README
¶
RDSMySQLBackupLambda
The RDSMySQLBackupLambda is an AWS CDK Construct that provides an automated solution for backing up RDS MySQL databases to an S3 bucket using a Lambda function. It is designed for developers who need a flexible and cost-effective method to back up their RDS MySQL databases outside of the default RDS backup capabilities.
Table of Contents
Features
- Automated backups of RDS MySQL databases.
- Backup scheduling using a cron expression.
- Backups stored securely in an S3 bucket with encryption.
- Customizable Lambda function name, timeout, and S3 bucket name.
- Built-in VPC and security group configurations for secure access to RDS instances.
How It Works
The RDSMySQLBackupLambda AWS CDK Construct automates the process of backing up RDS MySQL databases to S3, leveraging AWS Lambda and other AWS services. Here’s an overview of its operation:
1. Lambda Function:
- A Lambda function is the core component that performs the database backup. It's triggered based on the specified schedule (defaulting to daily at 00:00 UTC).
- The function connects to the specified RDS MySQL database instance using the provided credentials and performs a mysqldump.
2. VPC and Subnet Configuration:
- The Lambda function is deployed within the same VPC and subnet group as the RDS instance. This ensures a secure and direct connection to the RDS instance, as typically, RDS instances are placed in private subnets without direct internet access.
3. Security Group Settings:
- The security group of the Lambda function is configured to allow outbound connections to the RDS instance on the specified port (default 3306 for MySQL).
- The RDS instance's security group is updated to allow inbound connections from the Lambda function's security group.
4. S3 Bucket for Backup Storage:
- An S3 bucket is created and configured with server-side encryption (SSE-S3) for secure storage of the backup files.
5. S3 VPC Endpoint:
- To address scenarios where the RDS instance and Lambda function reside in a subnet without internet access, the construct utilizes an S3 VPC endpoint.
- This endpoint provides private connectivity to S3, allowing the Lambda function to upload backup files to the S3 bucket without needing internet access.
6. Backup Process:
- When triggered, the Lambda function initiates a backup of the specified database, generating a dump file.
- The dump file is then securely uploaded to the S3 bucket via the S3 VPC endpoint.
Installation
To install RDSMySQLBackupLambda construct library using npm, run the following command:
npm i cdk-rds-mysql-backup-lambda
Usage
To initialize the RDSMySQLBackupLambda construct you can use the following code:
import * as cdk from 'aws-cdk-lib';
import * as ec2 from 'aws-cdk-lib/aws-ec2';
import * as events from 'aws-cdk-lib/aws-events';
import { Construct } from 'constructs';
import { RDSMySQLBackupLambda } from 'cdk-rds-mysql-backup-lambda';
export class TestStack extends cdk.Stack {
constructor(scope: Construct, id: string, props: TestStackProps) {
super(scope, id, props);
// Get VPC and Subnets where the RDS instance is located
const vpc = ec2.Vpc.fromVpcAttributes(this, 'TestVpc', {
vpcId: props.vpcId,
availabilityZones: ['eu-central-1a', 'eu-central-1b', 'eu-central-1c'],
publicSubnetIds: props.vpcSubnetIds,
});
const vpcSubnets = vpc.selectSubnets({
subnetType: ec2.SubnetType.PUBLIC,
});
const mysqlBackup = new RDSMySQLBackupLambda(this, 'RDSMySQLBackupLambda', {
rdsVpc: vpc,
rdsVpcSubnets: vpcSubnets,
rdsInstanceName: 'rdsInstanceName',
rdsInstancePort: 3306, // optional
rdsInstanceEndpointAddress: 'rdsInstanceEndpointAddress',
rdsSecurityGroupId: 'rdsSecurityGroupId',
dbName: 'db_name',
dbUser: 'user',
dbPassword: 'pass',
lambdaFunctionName: 'RDSMySQLBackupLambdaFunction', // optional
lambdaFunctionTimeout: cdk.Duration.minutes(15), // optional
s3BucketName: 'rds-mysql-backups', // optional
backupSchedule: events.Schedule.cron({ hour: '0', minute: '0' }), // optional
});
// exported properties
console.log(mysqlBackup.s3Bucket); // S3 bucket where the backups are stored
console.log(mysqlBackup.lambdaFunction); // Lambda function that backs up the RDS MySQL database
}
}
Documentation
To initialize the RDSMySQLBackupLambda construct you can use the following props:
/**
* Properties for the RDSMySQLBackupLambda construct.
*/
export interface RDSMySQLBackupLambdaProps extends ResourceProps {
/**
* VPC used by the RDS instance.
*/
readonly rdsVpc: ec2.IVpc;
/**
* VPC subnet group used by the RDS instance.
*/
readonly rdsVpcSubnets: ec2.SelectedSubnets;
/**
* Name of RDS instance to backup.
*/
readonly rdsInstanceName: string;
/**
* Endpoint address of the RDS instance.
*/
readonly rdsInstanceEndpointAddress: string;
/**
* Port of the RDS instance.
*/
readonly rdsInstancePort?: number;
/**
* Security group ID for the RDS instance.
*/
readonly rdsSecurityGroupId: string;
/**
* User to connect to the RDS instance.
*/
readonly dbUser: string;
/**
* Password to connect to the RDS instance.
*/
readonly dbPassword: string;
/**
* Name of the database to backup.
*/
readonly dbName: string;
/**
* Name of the lambda function that will be created.
*
* @default - [db-instance-identifier]-rds-backup-lambda
*/
readonly lambdaFunctionName?: string;
/**
* Timeout value for the backup lambda function.
*
* @default - 5 minutes
*/
readonly lambdaTimeout?: Duration;
/**
* Name of the S3 bucket to store the RDS backups.
