Restore to US-West-1

We will simulate a disaster in this exercise by revoking public access to the S3 bucket hosting the website. We will then perform a series of tasks to bring the application up in the DR region us-west-1. The steps would be included in a DR run book so that any system administrator with proper access could execute them. In a production environment, we would automate these steps using an AWS Cloudformation template or third-party tools. We will perform the following steps manually to learn how the AWS services support Disaster Recovery:

  • Revoke access to the primary site S3 bucket
  • Launch an EC2 instance from the AMI in the DR region
  • Restore the RDS database from backup in the DR region
  • Configure the application

Revoke access to the primary site S3 bucket

1.1 Login to the AWS Console and navigate to S3 by searching for it.

1.2 Click on the Name of the UI bucket.

1.3 Select Permission and click the Edit button under Block public access.

1.4 Check the box to block all public access and click the Save changes button.

1.5 Type confirm in the text entry box and click the Confirm button.

Our application is now down. We have simulated a disaster. You can test this by trying to reload the website’s URL.


Launch an EC2 instance from the AMI in the DR region

2.1 Navigate to EC2 (Search for EC from console), and change the region to us-west-1.

2.2 Click on Images and select AMIs.

2.3 Find the AMI and choose Actions then Launch.

2.4 Select the t3.micro instance type and click the Next: Configure Instance Details button.

2.5 Set the IAM role to BackupRestore-S3InstanceProfile, leave the remaining defaults and click the Next: Add Storage button. Note, the prefix might be different depending on the CloudFormation Stack name specified during US-East-1 Deployment section.

2.6 Leave the default and click the Next:Add tags button.

2.7 Leave the defaults and click the Next: Configure Security Group button.

2.8 Add rules as shown and click Review and Launch. Save the security group name for later.

2.9 Click the Launch button.

2.10 Select Proceed without a key pair, check the acknowledgment and then click Launch Instances.

2.11 Make a note of the instance Public IPv4 DNS as we will need it later.

Restore the RDS database from backup in the DR region

3.1 Navigate to AWS Backup by searching for it in the AWS Console .

3.2 Click on Backup vaults, select Default, and choose the most recent backup.

3.3 Select Restore from the Actions menu.

3.4 Configure the RDS options as shown.

Note: The security group will have to be changed after the restore is complete.

Enter a DB instance identifier.

Choose an Availability Zone (AZ) and Subnet Group within us-west-1.

Set the Database port and DB parameter group as shown. Disable IAM DB Authentication.

Click the Restore backup button.

Wait for the restore to complete.

3.5 Navigate to VPC by searching for it in the AWS Console .

3.6 Find Security Groups in the left-hand menu and click the Create Security Group button.

3.7 Enter a Security group name and Description.

Click Add rule and allow MYSQL/Aurora TCP inbound port 3306 from the EC2 security group attached to the DR EC2 instance (from step 2.8 above).

Tip: This is an inbound rule. No changes are required to ourbound rules.

Leave the Outbound rules as default and click the Create security group button.

3.8 Navigate to RDS by searching for it in the AWS Console .

Select the database that we just restored and click the Modify button.

In the Connectivity section, change the security group to the new one we created in step 3.7.

Click the Continue button.

Choose Apply immediately and click the Modify DB instance button.

Click on the DB identifier to bring up the database details.

Please make a note of the Endpoint as we will need it later.

Configure the application

4.1 Navigate to EC2 by searching for it in the AWS Console .

4.2 Select the EC2 instance and click the Connect button.

4.3 Select the Session Manager tab and click the Connect button to log in.

4.4 Once logged in test database connectivity. Use the database endpoint we saved in step 3.8 above.

sudo mysql -u UniShopAppV1User -h dr-lab-restore.XXXXXXXXXXXX.us-west-1.rds.amazonaws.com -P 3306 -pUniShopAppV1Password
SHOW DATABASES;
[ec2-user@ip-XXX-XXX-XXX-XXX ~]$ sudo mysql -u UniShopAppV1User -h dr-lab-restore.XXXXXXXXXXXX.us-west-1.rds.amazonaws.com -P 3306 -pUniShopAppV1Password


Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MySQL connection id is 22
Server version: 8.0.20 Source distribution

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MySQL [(none)]> SHOW DATABASES;
+--------------------------------+
| Database                       |
+--------------------------------+
| information_schema             |
| mysql                          |
| performance_schema             |
| unishop                        |
| unishopappv1dbbackupandrestore |
+--------------------------------+
5 rows in set (0.00 sec)

MySQL [(none)]>

4.5 Edit the /home/ec2-user/unishopcfg.sh file. Change the database endpoint to the one we saved in step 4.8 above. Change the regions to us-west-1. Finally, change the bucket names to the DR buckets we used in step 2.4 above.

Tip: You can use the vi (Debian ManPage ) or nano command (Debian ManPage ) to edit the document.

sudo vi /home/ec2-user/unishopcfg.sh

Tip: Use the full DNS name of the database.

#!/bin/bash
export Database=dr-lab-restore.XXXXXXXXXXXX.us-west-1.rds.amazonaws.com
export DB_ENDPOINT=dr-lab-restore.XXXXXXXXXXXX.us-west-1.rds.amazonaws.com
export AWS_DEFAULT_REGION=us-west-1
export UI_RANDOM_NAME=backupandrestore-uibucket-<XXXXXXXXXXXX>-dr

4.6 Run the following two commands to copy application files to the DR S3 buckets:

Note: If our S3 buckets contained application data then it would be necessary to schedule recurring backups to meet the target RPO. This could be done with Cross Region Replication . Since our buckets contains no data, only code, we will restore the contents from the EC2 instance.

sudo aws s3 cp /home/ec2-user/UniShopUI s3://backupandrestore-uibucket-XXXXXXXXXXXX-dr/ --recursive --grants read=uri=http://acs.amazonaws.com/groups/global/AllUsers

4.7 Reboot the EC2 instance.

sudo reboot

4.8 Navigate to S3.

4.9 Locate the STACK-NAME-uibucket-XXXXXXXXXXXX-dr bucket we created earlier and click on the Name.

4.9 Download the config.json file from S3 in the to your local machine.

Save file name: config.json

4.10 Update the config.json with the DR EC2 instance public IPv4 DNS name we saved in step 2.11 above. Also, change the region to us-west-1. Then upload to the DR UI bucket.

  • Make sure you are using HTTP (not HTTPS).
  • Make sure there is no trailing slash at the end of the URL.
  • Make sure the region is set to us-west-1.
{

    "host": "http://ec2-XXX-XXX-XXX-XXX.us-west-1.compute.amazonaws.com"
    "region": "us-west-1"
}

4.11 Navigate to the Objects tab for the UI Bucket and click the Upload button. Follow the prompt to upload config.json to your S3 static website.

4.12 Grant public access to the file by allowing Everyone Read permissions.

4.13 Navigate to the Properties tab of the S3 UI bucket.

Enable Static website hosting by scrolling to the bottom and clicking the Edit button.

Retain the default settings and enter the file names for Index and Error documents.

Click the Save changes button.

Write down the provided website URL.

Open the URL provided, and you will see the Unicorn shop!

Tip: Due to browser caching, you may need to open the site in your browser’s incognito mode (CTRL+P on Microsoft Edge or CTRL+ALT P on Google Chrome).

Congrats! You have responded to the disaster and restored your application in accordance with the desired RPO and RTO