Introduction
It is possible to create a docker image from a stream backup taken inside of an EC2 instance, bare metal server, or docker container for several reasons:
- Quick creation of a new image to work with locally
- Forensics after a security event
- Migration from a server to a container
- Restoring an image from a container whose image has gone missing
- Perform malware and ransomware scans
Types of Backups That Can Be Used
From Another Docker Container
(Inside the running container): tar --exclude sys --exclude proc --exclude dev -cf - / | elastio stream backup --stream-name container_name-20220510 --tag env:prod --tag role:web
docker export container_name | elastio stream backup --stream-name container_name-20220510 --tag env:prod --tag role:web
From an EC2 Instance or Bare Metal
tar --exclude dev --exclude proc --exclude sys -cf - / | elastio stream backup --stream-name hostname-20220510 --tag env:prod --tag hostname:hostname
Image Creation From Restore Point
elastio stream restore --rp rp-abcdef0123456789 | docker import - mynamespace/newimage:version
