Before attempting to install or remove the Recovery Kit for EC2™ you must understand Amazon Web Service software requirements, as well as the installation and removal procedures for the Recovery Kit for EC2™ package.
Amazon Web Service and Software Requirements
Before installing and configuring the Recovery Kit for EC2™, be sure that your configuration meets the following requirements:
Amazon Virtual Private Cloud (VPC):
- The recovery kit requires a VPC be configured within AWS
- Two or more Subnets created on different Availability Zones (AZ)
- Each Subnet contains associated Route Tables
- If you are configuring a Public (Frontend) Cluster, then one or more Elastic IPs must be allocated.
Amazon Elastic Compute Cloud (EC2):
- The recovery kit requires two or more EC2™ instances.
- The instances are associated on each Subnet.
- The instances are attached to an Elastic Network Interface (ENI).
- If creating a Route Table (backend cluster) resource, the network interface of each instance should have its network source/destination checks disabled.
- AWS Command Line Interface (AWS CLI) needs to be installed in each of EC2™ the instances. For the details, please refer to AWS Command Line Interface Installation.
- All the EC2™ instances must be able to access Amazon EC2™ services endpoints (AWS Regions and Endpoints) using the protocols HTTP and HTTPS. Please configure EC2™ and the OS properly.
- In order to obtain metadata of Amazon EC2™ instances, it is necessary to have an access to IP address 169.254.169.254 using the HTTP protocol.
- Since the AWS CLI is used, outbound connections on TCP port 443 must be enabled.
- Since the Auto Recovery function may conflict with the recovery function of LifeKeeper, it is not recommended to use these functions together.
Note: If the path name of AWS CLI executable files is not specified on the “PATH” parameter in the LifeKeeper defaults file /etc/default/LifeKeeper, you must append the path name of AWS CLI executable files to the “PATH” parameter.
AWS Identity and Access Management (IAM):
In order for LifeKeeper to operate AWS, an IAM user or IAM role, the following access privilege is required. Attach an IAM role with appropriate privileges to the EC2 instance or register an IAM user that has access to the root user’s AWS CLI profile. For more details on AWS IAM roles and the AWS CLI, see the AWS user guides and EC2™ IAM role.
Route Table (backend) configuration:
- ec2:DescribeRouteTables
- ec2:ReplaceRoute
- ec2:DescribeNetworkInterfaceAttribute
- ec2:ModifyNetworkInterfaceAttribute
Elastic IP (frontend) configuration:
- ec2:DescribeAddresses
- ec2:AssociateAddress
- ec2:DisassociateAddress
Instance Metadata Service (IMDS):
- To use this Recovery Kit, the Instance MetaData Service (IMDS) setting “Instance metadata service” for the EC2 instance must be enabled.
- In keeping with AWS security recommendations, SIOS recommends the use of IMDSv2 to access the instance metadata in an AWS EC2 environment. If IMDSv2 cannot be used, legacy support for IMDSv1 can be enabled by setting AWS_IMDS_VERSION=1 in /etc/default/LifeKeeper on all nodes in the LifeKeeper cluster.
LifeKeeper Software:
You must install the same version of LifeKeeper software and any patches on each server. Please refer to the LifeKeeper for Linux Technical Documentation and the LifeKeeper for Linux Release Notes for specific LifeKeeper requirements.
LifeKeeper Recovery Kit for EC2™:
You must install the same version of Recovery Kit for EC2™ software and any patches on each server.
LifeKeeper IP Recovery Kit:
If you are using the Recovery Kit for EC2™ to provide protection for the Route Table (Backend Cluster), you must install the same version of LifeKeeper for Linux IP Recovery Kit software and any patches on each server.
Note: Please refer to the LifeKeeper for Linux Release Notes or your sales representative for the latest release compatibility and ordering information. You should refer to the LifeKeeper for Linux Installation Guide for specific instructions on how to install or remove the LifeKeeper Recovery Kit for EC2™.
SIOS recommends using Quorum/Witness when using the Recovery Kit for EC2™. Please refer to Quorum/Witness for more information.
Post your comment on this topic.