Skip to content

Commit

Permalink
[Improvement] * - Enable AWS Backup for EFS file systems (widdix#338)
Browse files Browse the repository at this point in the history
  • Loading branch information
@michaelwittig
michaelwittig authored Aug 6, 2019
1 parent ef0dd94 commit 9cc75a3
Show file tree
Hide file tree
Showing 7 changed files with 295 additions and 4 deletions.
2 changes: 0 additions & 2 deletions docs/jenkins.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,6 @@ This template describes a Jenkins master in a highly available manner. If the ma

## Limitations
* Jenkins will only run in two Availability Zones, even if your VPC stack has more.
* No backup

# Jenkins 2.0: highly available master and dynamic agents
This template describes a Jenkins master in a highly available manner. If the master instance fails it will be replaced automatically. All data stored on EFS where it is replicated across AZs and the file system can grow without a limit. The Jenkins master sits behind a load balancer to provide a fixed endpoint. A dynamic pool of agents will execute builds. If the build queue grows new agents are provisioned. Of the build queue is empty agents are taken offline (only if they have no build running). System and Jenkins logs are pushed to CloudWatch Logs.
Expand Down Expand Up @@ -57,4 +56,3 @@ This template describes a Jenkins master in a highly available manner. If the ma
## Limitations
* Jenkins will only run in two Availability Zones, even if your VPC stack has more.
* Stack updates only work if no agents are running. Scale to zero agents before you update the stack!
* No backup
2 changes: 0 additions & 2 deletions docs/wordpress.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,6 @@ This template combines the following services:
* PHP files are cached for 300 seconds on the web servers.
* Static files `wp-includes` and `wp-content` are cached for 15 minutes on the CDN.
* Pre-defined auto-scaling might not be able to cover your requirements and needs load and performance testing.
* No backup of EFS file system

