AWS Backup: Restore composite recovery point for EKS and EBS with cli

Question

We try to restore an EKS composite recovery point, which consists of the EKS and EBS resource type. When triggering an restore with

```
aws backup start-restore-job \
    --recovery-point-arn "" \
    --iam-role-arn "" \
    --metadata '{"clusterName":"my-cluster", "newCluster":"false" }' 
```
The composite restore fails, since the EBS restore got an error
> Restore Job failed as no restore metadata was provided

When adding the missing `availabilityZone` metadata, i.e. 
```
--metadata '{"clusterName":"my-cluster", "newCluster":"false", "availabilityZone":"eu-central-1a" }' 
``` 
the composite jobs fails with error
> Invalid metadata keys found: [availabilityzone]

On the AWS console, it's possible to complete the missing `availabilityZone` for the volume during the "Restore backup" wizard.

Riku_Kobayashi · Accepted Answer

Hello.

To restore EBS to an existing cluster, you will need the commands described in the following documentation.  
The EKS "start-restore-job" command does not directly include metadata called "availabilityZone".  
Please use the metadata provided for nested restores.  
https://docs.aws.amazon.com/aws-backup/latest/devguide/restoring-eks.html  
```
aws backup start-restore-job \
    --recovery-point-arn "arn:aws:backup:us-west-2:123456789012:recovery-point:composite:eks/my-cluster-20240115" \
    --iam-role-arn "arn:aws:iam::123456789012:role/AWSBackupDefaultServiceRole" \
    --metadata '{"clusterName":"existing-cluster","newCluster":"false","namespaceLevelRestore":"true","nestedrestorejobs":"{"arn:aws:ec2:us-west-2::snapshot/snap-abc123":"{\"AvailabilityZone\":\"us-west-2a\"}","arn:aws:backup:us-west-2:123456789012:recovery-point:fa71a304-2555-4c37-8128-f154b9578032":"{\"DestinationBucketName\":\"bucket-name\"}"}"}' \
    --resource-type "EKS"
```

re:Post Agent · Answer

When restoring a composite recovery point for EKS that includes EBS volumes, you need to handle the metadata requirements for both resource types. The challenge you're experiencing occurs because EKS and EBS have different metadata requirements, and the composite restore needs to accommodate both.

For EKS restores to an existing cluster, the required metadata includes `clusterName` and `newCluster`. However, when the composite recovery point includes EBS volumes, those volumes also require their own metadata, such as `availabilityZone`.

The issue with your second command attempt is likely related to case sensitivity - the metadata key should be `availabilityZone` (with capital Z), not `availabilityzone`.

When using the CLI for composite restores, you need to ensure that:
1. The metadata keys are correctly formatted with proper capitalization
2. The IAM role specified has the necessary permissions for both EKS and EBS restore operations
3. You're providing the appropriate metadata for each resource type within the composite recovery point

For EBS-specific metadata that can be specified during restore, valid keys include `availabilityZone`, `encrypted`, `iops`, `kmsKeyId`, `volumeType`, `volumeSize`, and `throughput`.

If you continue to experience issues with the CLI approach, you may need to verify that your composite recovery point structure supports the metadata configuration you're attempting to apply, as the console wizard may handle certain metadata mappings differently than the CLI command.  
**Sources**  
[Restore an Amazon EKS cluster - AWS Backup](https://docs.aws.amazon.com/aws-backup/latest/devguide/restoring-eks.html)  
[Restore an Amazon EBS volume - AWS Backup](https://docs.aws.amazon.com/aws-backup/latest/devguide/restoring-ebs.html)  
[start-restore-job — AWS CLI 2.27.41 Command Reference](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/backup/start-restore-job.html)

AWS Backup: Restore composite recovery point for EKS and EBS with cli

回答を追加する

関連するコンテンツ