# 22 Configuring Workers
{% hint style="info" %}
Workers for recovery of RDS databases are *not* configured here but in the **Worker Configuration** tab of the RDS database Recover screen. See section [21.4.3](https://docs.n2ws.com/user-guide/21-managing-snapshots-with-lifecycle-policies#21.4.3-recovering-rds-from-s3).
{% endhint %}
When N2W copies data to or restores data from a Storage Repository, or **Explores** snapshots, it launches a temporary ‘worker’ instance to perform the actual work, such as writing objects into the repository or exploring snapshots.
* When performing backup operations, or **Exploring** snapshots, the ‘worker’ instance is launched in the region and account of the target instance. The backup or **Explore** ‘worker’ instance is configured in the **Worker Configuration** tab.
* When performing restore operations, the ‘worker’ instance is launched in the region and account that the backed-up instances are to be restored to. The restore ‘worker’ instance is selected or configured according to the following criteria:
* If a ‘worker’ for the target account/region combination was configured in the **Worker Configuration screen**, that ‘worker’ instance will be used during the restore or the **Explore**.
* If such a ‘worker’ does not exist for the target account/region combination, N2W will attempt to launch one based on N2W’s own configuration.
* If the N2W configuration cannot be used because the restore, or **Explore**, will be to a different account or region than N2W's, the user will be prompted during the restore to configure the ‘worker’.
* You can add tags to a worker for subsequent tracking in the AWS Cost Explorer.
* To activate Cost Explorer in N2W and AWS, see section [25.1](https://docs.n2ws.com/user-guide/25-monitoring-costs-and-savings#25-1-enabling-and-disabling-cost-explorer).
* To add worker tags, see section [22.2](#22.2-worker-tags).
{% hint style="info" %}
If you plan to copy to Storage Repository only instances belonging to the same account and residing in the same region as that of the N2W server, worker configuration Is not required since the worker will derive its configuration from the N2W server instance.
{% endhint %}
{% hint style="warning" %}
Attempts to perform Storage Repository/Cold Storage backup and restore operations from an account/region, or to **Explore** out of the N2W server account/region, without a valid worker configuration will fail.
{% endhint %}
You can manage workers and their configurations as well as test their communication with the CPM, SSH, EBS API, and S3 Endpoint in the **Worker Configuration** tab (section [22.3](#22-3-testing-the-configuration-for-a-worker)).
## 22.1 Worker Parameters
It is necessary to define a *separate* worker configuration for *each* planned account/region combination of Copy to S3 instance snapshots, or each **Explore** region.
{% hint style="warning" %}
To keep transfer fee costs down when using Copy to 3, create an S3 endpoint in the worker’s VPC.
{% endhint %}
**To configure S3 worker parameters:**
1. Select the **Worker Configuration** tab.
2. On the  **New** menu, select **AWS Worker.**
3. In the **User** and **Account** lists, select the User and Account that the new worker is associated with.
4. In the **Region** list, select a Region. This configuration will be applied to all workers launched in this region for this account.
5. In the **Key pair** list, select a key pair. Using the default, **Don’t use key pair**, disables SSH connections to this worker.
6. In the **VPC** list, select a VPC. The selected VPC must be able to access the subnet where N2W is running as well as the S3 endpoint.
7. In the **Security Group** list, select a security group. The selected security group must allow outgoing connections to the N2W server and to the S3 endpoint.
8. In the **Subnet** list, select a subnet, or choose **Any** to have N2W choose a random subnet from the selected VPC.
1. When performing a recovery, if you choose ‘**Any**’ in the **Subnet** drop-down list, N2W will *automatically* choose a subnet that is in the same Availability Zone as the one you are restoring to.
2. If you choose a specific subnet that is *not* in the same Availability Zone as the one you are restoring to, you will have to choose a different subnet from the **Subnet** drop-down list in the **Worker Configuration** tab of the Recovery screen.
9. In the **Worker Role** list, select an instance role granting the Worker the permissions required for its policies, or select **No Role** to not attach an instance role to the Worker.
1. If **Custom ARN** is selected, enter the Custom ARN.
2. If **No Role** is selected, N2W will generate temporary credentials and securely pass them to the Worker thereby granting the Worker the permissions linked to the Account that owns the policy and/or the repository.
10. In the **Network** **Access** list, select a network access method.
{% hint style="warning" %}
Direct network access or indirect access via an HTTP proxy is *required*:
* **Direct** - Select a **Direct** connection if no HTTP proxy is required.
* **via HTTP proxy** – If an HTTP proxy is required, select, and fill in the proxy values.
{% endhint %}
11\. Select **Save**.
12\. Test the new worker (section [22.3](#22-3-testing-the-configuration-for-a-worker)).
**To edit or delete a worker configuration:**
1. In the **Worker Configuration** tab, select a worker.
2. Select  **Delete** or  **Edit**.
## 22.2 Worker Tags
You can add multiple tags to each account for workers for subsequent monitoring of cost and usage in the AWS **Cost Explorer**. When the worker is launched for any type of operation, such as Copy to S3, Recover S3, file-level recovery, Cleanup, worker testing, etc., it will be tagged with the specified tags. You will then be able to filter for the N2W worker tags in the **Tags** tab of the AWS **Cost Explorer**.
To activate your worker tags, see section [22.2.1](#22-2-1-configuring-aws-to-allow-cpm-cost-explorer-calculations).
**To add worker tags:**
1. In the **Worker Configuration** tab, select a worker and then select the **Worker Tags** tab.
2. Select  **New,** and enter the **Tag Name** and **Value**. The **Value** may be blank.
3. Select **Save**.
### 22.2.1 Configuring AWS to Allow CPM Cost Explorer Calculations
To allow CPM Cost Explorer calculations in AWS, users must add cost allocation tags *once*.
**To activate user cost allocation tags:**
1. Log in to the AWS Management Console at and open the Billing and Cost Management console.
2. In the navigation pane, select **Cost Allocation Tags**.
3. Choose the worker tags to activate.
4. Select **Activate.**
It can take up to 24 hours for tags to activate.
For complete details, see .
## 22.3 Testing the Configuration for a Worker
Before a worker is needed, you can test whether it successfully communicates with the N2W server and other communication targets. Depending on the test, some, but ***not all***, AWS permissions are also checked.
* Connectivity to N2W Server (default)
* SSH Test - Connectivity to N2W server using SSH
* EBS API Test - Test API connectivity and check AWS **ebs:ListSnapshotBlocks** permission
* S3 Endpoint Test - Test connectivity; check AWS **s3:ListAllMyBuckets** and **s3:ListBucket** permissions
**To test a worker configuration:**
1. Select a worker, and then select  **Test**.
2. If you want to test connections in addition to the worker, in the Select Additional Tests dialog box, select the relevant tests.
3. Select **Run Tests**. The ‘Worker Configuration test is underway’ message briefly appears at the top right and the ‘  In Progress’ message appears in the **Test Status** column. Select  Refresh as necessary.
4. Check the results in the **Test Status** column: Successful or Failed.
5. If *not* 'Successful':
1. Select  **Test Status** to display information about the root cause.
2. To check settings, select  **Edit**.
Besides the requested connectivity tests, the Configuration Test Details include Account, Region, Zone, Key Pair, VPC, Security Group, and whether an HTTP Proxy was required.
To view and download the latest log, select**Test Log**.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.n2ws.com/user-guide/22-configuring-workers.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.