8 Using Elastic File System (EFS) with N2WS
In this section, you will learning about working with Amazon Elastic File System.
Last updated
In this section, you will learning about working with Amazon Elastic File System.
Last updated
Configuring EFS on N2WS allows you to determine backup:
Schedule and frequency
Retention
Lifecycle policy, including moving backups to cold storage, defining expiration options, and deleting them at end of life.
Whether to use AWS Backup Vault Lock. See section .
With AWS Backup, you pay only for the backup storage you use and the amount of backup data you restore in the month. There is no minimum fee and there are no set-up charges.
In the AWS Console, create the EFS in one of the available regions. See section for regions not supported for EFS.
In N2WS, in the Backup Targets tab of a Policy, select Elastic File Systems in the Add Backup Targets menu.
In the Add Elastic File System screen list, select one or more EFS targets and then select Add selected.
In the Backup Targets tab, select an EFS target and then select Configure.
Configure the EFS backup and restore options described in section .
When finished, select Apply.
Select Save in the Backup Targets screen to save the configuration to the policy.
Backup Vault – A logical backup container for your recovery points (your EFS snapshots) that allows you to organize your backups.
IAM Role – An IAM identity that has specific permissions for all supported AWS backup services. The following AWS backup permissions should be attached to your IAM role:
AWSBackupServiceRolePolicyForBackup - Create backups on your behalf across AWS services.
AWSBackupServiceRolePolicyForRestores - Perform restores on your behalf across AWS services.
Transition to cold storage– Select the transition lifecycle of a recovery point (your EFS snapshots). The default is Never.
Expire – When does a protected resource expire. The default is Policy Generations.
A default or custom IAM role is necessary for AWS to perform EFS operations on behalf of N2WS.
To create a default IAM Role:
Select Create an on-demand backup.
For Resource type, select EBS.
For Volume ID, select any EBS volume to backup.
Select Default IAM Role.
Select Create on-demand backup. Ignore the error provided by AWS.
Verify that the following role was created on AWS IAM Service:
To create a custom IAM Role:
Select Create role.
Select AWS Backup and then select Next: Permissions.
Search for BackupService.
Select the following AWS managed policies:
AWSBackupServiceRolePolicyForBackup
AWSBackupServiceRolePolicyForRestores
Select Next: Tags and then select Next: Review.
Enter a Role name and select Create role.
The lock is created using an AWS API, not the AWS console.
N2WS supports AWS Backup Vault Lock by setting the expiration time on an EFS target.
N2WS cleanup will work correctly.
User-initiated deletions of a backup, such as delete a specific recovery point, delete all backup record and policy snapshots, will fail.
Important: You cannot change the lock’s retention after the AWS ‘cooling period’ has passed. The default ‘cooling period’ is a minimum of 72 hours but is extendable by setting the AWS parameter ChangeableForDays.
To configure N2WS to support AWS Backup Vault Lock:
If configured with minimum/maximum retention period, the stored recovery points (created or copied) must also have a matching expiration time.
In the EFS Policy Configuration screen, select the Expire time on the EFS target. When selecting the Expire time, consider that AWS may have a vault lock on the backup.
If a default IAM role was not automatically created by AWS, or you require a custom IAM role, see section . Selecting the preferred IAM role is only required during the EFS policy configuration.
Go to the AWS Backup Service:
Go to AWS IAM Service:
EFS can be configured by creating the cpm backup
or cpm_backup
tag. In this case, N2WS will override the EFS configuration with the tag values. See section for keys and values.
For complete details on using AWS Backup Vault Lock for EFS, see