CloudRanger performs the following steps to clone resources:
1. Discovers source AWS resources
CloudRanger identifies the servers' related network and security resources. For servers specified in the source environment, its network and security resources are captured by describing the instances. For each of the resources, its attributes are captured by further describing each of those resources.
Network and security resources that are captured
VPC
Subnets
Route tables
Internet gateways
Egress only Internet gateways
DHCP options sets
NAT gateways
Elastic IPs
Network ACLs
Security Groups
2. Generates CloudFormation Script
CloudRanger creates a CloudFormation script with the resources details for the target environment. A CloudFormation Script is generated to create resources in the target environment.
Details of resources clone settings
Resource | Clone settings |
VPC | CIDR range preserved |
Subnets | CIDR Ranges Preserved, AZs allocated in round robin |
Route tables | Routing preserved |
Internet gateways | Routing preserved |
Egress only Internet gateways | Routing preserved |
DHCP options sets | Options preserved |
NAT gateways | Routing preserved |
Elastic IPs | New addresses allocated and assigned to VPCs for NAT gateways and pre-allocated for instances with EIPs |
Network ACLs | Rules and associations preserved |
Security groups | Ingress and Egress rules preserved |
3. Creates resources in the target environment
CloudRanger executes the CloudFormation Script to create resources in the target environment.
Permissions Required
The following permissions are required as part of an account configuration. CloudRanger creates an IAM role within an account with these permissions.
Discover resources and generate a CloudFormation script
ec2.describeVpcs
ec2.describeSubnets
ec2.describeInternetGateways
ec2.describeEgressOnlyInternetGateways
ec2.describeNatGateways
ec2.describeSecurityGroups
ec2.describeNetworkAcls
ec2.describeRouteTables
ec2.describeDhcpOptions
ec2.describeAddresses (Elastic IPs)
Clone resources by executing Cloudformation script
ec2:describeKeyPairs
ec2:modifyVpcAttribute
ec2:modifySubnetAttribute
ec2:modifyNetworkInterfaceAttribute
ec2:createNetworkInterfacePermission
ec2:describeAddresses
ec2:describeDhcpOptions
ec2:describeInternetGateways
ec2:describeEgressOnlyInternetGateways
ec2:describeNatGateways
ec2:createVPC
ec2:deleteVPC
ec2:createSubnet
ec2:deleteSubnet
ec2:createRoute
ec2:deleteRoute
ec2:createNetworkAcl
ec2:createNetworkAclEntry
ec2:deleteNetworkAcl
ec2:deleteNetworkAclEntry
ec2:describeNetworkAcls
ec2:ReplaceNetworkAclAssociation
ec2:ReplaceNetworkAclEntry
ec2:AllocateAddress
ec2:RevokeSecurityGroupEgress
ec2:RevokeSecurityGroupIngress
ec2:AssociateAddress
ec2:ReleaseAddress
ec2:DisassociateAddress
ec2:createRouteTable
ec2:deleteRouteTable
ec2:AssociateRouteTable
ec2:DisassociateRouteTable
ec2:createInternetGateway
ec2:AttachInternetGateway
ec2:DetachInternetGateway
ec2:deleteInternetGateway
ec2:createNatGateway
ec2:deleteNatGateway
ec2:createEgressOnlyInternetGateway
ec2:deleteEgressOnlyInternetGateway
ec2:createDHCPOptions
ec2:deleteDHCPOptions
ec2:createSecurityGroup
ec2:deleteSecurityGroup
ec2:AuthorizeSecurityGroupIngress
ec2:AuthorizeSecurityGroupEgress
ec2:describeRouteTables
cloudFormation:createstack
cloudformation:describestacks
cloudformation:describestackevents
cloudformation:describeStackResource
cloudformation:describeStackResources
cloudformation:deleteStack