform mount using EBS Direct API
-h, --help
Prints help information
--no-verify-chunks
Disable verification of chunk hashes on read.
By default each chunk's hash is computed after reading, and compared with the expected hash, to detect corruption anywhere in the read path. This should not be disabled except in cases where the
performance impact of the hash computation would be unacceptable.
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--id <ami>
The ID for AMI to mount in format `ami-0beaa649c482330f7`
--backing-file-dir <backing-file-dir>
A path to a directory where special file that will accumulate written data will be placed. The underlying device should have enough free space depending on how many changes are going to be written. If
writable mount is requested and path is not specified, temp directory will be used instead
--bitmap-file-dir <bitmap-file-dir>
A path to a directory where special bitmap file which stores information about written areas will be placed. If writable mount is requested and path is not specified, temp directory will be used instead
--max-cached-chunks <max-cached-chunks>
The maximum number of chunks to cache during read operations. The default value of `0` means use reasonable defaults [default: 0]
--max-cached-slices <max-cached-slices>
The maximum number of segment slices to cache during read operations. The default value of `0` means use reasonable defaults [default: 0]
--max-concurrency <max-concurrency>
The value describes how many data blocks of `write_buffer_len` length CLI will read in parallel. The default value of `0` means use reasonable defaults [default: 0]
--max-download-concurrency <max-download-concurrency>
The value describes how many concurrent data chunk download operations CLI may initiate. The default value of `0` means use reasonable defaults [default: 0]
--max-process-concurrency <max-process-concurrency>
The value describes how many concurrent data chunk decompress/decrypt operations CLI may initiate. The default value of `0` means use reasonable defaults [default: 0]
--mount-options <mount-options="">
Options which will be used to mount devices. Specify in the following way: `--mount-options="$OPTIONS"`
--mount-type <mount-type>
How to perform the mount, possible values:
'ro' - mounts devices in read-only mode, no writes are allowed.
'rw' - mounts devices in writable mode, the changed data is stored in the special backing
file, the recovery point stays unmodified. If the same recovery point was mounted in
writable mode before, all previous changes are discarded.
'pw' - mounts devices in read-only mode, but the changes done during previous writable mount
are preserved and available.
[default: ro] [possible values: ro, rw, pw]
--nbd-client-args <nbd-client-args="">
Arguments which will be used to attach devices via NBD. Specify in the following way: `--nbd-client-args="$OPTIONS"`
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--read-instructions-cache-line-size <read-instructions-cache-line-size>
Minimum size of read data instructions. If not explicitly set, will use the reasonable default. Default is 64MB.
To change size insert value in bytes. It is not recommended to make this value smaller than default.
Any reads less than this size are expanded into the minimum size for better performance.
--read-instructions-cache-size <read-instructions-cache-size>
The size of the read instructions cache. If not set, a reasonable default will automatically be used. Default is 256
--stride-len <stride-len>
The size in bytes of each metadata read operation. The default value of `0` means use reasonable defaults [default: 0]
--write-buffer-len <write-buffer-len>
The size (in bytes) of single data portion that allows to achieve the best write performance. It may depend on the nature of restore target and environment parameters. The default value of `0` means use
reasonable defaults [default: 0]
ARGS:
<from[:to]>...
Source and destination file paths, separated with ':'.
Multiple <from[:to]> pairs are space-separated.
If destination is not specified the command will be automatically generate
a mount point under `/media/elastio/` directory
elastio mount aws-rp
elastio-mount-aws-rp 0.31.81
Mount a specific AWS Backup recovery point. Supports EC2 and EBS backups. If the recovery point represents EC2 backup, mounts all EBS snapshots which are included in the recovery point
USAGE:
elastio mount aws-rp [FLAGS] [OPTIONS] --arn <aws-rp> [from[:to]]...
FLAGS:
--attach-only
Attach backup block devices via NBD but do not attempt to mount any filesystems
--fail-on-marketplace-volumes
If `true`, will fail to mount the snapshot if it was created from a AWS Marketplace volume. Otherwise, will perform mount using EBS Direct API
-h, --help
Prints help information
--no-verify-chunks
Disable verification of chunk hashes on read.
By default each chunk's hash is computed after reading, and compared with the expected hash, to detect corruption anywhere in the read path. This should not be disabled except in cases where the
performance impact of the hash computation would be unacceptable.
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--arn <aws-rp>
The ARN of the AWS recovery point to mount in format `arn:aws:ec2:us-east-2::image/ami-088bd3a021b0f7992`
--aws-vault <aws-vault>
The AWS vault in which to look for this recovery point, or the Default vault if unspecified
--backing-file-dir <backing-file-dir>
A path to a directory where special file that will accumulate written data will be placed. The underlying device should have enough free space depending on how many changes are going to be written. If
writable mount is requested and path is not specified, temp directory will be used instead
--bitmap-file-dir <bitmap-file-dir>
A path to a directory where special bitmap file which stores information about written areas will be placed. If writable mount is requested and path is not specified, temp directory will be used instead
--max-cached-chunks <max-cached-chunks>
The maximum number of chunks to cache during read operations. The default value of `0` means use reasonable defaults [default: 0]
--max-cached-slices <max-cached-slices>
The maximum number of segment slices to cache during read operations. The default value of `0` means use reasonable defaults [default: 0]
--max-concurrency <max-concurrency>
The value describes how many data blocks of `write_buffer_len` length CLI will read in parallel. The default value of `0` means use reasonable defaults [default: 0]
--max-download-concurrency <max-download-concurrency>
The value describes how many concurrent data chunk download operations CLI may initiate. The default value of `0` means use reasonable defaults [default: 0]
--max-process-concurrency <max-process-concurrency>
The value describes how many concurrent data chunk decompress/decrypt operations CLI may initiate. The default value of `0` means use reasonable defaults [default: 0]
--mount-options <mount-options="">
Options which will be used to mount devices. Specify in the following way: `--mount-options="$OPTIONS"`
--mount-type <mount-type>
How to perform the mount, possible values:
'ro' - mounts devices in read-only mode, no writes are allowed.
'rw' - mounts devices in writable mode, the changed data is stored in the special backing
file, the recovery point stays unmodified. If the same recovery point was mounted in
writable mode before, all previous changes are discarded.
'pw' - mounts devices in read-only mode, but the changes done during previous writable mount
are preserved and available.
[default: ro] [possible values: ro, rw, pw]
--nbd-client-args <nbd-client-args="">
Arguments which will be used to attach devices via NBD. Specify in the following way: `--nbd-client-args="$OPTIONS"`
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--read-instructions-cache-line-size <read-instructions-cache-line-size>
Minimum size of read data instructions. If not explicitly set, will use the reasonable default. Default is 64MB.
To change size insert value in bytes. It is not recommended to make this value smaller than default.
Any reads less than this size are expanded into the minimum size for better performance.
--read-instructions-cache-size <read-instructions-cache-size>
The size of the read instructions cache. If not set, a reasonable default will automatically be used. Default is 256
--stride-len <stride-len>
The size in bytes of each metadata read operation. The default value of `0` means use reasonable defaults [default: 0]
--write-buffer-len <write-buffer-len>
The size (in bytes) of single data portion that allows to achieve the best write performance. It may depend on the nature of restore target and environment parameters. The default value of `0` means use
reasonable defaults [default: 0]
ARGS:
<from[:to]>...
Source and destination file paths, separated with ':'.
Multiple <from[:to]> pairs are space-separated.
If destination is not specified the command will be automatically generate
a mount point under `/media/elastio/` directory
elastio mount azure-managed-disk-snapshot
elastio-mount-azure-managed-disk-snapshot 0.31.81
Mount a specific Azure managed disk snapshot
USAGE:
elastio mount azure-managed-disk-snapshot [FLAGS] [OPTIONS] --id <azure-managed-disk-snapshot-id> [from[:to]]...
FLAGS:
--attach-only
Attach backup block devices via NBD but do not attempt to mount any filesystems
--fail-on-marketplace-volumes
If `true`, will fail to mount the snapshot if it was created from a AWS Marketplace volume. Otherwise, will perform mount using EBS Direct API
-h, --help
Prints help information
--no-verify-chunks
Disable verification of chunk hashes on read.
By default each chunk's hash is computed after reading, and compared with the expected hash, to detect corruption anywhere in the read path. This should not be disabled except in cases where the
performance impact of the hash computation would be unacceptable.
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--id <azure-managed-disk-snapshot-id>
ID of the Azure managed disk snapshot to mount
--backing-file-dir <backing-file-dir>
A path to a directory where special file that will accumulate written data will be placed. The underlying device should have enough free space depending on how many changes are going to be written. If
writable mount is requested and path is not specified, temp directory will be used instead
--bitmap-file-dir <bitmap-file-dir>
A path to a directory where special bitmap file which stores information about written areas will be placed. If writable mount is requested and path is not specified, temp directory will be used instead
--max-cached-chunks <max-cached-chunks>
The maximum number of chunks to cache during read operations. The default value of `0` means use reasonable defaults [default: 0]
--max-cached-slices <max-cached-slices>
The maximum number of segment slices to cache during read operations. The default value of `0` means use reasonable defaults [default: 0]
--max-concurrency <max-concurrency>
The value describes how many data blocks of `write_buffer_len` length CLI will read in parallel. The default value of `0` means use reasonable defaults [default: 0]
--max-download-concurrency <max-download-concurrency>
The value describes how many concurrent data chunk download operations CLI may initiate. The default value of `0` means use reasonable defaults [default: 0]
--max-process-concurrency <max-process-concurrency>
The value describes how many concurrent data chunk decompress/decrypt operations CLI may initiate. The default value of `0` means use reasonable defaults [default: 0]
--mount-options <mount-options="">
Options which will be used to mount devices. Specify in the following way: `--mount-options="$OPTIONS"`
--mount-type <mount-type>
How to perform the mount, possible values:
'ro' - mounts devices in read-only mode, no writes are allowed.
'rw' - mounts devices in writable mode, the changed data is stored in the special backing
file, the recovery point stays unmodified. If the same recovery point was mounted in
writable mode before, all previous changes are discarded.
'pw' - mounts devices in read-only mode, but the changes done during previous writable mount
are preserved and available.
[default: ro] [possible values: ro, rw, pw]
--nbd-client-args <nbd-client-args="">
Arguments which will be used to attach devices via NBD. Specify in the following way: `--nbd-client-args="$OPTIONS"`
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--read-instructions-cache-line-size <read-instructions-cache-line-size>
Minimum size of read data instructions. If not explicitly set, will use the reasonable default. Default is 64MB.
To change size insert value in bytes. It is not recommended to make this value smaller than default.
Any reads less than this size are expanded into the minimum size for better performance.
--read-instructions-cache-size <read-instructions-cache-size>
The size of the read instructions cache. If not set, a reasonable default will automatically be used. Default is 256
--stride-len <stride-len>
The size in bytes of each metadata read operation. The default value of `0` means use reasonable defaults [default: 0]
--write-buffer-len <write-buffer-len>
The size (in bytes) of single data portion that allows to achieve the best write performance. It may depend on the nature of restore target and environment parameters. The default value of `0` means use
reasonable defaults [default: 0]
ARGS:
<from[:to]>...
Source and destination file paths, separated with ':'.
Multiple <from[:to]> pairs are space-separated.
If destination is not specified the command will be automatically generate
a mount point under `/media/elastio/` directory
elastio mount ebs-snapshot
elastio-mount-ebs-snapshot 0.31.81
Mount a specific EBS snapshot
USAGE:
elastio mount ebs-snapshot [FLAGS] [OPTIONS] --id <ebs-snapshot> [from[:to]]...
