FLR Process Overview:
When performing FLR, CloudRanger boots an EC2 instance within the AWS account, which requires specific IAM roles and security groups to facilitate the action. The system automatically creates and assigns these roles and security groups temporarily.
Example of an assumed role generated during the process:
"type": "AssumedRole"
"principalId": "ABC1234567:flr_preparation_step",
"arn": "arn:aws:sts::12345678910:assumed-role/cloudranger-temp-role/flr_preparation_step"
Key Points About FLR & Security Groups:
EC2 Instance Boot-up: When initiating FLR, an EC2 instance is launched with predefined parameters.
Role & Security Group Creation: If pre-existing security groups are not selected during the restore process, CloudRanger creates and later removes temporary IAM roles and security groups.
File-Level Restore Functionality:
A recovery instance is launched within the AWS environment.
The instance attaches the snapshot to be restored as a volume.
The instance acts as a web server, making restored files accessible only through the customer’s IP.
Users can access the files via HTTP protocol or FTP based on the requirement.
Recovery Workflow Summary:
CloudRanger retrieves the required snapshot or backup image from the configured backup.
It identifies the instance configuration (instance type, VPC, subnet, storage volumes, AMI) to recreate the instance as per the backup.
If an existing security group is not selected, CloudRanger may create a temporary one to enable basic access.
Temporary IAM roles or permissions may be assigned to access AWS services like S3 and EBS.
These roles and security groups are dynamically managed and removed after the recovery process is completed.
For more details and use this feature go through this article: https://help.druva.com/en/articles/8651891-restore-a-snapshot-with-file-level-recovery