Knowledge Center Monthly Newsletter - July 2025

Stay up to date with the latest from the Knowledge Center. See all new Knowledge Center articles published in the last month, and re:Post’s top contributors.

Customizing the Network Settings When Using AWS Backup to Restore VMware-Based Instances to Amazon EC2

4 minute read

Content level: Advanced

This article will help readers understand how they can customize the network settings of AWS Backup VMware-based backups when restoring to Amazon EC2.

AWS Backup for VMware Overview

AWS Backup support for VMware provides robust capabilities for protecting VMware workloads running in on-premises environments or VMware Cloud on AWS environments. One of the most powerful features is the ability to restore these VMware-based backups directly to Amazon EC2 instances, enabling cloud-based disaster recovery scenarios and workload migration paths to AWS. AWS Backup seamlessly integrates with VMware environments through the AWS Backup Gateway, allowing organizations to:

Back up VMware virtual machines using native VMware snapshots (including the use of Changed Block Tracking)
Store backups efficiently in AWS using incremental forever backup chains
Maintain application consistency for supported operating systems
Enable hybrid cloud protection strategies
Facilitate cross-platform recovery to Amazon EC2

When disaster strikes, AWS Backup allows you to restore your VMware-based backups directly to Amazon EC2 instances. This capability eliminates the need for intermediate conversion steps, maintains system integrity during the restoration process, and provides flexibility in target instance configuration.

Customization of Networking During Restore

While restoring VMware backups to EC2, you might need to customize the network configuration to match your AWS networking requirements or preserve the existing IP addressing configuration of the workload as it was deployed on-premises or in VMware Cloud on AWS. AWS Backup supports this through restore metadata, specifically the NetworkInterfaces configuration, in a manner similar manner to how custom metadata would be passed during an Amazon EC2 restore.

Retrieve Existing Recovery Point Restore Metadata

Prior to creating an AWS Backup restore job, it is recommended to first retrieve the metadata already attached to the recovery point, and we can do this using the AWS Backup GetRecoveryPointRestoreMetadata API. Some of these values, notably the disks, hypervisorId, and vmId will be used in the restore job invocations.

Command Input

aws backup get-recovery-point-restore-metadata --backup-vault-name "BACKUP_VAULT_NAME" --recovery-point-arn "arn:aws:backup:REGION:ACCOUNT_ID:recovery-point:RECOVERY_POINT_ID"

Command Output

{
    "BackupVaultArn": "arn:aws:backup:REGION:ACCOUNT_ID:backup-vault:BACKUP_VAULT_NAME",
    "RecoveryPointArn": "arn:aws:backup:REGION:ACCOUNT_ID:recovery-point:RECOVERY_POINT_ID",
    "RestoreMetadata": {
        "aws:backup:request-id": "REQUEST_ID",
        "disks": "[{\"diskId\":\"2000\",\"label\":\"Hard disk 1\"}]",
        "hypervisorId": "hype-HYPERVISOR_ID",
        "vmId": "vm-VM_ID"
    },
    "ResourceType": "VirtualMachine"
}

Specify Primary Private IP Address

AWS Backup provides us the ability to customize the VPC, Subnet, and Security Group configuration of Amazon EC2 instances directly through the AWS Backup console, but what if you needed to specify an IP address within the subnet? The sample provided below uses the AWS Backup StartRestoreJob API to create a restore job on VMware-based recovery point and allows us to pass in the primary private IP address we wish to assign to the launched Amazon EC2 instance.

Create Restore Job Sample

aws backup start-restore-job --cli-input-json '{
    "RecoveryPointArn": "arn:aws:backup:REGION:ACCOUNT_ID:recovery-point:RECOVERY_POINT_ID",
    "Metadata": {
        "disks": "[{\"diskId\":\"2000\",\"label\":\"Hard disk 1\"}]", 
        "hypervisorId": "hype-HYPERVISOR_ID", 
        "vmId": "vm-VM_ID", 
        "RestoreTo": "EC2Instance", 
        "InstanceType": "t2.medium", 
        "InstanceInitiatedShutdownBehavior": "stop", 
        "Tenancy": "default", 
        "EbsOptimized": "false", 
        "NetworkInterfaces": "[{\"associatePublicIpAddress\":false,\"DeviceIndex\":0,\"groups\":[\"sg-SECURITY_GROUP_ID\"],\"privateIpAddresses\":[{\"primary\":true,\"privateIpAddress\":\"PRIMARY_PRIVATE_IPV4\"}],\"subnetId\":\"subnet-SUBNET_ID\"}]"
    },
    "IamRoleArn": "IAM_ROLE_ARN",
    "ResourceType": "VirtualMachine",
    "CopySourceTagsToRestoredResource": false
}'