FLAGS:
--attach-only
Attach backup block devices via NBD but do not attempt to mount any filesystems
--fail-on-marketplace-volumes
If `true`, will fail to mount the snapshot if it was created from a AWS Marketplace volume. Otherwise, will perform mount using EBS Direct API
-h, --help
Prints help information
--no-verify-chunks
Disable verification of chunk hashes on read.
By default each chunk's hash is computed after reading, and compared with the expected hash, to detect corruption anywhere in the read path. This should not be disabled except in cases where the
performance impact of the hash computation would be unacceptable.
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--backing-file-dir <backing-file-dir>
A path to a directory where special file that will accumulate written data will be placed. The underlying device should have enough free space depending on how many changes are going to be written. If
writable mount is requested and path is not specified, temp directory will be used instead
--bitmap-file-dir <bitmap-file-dir>
A path to a directory where special bitmap file which stores information about written areas will be placed. If writable mount is requested and path is not specified, temp directory will be used instead
--id <ebs-snapshot>
ID of the EBS snapshot to mount
--max-cached-chunks <max-cached-chunks>
The maximum number of chunks to cache during read operations. The default value of `0` means use reasonable defaults [default: 0]
--max-cached-slices <max-cached-slices>
The maximum number of segment slices to cache during read operations. The default value of `0` means use reasonable defaults [default: 0]
--max-concurrency <max-concurrency>
The value describes how many data blocks of `write_buffer_len` length CLI will read in parallel. The default value of `0` means use reasonable defaults [default: 0]
--max-download-concurrency <max-download-concurrency>
The value describes how many concurrent data chunk download operations CLI may initiate. The default value of `0` means use reasonable defaults [default: 0]
--max-process-concurrency <max-process-concurrency>
The value describes how many concurrent data chunk decompress/decrypt operations CLI may initiate. The default value of `0` means use reasonable defaults [default: 0]
--mount-options <mount-options="">
Options which will be used to mount devices. Specify in the following way: `--mount-options="$OPTIONS"`
--mount-type <mount-type>
How to perform the mount, possible values:
'ro' - mounts devices in read-only mode, no writes are allowed.
'rw' - mounts devices in writable mode, the changed data is stored in the special backing
file, the recovery point stays unmodified. If the same recovery point was mounted in
writable mode before, all previous changes are discarded.
'pw' - mounts devices in read-only mode, but the changes done during previous writable mount
are preserved and available.
[default: ro] [possible values: ro, rw, pw]
--nbd-client-args <nbd-client-args="">
Arguments which will be used to attach devices via NBD. Specify in the following way: `--nbd-client-args="$OPTIONS"`
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--read-instructions-cache-line-size <read-instructions-cache-line-size>
Minimum size of read data instructions. If not explicitly set, will use the reasonable default. Default is 64MB.
To change size insert value in bytes. It is not recommended to make this value smaller than default.
Any reads less than this size are expanded into the minimum size for better performance.
--read-instructions-cache-size <read-instructions-cache-size>
The size of the read instructions cache. If not set, a reasonable default will automatically be used. Default is 256
--stride-len <stride-len>
The size in bytes of each metadata read operation. The default value of `0` means use reasonable defaults [default: 0]
--write-buffer-len <write-buffer-len>
The size (in bytes) of single data portion that allows to achieve the best write performance. It may depend on the nature of restore target and environment parameters. The default value of `0` means use
reasonable defaults [default: 0]
ARGS:
<from[:to]>...
Source and destination file paths, separated with ':'.
Multiple <from[:to]> pairs are space-separated.
If destination is not specified the command will be automatically generate
a mount point under `/media/elastio/` directory
elastio mount efs
elastio-mount-efs 0.31.81
Mount a specific AWS EFS filesystem
USAGE:
elastio mount efs [FLAGS] [OPTIONS] --filesystem-id <filesystem-id>
FLAGS:
-h, --help
Prints help information
--iam-auth
Use IAM authorization for connection to the EFS
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--access-point <access-point>
Specific access point to mount.
By default we mount an entire file system.
--filesystem-id <filesystem-id>
Elastic File System ID, like: 'fs-03d27106fec05c952'
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
elastio mount list
elastio-mount-list 0.31.81
Show information about existing mounts
USAGE:
elastio mount list [FLAGS] [OPTIONS]
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
-v, --verbose Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--output-format <output-format> The output format for cli results [default: text] [possible values: json, text]
elastio mount rp
elastio-mount-rp 0.31.81
Mount a specific recovery point.
Mount all devices in the recovery point by default, but can be limited to a subset of devices
USAGE:
elastio mount rp [FLAGS] [OPTIONS] --rp <rp-id> [from[:to]]...
FLAGS:
--fixed-retry-delay
Change default behaviour of exponential delay increase between retries to fixed. This can be helpful in case if you have a very bad connection and set `max_retries` option to a high value. In case of
exponential delay high `max_retries` value may lead to years of delay. Using `fixed_retry_delay` will fix this problem
--attach-only
Attach backup block devices via NBD but do not attempt to mount any filesystems
--fail-on-marketplace-volumes
If `true`, will fail to mount the snapshot if it was created from a AWS Marketplace volume. Otherwise, will perform mount using EBS Direct API
-h, --help
Prints help information
--ignore-name-tag
Skip adding the 'Name' tag values, if they exist, to the mount points
--no-verify-chunks
Disable verification of chunk hashes on read.
By default each chunk's hash is computed after reading, and compared with the expected hash, to detect corruption anywhere in the read path. This should not be disabled except in cases where the
performance impact of the hash computation would be unacceptable.
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--max-retries <max-retries>
Maximum number of times to retry failed network operations before giving up.
See also `retry_delay` which controls the time delay between retries. [default: 6]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--retry-delay <retry-delay>
Delay (in seconds) between an initial upload failure and the first retry.
This parameter sets the initial delay for repeating failed operations. If `fixed_retry_delay` is not set, with each failed attempt, the delay time will increase exponentially, up to the max retry limit.
The exponent is 2.71. [default: 3.0]
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--backing-file-dir <backing-file-dir>
A path to a directory where special file that will accumulate written data will be placed. The underlying device should have enough free space depending on how many changes are going to be written. If
writable mount is requested and path is not specified, temp directory will be used instead
--bitmap-file-dir <bitmap-file-dir>
A path to a directory where special bitmap file which stores information about written areas will be placed. If writable mount is requested and path is not specified, temp directory will be used instead
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--max-cached-chunks <max-cached-chunks>
The maximum number of chunks to cache during read operations. The default value of `0` means use reasonable defaults [default: 0]
--max-cached-slices <max-cached-slices>
The maximum number of segment slices to cache during read operations. The default value of `0` means use reasonable defaults [default: 0]
--max-concurrency <max-concurrency>
The value describes how many data blocks of `write_buffer_len` length CLI will read in parallel. The default value of `0` means use reasonable defaults [default: 0]
--max-download-concurrency <max-download-concurrency>
The value describes how many concurrent data chunk download operations CLI may initiate. The default value of `0` means use reasonable defaults [default: 0]
--max-process-concurrency <max-process-concurrency>
The value describes how many concurrent data chunk decompress/decrypt operations CLI may initiate. The default value of `0` means use reasonable defaults [default: 0]
--mount-options <mount-options="">
Options which will be used to mount devices. Specify in the following way: `--mount-options="$OPTIONS"`
--mount-type <mount-type>
How to perform the mount, possible values:
'ro' - mounts devices in read-only mode, no writes are allowed.
'rw' - mounts devices in writable mode, the changed data is stored in the special backing
file, the recovery point stays unmodified. If the same recovery point was mounted in
writable mode before, all previous changes are discarded.
'pw' - mounts devices in read-only mode, but the changes done during previous writable mount
are preserved and available.
[default: ro] [possible values: ro, rw, pw]
--nbd-client-args <nbd-client-args="">
Arguments which will be used to attach devices via NBD. Specify in the following way: `--nbd-client-args="$OPTIONS"`
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--read-instructions-cache-line-size <read-instructions-cache-line-size>
Minimum size of read data instructions. If not explicitly set, will use the reasonable default. Default is 64MB.
To change size insert value in bytes. It is not recommended to make this value smaller than default.
Any reads less than this size are expanded into the minimum size for better performance.
--read-instructions-cache-size <read-instructions-cache-size>
The size of the read instructions cache. If not set, a reasonable default will automatically be used. Default is 256
--rp <rp-id>
ID of the recovery point to mount (can be obtained from `elastio rp list`).
Mountable types of recovery points: block, EBS, EC2.
--stride-len <stride-len>
The size in bytes of each metadata read operation. The default value of `0` means use reasonable defaults [default: 0]
--vault <vault>
The name of the vault to store the backup. When doing Elastio integrity check of AWS resources, vault is used for storing scans metadata which is needed to perform incremental scans
--write-buffer-len <write-buffer-len>
The size (in bytes) of single data portion that allows to achieve the best write performance. It may depend on the nature of restore target and environment parameters. The default value of `0` means use
reasonable defaults [default: 0]
ARGS:
<from[:to]>...
Source and destination file paths, separated with ':'.
Multiple <from[:to]> pairs are space-separated.
If destination is not specified the command will be automatically generate
a mount point under `/media/elastio/` directory
EXAMPLES:
# Mount all entries by recovery point id
elastio mount rp --rp r-dfcq4cye5ddq9hvssfgoubr3
# Mount specific entries by recovery point id of block backup type
elastio mount rp --rp r-dfcq4cye5ddq9hvssfgoubr3 /dev/sda1 /dev/sdb2
# Mount specific entry by recovery point id of block backup type to particular
# mount point
elastio mount rp --rp r-dfcq4cye5ddq9hvssfgoubr3 /dev/loop0:/my/mount/point
# Mount specific entry by recovery point id of ec2 backup type to particular
# mount point on Windows
elastio mount rp --rp r-dfgdsaf24dsv54vfg5daaadg vol-2asf43das570eerf542:/my/backup
# Attach all entries by recovery point id only via NBD
elastio mount rp --rp r-dfcq4cye5ddq9hvssfgoubr3 --attach-only
# Mount all entries by recovery point id with particular mount options
elastio mount rp --rp r-dfcq4cye5ddq9hvssfgoubr3 --mount-options="norecovery"
# Mount all entries by recovery point id with particular nbd options
elastio mount rp --rp r-dfcq4cye5ddq9hvssfgoubr3 --nbd-client-args="-b 1024"
elastio mount s3-bucket
elastio-mount-s3-bucket 0.31.81
Mount an S3 bucket
USAGE:
elastio mount s3-bucket [FLAGS] [OPTIONS] --bucket-name <bucket-name>
FLAGS:
--allow-delete
Allow deletion of files from the mounted bucket. Requires --allow-write
--allow-write
Make mount writable
-h, --help
Prints help information
--transfer-acceleration
Use S3 Transfer Acceleration when accessing S3. This must be enabled on the bucket. Requires --allow-write
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--bucket-name <bucket-name>
The name of s3 bucket to scan, like: 'my-bucket'
--cache-dir <cache-dir>
Enable caching of object metadata and content to the given directory
--max-cache-size-mib <max-cache-size-mib>
Maximum size of the cache directory in MiB [default: preserve 5% of available space]. If set to 0, then the data cache is disabled [env: ELASTIO_MOUNT_S3_MAX_CACHE_SIZE_MIB=]
--max-threads <max-threads>
Maximum number of FUSE daemon threads serving s3 mount [default: 16] [env: ELASTIO_MOUNT_S3_MAX_THREADS=]
--max-throughput-gbps <max-throughput-gbps>
Maximum throughput in Gbps [default: auto-detected on EC2 instances, 10 Gbps elsewhere]
--metadata-cache-ttl-secs <metadata-cache-ttl-secs>
Time-to-live (TTL) for cached metadata in seconds [default: 1s] [env: ELASTIO_MOUNT_S3_METADATA_CACHE_TTL_SECS=]
--multipart-chunk-size <multipart-chunk-size>
Part size for multi-part GET and PUT [default: 8MiB]
Multipart transfers are used for large objects
Can be specified as an integer, ie "1000000", or with a suffix ie "10MB".
