This tool aims to run periodically both at a source and target AWS accounts and provide shared snapshots from the source account and subsequent refreshment on the latter. You can tag source and target databases to signal both snapshot creation on the source account and restoration on the target account.
All flavors of MySQL and PostgreSQL compatible engines are supported, including Aurora and native ones. Both clusters, instances and serverless types work.
- Types: Instances, Clusters
- Modes: Serverless, Provisioned
- Engines: Aurora, MySQL, PgSQL
- Provisioned MySQL Community RDS Instance
- Provisioned PgSQL RDS Instance
- Serverless Aurora MySQL Cluster
- Serverless Aurora PgSQL Cluster
- Provisioned Aurora MySQL Cluster
- Provisioned Aurora PgSQL Cluster
This project is composed by a couple of AWS Lambda functions that will basically perform these 9 steps:
- Identify elegible databases based on a given pattern
- Find automated snapshots if available in the interval defined
- Copy existing or take a fresh snapshot from the database
- Share snapshot with the target account
...
9. Delete disposable snapshots
- Identify new shared snapshots based on a given pattern
- Delete its existing database counterpart
- Restore snapshot to refresh the data
- Signal snapshot as disposable
These scripts are built to run as independent AWS Lambda functions on separate accounts. They will interact with each other asynchronously as they detect state changes via tags or existing resources that match patterns.
You can define a DATABASE_NAME_PATTERN environment variable set to ALL to catch all databases on the source side, define a regex value to match, or set it to TAG (which is recommended to avoid uneccessary snapshots) and set a tag to the source RDS database/cluster named DBSSRSource with value true.
You should also override default environment variable values as needed as described below:
LOG_LEVEL=ERROR
SOURCE_AWS_REGION=us-east-1
BACKUP_INTERVAL=24
DATABASE_NAME_PATTERN=TAG
AWS_TARGET_KMS_KEY=None
AWS_TARGET_ACCOUNT=000000000000
You can define DATABASE_NAME_PATTERN to narrow the results but you must tag the target RDS databases/clusters with DBSSR tag and the value set to the name of the source database.
Please notice that for provisioned cluster databases, you must tag both the cluster and also the primary instance.
The way this script works allows you to define a different instance type and size on the target account and it will restore the source snapshot preserving the target profile regardless of the source's type and size.
You should also override default environment variable values as needed as described below:
LOG_LEVEL=ERROR
TARGET_AWS_REGION=us-east-1
BACKUP_INTERVAL=24
DATABASE_NAME_PATTERN=ALL
AWS_TARGET_KMS_KEY=None
AWS_SOURCE_ACCOUNT=00000000000
The deploy process uses the Serverless Framework. In order to deploy, you need to fill in the values within the serverless.yml file.
Important values to set are:
awsTargetAccountawsTargetKmsKey
It is important to notice that you must run this script twice and make sure each time you run you use the appropriate source and target profiles or credentials for the corresponding AWS accounts.
Functions are triggered by default using a cron expression. You can override the default value on serverless.yml
-
If there is a misbehavior in the scripts it is possible that it is related to the backup interval that at some point might have skipped snapshots because they've got out of scope.
-
No option or parameter groups will be copied.
If your AWS source account RDS databases are encrypted, you must create a custom AWS KMS key in order to copy and share snapshots.
Also, for AWS target account RDS database encryption, you must provide an encryption key for restoration.
You can run the lambdas locally by clonning this project and installing python-lambda-local package:
pip install python-lambda-local
Running local commands should look like this:
$ DATABASE_NAME_PATTERN="database1|database2|databaseN" AWS_TARGET_KMS_KEY=arn:aws:kms:us-east-1:123456789123:key/blah-blah-blah AWS_TARGET_ACCOUNT=23456789012 LOG_LEVEL=debug python-lambda-local -t 60 -l ./ -f lambda_handler copy_or_take_snapshots.py event.json$ DATABASE_NAME_PATTERN="database1|database2|databaseN" BACKUP_INTERVAL=168 AWS_TARGET_KMS_KEY=arn:aws:kms:us-east-1:23456789012:key/blah-blah-blah AWS_SOURCE_ACCOUNT=123456789123 LOG_LEVEL=debug python-lambda-local -t 60 -l ./ -f lambda_handler restore_snapshots.py event.json If you find a bug or want to contribute with a new feature, please feel free to open an issue and send a pull request.
If you require assistance in installing, configuring or continuous support, please contact Veezor.