Cloud Rewind supports recovery operations across various AWS configurations such as same account, cross account, same or cross region, same or cross zone, and same or new VPCs. Each configuration defines how resources such as EC2 instances, RDS databases, EFS volumes, and load balancers are recovered and reattached.
The following sections describe recovery behavior for each supported scenario.
Recovery Scenarios
Same Account Recovery
Same Region
Recovering resources within the same region might result in conflicts with existing production resources. Cloud Rewind automatically prevents conflicts by creating non-overlapping resources with unique IP addresses.
Same VPC
When recovering in the same region and same VPC:
-
EC2 instances, RDS instances, and EFS volumes are recovered.
-
Load balancers associated with EC2 instances are not recreated or reattached automatically.
-
Cloud Rewind skips this step intentionally so that the SRE can manually associate the recovered EC2 instance with the load balancer if needed.
If Route 53 is enabled, Cloud Rewind updates all existing hosted records to reflect the recovered resource endpoints or IP addresses. This ensures domain routing continuity.
New VPC
When recovering to a new VPC in the same region:
-
A new VPC is created with the same IP range (CIDR block) as the source VPC.
-
Cloud Rewind recovers the selected resources and their dependencies to this new VPC.
-
The recovered EC2 instances retain the same private IPs as the source instances.
-
Subnets are created with the same IP ranges in the same Availability Zones as the source.
Same Zone
If the source EC2 instance already exists, Cloud Rewind identifies the conflict and provisions the recovered instance with a different IP address.
Advanced Recovery Option (Same VPC or Cross-Zone)
An advanced recovery option is available for same VPC and cross-zone recoveries:
- Use existing load balancer: Enables recovered resources to use an existing load balancer, avoiding duplication.
The following resources must exist in a preconfigured VPC before performing recovery:
-
VPC network
-
Subnets
-
Route table
-
Internet gateway
-
DHCP option
Note
Modify the source security group rules to include the pre-created subnet IP ranges. This ensures successful recovery operations.
New VPC with Route 53
When initiating a new VPC recovery with Route 53 enabled, Cloud Rewind creates new hosted records in the selected recovery region. The new hosted zones are built on top of the new VPC, maintaining domain accessibility.
Cross Region Recovery
You can perform recovery across regions using the following restore options:
-
Create new VPC
-
Use existing VPC
If a load balancer in the primary region has an attached certificate, manually copy the certificate to the recovery region before starting recovery. The certificates in both regions must use the same tag key Name and value so that Cloud Rewind can automatically attach them during recovery.
Note
Configure the certificates before enabling protection to ensure metadata is captured correctly for a successful recovery.
Cross Zone Recovery
Cross-zone recovery is supported for instances only.
An advanced recovery option is available:
- Use existing load balancer: Recovered instances can reuse the existing load balancer, preventing duplication.
Cross VPC Recovery
You cannot perform recovery to a target VPC if its CIDR block range does not match that of the source VPC.
Cross Account Recovery
For cross-account recovery:
-
Configure two Cloud Connections—one for the primary AWS account and another for the recovery AWS account.
-
The following resources are not supported:
-
RDS instances
-
RDS clusters
-
EFS volumes
-
-
Only EBS volumes encrypted with custom KMS keys are supported. EBS volumes using the default AWS encryption key cannot be recovered.
Note
For cross-account replication, you must share the KMS encryption key from the primary account to the recovery account before recovery.
Additional Options
-
Recovery operations that support Route 53 updates automatically manage DNS endpoint changes.
-
Advanced Recovery Options allow reusing existing load balancers when supported.
-
Cloud Rewind ensures that IP conflicts are avoided automatically during all recovery operations.
-
Skip protection for recovered resources: This option can be used in the same VPC recovery scenario. Enable this option to add the following tag to the recovered resources:
Tag name: ax-aps-protection, value: ignoreThe Cloud Rewind software will ignore any resource with the tag. To protect the resource again, you must remove the tag.