Skip to main content

Restore AMIs

Updated today

Overview

An Amazon Machine Image (AMI) is a template that contains a software configuration (for example, an operating system, an application server, and applications). From an AMI, you can launch an instance, which is a copy of the AMI running as a virtual server in the cloud. For example, the AMI is an image of your EC2 instance. You can restore an EC2 instance backed up to Druva Cloud from the storage region specified in the backup policy.

Procedure

To restore an AMI:

  1. Log into your management console and navigate to Resources > EC2.

  2. Navigate to the Backups tab and select the AMI that you wish to restore.

  3. On the backup details page, click Restore.
    Alternatively, you may select the AMI from the Backups page, and then click Restore to initiate the restore process.

Field

Description

Instance Name

By default, Druva CloudRanger displays the name of the original EC2 instance, and if unavailable, the instance ID is used as the name. You can choose to modify the default instance name.

Region

The AWS Region where the backed-up AMI is stored.

Availability Zone

Choose an availability zone within the region where the AMI is stored.
For more information, see Regions and Availability Zones

Instance Type

Choose an instance type of the restored EC2 instance. By default, Druva CloudRanger selects the original EC2 instance type.

📝 Note
Not all instance types are supported in all regions. If you run into issues with the restore, verify that the selected instances are supported for that region.

For more information, refer to the AWS documentation.

Windows

Enable the toggle if you are attempting a Windows instance restore.

Marketplace AMI

Indicates if an AWS Marketplace AMI is restored.

Tags

Key

This section displays the tag keys that have been specified for the source EC2 instance or the AMI.
Tags act as metadata to help identify and organize your AWS resources.

Value

The Value will depend on the Key specified.
Key: Created by Policy; Value: New
Key: Origin; Value: Origin ID

Location

VPC

Select a virtual private cloud (VPC) where you want the restored EC2 instance to run.

Subnet

Select the subnet of the VPC where you want the restored EC2 instance to run.

Virtualization

Select the virtualization type for the restored EC2 instance.

Network Configuration

  • Automatically Assign a Private IP: Select this option to assign a default private IP address to the EC2 instance, which will be attached to it upon restore.

  • Specific Private IP: Specify the private IP address of the EC2 instance that will be attached to it upon restore. The IP address provided must be within the range of IP addresses for the Subnet specified previously.

  • Specific Elastic Network Interface: Select from the list of available preserved Elastic Network Interface (ENIs), and attach it to the newly restored EC2 instance, to ensure that network identity is retained. Selecting the ENI enables uninterrupted network continuity and ensures seamless restore of your EC2 instances.

📝 Notes

  • You can select ENIs based on the chosen Subnet and Availability Zone.

  • The number of ENIs and IPs per ENI depend on the instance type selected. Multiple ENI selection is currently not supported.

  • If selecting an Elastic Fabric Adapter (EFA-only option, this will not be used as the primary network interface, and is not supported on Windows.

  • The ENI retains associated security groups preserving the network-level security configuration.
    Do note that when specifying ENI as part of network configuration, the Security Groups option will remain disabled.

Security

SSH Key

The backup encryption target key for the EC2 instance.

An SSH Key is required to have secure access to the instance.

If you plan on remotely connecting to the restored EC2 instance, select a key pair created in your account.

Note: The SSH target key is disabled when attempting to restore a backup that resides in the customer’s AWS account, where the device encryption is managed with the default key.

KMS Keys

The Device Name and the Existing KMS Key are displayed.

Based on the AWS Account and the Region specified, you can select the KMS Key to be used to encrypt data at the time of restore..

Note: If the KMS key to be used is unavailable you may need to first onboard the Account to your AWS Workloads console and then proceed. For more information, see Create an AWS Access Role.

If using a KMS key that is in a different account (Account B) than the one the instance is restored to (Account A), you will need to add the Role ARN of Account A to the KMS key policy of Account B. If you are restoring data from Druva Cloud, you will also need to add the Data Role ARN to the kms key policy.

