我正在使用AWS Backup服务为我的DynamoDB创建备份,但是我不喜欢该解决方案,因为该解决方案非常手动且不可复制。
现在,如何(从CloudFormation Designer或模板)构建AWS备份?
我正在搜索它,但我不能这样做。
注意:我不想使用带有lambda的任何计划事件进行备份。我需要使用AWS备份,但是在哪里可以使用CloudFormation模板来轻松创建/更新。
答案 0 :(得分:1)
a1 value-a1
a2 value-a2
a3 value-a3
a4 value-b1
b1 value-b2
b2 value-b3
b3 value-c1
b4 value-c2
c1 value-c3
c2
c3
c4
参考:
https://docs.aws.amazon.com/aws-backup/latest/devguide/integrate-cloudformation-with-aws-backup.html
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_Backup.html
答案 1 :(得分:1)
Description: "Backup Plan template to back up all resources tagged with
backup=daily daily at 5am UTC."
Resources:
KMSKey:
Type: AWS::KMS::Key
Properties:
Description: "Encryption key for daily"
EnableKeyRotation: True
Enabled: True
KeyPolicy:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
"AWS": { "Fn::Sub": "arn:aws:iam::***********:root" }
# "AWS": 'arn:aws:iam::***********:root'
Action:
- kms:*
Resource: "*"
BackupVaultWithDailyBackups:
Type: "AWS::Backup::BackupVault"
Properties:
BackupVaultName: "BackupVaultWithDailyBackups"
EncryptionKeyArn: { "Fn::GetAtt": [ KMSKey, Arn ] } #${self:custom.keyArn}
BackupPlanWithDailyBackups:
Type: "AWS::Backup::BackupPlan"
Properties:
BackupPlan:
BackupPlanName: "BackupPlanWithDailyBackups"
BackupPlanRule:
-
RuleName: DailyBackups
ScheduleExpression: cron(0 5 ? * * *)
StartWindowMinutes: 480
TargetBackupVault: {Ref: BackupVaultWithDailyBackups}
Lifecycle:
DeleteAfterDays: 35
-
RuleName: WeeklyBackups
ScheduleExpression: cron(0 5 ? * 7 *)
TargetBackupVault: {Ref: BackupVaultWithDailyBackups}
StartWindowMinutes: 480
Lifecycle:
DeleteAfterDays: 90
-
RuleName: MonthlyBackups
ScheduleExpression: cron(0 5 1 * ? *)
TargetBackupVault: {Ref: BackupVaultWithDailyBackups}
StartWindowMinutes: 480
Lifecycle:
MoveToColdStorageAfterDays: 90
DeleteAfterDays: 1825
DependsOn: BackupVaultWithDailyBackups
# BackupRole:
# Type: "AWS::IAM::Role"
# Properties:
# AssumeRolePolicyDocument:
# Version: "2012-10-17"
# Statement:
# -
# Effect: "Allow"
# Principal:
# Service:
# - "backup.amazonaws.com"
# Action:
# - "sts:AssumeRole"
# ManagedPolicyArns:
# -
# "arn:aws:iam::**********:role/service-role/AWSBackupDefaultServiceRole"
TagBasedBackupSelection:
Type: "AWS::Backup::BackupSelection"
Properties:
BackupSelection:
SelectionName: "TagBasedBackupSelection"
IamRoleArn: "arn:aws:iam::***********:role/service-role/AWSBackupDefaultServiceRole"
ListOfTags:
-
ConditionType: "STRINGEQUALS"
ConditionKey: "backup"
ConditionValue: "dev-pci"
-
ConditionType: "STRINGEQUALS"
ConditionKey: "backup"
ConditionValue: "uat-pci"
-
ConditionType: "STRINGEQUALS"
ConditionKey: "backup"
ConditionValue: "prod-pci"
BackupPlanId: {Ref: BackupPlanWithDailyBackups}
DependsOn: BackupPlanWithDailyBackups
注意:将***********替换为您的AWS AccountId
您需要添加dynamoDB标签,例如:
DDBTableWithDailyBackupTag:
Type: "AWS::DynamoDB::Table"
Properties:
TableName: "TestTable"
AttributeDefinitions:
-
AttributeName: "Album"
AttributeType: "S"
KeySchema:
-
AttributeName: "Album"
KeyType: "HASH"
ProvisionedThroughput:
ReadCapacityUnits: "5"
WriteCapacityUnits: "5"
Tags:
-
Key: "backup"
Value: "daily"