Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

RestoreMetadataOverrides of my Cloudformation Template don't work

0

Hello guys,

I'm working in a Cloudformation Launch Template to generate a Restore Testing Plan for a customer. When I launch the template everything goes OK, i don't have any problem at this part.

However, when the Restore Testing will Test the EC2 instance they show me a Error like “Restore Metadata in invalid.”.

Here it is the part of the script that are not working:

RestoreMetadataOverrides: subnetId: "[subnet id]" securityGroupIds: "[sg id]" instanceType: "t2.micro" iamInstanceProfileName : "" requireImdsV2: "true"

PS.: I don't put the subnet id and the sg id on purpose to not expose the client.

Did I do something wrong?

Thank you,

Fernanda

Topics
Management & GovernanceComputeStorage
Tags
Amazon EC2AWS CloudFormationAWS CloudFormation Detect Root CauseAWS Backup
Language
English
asked 9 days ago29 views
1 Answer
0

Based on the error you're encountering, there are a few potential issues with your RestoreMetadataOverrides configuration:

Formatting Issues: The RestoreMetadataOverrides should use proper JSON or YAML formatting. In your example, you're using quotes around values that might need to be formatted differently. Specifically:

  1. securityGroupIds should be formatted as a list/array, not a string. It should look like:
  • YAML: securityGroupIds: ["sg-xxxxx"] or as a list
  • JSON: "securityGroupIds": ["sg-xxxxx"]

  1. requireImdsV2 should be a boolean value (true or false) without quotes, not a string.

  2. iamInstanceProfileName - if you're not using an IAM instance profile, you might want to remove this parameter entirely rather than leaving it as an empty string.

Common Causes of Restore Failures: Beyond formatting, restore testing plans can fail if:

  • The specified subnet doesn't exist or isn't available in the test AWS Region
  • There are insufficient IAM permissions for the restore role
  • The restore role lacks access to AWS KMS keys that encrypt the backups

Recommendations:

  1. Verify that the subnet ID you're specifying exists and is available in your VPC
  2. Format securityGroupIds as an array: ["sg-xxxxx"]
  3. Change requireImdsV2 to a boolean: true (without quotes)
  4. Ensure your IAM role has the necessary permissions to perform the restore operation
  5. Double-check that CloudFormation syntax validation passes for your template

Try reformatting your metadata overrides with proper data types and ensure all referenced resources (subnet, security group) exist in the target region.
Sources
Troubleshoot failed AWS Backup restore testing plans | AWS re:Post
AWS::EC2::Instance - AWS CloudFormation

answered 9 days ago
EXPERT
reviewed 9 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content