Scholarworks(calstate): Backup Restore Tests PLUS Documentation

scientist-softserv / scholarworks

Cal State Hyrax

0 stars 0 forks source link

Scholarworks(calstate): Backup Restore Tests PLUS Documentation #20

Open aprilrieger opened 1 year ago

aprilrieger commented 1 year ago

Backup Restore Tests PLUS Documentation

For scholarworks instance:

[x] Backups in aws: https://us-west-2.console.aws.amazon.com/backup/home?region=us-west-2#/backupvaults/details/scholarworks-backup
[x] Figure out how to access them
[x] Figure out how to restore them
[x] Conduct a restore on new VPC
[x] Do we have a staging?? Create new vpc
[ ] Document the process in the Project's Readme

Acceptance criteria:

[x] Backup and restore test was conducted on staging?? (WHERE?)
[ ] Documentation exists in the readme (if process is different per application document both)
[ ] Make tickets for any failures to address at a future date and link to this ticket

aprilrieger commented 1 year ago

Restore of the efs file system into the new VPC was unsuccessful, here is the screenshot (adding to the list):

Error while completing request: User: arn:aws:sts::657539223582:assumed-role/AWSBackupDefaultServiceRole/AWSBackup-AWSBackupDefaultServiceRole is not authorized to perform: iam:CreateServiceLinkedRole on the specified resource (Service: AmazonElasticFileSystem; Status Code: 403; Error Code: AccessDeniedException; Request ID: 3c7a1c0b-1341-45d3-9b85-796d1fad2711; Proxy: null)

Followed: Create VPN Network: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-example-dev-test.html#create-vpc-one-public-subnet Restore form backup: https://docs.aws.amazon.com/aws-backup/latest/devguide/restoring-a-backup.html https://docs.aws.amazon.com/aws-backup/latest/devguide/restore-resource.html

aprilrieger commented 1 year ago

In order to work through the EFS Backup restore issues with the error reported above. We needed to add a new policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "iam:CreateServiceLinkedRole",
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "iam:AWSServiceName": "elasticfilesystem.amazonaws.com"
                }
            }
        }
    ]
}

And attach it to the AWSBackupDefaultServiceRole, once that was successfully completed we were able to get the restore started and have a percentage of 11% completed thus far.

aprilrieger commented 1 year ago

Review of all job this morning and the efs transfer is complete