GSE

h1. AWS Backup

We use Perforce and Redmine running on an AWS Server. Our backup strategy is to simply create an Amazon Machine Image (AMI) of the current server state. This AMI can then be used to launch a new server instance which will look just like the original, preserving all Perforce and Redmine data.

h2. Step 1, Create AMI

Log into the AWS console, go to the instances tab, select the server instance to back up, right click, select Image->Create Image.

!picture846-1.png!

Now name the image, check the "No reboot" box, then select "Create Image"

!picture62-1.png!

You should see Create Image request message below.

!picture953-1.png!

h2. Step 2, Prepare AMI

Go to the AMI tab on the AWS console. You should now see the new AMI. (It actually could take a few minutes to appear).

!picture735-1.png!

As part of our backup strategy, we create another server instance of our backup AMI, but we actually run this instance on an entirely different AWS account. The idea here is if the primary AWS account is hacked somehow, and the backup AMI's are deleted, hopefully our "backup" AWS account is not also hacked, and we have a "hot spare" ready to go (Redmine should work right away, but we would need a new Perforce license for the backup server's IP address)

To share this backup AMI with another AWS account, we have to modify the backup AMI's permissions. This step assumes you have already set up a backup AWS account and you have the account id handy. Select the backup AMI, right click, and select "Modify Image Permissions".

!picture968-1.png!

You should then see the following window. Enter in the AWS Account Number of the backup AWS account, select "Add Permission", then check the "create volume" box and then select save.

!picture841-1.png!

At this point this backup AMI is ready to be grabbed by the backup AWS account. So now log in to the backup AWS Console and go to the instances tab. Below is what my backup AWS server currently looks like. For no particular reason, 2 backup servers are running. Only 1 is really necessary.

!picture448-1.png!

Go to the AMIs tab, and change "Owned by me" to "Private Images".

!picture381-1.png!

You should now see the back up AMI we created in the primary account (I misnamed it ... it should say "Back Up 10May2018")

!picture92-1.png!

Now select the AMI, right click and select Launch:

!picture419-1.png!

Choose instance type t2.micro, which it defaults to. Select "Review and Launch".

This will bring up next configuration. Select Edit Security Group and select existing security group and then select "launch wizard-1" ... But the important part are the 6 inbound rules shown below (port 443 is for Redmine, 1666 is for Perforce)

!picture150-1.png!

Then select "Review and Launch" which will bring up the message below:

!picture475-1.png!

Select "Launch", which should bring up a window to select your key pair created when this backup account was created.

!picture298-1.png!

Check the acknowledge box and then select "Launch Instances". Now the new instance should be launching. 

!picture669-1.png!

It may take a few minutes for the new instance to show up in the Instance tab on the AWS Console. Fill in a name.

!picture669-2.png!

Notice the IP address it created for the new backup instance, in this case 18.191.69.218. Point a browser directly to that IP address and you should get the Redmine login page.

!picture482-1.png!

Perforce will not work since the license file is based on the AWS Private IP address, highlighted in the image below.

!picture727-1.png!

Add this point you would have to contact Perforce and get a new license file issued with this new Private IP address.

At this point, you could delete some of the backup instances running on the backup AWS server. You could also delete the backup AMI on the primary server. Otherwise your AWS bill will increase, as you are using more disk space and server running time.