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--prefix <prefix>
Prefix inside the bucket to mount, ending in '/' [default: mount the entire bucket]
--storage-class <storage-class>
Set the storage class for new objects Requires --allow-write
elastio mount umount
elastio-mount-umount 0.31.81
Dismount mounted recovery points
USAGE:
elastio mount umount [FLAGS] [OPTIONS] <--all|--rp <rp-ids>...|--ebs-snapshot-ids <ebs-snapshot-ids>...|--azure-managed-disk-snapshot-ids <azure-managed-disk-snapshot-ids>...|--azure-managed-disk-ids <azure-managed-disk-ids>...|--ami-ids <ami-ids>...|--aws-rp-arns <aws-rp-arns>...|nbd-device|mount-point|--force> [--]
FLAGS:
--all Dismount all mounts
-h, --help Prints help information
-V, --version Prints version information
-v, --verbose Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--ami-ids <ami-ids>... AMI IDs
--aws-rp-arns <aws-rp-arns>... AWS Backup recovery point ARNS
--azure-managed-disk-ids <azure-managed-disk-ids>... Azure managed disk IDs
--azure-managed-disk-snapshot-ids <azure-managed-disk-snapshot-ids>... Azure managed disk snapshot IDs
--ebs-snapshot-ids <ebs-snapshot-ids>... EBS snapshot IDs
--output-format <output-format> The output format for cli results [default: text] [possible values: json, text]
--rp <rp-ids>... Recovery point IDs
ARGS:
<nbd-device|mount-point>... The directory where the device is mounted or NBD device name
EXAMPLES:
# Dismount all entries by recovery point id
elastio umount --rp r-dfcq4cye5ddq9hvssfgoubr3
# Dismount by mount points
elastio umount /mnt/mount/point /media/elastio/my/mount
# Dismount by nbd devices
elastio umount /dev/nbd1 /dev/nbd2p1
# Dismount by nbd device and mount point
elastio umount /dev/nbd3 /mnt/my/mount/point
elastio postgres
elastio-postgres 0.31.81
Backup or restore postgres database
USAGE:
elastio postgres [FLAGS] [OPTIONS] <SUBCOMMAND>
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
-v, --verbose Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--output-format <output-format> The output format for cli results [default: text] [possible values: json, text]
SUBCOMMANDS:
backup Backup individual databases or/and global objects
help Prints this message or the help of the given subcommand(s)
recovery-test Restores the specified recovery point from available test list and checks whether restore procedure succeeded
restore Restore individual databases or/and global objects
elastio postgres backup
elastio-postgres-backup 0.31.81
Backup individual databases or/and global objects
USAGE:
elastio postgres backup [FLAGS] [OPTIONS] --user <user> [--]
FLAGS:
--fixed-retry-delay
Change default behaviour of exponential delay increase between retries to fixed. This can be helpful in case if you have a very bad connection and set `max_retries` option to a high value. In case of
exponential delay high `max_retries` value may lead to years of delay. Using `fixed_retry_delay` will fix this problem
--fail-backup-if-permission-check-failed
Fail backup process if permission check failed to some entity
--foreground
Override the default behavior of launching a background job to perform this operation, and instead run it locally
-h, --help
Prints help information
--ignore-failed-permission-check
Ignore failed permission check and try to backup an entity (DB or global objects) anyway. Normally should lead to backup tool failure however can be useful if permission check code works incorrectly
--metadata-only
If set to `true`, disables the actual upload of data, performing only a metadata ingest.
This is only ever used for certain benchmark testing and debugging. Using it in a production environment guarantees data loss!
--monitor
After this operation is submitted as a background job, immediately switch to monitor mode to monitor the progress of the job
--no-comments
Do not dump comments
--no-privileges
Prevent dumping of access privileges (grant/revoke commands)
--no-publications
Do not dump publications
--no-role-passwords
Do not dump passwords for roles. When restored, roles will have a null password, and password authentication will always fail until the password is set. Since password values aren't needed when this option
is specified, the role information is read from the catalog view pg_roles instead of pg_authid. Therefore, this option also helps if access to pg_authid is restricted by some security policy
--no-security-labels
Do not dump security labels
--no-subscriptions
Do not dump subscriptions
--no-tablespaces
Do not output commands to create tablespaces nor select tablespaces for objects. With this option, all objects will be created in whichever tablespace is the default during restore
--roles-only
Dump only roles, no databases or tablespaces
--schema-only
Dump only the object definitions (schema), not data
--skip-global-objects
If specified, global objects will not be included in backup
--use-iam-auth
Authenticate to the Postgres using the IAM identity of the Elastio Postgres Backup background job role.
NOTE: This option is only available for RDS Postgres instances which are configured to allow IAM authentication, and requires that the Elastio Postgres Backup job IAM role has previously been granted the
necessary permissions to access the RDS instance.
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
--write-all-to-target
Write entire tools output to backup targets including comments, empty lines, etc
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--hostname-override <hostname-override>
The string to use instead of the system's hostname (foreground mode only)
--max-retries <max-retries>
Maximum number of times to retry failed network operations before giving up.
See also `retry_delay` which controls the time delay between retries. [default: 6]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--retry-delay <retry-delay>
Delay (in seconds) between an initial upload failure and the first retry.
This parameter sets the initial delay for repeating failed operations. If `fixed_retry_delay` is not set, with each failed attempt, the delay time will increase exponentially, up to the max retry limit.
The exponent is 2.71. [default: 3.0]
--tag <tags>...
Set a tag on recovery point or list only recovery points that have this tag. This parameter can be specified multiple times; when filtering, the tags are “AND”-ed (conjunction)
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--concurrency <concurrency>
How many database backups we may run in parallel [default: 1]
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
-d, --database <database>...
A list of databases to backup
--format <format>
The format of backup which goes to the target [default: custom]
--host <host>
A name of host where PostgreSQL instance is located
--arg <misc-arg>...
Other command-line arguments which pass to the `pg_dumpall` tool
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--parallel-compressors <parallel-compressors>
Same as `parallel_hashers`, but for compression (and also encryption since they happen together) [default: 0]
--parallel-extents <parallel-extents>
How many extents to ingest in parallel [default: 0]
--parallel-hashers <parallel-hashers>
How many hash workers to run in parallel (meaning how many parallel threads should be computing hashes) [default: 0]
--parallel-segments <parallel-segments>
The number of compressed, deduped, encrypted segments to upload in parallel [default: 0]
--password <password>
Users password in raw, non-encrypted format
--pg-dump-all-path <pg-dump-all-path>
Path to the `pg_dump_all` tool [default: pg_dumpall]
--pg-dump-path <pg-dump-path>
Path to the `pg_dump` tool [default: pg_dump]
--pg-restore-path <pg-restore-path>
Path to the `pg_restore` tool [default: pg_restore]
--pg-stream-buf-size <pg-stream-buf-size>
The size of the buffer into which data from the stream will be written.
The default value is usually correct however systems with very low free memory may need to use a smaller read buffer size to avoid out-of-memory errors. [default: 64MiB]
--port <port>
A port number on which PostgreSQL is listening
--psql-path <psql-path>
Path to the `psql` tool [default: psql]
--rds-instance-id <rds-instance-id>
RDS database instance ID
--read-buf-size <read-buf-size>
The size of the buffer into which data from the stream will be read.
The default value is usually correct however systems with very low free memory may need to use a smaller read buffer size to avoid out-of-memory errors. [default: 64MiB]
--ssl-root-cert-url <ssl-root-cert-url>
Overrides the default certificate `rds-ca-2019-root.pem` that is used to connect to a database with IAM Authentication
This is needed if your RDS instance uses non default root certificate
--timeout-seconds <timeout-seconds>
Overrides job execution params. Note that this setting currently affect only jobs started in background mode
--user <user>
A user which will be used to connect to the PostgreSQL instance to backup. It should have enough permissions to read databases, global objects, etc
--vault <vault>
The name of the vault to store the backup. When doing Elastio integrity check of AWS resources, vault is used for storing scans metadata which is needed to perform incremental scans
elastio postgres recovery-test
elastio-postgres-recovery-test 0.31.81
Restores the specified recovery point from available test list and checks whether restore procedure succeeded
USAGE:
elastio postgres recovery-test [FLAGS] [OPTIONS] --postgres-script-s3-url <postgres-script-s3-url> --rp <rp-id>
FLAGS:
--fixed-retry-delay
Change default behaviour of exponential delay increase between retries to fixed. This can be helpful in case if you have a very bad connection and set `max_retries` option to a high value. In case of
exponential delay high `max_retries` value may lead to years of delay. Using `fixed_retry_delay` will fix this problem
--allow-override-restore-options
Allow restore code to override specific options if it decides that they may lead restore to failure under current conditions.
For example, if `--no-create` is specified but the database does not exist so an attempt to restore it would fail. In this case `--no-create` option would be ignored and database would be created
--continue-if-permission-check-failed
Continue restore process if permission check failed to some entity
--data-only
Restore only the data, not the schema (data definitions). It will only work if the schema already is present, and matches the schema of the backup this came from.
Table data, large objects, and sequence values are restored, if present in the archive.
--exit-on-error
Exit if an error is encountered while sending SQL commands to the database. The default is to continue and to display a count of errors at the end of the restoration
-h, --help
Prints help information
--ignore-failed-globals-restore
Continue restoring databases if restore of global objects has failed.
Globals restore normally fails in case if any roles/attributes/permissions we try to restore already exist
--ignore-older-target-version
Do not require that the target Postgres instance's version is equal to or greater than than the version of Postgres the backup was taken from.
By default, restores will not be attempted if the target Postgres instance's version is older than the version of Postgres the backup was taken from, because such restores are not reliable. However if you
are sure that the backup does not utilize any features that are missing in the target Postgres instance's version, you can override this behavior and attempt the restore anyway.
--monitor
After this operation is submitted as a background job, immediately switch to monitor mode to monitor the progress of the job
--no-clean
Do not clean (drop) database objects before recreating them.
(Unless --no-if-exists is used, this might generate some harmless error messages, if any objects were not present in the destination database)
--no-comments
Do not output commands to restore comments, even if the archive contains them
--no-create
Do not create the database before restoring into it. If `--no-clean` is also specified, drop and recreate the target database before connecting to it
--no-if-exists
Do not use conditional commands (i.e., an IF EXISTS clause) to drop database objects.
This option is not valid unless `--no-clean` is also specified.
--no-owner
Do not output commands to set ownership of objects to match the original database.
By default, postgres restore issues ALTER OWNER or SET SESSION AUTHORIZATION statements to set ownership of created schema elements. These statements will fail unless the initial connection to the database
is made by a superuser (or the same user that owns all of the objects in the script). With `--no-owner`, any user name can be used for the initial connection, and this user will own all the created objects
--no-privileges
Prevent restoration of access privileges (grant/revoke commands)
--no-publications
Do not output commands to restore publications, even if the archive contains them
--no-security-labels
Do not output commands to restore security labels, even if the archive contains them
--no-subscriptions
Do not output commands to restore subscriptions, even if the archive contains them
--no-tablespaces
Do not output commands to select tablespaces.
