We’re going to set up a basic Nginx EC2 instance, and then install the Elastic Disaster Recovery agent, to replicate the instance / application to another region.
I’m going to be setting up my primary Nginx instance in Singapore (ap-southeast-1), and the disaster recovery (or secondary) instance in Tokyo (ap-northeast-1). You can of course choose any two regions, just make sure the destination region supports the “Elastic Disaster Recovery” service: https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services
This demo will require some using SSH to connect to a server and run some commands.
Head to the EC2 console: https://ap-southeast-1.console.aws.amazon.com/ec2/home
Click on Launch instance
We’ll set “nginx-primary” as the Name
Under AMI, leave the default “Amazon Linux” selected
Leave the Instance type as “t2.micro”
Under Key pair (login), either select a key you already have, or create a new key pair.
If creating new pair:
The Key Pair Name can be anything, and you can leave the Key Pair Type as is, however the Private Key File Format depends on the OS you will be using.
If you’re using a Mac or Linux PC, leave “.pem” selected. If you’re using Windows and will be using the PuTTY program, change this to “.ppk”. This demo will not cover how to SSH into a server, only the commands to run once you’re in.
Under Network Settings, click on Edit
You can either change the VPC, or leave it set to the default VPC like I will. The Subnet can be left as “No preference”, but you need to make sure Auto-assign public IP is set to “Enable”
Under Firewall (security groups), select “Create security group”, and name it “nginx”. The description can stay as is.
Leave the default rule of SSH allowed from anywhere, and click Add security group rule
Change the Type to “HTTP” and the Source type to “Anywhere”
Now both SSH and HTTP are allowed from any IP. In a production environment you would be using HTTPS, and locking down SSH to specific IP addresses, but that’s beyond the scope of this demo.
Leave everything else as default, and click Launch instance
On the next page, click on View all instances
Your instance will most likely still be booting up, this may take a couple of minutes
Note down the Public IPv4 address, we will need that for the next step
Switch to your destination region. As mentioned earlier, I’m using Tokyo (ap-northeast-1)
Head to the DRS console: https://ap-northeast-1.console.aws.amazon.com/drs/home
You should be prompted with the initial set up wizard
Under Replication server configuration, you can change the default destination subnet for replicated servers, and the default instance type. I will be leaving these as default.
Click Next
On the next page, leave all options as default and click Next
On the next page, leave all options as default and click Next
On the last page, click Create default
You should now be sent to the “Source servers” page. DRS is now waiting for agents (source servers) to connect so it can start replicating data.
Elastic Disaster Recovery requires *********temporary *********************IAM credentials to set up the initial replication connection. These will be cleaned up at the end of the demo.
Head to the IAM console: https://us-east-1.console.aws.amazon.com/iamv2/home#/users
Go to the Users page, and click on your username
On the Permissions tab, if you have “AdministratorAccess”, you can skip this part of this step, and go on to create your access keys.
If not, click on Add permissions then Add permissions
Select “Attach policies directly” and then search for and select AWSElasticDisasterRecoveryAgentInstallationPolicy
Click Next then click Add permissions
Now to create the Access Keys we need for the next step. Go to the Security credentials tab, and scroll down to Access keys, click on Create access key
On the next page, select “Command Line Interface (CLI)”, and check the confirmation box
Click Next
Set the Description tag value to “Temporary DRS install key” and click Create access key
Now make sure you copy and keep the Access key and Secret access key, you will need these for the next step
Click Done
Using the public IP address you copied earlier, SSH into your instance
The default user for Amazon Linux 2 is ec2-user
To begin with, we’ll install and start Nginx by running these commands:
sudo amazon-linux-extras install -y nginx1
sudo systemctl start nginx.service
sudo systemctl enable nginx.serviceTo confirm it’s working, visit the IP address of your instance in your browser
Note: Make sure your browser doesn’t direct you to HTTPS, as that won’t work in our demo. Make sure you type in http://54.151.248.177 (replacing that IP, with your instance IP).
Now that our “application” is up and running, we’ll install the DRS agent. Back in your SSH console, run the following commands:
sudo yum install -y kernel-devel-`uname -r`
wget -O ./aws-replication-installer-init.py https://aws-elastic-disaster-recovery-us-east-1.s3.us-east-1.amazonaws.com/latest/linux/aws-replication-installer-init.py
sudo python3 aws-replication-installer-init.pyYou will then be prompted for some more information
AWS Region Name - This is the destination region. In my case, ap-northeast-1
AWS Access Key ID - The key we generated in the previous step
AWS Secret Access Key - The secret key we generated in the previous step
When you get prompted with To replicate some of the disks, type the path of the disks, separated with a comma (for example, /dev/sda, /dev/sdb). To replicate all disks, press Enter: , press Enter
For sanity sake, this is my output:
The script will start installing the AWS Replication Agent, this might take a couple of minutes.
Switch to your destination **********region. As mentioned earlier, I’m using Tokyo (ap-northeast-1)
Head to the DRS console: https://ap-northeast-1.console.aws.amazon.com/drs/home
You should see under Source Servers your instance from your source region, either currently syncing, or completed syncing
This took around 20 minutes to fully complete for me, although that will vary between regions and instance sizes.