# WordPress: fault tolerant and scalable (Aurora)
Use this CloudFormation template to create a fault tolerant and scalable WordPress environment on AWS running on Aurora.
Expand Down Expand Up @@ -106,4 +105,3 @@ This template combines the following services:
* PHP files are cached for 300 seconds on the web servers.
* Static files `wp-includes` and `wp-content` are cached for 15 minutes on the CDN.
* Pre-defined auto-scaling might not be able to cover your requirements and needs load and performance testing.
* No backup of EFS file system
59 changes: 59 additions & 0 deletions jenkins/jenkins2-ha-agents.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,8 @@ Metadata:
default: 'EFS Parameters'
Parameters:
- EFSProvisionedThroughputInMibps
- EFSBackupRetentionPeriod
- EFSBackupScheduleExpression
- Label:
default: 'Master Parameters'
Parameters:
Expand Down Expand Up @@ -203,6 +205,16 @@ Parameters:
Description: 'The provisioned throughput for the Elastic File System (EFS) in Mibps. Default is 0 which enables the bursting mode and disables provisioned throughput.'
Type: Number
Default: 0
EFSBackupRetentionPeriod:
Description: 'The number of days to keep backups of the EFS file system.'
Type: Number
MinValue: 1
MaxValue: 35
Default: 30
EFSBackupScheduleExpression:
Description: 'A CRON expression specifying when AWS Backup initiates a backup job.'
Type: String
Default: 'cron(0 5 ? * * *)'
Mappings:
RegionMap:
'eu-north-1':
Expand Down Expand Up @@ -2208,6 +2220,53 @@ Resources:
Properties:
ThroughputInMibps: !Ref EFSProvisionedThroughputInMibps
ServiceToken: !GetAtt 'LambdaFunction.Arn'
BackupVault: # cannot be deleted with data
Type: 'AWS::Backup::BackupVault'
Properties:
BackupVaultName: !Ref 'AWS::StackName'
Notifications: !If [HasAlertTopic, {BackupVaultEvents: [BACKUP_JOB_STARTED, BACKUP_JOB_COMPLETED, RESTORE_JOB_STARTED, RESTORE_JOB_COMPLETED, RECOVERY_POINT_MODIFIED], SNSTopicArn: {'Fn::ImportValue': !Sub '${ParentAlertStack}-TopicARN'}}, !Ref 'AWS::NoValue']
BackupPlan:
Type: 'AWS::Backup::BackupPlan'
Properties:
BackupPlan:
BackupPlanName: !Ref 'AWS::StackName'
BackupPlanRule:
- CompletionWindowMinutes: 1440
Lifecycle:
DeleteAfterDays: !Ref EFSBackupRetentionPeriod
RuleName: !Ref 'AWS::StackName'
ScheduleExpression: !Ref EFSBackupScheduleExpression
StartWindowMinutes: 60
TargetBackupVault: !Ref BackupVault
BackupRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service: 'backup.amazonaws.com'
Action: 'sts:AssumeRole'
Policies:
- PolicyName: backup
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- 'elasticfilesystem:Backup'
- 'elasticfilesystem:DescribeTags'
Resource: !Sub 'arn:${AWS::Partition}:elasticfilesystem:${AWS::Region}:${AWS::AccountId}:file-system/${MasterStorage}'
BackupSelection:
Type: 'AWS::Backup::BackupSelection'
Properties:
BackupPlanId: !Ref BackupPlan
BackupSelection:
IamRoleArn: !GetAtt 'BackupRole.Arn'
Resources:
- !Sub 'arn:${AWS::Partition}:elasticfilesystem:${AWS::Region}:${AWS::AccountId}:file-system/${MasterStorage}'
SelectionName: !Ref 'AWS::StackName'
Outputs:
TemplateID:
Description: 'cloudonaut.io template id.'
Expand Down
59 changes: 59 additions & 0 deletions jenkins/jenkins2-ha.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,8 @@ Metadata:
default: 'EFS Parameters'
Parameters:
- EFSProvisionedThroughputInMibps
- EFSBackupRetentionPeriod
- EFSBackupScheduleExpression
- Label:
default: 'Master Parameters'
Parameters:
Expand Down Expand Up @@ -143,6 +145,16 @@ Parameters:
Description: 'The provisioned throughput for the Elastic File System (EFS) in Mibps. Default is 0 which enables the bursting mode and disables provisioned throughput.'