With this option, all objects will be created in whichever tablespace is the default during restore
--no-verify-chunks
Disable verification of chunk hashes on read.
By default each chunk's hash is computed after reading, and compared with the expected hash, to detect corruption anywhere in the read path. This should not be disabled except in cases where the
performance impact of the hash computation would be unacceptable.
--schema-only
Restore only the schema (data definitions), not data, to the extent that schema entries are present in the archive
--single-transaction
Execute the restore as a single transaction (that is, wrap the emitted commands in BEGIN/COMMIT).
This ensures that either all the commands complete successfully, or no changes are applied. This option implies `--exit-on-error`.
--skip-global-objects
If specified, global objects will not be included in restore.
It is useful if you do not want to rewrite global objects like roles and etc.
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--max-retries <max-retries>
Maximum number of times to retry failed network operations before giving up.
See also `retry_delay` which controls the time delay between retries. [default: 6]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--retry-delay <retry-delay>
Delay (in seconds) between an initial upload failure and the first retry.
This parameter sets the initial delay for repeating failed operations. If `fixed_retry_delay` is not set, with each failed attempt, the delay time will increase exponentially, up to the max retry limit.
The exponent is 2.71. [default: 3.0]
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--backing-file-dir <backing-file-dir>
A path to a directory where special file that will accumulate written data will be placed. The underlying device should have enough free space depending on how many changes are going to be written. If
writable mount is requested and path is not specified, temp directory will be used instead.
Applies only to restore operations which have enabled shrink before restore.
--concurrency <concurrency>
Maximum number of individual Postgres databases to restore in parallel [default: 1]
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--max-cached-chunks <max-cached-chunks>
The maximum number of chunks to cache during read operations. The default value of `0` means use reasonable defaults [default: 0]
--max-cached-slices <max-cached-slices>
The maximum number of segment slices to cache during read operations. The default value of `0` means use reasonable defaults [default: 0]
--max-concurrency <max-concurrency>
The value describes how many data blocks of `write_buffer_len` length CLI will read in parallel. The default value of `0` means use reasonable defaults [default: 0]
--max-download-concurrency <max-download-concurrency>
The value describes how many concurrent data chunk download operations CLI may initiate. The default value of `0` means use reasonable defaults [default: 0]
--max-process-concurrency <max-process-concurrency>
The value describes how many concurrent data chunk decompress/decrypt operations CLI may initiate. The default value of `0` means use reasonable defaults [default: 0]
--arg <misc-arg>...
Other command-line arguments which pass to the `pg_restore` tool
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--pg-dump-all-path <pg-dump-all-path>
Path to the `pg_dump_all` tool [default: pg_dumpall]
--pg-dump-path <pg-dump-path>
Path to the `pg_dump` tool [default: pg_dump]
--pg-restore-path <pg-restore-path>
Path to the `pg_restore` tool [default: pg_restore]
--postgres-script-s3-url <postgres-script-s3-url>
S3 URL to the postgres script that validates a postgres database
--psql-path <psql-path>
Path to the `psql` tool [default: psql]
--read-buf-size <read-buf-size>
The size of the buffer into which data from the server will be read.
The default value is usually correct however systems with very low free memory may need to use a smaller read buffer size to avoid out-of-memory errors [default: 64MiB]
--read-instructions-cache-line-size <read-instructions-cache-line-size>
Minimum size of read data instructions. If not explicitly set, will use the reasonable default. Default is 64MB.
To change size insert value in bytes. It is not recommended to make this value smaller than default.
Any reads less than this size are expanded into the minimum size for better performance.
--read-instructions-cache-size <read-instructions-cache-size>
The size of the read instructions cache. If not set, a reasonable default will automatically be used. Default is 256
--rp <rp-id>
Recovery point to restore from (see SPECIFYING RECOVERY POINT)
--shrinking-concurrency <shrinking-concurrency>
How many shrink operations may run concurrently.
Applies only to restore operations which have enabled shrink before restore. [default: 4]
--stride-len <stride-len>
The size in bytes of each metadata read operation. The default value of `0` means use reasonable defaults [default: 0]
--timeout-seconds <timeout-seconds>
Overrides job execution params. Note that this setting currently affect only jobs started in background mode
--vault <vault>
The name of the vault to store the backup. When doing Elastio integrity check of AWS resources, vault is used for storing scans metadata which is needed to perform incremental scans
--write-buffer-len <write-buffer-len>
The size (in bytes) of single data portion that allows to achieve the best write performance. It may depend on the nature of restore target and environment parameters. The default value of `0` means use
reasonable defaults [default: 0]
elastio postgres restore
elastio-postgres-restore 0.31.81
Restore individual databases or/and global objects
USAGE:
elastio postgres restore [FLAGS] [OPTIONS] --rp <rp-id> --user <user>
FLAGS:
--fixed-retry-delay
Change default behaviour of exponential delay increase between retries to fixed. This can be helpful in case if you have a very bad connection and set `max_retries` option to a high value. In case of
exponential delay high `max_retries` value may lead to years of delay. Using `fixed_retry_delay` will fix this problem
--allow-override-restore-options
Allow restore code to override specific options if it decides that they may lead restore to failure under current conditions.
For example, if `--no-create` is specified but the database does not exist so an attempt to restore it would fail. In this case `--no-create` option would be ignored and database would be created
--continue-if-permission-check-failed
Continue restore process if permission check failed to some entity
--data-only
Restore only the data, not the schema (data definitions). It will only work if the schema already is present, and matches the schema of the backup this came from.
Table data, large objects, and sequence values are restored, if present in the archive.
--exit-on-error
Exit if an error is encountered while sending SQL commands to the database. The default is to continue and to display a count of errors at the end of the restoration
--foreground
Override the default behavior of launching a background job to perform this operation, and instead run it locally
-h, --help
Prints help information
--ignore-failed-globals-restore
Continue restoring databases if restore of global objects has failed.
Globals restore normally fails in case if any roles/attributes/permissions we try to restore already exist
--ignore-older-target-version
Do not require that the target Postgres instance's version is equal to or greater than than the version of Postgres the backup was taken from.
By default, restores will not be attempted if the target Postgres instance's version is older than the version of Postgres the backup was taken from, because such restores are not reliable. However if you
are sure that the backup does not utilize any features that are missing in the target Postgres instance's version, you can override this behavior and attempt the restore anyway.
--monitor
After this operation is submitted as a background job, immediately switch to monitor mode to monitor the progress of the job
--no-clean
Do not clean (drop) database objects before recreating them.
(Unless --no-if-exists is used, this might generate some harmless error messages, if any objects were not present in the destination database)
--no-comments
Do not output commands to restore comments, even if the archive contains them
--no-create
Do not create the database before restoring into it. If `--no-clean` is also specified, drop and recreate the target database before connecting to it
--no-if-exists
Do not use conditional commands (i.e., an IF EXISTS clause) to drop database objects.
This option is not valid unless `--no-clean` is also specified.
--no-owner
Do not output commands to set ownership of objects to match the original database.
By default, postgres restore issues ALTER OWNER or SET SESSION AUTHORIZATION statements to set ownership of created schema elements. These statements will fail unless the initial connection to the database
is made by a superuser (or the same user that owns all of the objects in the script). With `--no-owner`, any user name can be used for the initial connection, and this user will own all the created objects
--no-privileges
Prevent restoration of access privileges (grant/revoke commands)
--no-publications
Do not output commands to restore publications, even if the archive contains them
--no-security-labels
Do not output commands to restore security labels, even if the archive contains them
--no-subscriptions
Do not output commands to restore subscriptions, even if the archive contains them
--no-tablespaces
Do not output commands to select tablespaces.
With this option, all objects will be created in whichever tablespace is the default during restore
--no-verify-chunks
Disable verification of chunk hashes on read.
By default each chunk's hash is computed after reading, and compared with the expected hash, to detect corruption anywhere in the read path. This should not be disabled except in cases where the
performance impact of the hash computation would be unacceptable.
--schema-only
Restore only the schema (data definitions), not data, to the extent that schema entries are present in the archive
--single-transaction
Execute the restore as a single transaction (that is, wrap the emitted commands in BEGIN/COMMIT).
This ensures that either all the commands complete successfully, or no changes are applied. This option implies `--exit-on-error`.
--skip-global-objects
If specified, global objects will not be included in restore.
It is useful if you do not want to rewrite global objects like roles and etc.
--use-iam-auth
Authenticate to the Postgres using the IAM identity of the Elastio Postgres Backup background job role.
NOTE: This option is only available for RDS Postgres instances which are configured to allow IAM authentication, and requires that the Elastio Postgres Backup job IAM role has previously been granted the
necessary permissions to access the RDS instance.
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--max-retries <max-retries>
Maximum number of times to retry failed network operations before giving up.
See also `retry_delay` which controls the time delay between retries. [default: 6]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--retry-delay <retry-delay>
Delay (in seconds) between an initial upload failure and the first retry.
This parameter sets the initial delay for repeating failed operations. If `fixed_retry_delay` is not set, with each failed attempt, the delay time will increase exponentially, up to the max retry limit.
The exponent is 2.71. [default: 3.0]
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--backing-file-dir <backing-file-dir>
A path to a directory where special file that will accumulate written data will be placed. The underlying device should have enough free space depending on how many changes are going to be written. If
writable mount is requested and path is not specified, temp directory will be used instead.
Applies only to restore operations which have enabled shrink before restore.
--concurrency <concurrency>
Maximum number of individual Postgres databases to restore in parallel [default: 1]
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
-d, --database <database>...
A list of specific databases to restore.
If this is not specified, all databases in the backup will be restored.
--host <host>
A name of host where PostgreSQL instance is located
--max-cached-chunks <max-cached-chunks>
The maximum number of chunks to cache during read operations. The default value of `0` means use reasonable defaults [default: 0]
--max-cached-slices <max-cached-slices>
The maximum number of segment slices to cache during read operations. The default value of `0` means use reasonable defaults [default: 0]
--max-concurrency <max-concurrency>
The value describes how many data blocks of `write_buffer_len` length CLI will read in parallel. The default value of `0` means use reasonable defaults [default: 0]
--max-download-concurrency <max-download-concurrency>
The value describes how many concurrent data chunk download operations CLI may initiate. The default value of `0` means use reasonable defaults [default: 0]
--max-process-concurrency <max-process-concurrency>
The value describes how many concurrent data chunk decompress/decrypt operations CLI may initiate. The default value of `0` means use reasonable defaults [default: 0]
--arg <misc-arg>...
Other command-line arguments which pass to the `pg_restore` tool
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--password <password>
Users password in raw, non-encrypted format
--pg-dump-all-path <pg-dump-all-path>
Path to the `pg_dump_all` tool [default: pg_dumpall]
--pg-dump-path <pg-dump-path>
Path to the `pg_dump` tool [default: pg_dump]
--pg-restore-path <pg-restore-path>
Path to the `pg_restore` tool [default: pg_restore]
--port <port>
A port number on which PostgreSQL is listening
--psql-path <psql-path>
Path to the `psql` tool [default: psql]
--rds-instance-id <rds-instance-id>
RDS database instance ID
--read-buf-size <read-buf-size>
The size of the buffer into which data from the server will be read.
The default value is usually correct however systems with very low free memory may need to use a smaller read buffer size to avoid out-of-memory errors [default: 64MiB]
--read-instructions-cache-line-size <read-instructions-cache-line-size>
Minimum size of read data instructions. If not explicitly set, will use the reasonable default. Default is 64MB.
