Link Search Menu Expand Document

AWS Resources Elastio creates

During the deployment process into your AWS account, Elastio creates resources for the Elastio service. The majority of Elastio resources are managed by Terraform. This leads to the fact that once Elastio resources are modified manually outside of Terraform the custom modifications will be reverted by Terraform during update. At this time it is not recommended to add any custom tags on the resources managed by Elastio as it might lead to inability to update. In future custom tagging will be possible, but after each upgrade the custom tags will get removed as the resource is updated.

Here is a partial list of the types of resources Elastio creates within your AWS account.

Amazon Application Auto Scaling and Amazon Auto Scaling group are resources which are used to configure automatic scaling for the vault worker instance capacity.

AWS Batch Compute Environment, AWS Batch Job Queue and AWS Batch Job Definition are created by Elastio to run various kinds of background jobs, such as scans, backups, restores and mounts. Specifically, a background worker is created via AWS Batch. Afterwards, it makes snapshots of EBS volumes, attaches and uploads them to the vault using the vault worker database.

AWS CloudFormation Stack is used to nest an account-level stack.

AWS IAM Role is the resource needed for hosting all IAM roles for the Tenant to allow communication with Elastio infrastructure in the definite account, as well as dedicated roles for every Lambda function, background job and ScaleZ.

AWS CloudWatch Event Bus, Rule and AWS CloudWatch Event Target are created by Elastio for scheduled AWS Lambda routines (e.g. backup policies, garbage collection) and subscriptions to events (e.g. from internal Event Bus).

AWS CloudWatch Log Group and AWS CloudWatch Metric Alarm resources are added to your AWS account to store logs telemetry.

AWS DynamoDB table is a resource used for storing recovery points, job statuses, backup policies, retention policies and ScaleZ provisioning information.

Amazon ECS is a service which is used to host the workloads. Amazon ECS task is automatically spun up by background job workers and shut down when not needed anymore.

AWS KMS key is needed for vault S3 bucket encryption (symmetric) and ScaleZ authentication (asymmetric). Elastio creates one KMS key per vault and another one per Cloud Connector.

AWS Lambda function, AWS Lambda Event Source Mapping are used by Elastio to manage scan, backup and restore operations.

Amazon Launch Template is used to store launch parameters which will be followed by an EC2 instance.

Amazon S3 is created to store the encrypted and compressed backups data payload, as well as the Elastio’s own ScaleZ metadata database that describes all this data. Amazon S3 is also used to store file attachments for iscan jobs, and for telemetry exfiltration purposes for large objects.

Amazon EventBridge Scheduler Schedule is used to implement scheduled routines such as periodic scan, backup jobs.

Amazon Security Group is a resource which is created to restrict egress/ingress networking on background jobs workers, instances and vault workers.

AWS Step Functions State Machine is used to implement delayed event processing which is involved when assets are configured to be protected immediately when they are created to wait for them to initialize.

Amazon SNS Topic and Amazon SNS Topic Subscription are added to your AWS account to show job statuses and transitions between them.

Amazon SQS is a resource which is used to send data like scan results, recovery points, log events and performance metrics to the Elastio Tenant.

AWS SSM parameter is deployed to store various simple region-level and vault-level configuration knobs.