-
Notifications
You must be signed in to change notification settings - Fork 0
/
autoBackupCRR-template.yml
238 lines (230 loc) · 7.52 KB
/
autoBackupCRR-template.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
# igarcia 2020-04
# Version 1.0.0
# Automation for Backups Cross Region Replication
# Crea Lambda programada con CloudWatch Event para copia automatica de backups (AMIs, snapshots)
# Recursos creados: Lambda, CloudWatch Event, IAM Role
AWSTemplateFormatVersion: 2010-09-09
Description: Plantilla para Crear Automatizacion de Copia de Backups Cross Region Replication
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
-
Label:
default: "Stack Environment"
Parameters:
- TemplateAmbiente
-
Label:
default: "Backup Cross Region Replication Setup"
Parameters:
- pTagBusqueda
- pTagValor
- pFrecuencia
- pHora
- pDestinationRegion
- pEC2resource
ParameterLabels: #Define Friendly Names para los Parametros mostrados en la pantalla
TemplateAmbiente:
default: "Value for CloudFormation Resources Env Tag"
pFrecuencia:
default: "Frequency, in days"
pHora:
default: "Time"
pTagBusqueda:
default: "Selection Tag Key"
pTagValor:
default: "Selection Tag Value"
pDestinationRegion:
default: "Destination Region"
pEC2resource:
default: "EC2 Resource Type"
Parameters: #Definicion de Parametros con Valores Default
TemplateAmbiente:
Type: String
Description: "Tag Env to set on CloudFormation resources"
Default: Test
MaxLength: 10
MinLength: 2
ConstraintDescription: "Por favor indique un Tag sencillo de entre 2 y 10 caracteres"
pFrecuencia:
Type: Number
Description: "How often, in # days, the backups will be copied"
Default: 31
MinValue: 1
MaxValue: 31
pHora:
Type: String
Description: "At what time, in 24 hours UTC time format ##:##, the Lambda will start to copy the backups"
Default: "6:01"
AllowedPattern: "^[0-2]?[0-9]:[0-5][0-9]$"
ConstraintDescription: "Por favor indique una hora entre 0:00 a 23:59"
pTagBusqueda:
Type: String
Description: "Tag Key to identify Resources to copy to another Region"
Default: Env
MaxLength: 20
MinLength: 1
ConstraintDescription: "Por favor indique un Tag sencillo"
pTagValor:
Type: String
Description: "Tag Value to identify Resources to copy to another Region"
Default: Prod
MaxLength: 20
MinLength: 1
ConstraintDescription: "Por favor indique un Valor sencillo"
pEC2resource:
Type: String
Description: "EC2 Resource type for backup, AMI (Instance Image) or EBS Snapshot. RDS and Aurora Snapshots are always included"
Default: 'AMI'
AllowedValues:
- 'AMI'
- 'Snapshot'
pDestinationRegion:
Type: String
Description: "Destination Region for the backup copies"
Default: 'us-east-1'
AllowedValues:
- us-east-1
- us-east-2
- us-west-1
- us-west-2
- ap-east-1
- ap-south-1
- ap-northeast-1
- ap-northeast-2
- ap-southeast-1
- ap-southeast-2
- ca-central-1
- eu-central-1
- eu-west-1
- eu-west-2
- eu-west-3
- eu-north-1
- me-south-1
- sa-east-1
- af-south-1
Resources:
TemplateRole: #Rol para ejecucion de Lambda
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Principal:
Service:
- "lambda.amazonaws.com"
Action:
- "sts:AssumeRole"
Description: Role para ejecucion de AutoBackupCRR
Policies:
-
PolicyName: !Join [ "-", [ "PolicyLambdaExec", !Ref TemplateAmbiente ] ]
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action:
- "logs:CreateLogGroup"
- "logs:CreateLogStream"
- "logs:PutLogEvents"
Resource: "*"
-
PolicyName: !Join [ "-", [ "PolicyLambdaEC2", !Ref TemplateAmbiente ] ]
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action: "ec2:*"
Resource: "*"
-
PolicyName: !Join [ "-", [ "PolicyLambdaRDS", !Ref TemplateAmbiente ] ]
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action:
- "rds:*"
Resource: "*"
-
PolicyName: !Join [ "-", [ "PolicyLambdaKMS", !Ref TemplateAmbiente ] ]
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action:
- "kms:Encrypt"
- "kms:Decrypt"
- "kms:ReEncrypt*"
- "kms:GenerateDataKey*"
- "kms:DescribeKey"
- "kms:CreateGrant"
- "kms:ListGrants"
- "kms:RevokeGrant"
Resource: "*"
RoleName: !Join [ "-", [ "RoleforAutoBackupCRR", !Ref TemplateAmbiente ] ]
Tags:
- Key: Env
Value: !Ref TemplateAmbiente
TemplateLambda: #Lambda que copia los backups
Type: AWS::Lambda::Function
Properties:
Code:
S3Bucket: !Join [ "-", [ "higher-artifacts", !Ref "AWS::Region" ] ]
S3Key: "solutions/autobackupcrr.zip"
Description: Copy backups on regular basis across regions
Environment:
Variables:
FRECUENCIA: !Ref pFrecuencia
TAGBUSQUEDA: !Ref pTagBusqueda
TAGVALOR: !Ref pTagValor
AMBIENTE: !Ref TemplateAmbiente
SREGION: !Ref "AWS::Region"
DREGION: !Ref pDestinationRegion
EC2R: !Ref pEC2resource
FunctionName: !Join [ "-", [ "AutoBackupCRRLambda", !Ref TemplateAmbiente ] ]
Role: !GetAtt TemplateRole.Arn
Timeout: 800
Handler: autobackupcrr.lambda_handler
Runtime: python3.8
MemorySize: 256
Tags:
-
Key: Env
Value: !Ref TemplateAmbiente
TemplateEventLambda: #Crea Event para invocar la Lambda
Type: AWS::Events::Rule
Properties:
Description: Invoke Lambda for backup cross region replication
Name: !Join [ "-", [ "AutoBackupCRREvent", !Ref TemplateAmbiente ] ]
ScheduleExpression: !Join [ "", [ "cron(",!Select [ 1, !Split [ ":", !Ref pHora] ]," ", !Select [ 0, !Split [ ":", !Ref pHora] ], " 1/",!Ref pFrecuencia," * ? *)" ] ]
State: ENABLED
Targets:
-
Arn: !GetAtt TemplateLambda.Arn
Id: !Join [ "-", [!Ref TemplateAmbiente, "AutoBackupCRRLambda" ] ]
TemplatePermisoEventLambda: #Relaciona permisos del Event con Lambda
Type: AWS::Lambda::Permission
Properties:
FunctionName: !GetAtt TemplateLambda.Arn
Action: "lambda:InvokeFunction"
Principal: events.amazonaws.com
SourceArn: !GetAtt TemplateEventLambda.Arn
Outputs: #Salida a mostrarse en la pantalla
BackupCopy:
Description: Frequency for cross region replication of backups
Value: !Join [ "", [ "Every ", !Ref pFrecuencia, " days, at ", !Ref pHora, " UTC" ] ]
SourceRegion:
Description: Source Region
Value: !Ref AWS::Region
DestinationRegion:
Description: Destination Region
Value: !Ref pDestinationRegion
ResourcedToCopy:
Description: Resources to Copy
Value: !Join [ "", [ "EC2's ", !Ref pEC2resource, "s, RDS & Aurora Snapshots " ] ]