Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

added support to create backup out of automated backups #53

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

added support to create backup out of automated backups #53

wants to merge 3 commits into from

Conversation

ghost
Copy link

@ghost ghost commented Oct 2, 2019
edited by ghost
Loading

Description of changes:

  • Added support to create snapshot out of automated backups, controlled by flag UseAutomatedBackup

Why?

In some databases eg. ms sql server, during backup process, brief IO suspension happen. This change help reduce burden from live db instances and create backups from automated backups instead.

Similar PR is filed for aurora-snapshot-tool

@ghost ghost mentioned this pull request Oct 2, 2019
Open
@ghost
Copy link
Author

ghost commented Oct 2, 2019
edited by ghost
Loading

@mrcoronel please help me review it

@ghost ghost force-pushed the copy-from-automated-backups branch from 92f7460 to fe156eb Compare October 2, 2019 17:43
@nishant3794
Copy link

nishant3794 commented Jan 15, 2020
edited
Loading

Copying automated backup doesn't work in case of encrypted DB. You need to manually add lambda's IAM role as the KMS key administrator to get this working.

@ghost
Copy link
Author

ghost commented Jan 15, 2020
edited by ghost
Loading

@nishant3794 It works for encrypted backups as well. Tested on aurora but doesn't work on mssql. I've opened a ticket with aWS also, but no information from them yet. To make it work on mssql, give KMS Grants permission to your lambda role. That's it.

But if encryption is set via option group eg. TDE on mssql, you can't share snapshot with any other AWS account. This is a hard limit from aws.

@nishant3794
Copy link

@smeena667 Doesn't work for postgres as well. Got "KMSKeyNotAccessibleFault".

@ghost
Copy link
Author

ghost commented Jan 15, 2020

KMSKeyNotAccessibleFault

mind sharing your kms key policy?

@nishant3794
Copy link

I got it working earlier by adding lambda's role to KMS key policy so it's all well now.

@ghost
Copy link
Author

ghost commented Jan 15, 2020

I got it working earlier by adding lambda's role to KMS key policy so it's all well now.

I would add permissions to lambda role as lambda role name keep on changing on every cf deploy and using wildcard is not safe. In the CF, you can edit lambda role permissions and this way all following lambda functions will use the same permission.

@nishant3794
Copy link

I believe that's better than my way!! Will do that. Thanks..

I would add permissions to lambda role as lambda role name keep on changing on every cf deploy and using wildcard is not safe. In the CF, you can edit lambda role permissions and this way all following lambda functions will use the same permission.

@raphapr raphapr mentioned this pull request Mar 16, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@nishant3794