(rds): Support cross-region automated backups

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code

https://aws.amazon.com/cdk

Apache License 2.0

11.71k stars 3.93k forks source link

(rds): Support cross-region automated backups #21206

Open zessx opened 2 years ago

zessx commented 2 years ago

Describe the feature

RDS allows to enable cross-region automated backups quite easily (see docs) by choosing:

the destination region
the replicated backup retention period
the KMS key

Use Case

It is currently not possible to do the same with only the CDK RDS module.
I assume it would be possible to mimic this behavior with a Lambda, but this requires high amounts of work, and does not seem to be documented anywhere.

Proposed Solution

No response

Other Information

No response

Acknowledgements

[ ] I may be able to implement this feature request
[ ] This feature might incur a breaking change

CDK version used

2.32.1

Environment details (OS name and version, etc.)

N/A

corymhall commented 2 years ago

@zessx is this feature supported in CloudFormation? If not then it looks like the only way to enable this would be through a custom resource.

zessx commented 2 years ago

@corymhall After searching for it, I don't think so: https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/913

azatoth commented 1 year ago

Per https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/913#issuecomment-1744942841 there might be some progress happening

azatoth commented 1 year ago

@zessx https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_rds.CfnDBInstance.html#automaticbackupreplicationregion is now available

zessx commented 1 year ago

Thanks! I'll try then whenever possible.

zessx commented 1 year ago

I'm not sure how to get this to work with an Aurora Cluster. I've tried to act on CfnDBInstance children like this:

cluster = rds.DatabaseCluster(…)

for db_instance in cluster.node.children:
    if isinstance(db_instance, rds.CfnDBInstance):
        db_instance.automatic_backup_replication_region = "eu-central-1"

This is reported into the CloudFormation template:

{
  …
  "DbClusterInstanceXXXXXXXXX": {
    "Type": "AWS::RDS::DBInstance",
    "Properties": {
      "AutomaticBackupReplicationRegion": "eu-central-1",
      …
    }
  }
}

But as I've never been able to used this backup replication feature, I'm not sure how to check if its working or not. After 48 hours, I still don't see any additional backup in the "Current Region" or in "Replicated" (in both regions).

annadowling commented 9 months ago

I'm not sure how to get this to work with an Aurora Cluster. I've tried to act on CfnDBInstance children like this:
cluster = rds.DatabaseCluster(…)

for db_instance in cluster.node.children:
    if isinstance(db_instance, rds.CfnDBInstance):
        db_instance.automatic_backup_replication_region = "eu-central-1"
This is reported into the CloudFormation template:
{
  …
  "DbClusterInstanceXXXXXXXXX": {
    "Type": "AWS::RDS::DBInstance",
    "Properties": {
      "AutomaticBackupReplicationRegion": "eu-central-1",
      …
    }
  }
}
But as I've never been able to used this backup replication feature, I'm not sure how to check if its working or not. After 48 hours, I still don't see any additional backup in the "Current Region" or in "Replicated" (in both regions).

Hey, I am currently running in to the same issue and was wondering if you managed to get this working?

zessx commented 9 months ago

Unfortunately not yet…

azatoth commented 9 months ago

It seems that the underlying CloudFormation implementation is missing a entry for KMS key ID to be used in the target region, and you'll get "Encrypted instances require a valid KMS key ID" instead.

isuftin commented 9 months ago

@azatoth - Yep that's what I ran into today as well. So close...

It seems that the underlying CloudFormation implementation is missing a entry for KMS key ID to be used in the target region, and you'll get "Encrypted instances require a valid KMS key ID" instead.

acosta-edgar commented 7 months ago

CloudFormation supports AutomaticBackupReplicationKmsKeyId for DbInstance: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbinstance.html#cfn-rds-dbinstance-automaticbackupreplicationkmskeyid Why is it not used on cdk?

azatoth commented 7 months ago

CloudFormation supports AutomaticBackupReplicationKmsKeyId for DbInstance: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbinstance.html#cfn-rds-dbinstance-automaticbackupreplicationkmskeyid Why is it not used on cdk?

The entry AutomaticBackupReplicationKmsKeyId must be fairly new as I've not seen it there before; I even filed a ticket for it missing at https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/2019 a week ago.

azatoth commented 7 months ago

Per https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/ReleaseHistory.html it was added on the 26th

acosta-edgar commented 7 months ago

Any idea when it will be available on cdk?

khushail commented 5 months ago

@acosta-edgar , this is available in CDK via L1 Construct and you could use it - https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_rds.CfnDBInstance.html#automaticbackupreplicationkmskeyid