AWS VPC Cloning with N2WS

Some time ago, I wrote a post providing an answer to the customer question, “How can I restore my VPC to another region?” In that post, I stated that N2WS from Veeam can be used for this purpose and in this post, I’ll be detailing how this can be done. This is a great feature, but keep in mind what N2WS VPC cloning can and can’t do:

N2WS VPC cloning CAN backup and restore:

  • Subnets
  • Security Groups
  • DHCP Options Sets
  • Route Tables
  • Network ACLs
  • Internet Gateways
  • VPN Gateways

N2WS VPC Cloning DOES NOT support the following at the time of this writing: (more capabilities are planned for the future)

  • NAT Gateways
  • VPC peering connections
  • customer gateways
  • VPN connections
  • Elastic IPs
  • VPC Endpoints
  • Transit Gateways

So, armed with this knowledge, how could we use N2WS to restore a VPC?

Cloning VPCs with N2WS

  1. Open the N2WS management console, and on the CPM toolbar across the top, click Accounts.  Click the appropriate “backup” account to see its properties and on the Update Account page, set the Capture VPCs setting to Enabled.

2. On the CPM toolbar, click General Settings and expand Capture VPC.  Here you can enable/disable automatic VPC capture; if enabling automatic VPC capture, you can also set the preferred capture interval.  You can also click Capture Now to manually capture VPC settings at any time, regardless of whether automatic capture is enabled or disabled.

NOTE: If you do not set Capture VPCs to enabled on the Account Settings, you will not receive an error when you attempt to capture your VPCs, but you will receive a notification that 0 VPCs were captured as shown below:

3. With the VPCs successfully captured, you can clone them by clicking Accounts | Clone VPCs

4. On the Clone VPCs for Account screen, select the VPC Source Region, the VPC, appropriate capture, and the preferred destination region and click Clone VPC.

5. When you click Clone VPC, N2WS creates a new CloudFormation stack into the specified region, deploys the VPC using the cloned settings, and then informs you of success/failure.

6. Assuming success, you may see a message indicating some manual may be needed and if you click Log to view the log contents, you’ll likely see an entry stating that the main route table for the subnet has changed and it has because the clone has assigned new (long) IDs to the route table.

7.            Connect to the specified region to confirm the VPC has been created. 

Great, you’re done! Or are you? 

Using a CloudFormation Template to Customize the VPC Restore

Remember, as it stands today, VPC cloning will not restore NAT Gateways, VPC peering connections, VPC endpoints, etc.  So are you really done?  Or may you still have work to complete yet?  I guess that piece is up to you but if you desire it, there is an option at your disposal that will allow you to further customize the VPC restore.

By default, N2WS will create a new CloudFormation stack when it clones the VPC.  However, the stack is deleted, keeping the resources intact, once the clone is successful. 

Wouldn’t it be great to be able to manage the restored VPC using CF going forward?  If you look back on the Clone VPCs page, you’ll see an option for CloudFormation Template

Click that button to download the JSON that would be deployed by N2WS.  You can then edit that JSON template to deploy new NAT Gateways, VPC peering connections, VPC endpoints, etc. into the new VPC.  With the CF template modified for your specific use case, deploy it yourself by creating a new CloudFormation stack in whatever region you desire. Now you’re done!!


One thought on “AWS VPC Cloning with N2WS

Leave a Reply

Your email address will not be published. Required fields are marked *