Before attempting to install or remove the Recovery Kit for EC2™ you must understand Amazon Web Service software requirements, as well as the installation and removal procedures for the Recovery Kit for EC2™ package.
Amazon Web Service and Software Requirements
Before installing and configuring the Recovery Kit for EC2™, be sure that your configuration meets the following requirements:
Amazon Virtual Private Cloud (VPC):
• The recovery kit requires a VPC be configured within AWS
• Two or more Subnets created on different Availability Zones (AZ)
• Each Subnet contains associated Route Tables
• If you are configuring a Public (Frontend) Cluster, then one or more Elastic IPs must be allocated
Amazon Elastic Compute Cloud (EC2™):
• The recovery kit requires two or more EC2™ instances.
• The instances are associated on each Subnet.
• The instances are attached to an Elastic Network Interface (ENI).
• If creating a Route Table (backend cluster) resource, each instance should have its network source/destination checks disabled.
• All the EC2 instances must be able to access Amazon EC2™ services endpoints (AWS Regions and Endpoints) using the protocols HTTP and HTTPS. Please configure Recovery Kit for EC2™ and the OS properly.
• In order to obtain metadata of Amazon EC2™ instances, it is necessary to have an access to IP address using the HTTP protocol.
• AWS Command Line Interface version 2 (AWS CLI v2) needs to be installed on each of the EC2™ instances. For the details, please refer to AWS Command Line Interface version 2 Installation.
• Since the AWS CLI v2 is used, outbound connections on TCP port 443 must be enabled.
• Since the Auto Recovery function may conflict with the recovery function of LifeKeeper, it is not recommended to use these functions together.
Note: If the path name of AWS CLI v2 executable files is not specified on the “PATH” parameter in the LifeKeeper defaults file %LKROOT%\etc\default\LifeKeeper, you must append the path name of AWS CLI v2 executable files to the “PATH” parameter.
AWS Identity and Access Management (IAM):
In order for LifeKeeper to operate AWS, an IAM user or IAM role with the following access privilege is required. Please configure an EC2™ IAM role or configure AWS CLI v2 appropriately so that it can be accessed from root user of the EC2™ instance.
Route Table (backend) configuration:
• ec2:CreateRoute (Option *Note)
• ec2:DescribeNetworkInterfaceAttribute
• ec2:DescribeRouteTables
• ec2:ModifyNetworkInterfaceAttribute
• ec2:ReplaceRoute
* Note, ec2:CreateRoute access permission is no longer mandatory since 8.10.1. This permission is needed when creating a route for the IP resource in the route table entry during resource creation. However, it is not necessary after the resource has been created.
Elastic IP (frontend) configuration:
• ec2:AssociateAddress
• ec2:DescribeAddresses
• ec2:DisassociateAddress
Instance Metadata Service (IMDS):
- To use this Recovery Kit, the Instance Metadata Service (IMDS) setting for the EC2 instance “Instance metadata service” must be enabled.
- Obtain instance metadata using AWS Instance Metadata Service (IMDS). AWS IMDS version 1 and version 2 are available. We recommend using version 2 according to AWS security recommendations. For IMDS settings, please refer to the following official AWS IMDS settings article.
Modify instance metadata options for existing instances
LifeKeeper Software:
You must install the same version of LifeKeeper software and any patches on each server. Please refer to the LifeKeeper for Windows Technical Documentation and the LifeKeeper for Windows Release Notes for specific LifeKeeper requirements.
LifeKeeper Recovery Kit for EC2™:
You must install the same version of Recovery Kit for EC2™ software and any patches on each server.
LifeKeeper IP Recovery Kit:
If you are using the Recovery Kit for EC2™ to provide protection for the Route Table (Backend Cluster), you must install the same version of LifeKeeper for Windows IP Recovery Kit software and any patches on each server.
Note: The netmask of IP resources used should be 32 bits (
Note: The virtual IP must be outside of the VPC subnet (i.e. for a VPC network of a virtual IP in the subnet is needed – would be appropriate).
Note: Please refer to the LifeKeeper for Windows Release Notes or your sales representative for the latest release compatibility and ordering information. You should refer to the LifeKeeper for Windows Installation Guide for specific instructions on how to install or remove the LifeKeeper Recovery Kit for EC2™.
Post your comment on this topic.