To change size insert value in bytes. It is not recommended to make this value smaller than default.
Any reads less than this size are expanded into the minimum size for better performance.
--read-instructions-cache-size <read-instructions-cache-size>
The size of the read instructions cache. If not set, a reasonable default will automatically be used. Default is 256
--rp <rp-id>
Recovery point to restore from (see SPECIFYING RECOVERY POINT)
--shrinking-concurrency <shrinking-concurrency>
How many shrink operations may run concurrently.
Applies only to restore operations which have enabled shrink before restore. [default: 4]
--ssl-root-cert-url <ssl-root-cert-url>
Overrides the default certificate `rds-ca-2019-root.pem` that is used to connect to a database with IAM Authentication
This is needed if your RDS instance uses non default root certificate
--stride-len <stride-len>
The size in bytes of each metadata read operation. The default value of `0` means use reasonable defaults [default: 0]
--timeout-seconds <timeout-seconds>
Overrides job execution params. Note that this setting currently affect only jobs started in background mode
--user <user>
A user which will be used to connect to the PostgreSQL instance to backup. It should have enough permissions to read databases, global objects, etc
--vault <vault>
The name of the vault to store the backup. When doing Elastio integrity check of AWS resources, vault is used for storing scans metadata which is needed to perform incremental scans
--write-buffer-len <write-buffer-len>
The size (in bytes) of single data portion that allows to achieve the best write performance. It may depend on the nature of restore target and environment parameters. The default value of `0` means use
reasonable defaults [default: 0]
elastio recovery-point
elastio-recovery-point 0.31.81
Browse recovery points with various search filters
USAGE:
elastio recovery-point [FLAGS] [OPTIONS] <SUBCOMMAND>
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
-v, --verbose Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--output-format <output-format> The output format for cli results [default: text] [possible values: json, text]
SUBCOMMANDS:
help Prints this message or the help of the given subcommand(s)
list Print out the list of recovery points
tag Add tag(s) to a recovery point
elastio recovery-point list
elastio-recovery-point-list 0.31.81
Print out the list of recovery points
USAGE:
elastio recovery-point list [FLAGS] [OPTIONS]
FLAGS:
-h, --help
Prints help information
--self
Shows recovery points that belong to the host where the CLI is running
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--tag <tags>...
Set a tag on recovery point or list only recovery points that have this tag. This parameter can be specified multiple times; when filtering, the tags are “AND”-ed (conjunction)
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--type <backup-types>...
Backup type. Supported values: block, ebs, ec2, stream, file, s3 bucket This parameter can be specified multiple times; the values are "OR"-ed (disjunction)
--s3 <bucket-name>
List recovery points of the S3 bucket with given name. Passing `--s3` with no value will list all backups which come from an S3 bucket
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--db-name <db-name>
List recovery points with given database name
--host <hostname>
List recovery points of the given host. Passing `--host` with no value will list all backups which come from a generic host
--ec2 <instance-id>
List recovery points of the EC2 instance with given ID. Passing `--ec2` with no value will list all backups which come from an EC2 instance
--limit <limit>
Number of recovery points that will be shown in the output
Default limit is 25 recovery points. To see all recovery points without limit, use `--limit 0` [default: 25]
--newer-than <newer-than>
Shows recovery points newer than this timestamp
--older-than <older-than>
Shows recovery points older than this timestamp
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--pg-instance <pg-instance>
List recovery points with given PG instance
--rds <rds-instance-id>
List recovery points with given RDS instance ID
-r, --region <region>
Shows recovery points from assets located in this region
--results-per-page <results-per-page>
Number of recovery points to retrieve from the catalog service per request.
Recovery point listing is automatically paginated although this is transparent to the user. Most of the time to size of a single page of results is not something users will care about, however if a
particular use case benefits from a custom page this this can be set to a non-zero value.
If not specified an optimal default is used
--vault <vault>
Shows recovery points stored in this vault. If none is specified, the default vault is used
--ebs <volume-id>
List recovery points of the EBS volume with given ID. Passing `--ebs` with no value will list all backups which come from an EBS volume
elastio recovery-point tag
elastio-recovery-point-tag 0.31.81
Add tag(s) to a recovery point
USAGE:
elastio recovery-point tag [FLAGS] [OPTIONS] --rp-id <rp-id> --tag <tags>...
FLAGS:
-h, --help
Prints help information
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--rp-id <rp-id>
Recovery point ID
--tag <tags>...
Add tag(s) to a recovery point
elastio s3
elastio-s3 0.31.81
Backup, restore and scan AWS S3 objects
USAGE:
elastio s3 [FLAGS] [OPTIONS] <SUBCOMMAND>
FLAGS:
-h, --help
Prints help information
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
SUBCOMMANDS:
backup Backup AWS S3
generate-restore-iam-policy Generate policy to allow write to a bucket
help Prints this message or the help of the given subcommand(s)
restore Restore AWS S3
elastio s3 backup
elastio-s3-backup 0.31.81
Backup AWS S3
USAGE:
elastio s3 backup [FLAGS] [OPTIONS] --bucket <bucket>
FLAGS:
--fixed-retry-delay
Change default behaviour of exponential delay increase between retries to fixed. This can be helpful in case if you have a very bad connection and set `max_retries` option to a high value. In case of
exponential delay high `max_retries` value may lead to years of delay. Using `fixed_retry_delay` will fix this problem
--allow-incremental-malware-scan
Allows to run incremental malware scan. By default it is not allowed except for EFS and S3 assets (see the reasoning in `--no-incremental-malware-scan`)
--allow-shrink-metadata
Allows to shrink metadata if the bucket metadata takes 240KiB, otherwise, if the bucket metadata takes >240KiB and this flag is not passed then the backup will fail
--fail-on-marketplace-volumes
EBS snapshot-based AWS resources (EBS, EC2, Backup RP, AMI) scans only: If `true`, will fail to scan a snapshot if it was created from a AWS Marketplace volume. Otherwise, will perform snapshot IO using
EBS Direct API and scan as usual
--force-full-scan
Forcibly runs full scan, even if incremental scan is possible
--force-rescan-ebs-snapshots
When `iscan` of EBS volume snapshots is requested, if set to `true`, will rescan all the snapshots regardless of their previous scan status. Otherwise, will scan only the snapshots that have not been
successfully scanned before.
Warning: this can be a very long and expensive process. Do not use this unless you know what you are doing!
--foreground
Override the default behavior of launching a background job to perform this operation, and instead run it locally.
This will only work if the command is run on a compatible EC2 instance in the correct region, and is not recommended for general use.
-h, --help
Prints help information
--metadata-only
If set to `true`, disables the actual upload of data, performing only a metadata ingest.
This is only ever used for certain benchmark testing and debugging. Using it in a production environment guarantees data loss!
--monitor
After this operation is submitted as a background job, immediately switch to monitor mode to monitor the progress of the job
--no-incremental-malware-scan
Disallows to run incremental malware scan. This option makes sense only for scans of the asset that supports the concept of tiered storage, like S3 or EFS. For such assets, this option will make the scan
pull objects from the cold storage to the hot storage incurring additional costs.
By default incremental malware scan is allowed for EFS/S3 assets.
--send-event
Is sending events enabled
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--max-retries <max-retries>
Maximum number of times to retry failed network operations before giving up.
See also `retry_delay` which controls the time delay between retries. [default: 6]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--retry-delay <retry-delay>
Delay (in seconds) between an initial upload failure and the first retry.
This parameter sets the initial delay for repeating failed operations. If `fixed_retry_delay` is not set, with each failed attempt, the delay time will increase exponentially, up to the max retry limit.
The exponent is 2.71. [default: 3.0]
--tag <tags>...
Set a tag on recovery point or list only recovery points that have this tag. This parameter can be specified multiple times; when filtering, the tags are “AND”-ed (conjunction)
--asset-account-id <asset-account-id>
AWS account ID where S3 bucket is located (if different from account where Elastio is deployed)
You need to deploy Asset Stack into the asset-account before backup. Asset Stack can be deployed through your Tenant.
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--bucket <bucket>
Name of bucket to backup
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--event-bridge-bus <event-bridge-bus>
Name of the event bridge bus to use when sending events
--event-bridge-endpoint-id <event-bridge-endpoint-id>
Id of the EventBridge to use when sending events
--iscan <iscan>
Automatically run `elastio iscan` against the backup after completion to detect malware threats and ransomware attacks.
This is equivalent to manually running `elastio iscan full --rp $RP_ID` on the recovery point produced after a successful backup. [possible values: ransomware, ransomware-and-entropy-detection, malware,
full, full-and-entropy-detection]
--max-concurrent-requests <max-concurrent-requests>
The maximum number of concurrent requests to the bucket when performing transfers.
In case of multipart transfers, each chunk counts as a separate request.
A higher number of concurrent requests may be necessary in order to saturate very fast connections to S3, but this will also increase RAM usage during the transfer. [default: 10]
--max-queue-size <max-queue-size>
The maximum number of tasks in the task queue.
In case of multipart transfers, each chunk counts as a separate task. [default: 1000]
--max-scan-errors-allowed <max-scan-errors-allowed>
How many scan errors are allowed before the scan is forcibly aborted [env: ELASTIO_MAX_SCAN_ERRORS_ALLOWED=]
--multipart-chunk-size <multipart-chunk-size>
The chunk size that is used for multipart transfers of individual files.
Multipart transfers will be used for objects larger than `multipart_threshold`.
Can be specified as an integer, ie "1000000", or with a suffix ie "10MB".
Note that the maximum number of chunks in an upload is 10,000, so for very large objects this chunk size may be overridden if it's smaller than 1/10,000th of the size of the object. [default: 8MiB]
--multipart-threshold <multipart-threshold>
The size threshold for multipart transfers of individual objects.
If an object is this size of larger, then it will be transferred in chunks of `multipart_chunk_size` bytes each.
Can be specified as an integer, ie "1000000", or with a suffix ie "10MB" [default: 8MiB]
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--parallel-compressors <parallel-compressors>
Same as `parallel_hashers`, but for compression (and also encryption since they happen together) [default: 0]
--parallel-extents <parallel-extents>
How many extents to ingest in parallel [default: 0]
--parallel-hashers <parallel-hashers>
How many hash workers to run in parallel (meaning how many parallel threads should be computing hashes) [default: 0]
--parallel-segments <parallel-segments>
The number of compressed, deduped, encrypted segments to upload in parallel [default: 0]
--s3-bucket-aws-region <s3-bucket-aws-region>
Override the AWS config and use this region explicitly for S3 backup
--s3-download-buf-size <s3-download-buf-size>
Max size of buffered data to backup that is downloaded from S3 bucket and packed to tar
Default size is 64MiB [default: 67108864]
--s3-glob <s3-glob>...
Select s3 bucket objects matching one or more globs (using `*` and `?`characters as wildcards). If no filters are specified, entire bucket will be backed up. EXAMPLE:
foo/*.tx? - Read all objects in the root directory `foo` with extension `.txa`, `.txb`, etc.
foo/**/*.txt - Read all objects in any subdirectory of directory `foo` with extension `.txt`
--s3-key <s3-key>...
Select specific keys of s3 bucket to backup. If no selectors are specified, entire bucket will be backed up. EXAMPLE:
foo/1.txt
--s3-prefix <s3-prefix>...