*
* @default - [db-instance-identifier]-rds-backup
*/
readonly s3BucketName?: string;
/**
* Schedule for the lambda function to run.
*
* @default - Every day at 00:00 UTC
*/
readonly scheduleRule?: events.Schedule;
}
Contributing
We welcome contributions! Please review code of conduct and contributing guide so that you can understand what actions will and will not be tolerated.
Pull Request Guidelines
-
The
mainbranch is just a snapshot of the latest stable release. All development should be done in development branches. Do not submit PRs against themainbranch. -
Work in the
srcfolder and DO NOT checkindistin the commits. -
It's OK to have multiple small commits as you work on the PR
-
If adding a new feature add accompanying test case.
-
If fixing bug,
- Add accompanying test case if applicable.
- Provide a detailed description of the bug in the PR.
- If you are resolving an opened issue add issue number in your PR title.
License
RDSMySQLBackupLambda is MIT licensed.
Documentation
¶
Overview ¶
A flexible AWS CDK construct for scheduled RDS MySQL backups to S3.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewRDSMySQLBackupLambda_Override ¶
func NewRDSMySQLBackupLambda_Override(r RDSMySQLBackupLambda, scope constructs.Construct, id *string, props *RDSMySQLBackupLambdaProps)
func RDSMySQLBackupLambda_IsConstruct ¶
func RDSMySQLBackupLambda_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
Types ¶
type RDSMySQLBackupLambda ¶
type RDSMySQLBackupLambda interface {
constructs.Construct
// The lambda function to backup the RDS instance.
LambdaFunction() awslambda.Function
// The tree node.
Node() constructs.Node
// The S3 bucket created to store the RDS backups.
S3Bucket() awss3.Bucket
// Returns a string representation of this construct.
ToString() *string
}
func NewRDSMySQLBackupLambda ¶
func NewRDSMySQLBackupLambda(scope constructs.Construct, id *string, props *RDSMySQLBackupLambdaProps) RDSMySQLBackupLambda
type RDSMySQLBackupLambdaProps ¶
type RDSMySQLBackupLambdaProps struct {
// The AWS account ID this resource belongs to.
// Default: - the resource is in the same account as the stack it belongs to.
//
Account *string `field:"optional" json:"account" yaml:"account"`
// ARN to deduce region and account from.
//
// The ARN is parsed and the account and region are taken from the ARN.
// This should be used for imported resources.
//
// Cannot be supplied together with either `account` or `region`.
// Default: - take environment from `account`, `region` parameters, or use Stack environment.
//
EnvironmentFromArn *string `field:"optional" json:"environmentFromArn" yaml:"environmentFromArn"`
// The value passed in by users to the physical name prop of the resource.
//
// - `undefined` implies that a physical name will be allocated by
// CloudFormation during deployment.
// - a concrete value implies a specific physical name
// - `PhysicalName.GENERATE_IF_NEEDED` is a marker that indicates that a physical will only be generated
// by the CDK if it is needed for cross-environment references. Otherwise, it will be allocated by CloudFormation.
// Default: - The physical name will be allocated by CloudFormation at deployment time.
//
PhysicalName *string `field:"optional" json:"physicalName" yaml:"physicalName"`
// The AWS region this resource belongs to.
// Default: - the resource is in the same region as the stack it belongs to.
//
Region *string `field:"optional" json:"region" yaml:"region"`
// Name of the database to backup.
DbName *string `field:"required" json:"dbName" yaml:"dbName"`
// Password to connect to the RDS instance.
DbPassword *string `field:"required" json:"dbPassword" yaml:"dbPassword"`
// User to connect to the RDS instance.
DbUser *string `field:"required" json:"dbUser" yaml:"dbUser"`
// Endpoint address of the RDS instance.
RdsInstanceEndpointAddress *string `field:"required" json:"rdsInstanceEndpointAddress" yaml:"rdsInstanceEndpointAddress"`
// Name of RDS instance to backup.
RdsInstanceName *string `field:"required" json:"rdsInstanceName" yaml:"rdsInstanceName"`
// Security group ID for the RDS instance.
RdsSecurityGroupId *string `field:"required" json:"rdsSecurityGroupId" yaml:"rdsSecurityGroupId"`
// VPC used by the RDS instance.
RdsVpc awsec2.IVpc `field:"required" json:"rdsVpc" yaml:"rdsVpc"`
// VPC subnet group used by the RDS instance.
RdsVpcSubnets *awsec2.SelectedSubnets `field:"required" json:"rdsVpcSubnets" yaml:"rdsVpcSubnets"`
// Name of the lambda function that will be created.
// Default: - [db-instance-identifier]-rds-backup-lambda.
//
LambdaFunctionName *string `field:"optional" json:"lambdaFunctionName" yaml:"lambdaFunctionName"`
// Timeout value for the backup lambda function.
// Default: - 5 minutes.
//
LambdaTimeout awscdk.Duration `field:"optional" json:"lambdaTimeout" yaml:"lambdaTimeout"`
// Port of the RDS instance.
RdsInstancePort *float64 `field:"optional" json:"rdsInstancePort" yaml:"rdsInstancePort"`
// Name of the S3 bucket to store the RDS backups.
// Default: - [db-instance-identifier]-rds-backup.
//
S3BucketName *string `field:"optional" json:"s3BucketName" yaml:"s3BucketName"`
// Schedule for the lambda function to run.
// Default: - Every day at 00:00 UTC.
//
ScheduleRule awsevents.Schedule `field:"optional" json:"scheduleRule" yaml:"scheduleRule"`
}
Properties for the RDSMySQLBackupLambda construct.
Source Files
Directories