# Source networks
<a name="source-networks"></a>

The network replication feature allows you to keep track of network changes and perform quick updates. The feature helps prevent configuration mismatch during recovery, saves time and resources and provides enhanced security. For example, when a security group is updated, this change will be automatically replicated, ensuring compliance and preventing potential security risks. In addition, recovery instances will be launched within the recovered source networks automatically, preventing the need to configure each server manually.

**Important**  
Only in-AWS networks can be replicated.

## AWS DRS source network page
<a name="source-network-page"></a>

The **Source networks** page automatically presents all of the available source networks. This page allows you to manage your source networks, view their specifications, and perform updates.

![\[Source networks table showing one network with replication status and details.\]](http://docs.aws.amazon.com/drs/latest/userguide/images/source-networks-main.png)


Each row represents a specific network. It includes various network parameters including:
+ Name – the selected source network name
+ Replication status – options include **Replicating - protected**, **Stopped**, **In progress**, and **Error**
+ Source region – the AWS Region of the source network 
+ Source AWS account ID – the AWS account ID of the source network
+ Pending actions – the next step in the source network replication workflow
+ Last recovery result – **Not started**, **Pending**, **Successful**, **Failed**, and **Partial success** (meaning the network was deployed, but the source servers were not configured as part of the recovered network)
+ Launched VPC –the recovered network 
+ CFN stack name – the name of the CloudFormation stack which was used to deploy the launched VPC
+ Source network ID – the ID of the source network

Use the top navigation to select an S3 bucket, which is required to enable recovery or to initiate a recovery job.

Use the **Actions** menu to perform various actions including:
+ Start replication – Use this option if you want to start replicating your network configuration.
+ Stop replication – Use this option if you want to stop replicating your network configuration.
+ Export CloudFormation (CFN) template – This option allows you to export the CloudFormation template to your selected S3 bucket. This allows you to verify that the configurations match your preferences and conduct security checks.
**Note**  
If you choose to make changes to the CloudFormation template, it cannot be reuploaded to AWS Elastic Disaster Recovery.
+ Manage tags – This option will open the **Manage tags** page which allows you to add or remove tags from your selected network resource.
+ Select S3 bucket – This option allows you to save network CFN stacks in your account’s Amazon S3 bucket. You must specify the S3 bucket before you initiate network replication. It is recommended that you employ [security best practices for Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/userguide/security-best-practices.html).

# Adding source networks to Elastic Disaster Recovery
<a name="adding-source-network-page"></a>

Available source networks are presented automatically on the **Source networks** page, along with their details: replication status, pending action, CloudFormation stack name, and more.

When adding a source server to AWS Elastic Disaster Recovery, and after an agent is installed, the VPC network will be automatically identified and created.

To replicate and recover your network configurations, take the following steps:

1. Install the AWS Replication agent on your source servers. Alternatively, source networks can be added manually by calling the CreateSourceNetwork API. 

1. Create the required role.

1. Select the relevant network.

1. Start replication.

1. Select an S3 bucket.
**Important**  
You only need to configure your S3 bucket once. Configurations will apply to all existing and newly added source networks.

1. Test or recover your network configurations by initiating a recovery job. This will include creating or updating your CloudFormation stack.

# Installing the AWS Replication Agent
<a name="network-agent-installation"></a>

In order to use the network replication feature, you must first install the AWS Replication Agent on each source server that you want to add to AWS Elastic Disaster Recovery.

[Linux installation instructions](linux-agent.md)

[Windows installation instructions](windows-agent.md)

# Creating the required role for Elastic Disaster Recovery
<a name="network-required-role"></a>

 In order to replicate network configurations between different accounts, you need to go to the source account and create the **Network role** from the **Trusted accounts** page. This will automatically create the role and attached the required policies.

**Note**  
This is only required if your target account is different from the source account.

To create the required role, take the following steps:

1. Go to your source account.

1. Go to the **Trusted accounts** page.

1. Click **Add trusted accounts and create roles**.

1. Click **Add new trusted account**.

1. Enter the target account ID and choose **Network role**.

1. Click **Add trusted accounts and roles**. A success message will appear at the top of the screen.

This action will create the DRSSourceNetworkRole role that is required to utilize the feature.

This role includes the AWSElasticDisasterRecoverySourceNetworkPolicy policy and the following trust policy permissions:

------
#### [ JSON ]

****  

```
{
  "Version":"2012-10-17",		 	 	 
  "Statement": [
  {
  "Effect": "Allow",
  "Principal": {
  "Service": "drs.amazonaws.com"
  },
  "Action": "sts:AssumeRole",
  "Condition": {
  "StringLike": {
  "aws:SourceAccount": "{{target_account}}"
  },
  "ArnLike": {
  "aws:SourceArn": "arn:aws:drs:*:*:source-network/*"
  }
  }
  }
  ]
  }
```

------

After you install the agent and create the relevant role, you can start replicating your network configurations.

# Replicating your network configurations in Elastic Disaster Recovery
<a name="replicating-network-configurations"></a>

 Once you install your agent and created the required role, go to the **Source networks** page and take the following steps:

1. Select the network you want to replicate from the list.

1. Click **Actions** and select **Start replication** from the drop-down menu.

1. Click **Select S3 bucket**. This will allow to save the CloudFormation stack in your account’s S3 bucket. You must specify the S3 bucket before you initiate network recovery. It is recommended that you employ S3 bucket security and access management policies.

   You can choose between selecting an existing S3 bucket and creating a new bucket using the S3 bucket console. 
**Note**  
You must enable S3 versioning.

1. To test or recover your network configurations, click **Initiate recovery job** and the **Initiate recovery job** prompt will appear.

   If this is the first time you are replicating network configurations, you will need to create a new stack.

   If you already created a stack, you can choose between 3 options:

   1. **Update a recommended stack** – The recommended stack is always the last stack you used.
**Note**  
If the update is not successful, simply create a new stack.

   1. **Create new stack**

   1. **Use a previously created stack** – if you want to choose a stack that you have previously used, select your preferred stack from the drop-down. This will only update the launch templates. The selected stack will then become the recommended stack, allowing you to update it.

Once the recovery job is marked as **Successful**, the network (VPC) is launched in the target Region. All the EC2 launch templates of the source servers in the relevant network will be automatically updated and will feature the new values. This means that when you perform a recovery, those source servers will be launched as part of the new network and the correct subnet.