CNE AWS Ready: Incremental Backup and Restore

Liferay Cloud Native Experience (CNE) AWS Ready supports automated backups and restores using AWS Backup and Argo Workflows. Backups are disabled by default and must be configured for your environment.

Incremental Backup Creation

Configure backup settings in your infrastructure.yaml file:

backup:
   rules:
      -  retentionDays: 30
         ruleName: hourly-backups
         schedule: "cron(0 * * * ? *)"
         startWindow: 60
   enabled: true

The rules section defines when backups run and how long they are retained. The enabled flag turns backups on.

After an Argo CD sync, the following resources are created in your infrastructure application:

Vault – Stores backup data
Plan – Defines backup schedule and retention
Selection – Identifies resources included in the backup plan

By default, resources tagged with Backup=true and Active=true are selected. Only S3 buckets and RDS instances have these tags by default. Selection also respects your deployment name, project ID, and environment ID.

You can also verify backups in the AWS console under AWS Backup.

The default backup schedule in values.yaml creates daily backups.

Manual backups are not supported in the CNE AWS Ready toolkit. Backup restore finds “peer” recovery points based on creation timestamps, which are aligned only for backups triggered by a backup plan.

Incremental Backup Restore

Before you start, ensure a backup plan exists and has created recovery points. For testing, set an hourly backup schedule:

cron(0 * * * ? *)

By default, the Argo Workflows Server has no external IP.

Enable port forwarding:

kubectl port-forward -n argo-workflows-system svc/argo-workflows-server 2746:2746

Open your browser at http://localhost:2746.

Argo uses client mode authentication. Provide a Kubernetes bearer token:

argo auth token

aws eks get-token --cluster-name <cluster-name> | jq -r '.status.token'

Tip

You can create terminal aliases to simplify accessing the Argo Workflows UI. The first copies your Argo token to the clipboard, and the second forwards the port to localhost:

alias argo-workflows-token='echo -n $(argo auth token) | xclip -sel c && echo "Argo token copied to clipboard."'
alias argo-workflows-port-forward='kubectl port-forward -n argo-workflows-system svc/argo-workflows-server 2746:2746'

Edit configuration in liferay/system/infrastructure-provider.yaml if needed:
```
liferay-subchart-backup-restore:
   liferayInfrastructure:
      waitTimeoutSeconds: 7200
```
No values are required for default operation.

Use the Argo CLI to submit a restore workflow, referencing a recovery point ARN:

argo \
   submit \
   --from clusterworkflowtemplate/backup-restore-cluster-workflow-template \
   -p recovery-point-arn="arn:aws:backup:us-east-2:294825482201:recovery-point:294825482201-default-dev-7709a6-storage--20260309052420-51b0baef" \
   --namespace liferay-default-dev \
   --generate-name backup-restore- \
   --watch

Monitor progress via the Argo CLI or UI. The workflow restores peer recovery points for both RDS and S3 automatically.

Capability: