RDS backups - HackMD

# RDS backups This document describes aspects of how our RDS are backed up. ## What the backup infrastructure consists of - Shell scripts (container-push-ecr.sh and entrypoint.sh) - Docker container - Amazon Elastic Container Registry Repository [(rds)](https://us-east-1.console.aws.amazon.com/ecr/repositories/private/307275847480/rds?region=us-east-1) - A lambda function written in Python [(RDS_backups)](https://us-east-1.console.aws.amazon.com/lambda/home?region=us-east-1#/functions/RDS_backups?tab=code) - AWS Batch - Amazon CloudWatch (run_lambda_function) - AWS S3 [(backups.sumdog.com/rds/)](https://s3.console.aws.amazon.com/s3/buckets/backups.sumdog.com?region=us-east-1&prefix=rds/&showversions=false) - AWS Secrets Manager ## How it works The entrypoint.sh script contains commands to make the appropriate backups depending on the database (the options in question are schema-only, data-only, etc.) and save them to the appropriate S3, entrypoint.sh is a script that is located on the container. The container-push-ecr.sh script is responsible for building the contender and placing it in the ECR repository. Note that the script contains a login using the sumdog-developer profile - if you are using the default profile remove the *--profile sumdog-developer* fragment The lambda function works on the principle of checking tags, first searching all regions and then returning the RDS. For an RDS with the right tag (AutomatedDBDump = Active), it runs AWS batch jobs. When adding new rds to lambda, you need to keep the right conventions. AWS Batch works on the principle that it starts the environment on which the container is located and the entrypoint.sh script is run. Amazon CloudWatch is responsible for triggering the lambda once every 24 hours at 3:00 a.m. Secrets Manager stores the secrets that entrypoint script uses. ## How to apply changes and re-build infrastructure The first thing to do after creating a new RDS is to add the new secret to the Secret manager (very important is to keep the conventions i.e. RDSname just like RDSquestions RDSskills etc.). Of course, if we want our RDS to be backed up, it must have the right tag (AutomatedDBDump = Active). Next, we need to add the appropriate code to our entrypoint script to the for loop `for dbname in "${EXECUTE_COMMAND[@]}";` Depending on what backups (schema, data, etc.) you want to do. By default, 3 backups are made for each database (custom_schema.dump, data.dump and schema.sql). Then , we need to update our lambda with the new RDS. That is, add a new condition `if db == 'prod-name_of_the_rds':`. Once we have added all the changes we wanted we need to put our lambda on AWS i.e. run `terraform apply`, then run Docker locally, enter the code directory and run the script container-push-ecr.sh (this script creates the image, builds the container and pushes it to the ECR repository). And that's it, the infrastructure has been updated with the changes made.