Specify Existing Elastic Network Interface

Another option we could invoke would be attaching an existing Elastic Network Interface (ENI) to the Amazon EC2 instance during the time of restore. This is a particularly helpful option if you have pre-created and pre-configured ENI's in AWS as part of your backup workflow. Similar to the example above, we would again leverage the NetworkInterfaces configuration to specify an existing NetworkInterfaceId we wish to attach to the Amazon EC2 instance.

Create Restore Job Sample

aws backup start-restore-job --cli-input-json '{
    "RecoveryPointArn": "arn:aws:backup:REGION:ACCOUNT_ID:recovery-point:RECOVERY_POINT_ID",
    "Metadata": {
        "disks": "[{\"diskId\":\"2000\",\"label\":\"Hard disk 1\"}]",
        "hypervisorId": "hype-HYPERVISOR_ID",
        "vmId": "vm-VM_ID",
        "RestoreTo": "EC2Instance",
        "InstanceType": "t2.medium",
        "InstanceInitiatedShutdownBehavior": "stop",
        "Tenancy": "default",
        "EbsOptimized": "false",
        "NetworkInterfaces": "[{\"DeviceIndex\":0,\"NetworkInterfaceId\":\"NETWORK_INTERFACE_ID\"}]"
    },
    "IamRoleArn": "IAM_ROLE_ARN",
    "ResourceType": "VirtualMachine",
    "CopySourceTagsToRestoredResource": false
}'

Summary

In this article, we explored how AWS Backup enables customization of network settings when restoring VMware-based backups to Amazon EC2 instances. We covered several key aspects, including:

The fundamental capabilities of AWS Backup for VMware, including its support for cross-platform recovery to Amazon EC2
How to retrieve existing recovery point restore metadata using the GetRecoveryPointRestoreMetadata API
Two practical approaches for network customization during restore:
- Specifying a primary private IP address within a subnet
- Attaching an existing Elastic Network Interface (ENI)

These networking capabilities provide organizations with the flexibility needed to maintain specific IP addressing requirements or leverage pre-configured network interfaces when restoring VMware workloads to AWS. This flexibility is particularly valuable in disaster recovery scenarios where maintaining specific network configurations is critical for application functionality and business continuity.

For more information about AWS Backup's VMware capabilities and restore options, visit the AWS Backup documentation.

Topics: Storage Compute
Tags: Backup & Recovery AWS Backup VMware Cloud on AWS Amazon Elastic VMware Service (EVS)
Language: English

EXPERT

Darren R

published a month ago57 views

No comments

Relevant content

Recovering a VMware Cloud on AWS VM backup to EC2 using AWS Backup
EXPERT
apylnev
published 2 years ago
Networking 101 - Part 2
EXPERT
Osvaldo Marte
published a year ago
Access an Amazon OpenSearch Serverless VPC endpoint using AWS Verified Access and Postman
EXPERT
John-5693461
published 4 months ago
Need ideas on how to restore network connectivity to RHEL 8.8 EC2 instance in AWS SC2S environment
Accepted Answer
Chris
asked a year ago
Best way to Restore EC2 Instance
danny
asked 4 months ago
How to set up dev to build/restore EC2 snapshots easily
rePost-User-3789511
asked 2 years ago
How do I troubleshoot the “You are not authorized to perform this operation" error when I try to restore my Amazon EC2 instance?
AWS OFFICIALUpdated 2 years ago
How can I restore an Amazon EC2 instance from an AWS Backup recovery point using the AWS CLI?
AWS OFFICIALUpdated 3 years ago
How can I change or retain my IP address when I run Amazon EC2 restore in AWS Backup?
AWS OFFICIALUpdated a year ago
I accidentally disabled network connectivity to my Amazon EC2 Windows instance. How do I fix it?
AWS OFFICIALUpdated 4 years ago