To locate your Role ARN and Data Role ARN, navigate to your AWS Identity and Access Management (IAM) > Roles, and then locate the following roles:
cloudranger-orchestration-<ACCOUNT ID>

cloudranger-ec2-data-<ACCOUNT ID>

For more information on key policies, refer to the AWS documentation.

Instance Profile

Choose an instance profile for the restored EC2 instance.

Security Groups

Select a security group for the restored EC2 instance.

Block Device Mappings

This section displays information on the AMI to be restored:

  • Device Name and Snapshot ID

  • Delete On Termination

  • Encrypted: Policy-based backup encryption, if applicable

  • Volume Size and Volume Type of the AMIs to be restored

4. Click Confirm.
The restored AMIs will now be available on the Restores page.

Restore AMIs with File Level Recovery

With the file-level recovery functionality, you can initiate a recovery instance within Druva’s environment and choose the files you want to recover.

This launches an instance and runs Druva's FLR agent, which virtually mounts the chosen point-in-time backup and serves a browsable view of files/folders to restore. Upon initiating a restore, the FLR instance zips the selected files into a single zip archive, which are accessible via the S3 bucket in your source AWS account.

Before you begin

To enable this feature, you will need to update your AWS Access Role by deploying the latest CloudFormation template for each account in which you intend to leverage file level recovery. For more information, see Update Existing AWS Access Roles in Druva CloudRanger.

Procedure

To initiate a file-level recovery:

  1. Log into your management console and navigate to Resources > EC2.

  2. Navigate to the Backups tab and select the AMI that you wish to restore.
    Note: Set the Location filter to Druva Cloud to view all backups on Druva Cloud.

  3. On the backup details page, click Restore. Alternatively, select the snapshot from the Backup page, and then click Restore.

  4. On the Restore dialog, select File level recovery.

📝Note

The restore once initiated launches an instance in Druva’s managed infrastructure.

5. Navigate to the browse view presented and select the file(s) to be restored.

📝Note

Once initiated, the instance is created only with the selected files and folders, and the instance is discarded after 2 hours.

6. Navigate to your Jobs Restore page to track the restore job.
7. A link to the restored files is presented on the Restores page, which will redirect you to the file location within the S3 bucket of your AWS account.

Once the instance becomes available, locate the archived files for downloading. You may also download a directory with one click using the download icons on the right, which will download the archive with a .zip extension.

Restore AMIs with Cyber Recovery

The Recovery Insights (Cyber Recovery) feature provides insights on the Cyber Resiliency of your EC2 resources. Understanding these capabilities is crucial for maintaining a strong security posture and ensuring rapid, secure recovery from cyber threats like ransomware. For more information, see Restore EC2 and EBS backups with Cyber Recovery.

Important

To view and access the Recovery Insights feature, you must either have the Security Posture & Observability, Accelerated Ransomware Recovery license, or a premium license.

To restore an AMI with Cyber Recovery:

  1. Log into your management console and navigate to Resources > EC2.

  2. From the Resources tab, select the Resource for which you want to proceed with Cyber Recovery.

  3. Click the Recovery Points tab and navigate to Cyber Recovery.
    This displays a list of airgapped recovery points for the selected Amazon EC2 resource.

  4. Select a recovery point and click Cyber Restore. On the Restore AMI page, specify the relevant details, and proceed to initiate a Cyber Restore (Restore Scan) or an on-demand Threat Hunt.

    For more information, see Cyber Restore for EC2 resources.

Note:

Navigate to the Operational Recovery tab to select recovery points to proceed with a full restore. The Cyber Recovery tab becomes available only when the appropriate Security license is enabled.


Related Articles
Restore AMI
Restore Archived AMIs
Restore EBS snapshots
Restore EBS Snapshots as Instance
AWS Workloads Release Notes 2025
Did this answer your question?