Select specific prefixes of s3 bucket (ending with a trailing `/`). If no selectors are specified, entire bucket will be backed up. EXAMPLE:
foo/bar/ - Read all objects with the prefix `foo/bar/`
--timeout-seconds <timeout-seconds>
Overrides job execution params. Note that this setting currently affect only jobs started in background mode
--event-bridge-user-data <user-data>
Data that will not be parsed and will simply be reproduced in the resulting `EventBridge` scan results event
--vault <vault>
The name of the vault to store the backup. When doing Elastio integrity check of AWS resources, vault is used for storing scans metadata which is needed to perform incremental scans
elastio s3 generate-restore-iam-policy
elastio-s3-generate-restore-iam-policy 0.31.81
Generate policy to allow write to a bucket.
This is not needed if you run s3 restore in foreground mode (e.g. with --foreground flag).
This is needed only for background job. We have to have permissions to create a new bucket and restore on it so you should create a new role for S3 restore, put role policy for restoring to specific bucket and link
the role which is used by elastio for S3 restore to the newly created role with needed permissions.
EXAMPLE:
elastio s3 generate-restore-iam-policy --bucket data-bucket --account-id 123456789012
aws iam create-role --role-name restoreDataBucketRole --assume-role-policy-document file://trust-policy.json
aws iam put-role-policy --role-name restoreDataBucketRole --policy-name allowWriteToDataBucket --policy-document file://inline-policy.json
elastio s3 restore --rp rp-01gssnytd479xd6q4cjqqhfth1 --role-arn arn:aws:iam::123456789012:role/restoreDataBucketRole --target-bucket data-bucket --bucket-region eu-central-1
USAGE:
elastio s3 generate-restore-iam-policy [FLAGS] [OPTIONS] --account-id <account-id> --bucket <bucket>
FLAGS:
-h, --help
Prints help information
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--account-id <account-id>
ID of the AWS account in which the new restore role will be created
--bucket <bucket>
Bucket name to allow to restore to, which will be used for S3 restore
--kms-key-arn <kms-key-arn>
The custom KMS key used in original bucket
This overrides default resource `arn:aws:kms:::*` in the policy to be able to access only to the specified key
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
elastio s3 restore
elastio-s3-restore 0.31.81
Restore AWS S3
USAGE:
elastio s3 restore [FLAGS] [OPTIONS] --role-arn <role-arn> --rp <rp-ref>
FLAGS:
--fixed-retry-delay
Change default behaviour of exponential delay increase between retries to fixed. This can be helpful in case if you have a very bad connection and set `max_retries` option to a high value. In case of
exponential delay high `max_retries` value may lead to years of delay. Using `fixed_retry_delay` will fix this problem
--allow-existing-bucket
Allows to restore to already existing bucket.
Without this flag S3 restore fails if a bucket with this name exists.
It may be helpful if you need to run the restore for this bucket again.
--foreground
Override the default behavior of launching a background job to perform this operation, and instead run it locally
-h, --help
Prints help information
--monitor
After this operation is submitted as a background job, immediately switch to monitor mode to monitor the progress of the job
--no-verify-chunks
Disable verification of chunk hashes on read.
By default each chunk's hash is computed after reading, and compared with the expected hash, to detect corruption anywhere in the read path. This should not be disabled except in cases where the
performance impact of the hash computation would be unacceptable.
--skip-bucket-metadata
Skips restoring bucket metadata like object-lock configuration, versioning, public-access-configuration, replication-configuration, policy, tagging, encryption and many other
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--max-retries <max-retries>
Maximum number of times to retry failed network operations before giving up.
See also `retry_delay` which controls the time delay between retries. [default: 6]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--retry-delay <retry-delay>
Delay (in seconds) between an initial upload failure and the first retry.
This parameter sets the initial delay for repeating failed operations. If `fixed_retry_delay` is not set, with each failed attempt, the delay time will increase exponentially, up to the max retry limit.
The exponent is 2.71. [default: 3.0]
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--backing-file-dir <backing-file-dir>
A path to a directory where special file that will accumulate written data will be placed. The underlying device should have enough free space depending on how many changes are going to be written. If
writable mount is requested and path is not specified, temp directory will be used instead.
Applies only to restore operations which have enabled shrink before restore.
--bucket-region <bucket-region>
Create the target bucket in this region.
By default the AWS config's default region is used.
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--filters <filters>...
Globs, prefixes and/or objects to restore.
If you don't specify this options all data from RP will be restored.
EXAMPLE OF VALUES:
foo/bar/ - Restores all objects with the prefix `foo/bar/`
foo/bar - Restores the object `bar` in the directory `foo`
foo/*.txt - Restores all objects in the root directory `foo` with extension `.txt`
foo/**/*.txt - Restores the all objects in any directory of directory `foo` with extension `.txt`
NOTE: When specifying globs, make sure to enclose the entire URL in "", otherwise your shell might expand the globs locally and produce unintended results.
--max-cached-chunks <max-cached-chunks>
The maximum number of chunks to cache during read operations. The default value of `0` means use reasonable defaults [default: 0]
--max-cached-slices <max-cached-slices>
The maximum number of segment slices to cache during read operations. The default value of `0` means use reasonable defaults [default: 0]
--max-concurrency <max-concurrency>
The value describes how many data blocks of `write_buffer_len` length CLI will read in parallel. The default value of `0` means use reasonable defaults [default: 0]
--max-concurrent-requests <max-concurrent-requests>
The maximum number of concurrent requests to the bucket when performing transfers.
In case of multipart transfers, each chunk counts as a separate request.
A higher number of concurrent requests may be necessary in order to saturate very fast connections to S3, but this will also increase RAM usage during the transfer. [default: 10]
--max-download-concurrency <max-download-concurrency>
The value describes how many concurrent data chunk download operations CLI may initiate. The default value of `0` means use reasonable defaults [default: 0]
--max-process-concurrency <max-process-concurrency>
The value describes how many concurrent data chunk decompress/decrypt operations CLI may initiate. The default value of `0` means use reasonable defaults [default: 0]
--max-queue-size <max-queue-size>
The maximum number of tasks in the task queue.
In case of multipart transfers, each chunk counts as a separate task. [default: 1000]
--multipart-chunk-size <multipart-chunk-size>
The chunk size that is used for multipart transfers of individual files.
Multipart transfers will be used for objects larger than `multipart_threshold`.
Can be specified as an integer, ie "1000000", or with a suffix ie "10MB".
Note that the maximum number of chunks in an upload is 10,000, so for very large objects this chunk size may be overridden if it's smaller than 1/10,000th of the size of the object. [default: 8MiB]
--multipart-threshold <multipart-threshold>
The size threshold for multipart transfers of individual objects.
If an object is this size of larger, then it will be transferred in chunks of `multipart_chunk_size` bytes each.
Can be specified as an integer, ie "1000000", or with a suffix ie "10MB" [default: 8MiB]
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--read-instructions-cache-line-size <read-instructions-cache-line-size>
Minimum size of read data instructions. If not explicitly set, will use the reasonable default. Default is 64MB.
To change size insert value in bytes. It is not recommended to make this value smaller than default.
Any reads less than this size are expanded into the minimum size for better performance.
--read-instructions-cache-size <read-instructions-cache-size>
The size of the read instructions cache. If not set, a reasonable default will automatically be used. Default is 256
--role-arn <role-arn>
Role-arn of newly created role which has right to write to target bucket
--role-session-duration-seconds <role-session-duration-seconds>
Role session duration, after this duration the credentials are automatically refreshed.
Usually, you don't need to specify this parameter, you may want to specify it if you want to increase the session duration to decrease the number of refreshing credentials API calls
The session duration must be specified in interval from 15 minutes to 12 hours
--rp <rp-ref>
Recovery point to restore from (see SPECIFYING RECOVERY POINT)
--s3-bucket-aws-region <s3-bucket-aws-region>
Override the AWS config and use this region explicitly for S3 backup
--shrinking-concurrency <shrinking-concurrency>
How many shrink operations may run concurrently.
Applies only to restore operations which have enabled shrink before restore. [default: 4]
--stride-len <stride-len>
The size in bytes of each metadata read operation. The default value of `0` means use reasonable defaults [default: 0]
--target-bucket <target-bucket>
Override the bucket where it's going to be restored. By default, it restores to the original bucket
--timeout-seconds <timeout-seconds>
Overrides job execution params. Note that this setting currently affect only jobs started in background mode
--vault <vault>
The name of the vault to store the backup. When doing Elastio integrity check of AWS resources, vault is used for storing scans metadata which is needed to perform incremental scans
--write-buffer-len <write-buffer-len>
The size (in bytes) of single data portion that allows to achieve the best write performance. It may depend on the nature of restore target and environment parameters. The default value of `0` means use
reasonable defaults [default: 0]
elastio stream
elastio-stream 0.31.81
Backup or restore files or data from stdin-stream
USAGE:
elastio stream [FLAGS] [OPTIONS] <SUBCOMMAND>
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
-v, --verbose Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--output-format <output-format> The output format for cli results [default: text] [possible values: json, text]
SUBCOMMANDS:
backup Backup single file or stream data from stdin
help Prints this message or the help of the given subcommand(s)
restore Restore a previously backed-up object to a stream
elastio stream backup
elastio-stream-backup 0.31.81
Backup single file or stream data from stdin
USAGE:
elastio stream backup [FLAGS] [OPTIONS] --stream-name <stream-name>
FLAGS:
--fixed-retry-delay
Change default behaviour of exponential delay increase between retries to fixed. This can be helpful in case if you have a very bad connection and set `max_retries` option to a high value. In case of
exponential delay high `max_retries` value may lead to years of delay. Using `fixed_retry_delay` will fix this problem
-h, --help
Prints help information
--metadata-only
If set to `true`, disables the actual upload of data, performing only a metadata ingest.
This is only ever used for certain benchmark testing and debugging. Using it in a production environment guarantees data loss!
--tar
Validate that the source stream is a valid tar archive and backup it up as a filesystem
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--hostname-override <hostname-override>
The string to use instead of the system's hostname (foreground mode only)
--max-retries <max-retries>
Maximum number of times to retry failed network operations before giving up.
See also `retry_delay` which controls the time delay between retries. [default: 6]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--retry-delay <retry-delay>
Delay (in seconds) between an initial upload failure and the first retry.
This parameter sets the initial delay for repeating failed operations. If `fixed_retry_delay` is not set, with each failed attempt, the delay time will increase exponentially, up to the max retry limit.
The exponent is 2.71. [default: 3.0]
--tag <tags>...
Set a tag on recovery point or list only recovery points that have this tag. This parameter can be specified multiple times; when filtering, the tags are “AND”-ed (conjunction)
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--from-file <from-file>
Read the stream data from a file instead of stdin.
This is slightly more efficient, so prefer it if the data you need to backup is already in a file on disk.
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--parallel-compressors <parallel-compressors>
Same as `parallel_hashers`, but for compression (and also encryption since they happen together) [default: 0]
--parallel-extents <parallel-extents>
How many extents to ingest in parallel [default: 0]
--parallel-hashers <parallel-hashers>
How many hash workers to run in parallel (meaning how many parallel threads should be computing hashes) [default: 0]
--parallel-segments <parallel-segments>
The number of compressed, deduped, encrypted segments to upload in parallel [default: 0]
--prefix <prefix>
The prefix to add to each relative file path
--read-buf-size <read-buf-size>
The size of the buffer into which data from the stream will be read.
The default value is usually correct however systems with very low free memory may need to use a smaller read buffer size to avoid out-of-memory errors. [default: 512MiB]
--stream-name <stream-name>
Stream name for stream data that's being backed up. Must not contain slash symbols.
