Amazon VPC Resources That Commvault Cloud Protects

You can recover Amazon EC2 instances and related Amazon VPC resources, without delays.

Specifically, you can back up key VPC resources across regions and accounts, recover deleted resources in minutes, and recover known good Amazon EC2 and Amazon VPC configurations in place.

Before using this capability, verify that the amazon_restricted_role_permissions.json policy is assigned to the IAM user or IAM role that is used to authenticate to the Amazon EC2 hypervisor that contains the VPC resources that you want to protect. For more information, see Permission Requirements for AWS Resource Protection.

Commvault recommends controlling access to AWS resources using tags or TagKeys to further restrict the scope of access for Commvault Cloud data protection operations.

VPC Resources That Are Protected

Commvault Cloud protects the following VPC resources and all associated attributes (unless noted below) when performing Amazon EC2 instance backups:

  • DHCP options

  • DNS attributes

  • Elastic network interfaces

  • Internet gateways

  • Egress-only internet gateways

  • Managed prefix lists

  • NAT gateways

  • Network ACLs (main, per subnet)

  • Route tables (main, custom)

  • Security groups (VPC, instance)

  • Subnets (public, private, IPv4, IPv6)

  • VPCs

  • VPC flow logs

  • VPC peering connections

Commvault Cloud protects the following AWS PrivateLink resources:

  • VPC endpoints

Commvault Cloud protects the following AWS Transit Gateway resources:

  • Transit gateways

Commvault Cloud protects the following AWS Site-to-Site VPN resources:

  • VPN gateways

  • VPN connections

  • Customer gateways

Commvault Cloud protects the following AWS Wavelength resources:

  • Carrier gateways

VPC Resources That Are Restored by a Full In-Place Restore

To restore supported VPC resources and attributes, run a full in-place restore of the Amazon EC2 instance.

A full in-place restore restores VPC resources as follows:

Resource

Re-created

Re-used (if existing)

Amazon VPC

Yes

Yes

Route tables (main, custom)

--

Yes

DHCP option sets

--

Yes

Network ACLs

--

Yes

Network CIDR reservations

--

Yes

Subnets

Yes

Yes

Security groups (VPC, instance)

Yes

Yes

Amazon EC2 network interfaces

Yes

Yes

Elastic IPs (public IPs)

--

Yes

VPC Peering relationships

--

Yes

Elastic Fabric Adapters

--

Yes

Loading...