Skip to main content

Any way to recover EC2 if no snapshots are taken? [Resolved]

I inherited an app with an AWS backend. I hadn't had time to update and make sure best practices were being used on the AWS backend before it was compromised.

Each server is listed as having had DDOS attacks coming from the web (port 80).

PREFERABLY I'd just spin up a new instance of the servers and that would be that, but apparently no instance lifecycle was setup by the previous developers.

Is there some limited timeframe that Amazon has a past instance, or am I/my client completely screwed?

Otherwise I'll likely have to manually clean the server (or literally create the exact or a similar configuration), and obviously that's either is far from ideal.


To clarify, the servers in question were compromised and used to send high volumes of traffic. Amazon determined that they were implicated in a DDOS attack and blocked them from the internet.

EDIT 2: I feel a downvote is unfair - how am I supposed to know without asking?

Question Credit: Andrew Alexander
Question Reference
Asked June 25, 2019
Posted Under: Network
1 Answers

EC2 instances and EBS volumes do not have any backup mechanism other than the snapshots made by and visible to you in the console or via the SDK/CLI/API.

There is no system-provided rollback/flashback or similar emergency functionality in EC2/EBS.

The one thing to check is the source AMI used to create the machines. If it still exists, you might get lucky and find that it has a working baseline system with the application installed, pre-malware, and you can launch more machines from that... but from the description, the machines sound like they may be snowflakes that were built by hand from AMIs containing only the operating system.

credit: Michael - sqlbot
Answered June 25, 2019
Your Answer