EnsureDR Prerequisite
In this document, you will find all the necessary prerequisites that you need to meet before you start working with AWS Elastic Recovery with EnsureDR.
In addition to this document, which details the complete manual process for crafting the required roles, we've created an AWS CloudFormation YAML template that enables the automated generation of both a user and a group, along with the automatic attachment of all necessary AWS policies to the group. If you prefer an automated procedure over a manual one, please refer to the AWS CloudFormation YAML template document for guidance.
If you have already completed the initial setup (deployed manually or via a YAML script) and want to add additional users to your EnsureDR subscription, you will need to follow our whitepaper that outlines the necessary steps to follow when adding additional users.AWS Prerequisite
AWS DRS uses the Launch Template during server recovery. Each server has its own Launch Template. Before starting the restore process, make sure that the data is correctly configured in each of the AWS Launch Templates that will be used during the restoral process to avoid duplicate IP addresses. Security groups that are attached to the Launch Template need to be correctly configured to allow the needed traffic between restored servers in AWS DRS.
Creating a Group
The first step is to create a group in AWS and apply the necessary policies to this group. To do that, open IAM console in AWS.
Select User groups on the left panel, and click on the Create group button
Enter the group name, then scroll down to apply right policies for this new group
Search and select the following roles that need to be applied to the new user group:
- AmazonEC2FullAccess
- AmazonS3FullAccess
- AWSElasticDisasterRecoveryFailbackPolicy
- AWSElasticDisasterRecoveryConversionServerPolicy
- AWSElasticDisasterRecoveryAgentPolicy
- AWSElasticDisasterRecoveryConsoleFullAccess
- AWSElasticDisasterRecoveryRecoveryInstancePolicy
- AWSElasticDisasterRecoveryReplicationServerPolicy
Then click on the Create group button
A confirmation page is opened, click on the EnsureDR group name to check that all permissions needed to have by a user in AWS DRS have been applied to the group
Select the Permissions tab and check that all necessary policies mentioned above in this document are listed. In case some of the policies are missing, please apply them to the group.
Now you are ready to create a user and add this user to the group that you just created.
Create a User
Log into AWS Console and select IAM
Select Users on the left panel, then click on Add users button
Add a username and select the option Access key – Programmatic access and click the Next: Permissions button
Select the group that you created in AWS and to which you applied necessary policies so you can assign a user to that group, then click the Next: Tags button
In case you have company rules that users need to have a specific Tag, please define it, otherwise click the Next: Review button
Review the setting, and click the Create user button
Click on Download.csv button and save the file in a safe place or copy data from the CSV file to a password manager for future usage, then click the Close button.
Now you are ready to start using EnsureDR in AWS DRS.