- 최신
- 최다 투표
- 가장 많은 댓글
Backup & restore your instance using AWS Backup, if you've never used this before then there is a good practice exercise here https://aws.amazon.com/getting-started/hands-on/amazon-ec2-backup-and-restore-using-aws-backup/
As well as AWS backup. consider using snapshots https://docs.aws.amazon.com/prescriptive-guidance/latest/backup-recovery/ec2-backup.html
You cannot directly recover your instance from a snapshot, but you can create a new AMI from which a new EC2 system volume can be created, and the additional data volumes can be created from snapshots.
Once you have things back up and running on the new instance, it would be worth considering scheduling regular snapshots (daily or weekly) going forward.
In addition to the above answer, you'll want to be sure to follow an incident response procedure. Mainly, after ensuring all of your data is backed up, you'll want to isolate and decommission the instance.
The following AWS workshop simulates responding to a compromised EC2 Instance and performing follow-on forensic investigation and analysis of the acquired data, leveraging the Linux command line and AWS CLI tools: https://catalog.us-east-1.prod.workshops.aws/workshops/e524ee28-a1ac-4cc6-b599-d5ced0fc5de1/en-US#overview
I'd suggest using the workshop steps as a guide for conducting incident response in your own environment.
