Skip to main content
VPC Cloning Process
Updated over 8 months ago

CloudRanger performs the following steps to clone resources:

2019-02-25_14-02-20.png

1. Discovers source AWS resources

CloudRanger identifies the servers' related network and security resources. For servers specified in the source environment, its network and security resources are captured by describing the instances. For each of the resources, its attributes are captured by further describing each of those resources.

Network and security resources that are captured

  • VPC

  • Subnets

  • Route tables

  • Internet gateways

  • Egress only Internet gateways

  • DHCP options sets

  • NAT gateways

  • Elastic IPs

  • Network ACLs

  • Security Groups
    โ€‹

2. Generates CloudFormation Script

CloudRanger creates a CloudFormation script with the resources details for the target environment. A CloudFormation Script is generated to create resources in the target environment.

Details of resources clone settings

Resource

Clone settings

VPC

CIDR range preserved

Subnets

CIDR Ranges Preserved, AZs allocated in round robin

Route tables

Routing preserved

Internet gateways

Routing preserved

Egress only Internet gateways

Routing preserved

DHCP options sets

Options preserved

NAT gateways

Routing preserved

Elastic IPs

New addresses allocated and assigned to VPCs for NAT gateways and pre-allocated for instances with EIPs

Network ACLs

Rules and associations preserved

Security groups

Ingress and Egress rules preserved

3. Creates resources in the target environment

CloudRanger executes the CloudFormation Script to create resources in the target environment.

Permissions Required

The following permissions are required as part of an account configuration. CloudRanger creates an IAM role within an account with these permissions.

Discover resources and generate a CloudFormation script

  • ec2.describeVpcs

  • ec2.describeSubnets

  • ec2.describeInternetGateways

  • ec2.describeEgressOnlyInternetGateways

  • ec2.describeNatGateways

  • ec2.describeSecurityGroups

  • ec2.describeNetworkAcls

  • ec2.describeRouteTables

  • ec2.describeDhcpOptions

  • ec2.describeAddresses (Elastic IPs)

Clone resources by executing Cloudformation script

  • ec2:describeKeyPairs

  • ec2:modifyVpcAttribute

  • ec2:modifySubnetAttribute

  • ec2:modifyNetworkInterfaceAttribute

  • ec2:createNetworkInterfacePermission

  • ec2:describeAddresses

  • ec2:describeDhcpOptions

  • ec2:describeInternetGateways

  • ec2:describeEgressOnlyInternetGateways

  • ec2:describeNatGateways

  • ec2:createVPC

  • ec2:deleteVPC

  • ec2:createSubnet

  • ec2:deleteSubnet

  • ec2:createRoute

  • ec2:deleteRoute

  • ec2:createNetworkAcl

  • ec2:createNetworkAclEntry

  • ec2:deleteNetworkAcl

  • ec2:deleteNetworkAclEntry

  • ec2:describeNetworkAcls

  • ec2:ReplaceNetworkAclAssociation

  • ec2:ReplaceNetworkAclEntry

  • ec2:AllocateAddress

  • ec2:RevokeSecurityGroupEgress

  • ec2:RevokeSecurityGroupIngress

  • ec2:AssociateAddress

  • ec2:ReleaseAddress

  • ec2:DisassociateAddress

  • ec2:createRouteTable

  • ec2:deleteRouteTable

  • ec2:AssociateRouteTable

  • ec2:DisassociateRouteTable

  • ec2:createInternetGateway

  • ec2:AttachInternetGateway

  • ec2:DetachInternetGateway

  • ec2:deleteInternetGateway

  • ec2:createNatGateway

  • ec2:deleteNatGateway

  • ec2:createEgressOnlyInternetGateway

  • ec2:deleteEgressOnlyInternetGateway

  • ec2:createDHCPOptions

  • ec2:deleteDHCPOptions

  • ec2:createSecurityGroup

  • ec2:deleteSecurityGroup

  • ec2:AuthorizeSecurityGroupIngress

  • ec2:AuthorizeSecurityGroupEgress

  • ec2:describeRouteTables

  • cloudFormation:createstack

  • cloudformation:describestacks

  • cloudformation:describestackevents

  • cloudformation:describeStackResource

  • cloudformation:describeStackResources

  • cloudformation:deleteStack

Did this answer your question?