If you head to the EC2 console: https://ap-northeast-1.console.aws.amazon.com/ec2/home
You should see a new instance, created by Elastic Disaster Recovery. This instance handles the replication between your source server and DRS. This is not the server that will be used in a disaster / failover.
Head back to the DRS console: https://ap-northeast-1.console.aws.amazon.com/drs/home
Once your source server is in the Ready state, click on the hostname
On the next page, go to the Launch settings page.
First, next to General launch settings click Edit
Change Instance type right sizing to “None”.
This option (when enabled) will provision a recovery instance of a type AWS recommends based on CPU and memory usage. This might be useful in production, but not for our demo purposes.
Click Save settings
Next, under EC2 launch template there’s a couple of settings we need to change. You will see the instance type is much too large for our testing, there’s no Security Groups being applied (meaning we can’t access it), and there’s no Public IP, so let’s click on Edit
On the next page, under Instance Type change the instance type to a “t2.micro”, so we stay within the free tier.
Then, scroll down to Network Settings, and select “Create security group”. Change the Security Group Name to “nginx”, the Description to “Testing”, and leave the VPC as default.
Click on Add security group rule
Change Type to “HTTP”, and Source Type to “Anywhere”
Then, still under Network Settings, expand Advanced network configuration, then change Auto-assign Public IP to “Enable”
Once that’s done, click Create template version
On the next page, click View launch templates
Select the launch template created by DRS, then click Actions then Set default version
In the config box that pops up, change the Template version to the highest value, in my case this is 5, but in your case it will probably be 2
Click Set as default version
Now if we head back to the DRS console: https://ap-northeast-1.console.aws.amazon.com/drs/home?region=ap-northeast-1#/sourceServers
Then go back into our Source server, and back to the Launch settings tab, we will see all three options have changed
Head to the DRS console: https://ap-northeast-1.console.aws.amazon.com/drs/home
Go to the Source servers page, select your source server, and click on Initiate recovery job and then Initiate Recovery Drill
On the next page, leave all options as default and click Initiate drill
This will take a few minutes. If you go to the Recovery Job History page, you can view the status of the job
What this Recovery Drill process is designed to do is allow you to perform test restores to an instance in the destination region, so that you can test connectivity, and ensure that the server and application start up successfully.
Once the recovery job is complete, we can view the newly created instance in EC2 by clicking on the instance name
Then clicking “View in EC2”
Then in the EC2 console, copy the IP address, and visit it in your browser
You should see the Nginx welcome page, like we saw on the original (source) instance
That confirms the source server is successfully replicated to the destination region, and can be restored / failed over to at any point, and we can be confident our very basic application starts up and fails-over successfully.
In the destination region (ap-northeast-1 for me)
Head to the DRS console: https://ap-northeast-1.console.aws.amazon.com/drs/home
Go to Recovery instances, select your instance, click Actions, then click Terminate recovery instances
Next go to Source servers, select your instance, click Actions, then click Disconnect from AWS
In the confirmation box, click Disconnect. This deletes all replicated data, and disconnects the source instance from Elastic Disaster Recovery.
Now select your instance again, click Actions, then click Delete server
In the confirmation box, click Permanently delete
Head to the EC2 console: https://ap-northeast-1.console.aws.amazon.com/ec2/v2/home
Go to Instances, and if there are any Running instances, select them, then click Instance state and then Terminate Instance
Be careful to only delete instances created in this demo
Click Terminate in the confirmation box
Go to Volumes, select any Volumes related to the AWS Elastic Disaster Recovery service, click Actions and then Delete Volume
Type “delete” in the confirmation box, then click Delete
Go to Snapshots, select all snapshots related to AWS Elastic Disaster Recovery service, click Actions and then Delete Snapshot
Type “delete” in the confirmation box, then click Delete
Go to Security Groups, select all security groups related to AWS Elastic Disaster Recovery service, click Actions and then Delete security groups
Type “delete” in the confirmation box, then click Delete
In the source region (ap-southeast-1 for me)
Head to the EC2 console: https://ap-southeast-1.console.aws.amazon.com/ec2/v2/home
Go to Instances, select the initial demo nginx instance we created, then click Instance state and then Terminate Instance
Click Terminate in the confirmation box
Go to Security Groups, select the Security Group we created earlier, click Actions and then Delete security groups
In the confirmation box, click Delete
Go to Key Pairs, select the key pair we created earlier, click Actions and then Delete
Type “Delete” in the confirmation box, then click Delete
Head to the IAM console: https://us-east-1.console.aws.amazon.com/iamv2/home#/users
Go to the Users page, and click on your username
On the Permissions tab, if you added the AWSElasticDisasterRecoveryAgentInstallationPolicy policy, select it and click Remove
Click Remove policy in the confirmation window
Go to the Security Credentials tab, scroll down to Access Keys, and click Actions then Deactivate next to the key you created earlier
Click Deactivate in the confirmation box
Now click Actions then Delete next to the key you created earlier
Enter the Access Key in the confirmation box and click Delete
