Link Search Menu Expand Document

AWS Resources Elastio creates

During the deployment process into your AWS account, Elastio creates resources to for the Elastio service. The majority of Elastio resources are managed by Terraform. This leads to the fact that once modified manually they cannot be updated by Terraform again. At this time it is not recommended to add any custom tags on the resources managed by Elastio as it might lead to inability to update. In future custom tagging will be possible, but after each upgrade the custom tags will get removed as the resource is updated.

Here is a partial list of the types of resources Elastio creates within your AWS account.

Amazon Application Auto Scaling and Amazon Auto Scaling group are resources which are used to configure automatic scaling for the vault worker instance capacity.

AWS Batch Compute Environment, AWS Batch Job Queue and AWS Batch Job Definition are created by Elastio to run various kinds of background jobs, such as backups, restores and mounts. Specifically, a background worker is created via AWS Batch. Afterwards, it makes snapshots of EBS volumes, attaches and uploads them to the vault using the vault worker database.

AWS CloudFormation Stack is used to nest an account-level stack.

AWS IAM Role is the resource needed for hosting all IAM roles for the Tenant to allow communication with Elastio infrastructure in the definite account, as well as dedicated roles for every Lambda function, background job and ScaleZ.

AWS CloudWatch Event Rule and AWS CloudWatch Event Target are created by Elastio for scheduled AWS Lambda routines (e.g. backup policies, garbage collection) and subscriptions to events (e.g. from internal SNS topic).

AWS CloudWatch Log Group and AWS CloudWatch Metric Alarm resources are added to your AWS account to store logs telemetry.

AWS DynamoDB table is a resource used for storing recovery points, job statuses, backup policies, retention policies and ScaleZ provisioning information.

Amazon ECS is a resource which ScaleZ uses to be run on. As a container task, Amazon ECS is automatically spun up by background job workers and shut down when not needed anymore.

AWS KMS key is needed for vault S3 bucket encryption (symmetric) and ScaleZ authentication (asymmetric). Elastio creates one KMS key per vault and another one per Cloud Connector.

AWS Lambda function, AWS Lambda Permission and AWS Lambda Function Event Invoke Config are used by Elastio to perform backup and restore operations.

Amazon Launch Template is used to store launch parameters which will be followed by an instance.

Amazon S3 is created to store the encrypted and compressed backups data payload, as well as the Elastio’s own ScaleZ metadata database that describes all this data. Amazon S3 is also used to store file attachments for iscan jobs, and for telemetry exfiltration purposes for large objects.

Amazon Security Group is a resource which is created to restrict egress/ingress networking on background jobs workers, instances and vault workers.

Amazon SNS Topic and Amazon SNS Topic Subscription are added to your AWS account to show job statuses and transitions between them.

Amazon SQS is a resource which is used to send data like recovery points, log events and performance metrics to the Elastio Tenant.

AWS SSM parameter is deployed to store various simple region-level and vault-level configuration knobs.