If `--from-file` option is used, the stream name will default to the file path unless overridden with `--stream-name`
--strip-prefix <strip-prefix>
The prefix to delete from each provided file path
--timeout-seconds <timeout-seconds>
Overrides job execution params. Note that this setting currently affect only jobs started in background mode
--vault <vault>
The name of the vault to store the backup. When doing Elastio integrity check of AWS resources, vault is used for storing scans metadata which is needed to perform incremental scans
elastio stream restore
elastio-stream-restore 0.31.81
Restore a previously backed-up object to a stream
USAGE:
elastio stream restore [FLAGS] [OPTIONS] --rp <rp-id>
FLAGS:
--fixed-retry-delay
Change default behaviour of exponential delay increase between retries to fixed. This can be helpful in case if you have a very bad connection and set `max_retries` option to a high value. In case of
exponential delay high `max_retries` value may lead to years of delay. Using `fixed_retry_delay` will fix this problem
-n, --dry-run
Do everything except actual restoration
-h, --help
Prints help information
--no-verify-chunks
Disable verification of chunk hashes on read.
By default each chunk's hash is computed after reading, and compared with the expected hash, to detect corruption anywhere in the read path. This should not be disabled except in cases where the
performance impact of the hash computation would be unacceptable.
--overwrite
Do not prompt before overwriting destination files
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--max-retries <max-retries>
Maximum number of times to retry failed network operations before giving up.
See also `retry_delay` which controls the time delay between retries. [default: 6]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--retry-delay <retry-delay>
Delay (in seconds) between an initial upload failure and the first retry.
This parameter sets the initial delay for repeating failed operations. If `fixed_retry_delay` is not set, with each failed attempt, the delay time will increase exponentially, up to the max retry limit.
The exponent is 2.71. [default: 3.0]
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--backing-file-dir <backing-file-dir>
A path to a directory where special file that will accumulate written data will be placed. The underlying device should have enough free space depending on how many changes are going to be written. If
writable mount is requested and path is not specified, temp directory will be used instead.
Applies only to restore operations which have enabled shrink before restore.
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--host <hostname>
Specify the recovery point of an asset from certain host
--ec2 <instance-id>
Specify the recovery point of an asset from EC2 instance
--max-cached-chunks <max-cached-chunks>
The maximum number of chunks to cache during read operations. The default value of `0` means use reasonable defaults [default: 0]
--max-cached-slices <max-cached-slices>
The maximum number of segment slices to cache during read operations. The default value of `0` means use reasonable defaults [default: 0]
--max-concurrency <max-concurrency>
The value describes how many data blocks of `write_buffer_len` length CLI will read in parallel. The default value of `0` means use reasonable defaults [default: 0]
--max-download-concurrency <max-download-concurrency>
The value describes how many concurrent data chunk download operations CLI may initiate. The default value of `0` means use reasonable defaults [default: 0]
--max-process-concurrency <max-process-concurrency>
The value describes how many concurrent data chunk decompress/decrypt operations CLI may initiate. The default value of `0` means use reasonable defaults [default: 0]
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--read-instructions-cache-line-size <read-instructions-cache-line-size>
Minimum size of read data instructions. If not explicitly set, will use the reasonable default. Default is 64MB.
To change size insert value in bytes. It is not recommended to make this value smaller than default.
Any reads less than this size are expanded into the minimum size for better performance.
--read-instructions-cache-size <read-instructions-cache-size>
The size of the read instructions cache. If not set, a reasonable default will automatically be used. Default is 256
-r, --region <region>
Specify a recovery point from this region
--rp <rp-id>
Recovery point to restore from (see SPECIFYING RECOVERY POINT)
--shrinking-concurrency <shrinking-concurrency>
How many shrink operations may run concurrently.
Applies only to restore operations which have enabled shrink before restore. [default: 4]
--stride-len <stride-len>
The size in bytes of each metadata read operation. The default value of `0` means use reasonable defaults [default: 0]
--timeout-seconds <timeout-seconds>
Overrides job execution params. Note that this setting currently affect only jobs started in background mode
--to-file <to-file>
Restore the stream to a file on disk.
By default, the stream is written to stdout. If you want the stream in a file, using this option is more efficient than redirecting standard output to a file.
--vault <vault>
The name of the vault to store the backup. When doing Elastio integrity check of AWS resources, vault is used for storing scans metadata which is needed to perform incremental scans
--write-buffer-len <write-buffer-len>
The size (in bytes) of single data portion that allows to achieve the best write performance. It may depend on the nature of restore target and environment parameters. The default value of `0` means use
reasonable defaults [default: 0]
SPECIFYING RECOVERY POINT:
<rp-id>, e.g. r-dfa1xkmb7bqordtqpedc1wgu
Recovery point ID.
@
The most recent recovery point.
@~[<n>], e.g. @~, @~5
The <n>th recovery point before the latest one.
@~ is equivalent to @~1; @~0 is equivalent to @.
@{<date>}, e.g. @{2021-04-30 11:15}
Specifies the value of the recovery point at a prior point in time.
Note that this looks up the latest recovery point at a given time.
EXAMPLES:
# Restore the files from a recovery point with known ID
# (no need to specify '--ec2' or '--host' in this case)
elastio stream restore --rp r-dfm52e9c6tacyp7lw4hyjbn4
# Restore a particular file, changing its name
elastio stream restore --rp $RP_ID --to-file cancelled-tickets-2020.pdf
# Restore the files from the latest recovery point of the given host
elastio stream restore --host example.localdomain --rp @
# Concatenate all files from a recovery point and print on the
# standard output
elastio stream restore --rp $RP_ID
# Specify the recovery point by time and ID of the EC2 instance, which
# the backup was created from
elastio stream restore --rp '@{2021-06-23 12:46:31}' --ec2 $INSTANCE_ID
elastio test
elastio-test 0.31.81
Execute driver test
USAGE:
elastio test [FLAGS] [OPTIONS] <SUBCOMMAND>
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
-v, --verbose Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--output-format <output-format> The output format for cli results [default: text] [possible values: json, text]
SUBCOMMANDS:
dump-change-log
dump-state
help Prints this message or the help of the given subcommand(s)
integrity Perform snapshot integrity test for a driver
mirror
transition-incremental
transition-snapshot
elastio test dump-change-log
elastio-test-dump-change-log 0.31.81
USAGE:
elastio test dump-change-log [FLAGS] [OPTIONS] --volume <volume>
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
-v, --verbose Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
-c, --change-log-path <change-log-path>
--output-format <output-format> The output format for cli results [default: text] [possible values: json, text]
--volume <volume> The drive letter of the volume to operate on
elastio test dump-state
elastio-test-dump-state 0.31.81
USAGE:
elastio test dump-state [FLAGS] [OPTIONS] --volume <volume>
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
-v, --verbose Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--output-format <output-format> The output format for cli results [default: text] [possible values: json, text]
--volume <volume> The mount point of the volume to operate on
elastio test integrity
elastio-test-integrity 0.31.81
Perform snapshot integrity test for a driver
USAGE:
elastio test integrity [FLAGS] [OPTIONS] --path-binary-file <path-binary-file> --volume <volume>
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
-v, --verbose Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
-b, --buffer-size <buffer-size> the size of a buffer in which volume will be read, has to be multiple of a 4k. Default is 500 MiB [default: 524288000]
-i, --iterations <iterations> How many snapshot/update/compare cycles to perform [default: 1]
--output-format <output-format> The output format for cli results [default: text] [possible values: json, text]
-p, --path-binary-file <path-binary-file> Path to raw binary file where data will be stored
--volume <volume> The mount point of the volume to operate on
elastio test mirror
elastio-test-mirror 0.31.81
USAGE:
elastio test mirror [FLAGS] [OPTIONS] --file <file> --volume <volume>
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
-v, --verbose Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
-b, --block-size <block-size> the size of a block in which volume will be read, has to be multiple of a 4k [default: 1048576]
-f, --file <file> The file to mirror the volume to
--output-format <output-format> The output format for cli results [default: text] [possible values: json, text]
--volume <volume> The mount point of the volume to operate on
elastio test transition-incremental
elastio-test-transition-incremental 0.31.81
USAGE:
elastio test transition-incremental [FLAGS] [OPTIONS] --volume <volume>
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
-v, --verbose Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--output-format <output-format> The output format for cli results [default: text] [possible values: json, text]
--volume <volume> The mount point of the volume to operate on
elastio test transition-snapshot
elastio-test-transition-snapshot 0.31.81
USAGE:
elastio test transition-snapshot [FLAGS] [OPTIONS] --volume <volume>
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
-v, --verbose Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--output-format <output-format> The output format for cli results [default: text] [possible values: json, text]
--volume <volume> The mount point of the volume to operate on
elastio umount
elastio-umount 0.31.81
Dismount mounted recovery points
USAGE:
elastio umount [FLAGS] [OPTIONS] <--all|--rp <rp-ids>...|--ebs-snapshot-ids <ebs-snapshot-ids>...|--azure-managed-disk-snapshot-ids <azure-managed-disk-snapshot-ids>...|--azure-managed-disk-ids <azure-managed-disk-ids>...|--ami-ids <ami-ids>...|--aws-rp-arns <aws-rp-arns>...|nbd-device|mount-point|--force> [--]
FLAGS:
--all Dismount all mounts
-h, --help Prints help information
-V, --version Prints version information
-v, --verbose Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--ami-ids <ami-ids>... AMI IDs
--aws-rp-arns <aws-rp-arns>... AWS Backup recovery point ARNS
--azure-managed-disk-ids <azure-managed-disk-ids>... Azure managed disk IDs
--azure-managed-disk-snapshot-ids <azure-managed-disk-snapshot-ids>... Azure managed disk snapshot IDs
--ebs-snapshot-ids <ebs-snapshot-ids>... EBS snapshot IDs
--output-format <output-format> The output format for cli results [default: text] [possible values: json, text]
--rp <rp-ids>... Recovery point IDs
ARGS:
<nbd-device|mount-point>... The directory where the device is mounted or NBD device name
EXAMPLES:
# Dismount all entries by recovery point id
elastio umount --rp r-dfcq4cye5ddq9hvssfgoubr3
# Dismount by mount points
elastio umount /mnt/mount/point /media/elastio/my/mount
# Dismount by nbd devices
elastio umount /dev/nbd1 /dev/nbd2p1
# Dismount by nbd device and mount point
elastio umount /dev/nbd3 /mnt/my/mount/point
elastio vault
elastio-vault 0.31.81
Manage vaults in the target AWS account and region
USAGE:
elastio vault [FLAGS] [OPTIONS] <SUBCOMMAND>
FLAGS:
-h, --help
Prints help information
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
SUBCOMMANDS:
catalog-restore Restore the vault's catalog database from its backup in an object storage
default Will fetch default vault in current region for account
delete Delete a vault
help Prints this message or the help of the given subcommand(s)
import Takes existing vault resources and adds vault to a region stack
list List all vaults
list-deleted List soft-deleted vaults
pin Pin a vault shard to ensure it is always immediately available
prime Prime a vault's shard by obtaining a lease and wait until the shard has started
soft-delete Mark a vault as soft-deleted. It's not a destructive action, the vault can be activated again by `undelete` command
undelete Make a previously soft-deleted vault active again
unpin Unpin a vault shard that has previously been pinned
elastio vault catalog-restore
elastio-vault-catalog-restore 0.31.81
Restore the vault's catalog database from its backup in an object storage
USAGE:
elastio vault catalog-restore [FLAGS] [OPTIONS] <vault>
FLAGS:
-h, --help
Prints help information
--ignore-unreferenced-blob-version-ids
Forces the restore even if there are unreferenced blob version IDs in ScaleZ
--monitor
After this operation is submitted as a background job, immediately start monitoring progress of the job
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--bucket <bucket>
Restore the vault from the given S3 bucket.
