Profile Applicability:

  • Level 2

Description:

Elastic Disaster Recovery (EDR) is AWS’s recommended service for replicating on-premises or AWS-based workloads to a designated recovery environment. Configuring EDR ensures that critical infrastructure is protected and can be rapidly recovered in the event of a failure, disaster, or outage. This configuration includes agent installation, replication setup, launch settings, and validation through test recoveries.

Rationale:

Ensuring Elastic Disaster Recovery is configured guarantees:

  • Real-time or near-real-time data replication

  • Fast and automated recovery in case of disaster

  • Alignment with recovery time and recovery point objectives

  • Support for compliance, continuity, and resilience policies

Default Value:

EDR is not enabled by default. Manual setup is required per source server.

Impact:

Pros:
 • Protects workloads through continuous block-level replication
• Enables rapid recovery of infrastructure during failure scenarios
 • Reduces downtime and minimizes manual recovery efforts

Cons:
 • Requires installation of agents on all source systems
• Initial setup may be complex depending on the environment
 • Potential cost implications for replication and recovery resources

Pre-requisites:

IAM Permissions Required:
 drs:*ec2:*iam:PassRole
 Administrator or delegated DR setup privileges
 Outbound internet or NAT access for agent communication

Remediation:

Test Plan:

Using AWS Console:

  1. Log in to the AWS Management Console
  2.  Navigate to Elastic Disaster Recovery (EDR)
  3.  Verify the following:

  • At least one source server is added

  • Replication status is Healthy or Continuous

  • Launch settings and replication settings are defined

  • Agent installation and staging area configuration is complete
    • Run a test recovery to ensure that the process functions end to end

Using AWS CLI:

aws drs describe-source-servers
aws drs get-replication-configuration \
  --source-server-id s-xxxxxxxxxxxxxxxxx
aws drs get-launch-configuration \
  --source-server-id s-xxxxxxxxxxxxxxxxx

Implementation Plan:

Using AWS Console:

  1. Navigate to Elastic Disaster Recovery Console
  2. Click Add source server and download the replication agent
  3. Install the agent on the source server using root/administrator privileges
  4. Configure the replication settings (subnet, encryption, instance type)
  5. Set up launch settings (subnet, security group, instance type)
  6. Confirm agent connection and validate replication status
  7. Perform a test recovery to ensure readiness

Using AWS CLI:

curl -O https://aws-elastic-disaster-recovery-agent.s3.amazonaws.com/latest/install_dr_agent.sh

sudo bash install_dr_agent.sh --region <region> --activation-key <activation-key>

aws drs update-replication-configuration \

  --source-server-id s-xxxxxxxxxxxxxxxxx \

  --staging-area-subnet-id subnet-xxxxxxxx \

  --replication-server-instance-type t3.medium

aws drs update-launch-configuration \

  --source-server-id s-xxxxxxxxxxxxxxxxx \

  --target-instance-type m5.large

aws drs start-recovery \

  --source-server-ids s-xxxxxxxxxxxxxxxxx

Backout Plan:

Using AWS Console:

  1. Terminate recovery instances and remove source server
  2. Revert network, IAM, or launch settings as needed
  3.  Uninstall the replication agent from the source server

Using AWS CLI:

aws drs terminate-recovery-instances \
  --recovery-instance-ids ri-xxxxxxxxxxxxxxxxx
aws drs delete-source-server \
  --source-server-id s-xxxxxxxxxxxxxxxxx

Manually remove the agent from the server:

sudo systemctl stop aws-replication-agent
sudo systemctl disable aws-replication-agent
sudo rm -rf /var/lib/aws-replication-agent

References: