search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.64k stars 9.02k forks source link

[New Service]: AWS Backup Restore Testing #37662

Open LozanoMatheus opened 1 month ago

LozanoMatheus commented 1 month ago

Description

On Nov 27 - 2023, AWS announced the AWS Backup restore testing. This can be used to automate the DR testing based on the AWS Backups. They made a blog post showing how it works.

Requested Resource(s) and/or Data Source(s)

Resource

Data

Potential Terraform Configuration

## Resource

resource "aws_backup_restore_testing_selection" "main" {
  iam_role_arn              = aws_iam_role.main.arn
  protected_resource_arns   = ["*"]
  restore_testing_plan_name = aws_backup_restore_testing_plan.main.name
  validation_window_hours   = 0
  name                      = "test" ## Must contain from 1 to 50 alphanumeric characters or underscores
  protected_resource_type   = "RDS"    ## available options: https://docs.aws.amazon.com/aws-backup/latest/devguide/API_RestoreTestingSelectionForCreate.html#Backup-Type-RestoreTestingSelectionForCreate-ProtectedResourceType
  restore_metadata_overrides {         ## available options: https://docs.aws.amazon.com/aws-backup/latest/devguide/restore-testing-inferred-metadata.html
    availability_zone  = "eu-west-1a"
    availability_zones = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
    option_group_name  = "default:mysql-8-0"
  }
}

resource "aws_backup_restore_testing_plan" "main" {
  name = "test" ## Must contain from 1 to 50 alphanumeric characters or underscores
  recovery_point_selection {
    algorithm             = "LATEST_WITHIN_WINDOW"     ## available options: https://docs.aws.amazon.com/aws-backup/latest/devguide/API_RestoreTestingRecoveryPointSelection.html#Backup-Type-RestoreTestingRecoveryPointSelection-Algorithm
    recovery_point_types  = ["CONTINUOUS", "SNAPSHOT"] ## available options: https://docs.aws.amazon.com/aws-backup/latest/devguide/API_RestoreTestingRecoveryPointSelection.html#Backup-Type-RestoreTestingRecoveryPointSelection-RecoveryPointTypes
    exclude_vaults        = []
    include_vaults        = ["*"]
    selection_window_days = 7
  }
  schedule_expression          = "cron(0 12 * * ? *)"
  schedule_expression_timezone = "UTC"
  start_window_hours           = 0
}

## Data

data "aws_backup_restore_testing_plan" "main" {
  name = "test"
}

data "aws_backup_restore_testing_selection" "main" {
  name                      = "test"
  restore_testing_plan_name = aws_backup_restore_testing_plan.main.name
}

data "aws_backup_restore_testing_plans" "main" {}

data "aws_backup_restore_testing_selections" "main" {
  restore_testing_plan_name = aws_backup_restore_testing_plan.main.name
}

References

AWS Go SDK v2

Create:

Delete:

Get:

List:

Update:

AWS CLI examples

AWS CLI version 2.15.56.

Ordered by execution, like create, get, list, update, and delete.

Create:

aws backup \
    create-restore-testing-plan \
    --restore-testing-plan 'RecoveryPointSelection={Algorithm=LATEST_WITHIN_WINDOW,ExcludeVaults=[],IncludeVaults=[*],RecoveryPointTypes=["SNAPSHOT","CONTINUOUS"],SelectionWindowDays=7},RestoreTestingPlanName="test001",ScheduleExpression="cron(30 0 ? * * *)",ScheduleExpressionTimezone="Europe/Amsterdam",StartWindowHours=8'
aws backup \
    create-restore-testing-selection \
    --restore-testing-plan-name "test001" \
    --restore-testing-selection 'IamRoleArn="arn:aws:iam::<MY_AWS_ACCOUNT_ID>:role/<IAM_ROLE_NAME>",ProtectedResourceArns='["*"]',ProtectedResourceType="RDS",RestoreMetadataOverrides={AvailabilityZones="[\"eu-west-1a\",\"eu-west-1b\",\"eu-west-1c\"]"},RestoreTestingSelectionName="test001",ValidationWindowHours=0'

Get:

aws backup \
    get-restore-testing-plan \
    --restore-testing-plan-name "test001"
aws backup \
    get-restore-testing-selection \
    --restore-testing-plan-name "test001" \
    --restore-testing-selection-name "test001"

List:

aws backup \
    list-restore-testing-plans
aws backup \
    list-restore-testing-selections \
    --restore-testing-plan-name "test001"

Update:

aws backup \
    update-restore-testing-plan \
    --restore-testing-plan-name "test001" \
    --restore-testing-plan 'RecoveryPointSelection={Algorithm=LATEST_WITHIN_WINDOW,ExcludeVaults=[],IncludeVaults=[*],RecoveryPointTypes=["SNAPSHOT"],SelectionWindowDays=7},ScheduleExpression="cron(30 0 ? * * *)",ScheduleExpressionTimezone="UTC",StartWindowHours=1'

# --restore-testing-plan-name ## The name of the restore testing plan to update
# --restore-testing-plan      ## New values you want to update
aws backup \
    update-restore-testing-selection \
    --restore-testing-plan-name "test001" \
    --restore-testing-selection-name "test001" \
    --restore-testing-selection 'IamRoleArn="arn:aws:iam::<MY_AWS_ACCOUNT_ID>:role/<IAM_ROLE_NAME>",ProtectedResourceArns='["*"]',RestoreMetadataOverrides={AvailabilityZones="[\"eu-west-1a\"]",optionGroupName="default:mysql-8-0"},ValidationWindowHours=3'

# --restore-testing-plan-name       ## The name of the restore-testing plan
# --restore-testing-selection-name  ## The name of the restore testing selection to update 
# --restore-testing-selection       ## New values you want to update

Delete:

This needs to be deleted first, otherwise, you'll get the error An error occurred (InvalidRequestException) when calling the DeleteRestoreTestingPlan operation: Related restore testing selections must be deleted prior to deleting restore testing plan [test001].

aws backup \
    delete-restore-testing-selection \
    --restore-testing-plan-name "test001" \
    --restore-testing-selection-name "test001"
aws backup \
    delete-restore-testing-plan \
    --restore-testing-plan-name "test001" \

Would you like to implement a fix?

No

github-actions[bot] commented 1 month ago

Community Note

Voting for Prioritization

Volunteering to Work on This Issue

LozanoMatheus commented 1 month ago

Duplicated with #34699. PR == #37039.