Type: Number
Default: 0
EFSBackupRetentionPeriod:
Description: 'The number of days to keep backups of the EFS file system.'
Type: Number
MinValue: 1
MaxValue: 35
Default: 30
EFSBackupScheduleExpression:
Description: 'A CRON expression specifying when AWS Backup initiates a backup job.'
Type: String
Default: 'cron(0 5 ? * * *)'
Mappings:
RegionMap:
'eu-north-1':
Expand Down Expand Up @@ -1027,6 +1039,53 @@ Resources:
Properties:
ThroughputInMibps: !Ref EFSProvisionedThroughputInMibps
ServiceToken: !GetAtt 'LambdaFunction.Arn'
BackupVault: # cannot be deleted with data
Type: 'AWS::Backup::BackupVault'
Properties:
BackupVaultName: !Ref 'AWS::StackName'
Notifications: !If [HasAlertTopic, {BackupVaultEvents: [BACKUP_JOB_STARTED, BACKUP_JOB_COMPLETED, RESTORE_JOB_STARTED, RESTORE_JOB_COMPLETED, RECOVERY_POINT_MODIFIED], SNSTopicArn: {'Fn::ImportValue': !Sub '${ParentAlertStack}-TopicARN'}}, !Ref 'AWS::NoValue']
BackupPlan:
Type: 'AWS::Backup::BackupPlan'
Properties:
BackupPlan:
BackupPlanName: !Ref 'AWS::StackName'
BackupPlanRule:
- CompletionWindowMinutes: 1440
Lifecycle:
DeleteAfterDays: !Ref EFSBackupRetentionPeriod
RuleName: !Ref 'AWS::StackName'
ScheduleExpression: !Ref EFSBackupScheduleExpression
StartWindowMinutes: 60
TargetBackupVault: !Ref BackupVault
BackupRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service: 'backup.amazonaws.com'
Action: 'sts:AssumeRole'
Policies:
- PolicyName: backup
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- 'elasticfilesystem:Backup'
- 'elasticfilesystem:DescribeTags'
Resource: !Sub 'arn:${AWS::Partition}:elasticfilesystem:${AWS::Region}:${AWS::AccountId}:file-system/${MasterStorage}'
BackupSelection:
Type: 'AWS::Backup::BackupSelection'
Properties:
BackupPlanId: !Ref BackupPlan
BackupSelection:
IamRoleArn: !GetAtt 'BackupRole.Arn'
Resources:
- !Sub 'arn:${AWS::Partition}:elasticfilesystem:${AWS::Region}:${AWS::AccountId}:file-system/${MasterStorage}'
SelectionName: !Ref 'AWS::StackName'
Outputs:
TemplateID:
Description: 'cloudonaut.io template id.'
Expand Down
59 changes: 59 additions & 0 deletions vpc/vpc-vpn-bastion.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,8 @@ Metadata:
default: 'EFS Parameters'
Parameters:
- EFSProvisionedThroughputInMibps
- EFSBackupRetentionPeriod
- EFSBackupScheduleExpression
- Label:
default: 'VPN Parameters'
Parameters:
Expand Down Expand Up @@ -110,6 +112,16 @@ Parameters:
Description: 'The provisioned throughput for the Elastic File System (EFS) in Mibps. Default is 0 which enables the bursting mode and disables provisioned throughput.'
Type: Number
Default: 0
EFSBackupRetentionPeriod:
Description: 'The number of days to keep backups of the EFS file system.'
Type: Number
MinValue: 1
MaxValue: 35
Default: 30
EFSBackupScheduleExpression:
Description: 'A CRON expression specifying when AWS Backup initiates a backup job.'
Type: String
Default: 'cron(0 5 ? * * *)'
Mappings:
RegionMap:
'eu-north-1':
Expand Down Expand Up @@ -860,6 +872,53 @@ Resources:
Properties:
ThroughputInMibps: !Ref EFSProvisionedThroughputInMibps
ServiceToken: !GetAtt 'LambdaFunction.Arn'
BackupVault: # cannot be deleted with data
Type: 'AWS::Backup::BackupVault'
Properties:
BackupVaultName: !Ref 'AWS::StackName'
Notifications: !If [HasAlertTopic, {BackupVaultEvents: [BACKUP_JOB_STARTED, BACKUP_JOB_COMPLETED, RESTORE_JOB_STARTED, RESTORE_JOB_COMPLETED, RECOVERY_POINT_MODIFIED], SNSTopicArn: {'Fn::ImportValue': !Sub '${ParentAlertStack}-TopicARN'}}, !Ref 'AWS::NoValue']
BackupPlan:
Type: 'AWS::Backup::BackupPlan'
Properties:
BackupPlan:
BackupPlanName: !Ref 'AWS::StackName'
BackupPlanRule:
- CompletionWindowMinutes: 1440
Lifecycle:
DeleteAfterDays: !Ref EFSBackupRetentionPeriod
RuleName: !Ref 'AWS::StackName'
ScheduleExpression: !Ref EFSBackupScheduleExpression
StartWindowMinutes: 60
TargetBackupVault: !Ref BackupVault
BackupRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service: 'backup.amazonaws.com'
Action: 'sts:AssumeRole'
Policies:
- PolicyName: backup
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- 'elasticfilesystem:Backup'
- 'elasticfilesystem:DescribeTags'
Resource: !Sub 'arn:${AWS::Partition}:elasticfilesystem:${AWS::Region}:${AWS::AccountId}:file-system/${Storage}'
BackupSelection:
Type: 'AWS::Backup::BackupSelection'
Properties:
BackupPlanId: !Ref BackupPlan
BackupSelection:
IamRoleArn: !GetAtt 'BackupRole.Arn'
Resources:
- !Sub 'arn:${AWS::Partition}:elasticfilesystem:${AWS::Region}:${AWS::AccountId}:file-system/${Storage}'
SelectionName: !Ref 'AWS::StackName'
Outputs:
TemplateID:
Description: 'cloudonaut.io template id.'
Expand Down
59 changes: 59 additions & 0 deletions wordpress/wordpress-ha-aurora.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,8 @@ Metadata:
default: 'EFS Parameters'
Parameters:
- EFSProvisionedThroughputInMibps
- EFSBackupRetentionPeriod
- EFSBackupScheduleExpression
- Label:
default: 'Database Parameters'
Parameters:
Expand Down Expand Up @@ -143,6 +145,16 @@ Parameters:
Description: 'The provisioned throughput for the Elastic File System (EFS) in Mibps. Default is 0 which enables the bursting mode and disables provisioned throughput.'
Type: Number
Default: 0
EFSBackupRetentionPeriod:
Description: 'The number of days to keep backups of the EFS file system.'
Type: Number
MinValue: 1
MaxValue: 35
Default: 30
EFSBackupScheduleExpression:
Description: 'A CRON expression specifying when AWS Backup initiates a backup job.'
Type: String
Default: 'cron(0 5 ? * * *)'
DBServerInstanceType:
Description: 'The instance type of database server (e.g. db.t2.small).'
Type: String
Expand Down Expand Up @@ -1297,6 +1309,53 @@ Resources:
AcmCertificateArn: !Ref CloudFrontAcmCertificate
SslSupportMethod: 'sni-only'
MinimumProtocolVersion: TLSv1
BackupVault: # cannot be deleted with data
Type: 'AWS::Backup::BackupVault'
Properties:
BackupVaultName: !Ref 'AWS::StackName'
Notifications: !If [HasAlertTopic, {BackupVaultEvents: [BACKUP_JOB_STARTED, BACKUP_JOB_COMPLETED, RESTORE_JOB_STARTED, RESTORE_JOB_COMPLETED, RECOVERY_POINT_MODIFIED], SNSTopicArn: {'Fn::ImportValue': !Sub '${ParentAlertStack}-TopicARN'}}, !Ref 'AWS::NoValue']
BackupPlan:
Type: 'AWS::Backup::BackupPlan'
Properties:
BackupPlan:
BackupPlanName: !Ref 'AWS::StackName'
BackupPlanRule:
- CompletionWindowMinutes: 1440
Lifecycle:
DeleteAfterDays: !Ref EFSBackupRetentionPeriod
RuleName: !Ref 'AWS::StackName'
ScheduleExpression: !Ref EFSBackupScheduleExpression
StartWindowMinutes: 60
TargetBackupVault: !Ref BackupVault
BackupRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service: 'backup.amazonaws.com'
Action: 'sts:AssumeRole'
Policies:
- PolicyName: backup
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- 'elasticfilesystem:Backup'
- 'elasticfilesystem:DescribeTags'
Resource: !Sub 'arn:${AWS::Partition}:elasticfilesystem:${AWS::Region}:${AWS::AccountId}:file-system/${EFSFileSystem}'
BackupSelection:
Type: 'AWS::Backup::BackupSelection'
Properties:
BackupPlanId: !Ref BackupPlan
BackupSelection:
IamRoleArn: !GetAtt 'BackupRole.Arn'
Resources:
- !Sub 'arn:${AWS::Partition}:elasticfilesystem:${AWS::Region}:${AWS::AccountId}:file-system/${EFSFileSystem}'
SelectionName: !Ref 'AWS::StackName'
Outputs:
TemplateID:
Description: 'cloudonaut.io template id.'
Expand Down
Loading

0 comments on commit 9cc75a3

Please sign in to comment.