- Copy command will:
- Copy snapshot(s) to a different AWS region in the same account. This will copy only automated snapshots.
- Cleanup old snapshots based on retention setup in the yaml config file
- Check command will:
- Creates new rds instance(s) with the snapshots
- Runs a set of queries on the database to validate the content of the backup
- Handle things gracefully when there is more than 5 snapshots to copy
- Handle different retentions between automatic and manual backups. (tag automatic snapshot with something like "CopiedBy" "rdscheck" and skip if set)
- instances:
all the rds instances that we want to copy/restore/check to an AWS region.- name:
the name of the source rds instance - database:
the name of the databse that we copied and restored we use this field to initiate the db connection - type:
the rds instance type we want to use to restore the snapshot - password:
the password that we will use to connect to the database. It doesn't need to be the original one. We will use this one to reset the original password - retention:
how many days we want to keep the copied snapshot around. Right now it should be equal to the number of days the automatic backups are kept - destination:
the aws region where we will copy/restore the snapshot - kmsid:
the id (ARN) of the kms key that you want to use on the destination region. This is needed if your original snapshot is encrypted - queries:
all the sql queries we want to run on the restored snapshot to validate it and the expected results as regex- query:
the sql query to run - regex:
the regex of the expected result
- query:
- name:
Example:
instances:
- name: rdscheck
database: rdscheck
type: db.t2.micro
password: thisisatest
retention: 1
destination: us-east-1
kmsid: "arn:aws:kms:us-east-1:1234567890:key/123456-7890-123456"
queries:
- query: "SELECT tablename FROM pg_catalog.pg_tables;"
regex: "^pg_statistic$"
- name: rdscheck2
database: rdscheck
type: db.t2.micro
password: thisisatest
retention: 10
destination: us-east-2
queries:
- query: "SELECT tablename FROM pg_catalog.pg_tables;"
regex: "^pg_statistic$"Github Workflow is setup to create a new release when a tag is created and pushed. .github/workflows/release.yml will get triggered, will create a new release, build the commands and upload them as two seperate zip files in the release. By doing so we can then download the command zip file for a release and use it when creating a lambda function with terraform.
module "rdscheck-copy" {
source = "github.com/techdroplabs/rdscheck//terraform?ref=v0.0.9"
release_version = "v0.0.9"
command = "copy"
lambda_env_vars {
variables = {
S3_BUCKET = "s3-bucket-with-yaml-file"
S3_KEY = "rdscheck.yml"
AWS_REGION_SOURCE = "us-west-2"
DD_API_KEY = "lked78t4iuhweoih8oi"
DD_APP_KEY = "lknsdc8754liwhefp90"
}
}
}
module "rdscheck-check" {
source = "github.com/techdroplabs/rdscheck//terraform?ref=v0.0.9"
lambda_rate = "rate(30 minutes)"
release_version = "v0.0.9"
command = "check"
subnet_ids = ["subnet-12345,subnet-6789"]
security_group_ids = ["sg-1234,sg-5678"]
lambda_env_vars {
variables = {
S3_BUCKET = "s3-bucket-with-yaml-file"
S3_KEY = "rdscheck.yml"
AWS_REGION_SOURCE = "us-west-2"
AWS_SG_IDS = "sg-1234,sg-5678"
AWS_SUBNETS_IDS = "subnet-qwerty1234576,subnet-azerty123456"
DD_API_KEY = "lked78t4iuhweoih8oi"
DD_APP_KEY = "lknsdc8754liwhefp90"
}
}
}