Should be provided only if it cannot be inferred automatically
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--on-non-existent-blob-version-ids <non-existent-blob-version-ids-action>
Specifies the action to take if there are asset snapshots with non-existent blob version IDs [default: remove] [possible values: remove, abort, ignore]
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--timeout-seconds <timeout-seconds>
Overrides job execution params. Note that this setting currently affect only jobs started in background mode
--timestamp <timestamp>
Restores the vault from the latest catalog backup before this timestamp.
If not provided, then the newest backup will be used for the recovery.
ARGS:
<vault>
Vault to restore
elastio vault default
elastio-vault-default 0.31.81
Will fetch default vault in current region for account.
You can also change default vault passing vault name as a positional argument
USAGE:
elastio vault default [FLAGS] [OPTIONS] [vault-name]
FLAGS:
-h, --help
Prints help information
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
ARGS:
<vault-name>
Vault that will be set as default vault
elastio vault delete
elastio-vault-delete 0.31.81
Delete a vault
USAGE:
elastio vault delete [FLAGS] [OPTIONS] <vault-name>
FLAGS:
--force
Forcibly terminate all running jobs, sessions and instances, delete all plans related to this vault, and then delete the vault. This is a very disruptive action and must be used only if you don't care
about the data being written in the active backup sessions. This also sets `--yes` flag so destructive actions will not prompt for confirmation
-h, --help
Prints help information
--keep-data
Do not delete the S3 bucket containing the vault contents, or the KMS key which encrypts the vault.
If this argument is not provided, the vault contents will be irrevocably deleted.
--no-auto-approve
Don't skip the approval prompt before applying the changes.
This disables `-auto-approve` and `-input=false` terraform flags.
--no-lock
Overrides locks. It would be useful when terraform doesn't release the lock and thus leaves it locked forever, blocking any other attempts to deploy/destroy the stack or to initialize/delete the vault. You
can use this flag only if you are sure that this is an issue with terraform and nobody tries to do some actions with stack or vault.
This is turned into a `-lock=false` terraform flag.
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
-y, --yes
Do not ask interactively for confirmation of destructive actions
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
ARGS:
<vault-name>
Name of the vault to delete
elastio vault import
elastio-vault-import 0.31.81
Takes existing vault resources and adds vault to a region stack.
Tries to discover sources optimistically using vault name, but optionally takes resources ids to use for import (bucket name, ddb table name, kms key id)
USAGE:
elastio vault import [FLAGS] [OPTIONS] <vault-name>
FLAGS:
--default
Provide this flag to also set imported vault as default in current region for account
-h, --help
Prints help information
--no-auto-approve
Don't skip the approval prompt before applying the changes.
This disables `-auto-approve` and `-input=false` terraform flags.
--no-lock
Overrides locks. It would be useful when terraform doesn't release the lock and thus leaves it locked forever, blocking any other attempts to deploy/destroy the stack or to initialize/delete the vault. You
can use this flag only if you are sure that this is an issue with terraform and nobody tries to do some actions with stack or vault.
This is turned into a `-lock=false` terraform flag.
--safety-lock-enabled
Specify if the safety lock feature should be enabled for the vault or not. The safety lock will be disabled by default for the vault unless this option is used
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--bg-jobs-instance-types <bg-jobs-instance-types>...
Use the specified instance types for background jobs
--bg-jobs-instance-types-scan-only <bg-jobs-instance-types-scan-only>...
Use the specified instance types for scan-only background jobs
--bg-jobs-provision-type <bg-jobs-provision-type>
Whether to use spot or on-demand instances for background jobs [default: spot] [possible values: spot, on_demand]
--bg-jobs-provision-type-scan-only <bg-jobs-provision-type-scan-only>
Whether to use on-demand or spot instances for scan-only background jobs [default: on_demand] [possible values: spot, on_demand]
--cloudwatch-log-filter <cloudwatch-log-filter>
Specifies the logging level for provisioned scalez for cloudwatch logging, if not provided reasonable default is used [env: CLOUDWATCH_LOG_FILTER=]
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--custom-tags <custom-tags>
Custom tags to apply to all vault resources in the `<key1>=<value1>,<key2=value2>` format [env: CUSTOM_TAGS=]
--dynamodb-table <dynamodb-table>
DynamoDB table name, containing all recovery points
--encryption-kms-key <encryption-kms-key>
Encryption KMS key vault was created with
--loki-log-filter <loki-log-filter>
Specifies the logging level for provisioned scalez for loki logging, if not provided reasonable default is used [env: LOKI_LOG_FILTER=]
--max-concurrent-jobs <max-concurrent-jobs>
Maximum number of background jobs that can be run concurrently
--max-concurrent-jobs-scan-only <max-concurrent-jobs-scan-only>
Maximum number of scan-only background jobs that can be run concurrently
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--s3-bucket <s3-bucket>
Bucket where vault intended for import is located
--scalez-fixed-instance-types <scalez-fixed-instance-types>...
Use the specified instance types for the 'fixed' shard of ScaleZ
--scalez-fixed-provision-type <scalez-fixed-provision-type>
Whether to use spot or on-demand instances for the 'fixed' shard of ScaleZ [default: spot] [possible values: spot, on_demand]
--scalez-image <scalez-image>
Docker container image from the public s0 ECR. If not provided master or release(depends on ELASTIO_ARTIFACTS_SOURCE env var) will be used - public.ecr.aws/e3t9v4i9/s0:master(release) [env: SCALEZ_IMAGE=]
--scalez-image-tag <scalez-image-tag>
Docker container tag from the public s0 ECR. Can be used to override image tag to a specific commit [env: SCALEZ_IMAGE_TAG=]
--scalez-persistence-mode <scalez-persistence-mode>
[possible values: aggressive, relaxed]
--scalez-s3-storage-class <scalez-s3-storage-class>
Use the specified S3 Storage class (tier) for storing ScaleZ data [possible values: INTELLIGENT_TIERING, STANDARD]
--scalez-variable-instance-types <scalez-variable-instance-types>...
Use the specified instance types for the 'variable' shard of ScaleZ
--scalez-variable-provision-type <scalez-variable-provision-type>
Whether to use spot or on-demand instances for the 'variable' shard of ScaleZ [default: spot] [possible values: spot, on_demand]
--ssh-key <ssh-key>
Launch container instance in ECS cluster with this key_name to be able to ssh to the instance [env: SSH_KEY=]
--subnet <subnet>...
Subnet to launch container instances for ECS cluster into. If not provided all available subnets in the VPC will be used
--subnets <subnets>
Subnets to launch container instances for ECS cluster into. If not provided all available subnets in the VPC will be used. Divide multiple subnet IDs by commas(',') like: <subnet-123456,subnet-abcdef,...>
[env: SUBNETS=]
--vpc <vpc>
A vault dedicated VPC [env: VPC=]
ARGS:
<vault-name>
A user-defined vault name
elastio vault list
elastio-vault-list 0.31.81
List all vaults
USAGE:
elastio vault list [FLAGS] [OPTIONS]
FLAGS:
-h, --help
Prints help information
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
elastio vault list-deleted
elastio-vault-list-deleted 0.31.81
List soft-deleted vaults
USAGE:
elastio vault list-deleted [FLAGS] [OPTIONS]
FLAGS:
-h, --help
Prints help information
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
elastio vault pin
elastio-vault-pin 0.31.81
Pin a vault shard to ensure it is always immediately available
NOTE: this will increase the compute cost associated with the vault as it requires one EC2 instance per shard to be constantly running. Use this option only if your are unable to accept a few minutes' delay before a
backup or restore while the scalez instance is launched.
USAGE:
elastio vault pin [FLAGS] [OPTIONS] <vault-name> --shard <shard-name>
FLAGS:
-h, --help
Prints help information
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--shard <shard-name>
Shard to pin
ARGS:
<vault-name>
Vault to pin
elastio vault prime
elastio-vault-prime 0.31.81
Prime a vault's shard by obtaining a lease and wait until the shard has started
This is not typically necessary, as all of the backup and restore operations automatically obtain a lease and wait for the ScaleZ instance to start. However in some cases it can be useful to block a script until
instance start is successful, or when testing without the need to actually perform a backup or restore.
USAGE:
elastio vault prime [FLAGS] [OPTIONS] <vault-name> --shard <shard-name>
FLAGS:
-h, --help
Prints help information
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
--wait
Wait for the ScaleZ instance to start and print out the URL and token
The default behavior, without this flag, is to send the prime request and immediately return. To wait until the ScaleZ instance has started successfully (or, put another way, to be notified if the
instance startup fails), set this flag.
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--shard <shard-name>
Shard to prime
ARGS:
<vault-name>
Vault to prime
elastio vault soft-delete
elastio-vault-soft-delete 0.31.81
Mark a vault as soft-deleted. It's not a destructive action, the vault can be activated again by `undelete` command.
No other action is permitted on the vault while it is soft-deleted.
USAGE:
elastio vault soft-delete [FLAGS] [OPTIONS] <vault-name>
FLAGS:
-h, --help
Prints help information
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
ARGS:
<vault-name>
Vault name
elastio vault undelete
elastio-vault-undelete 0.31.81
Make a previously soft-deleted vault active again
USAGE:
elastio vault undelete [FLAGS] [OPTIONS] <vault-name>
FLAGS:
-h, --help
Prints help information
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
ARGS:
<vault-name>
Vault name
elastio vault unpin
elastio-vault-unpin 0.31.81
Unpin a vault shard that has previously been pinned
NOTE: Unpinning a shard will not immediately terminate all compute associated with that shard. It merely allows the provisioner service to terminate the EC2 instance running ScaleZ for that shard if and when there
are no more tasks actively using that shard.
USAGE:
elastio vault unpin [FLAGS] [OPTIONS] <vault-name> --shard <shard-name>
FLAGS:
-h, --help
Prints help information
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]
--shard <shard-name>
Shard to unpin
ARGS:
<vault-name>
Vault to unpin
elastio version
elastio-version 0.31.81
Get Elastio components versions
USAGE:
elastio version [FLAGS] [OPTIONS]
FLAGS:
-h, --help
Prints help information
-V, --version
Prints version information
-v, --verbose
Verbosity level (-v, -vv, -vvv, etc.)
OPTIONS:
--aws-region <aws-region>
Override the AWS region where the elastio services are deployed [env: AWS_REGION=]
--profile <profile-name>
Use specific profile configuration, by default: "default"
--aws-custom-endpoint-name <aws-custom-endpoint-name>
Name of the custom endpoint (e.g. `"eu-east-2"`). Equals to the default AWS region name by default. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_NAME=]
--aws-custom-endpoint-url <aws-custom-endpoint-url>
URL of the custom API endpoint to use when communicating with any AWS service. This is mostly relevant for development purposes [env: AWS_CUSTOM_ENDPOINT_URL=]
--aws-lambda <aws-lambda>
Display all deployed AWS lambda versions. Specific component can be filtered instead of displaying the all versions via `--aws-lambda=<component>` syntax
--connector-role-arn <connector-role-arn>
AWS IAM role ARN in the AWS account where the Elastio Cloud Connector is deployed. This role will be assumed before making any AWS API calls in that account.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account. [env: CONNECTOR_ROLE_ARN=]
--connector-role-external-id <connector-role-external-id>
Authenticate the assumption of the connector role specified with --connector-role-arn.
This is only used when performing operations from one AWS account with an Elastio vault in another AWS account [env: CONNECTOR_ROLE_EXTERNAL_ID=]
--output-format <output-format>
The output format for cli results [default: text] [possible values: json, text]