AWS Amazon RDS Snapshot
This page shows how to write Terraform and CloudFormation for Amazon RDS Snapshot and write them securely.
aws_db_snapshot (Terraform)
The Snapshot in Amazon RDS can be configured in Terraform with the resource name aws_db_snapshot. The following sections describe 5 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_db_snapshot" "audit-snapshot" {
db_instance_identifier = aws_db_instance.audit.id
db_snapshot_identifier = "audit-snapshot"
resource "aws_db_snapshot" "snap" {
db_instance_identifier = aws_db_instance.database-1.id
db_snapshot_identifier = "snap-database-1"
resource "aws_db_snapshot" "db_snapshot" {
db_instance_identifier = var.db_instance_identifier
db_snapshot_identifier = var.db_snapshot_identifier
tags = module.camtags.tagsmap
}
resource "aws_db_snapshot" "test" {
db_instance_identifier = aws_db_instance.default.id
db_snapshot_identifier = "testsnapshot1234"
}
resource "aws_db_snapshot" "manual_snapshot" {
db_instance_identifier = aws_db_instance.mysql.identifier
db_snapshot_identifier = "manual-snapshot"
}
data "aws_subnet_ids" "database" {
Parameters
-
allocated_storageoptional computed - number -
availability_zoneoptional computed - string -
db_instance_identifierrequired - string -
db_snapshot_arnoptional computed - string -
db_snapshot_identifierrequired - string -
encryptedoptional computed - bool -
engineoptional computed - string -
engine_versionoptional computed - string -
idoptional computed - string -
iopsoptional computed - number -
kms_key_idoptional computed - string -
license_modeloptional computed - string -
option_group_nameoptional computed - string -
portoptional computed - number -
snapshot_typeoptional computed - string -
source_db_snapshot_identifieroptional computed - string -
source_regionoptional computed - string -
statusoptional computed - string -
storage_typeoptional computed - string -
tagsoptional - map from string to string -
vpc_idoptional computed - string -
timeoutssingle block-
readoptional - string
-
Explanation in Terraform Registry
Manages an RDS database instance snapshot. For managing RDS database cluster snapshots, see the
aws_db_cluster_snapshotresource.
Tips: Best Practices for The Other AWS Amazon RDS Resources
In addition to the aws_db_instance, AWS Amazon RDS has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_db_instance
Ensure backup retension of your RDS instance is specified
It's better to set it explicitly to reduce the risk of availability issues.
aws_rds_cluster
Ensure backup retension of your RDS cluster is specified
It's better to set it explicitly to reduce the risk of availability issues.
aws_rds_cluster_instance
Ensure your RDS cluster instance blocks unwanted access
It's better to limit accessibily to the minimum that is required for the application to work.
AWS::RDS::DBCluster (CloudFormation)
The DBCluster in RDS can be configured in CloudFormation with the resource name AWS::RDS::DBCluster. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
Type: 'AWS::RDS::DBCluster'
Properties:
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
DBClusterIdentifier: aurora-postgresql-cluster
Engine: aurora-postgresql
Type: 'AWS::RDS::DBCluster'
Properties:
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
DBClusterIdentifier: aurora-postgresql-cluster
Engine: aurora-postgresql
Type: 'AWS::RDS::DBCluster'
Properties:
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
DBClusterIdentifier: aurora-postgresql-cluster
Engine: aurora-postgresql
Type: 'AWS::RDS::DBClusterParameterGroup'
Properties:
Description: 'Aurora PostgreSQL 10 Parameter Group'
Family: aurora-postgresql10
Parameters:
rds.force_ssl: 1
Type: AWS::RDS::DBCluster
Properties:
DatabaseName: ${self:custom.environments.DB_DATABASE}
Engine: aurora-mysql
EngineMode: serverless
MasterUsername: ${self:custom.environments.DB_USER_NAME}
"resourceType": "AWS::RDS::DBClusterSnapshot",
"resourceId": "rds:database-1-2020-05-19-05-58",
"resourceName": "rds:database-1-2020-05-19-05-58"
},
{
"resourceType": "AWS::RDS::DBClusterSnapshot",
"resourceType": "AWS::RDS::DBClusterSnapshot",
"resourceId": "rds:database-1-2020-05-19-05-58",
"resourceName": "rds:database-1-2020-05-19-05-58"
},
{
"resourceType": "AWS::RDS::DBClusterSnapshot",
"resourceType": "AWS::RDS::DBClusterSnapshot",
"resourceId": "rds:database-1-2020-05-19-05-58",
"resourceName": "rds:database-1-2020-05-19-05-58"
},
{
"resourceType": "AWS::RDS::DBClusterSnapshot",
"ResourceType": "AWS::RDS::DBCluster",
"ResourceStatus": "CREATE_COMPLETE"
},
{
"PhysicalResourceId": "auroraClusterParameterGroup",
"ResourceType": "AWS::RDS::DBClusterParameterGroup",
"Type": "AWS::RDS::DBCluster",
"Properties": {
"Engine": "aurora-postgresql",
"EngineMode": "provisioned",
"EngineVersion": {
"Ref": "EngineVersion"
Parameters
-
AssociatedRolesoptional - List of DBClusterRole -
AvailabilityZonesoptional - List -
BacktrackWindowoptional - Long -
BackupRetentionPeriodoptional - Integer -
CopyTagsToSnapshotoptional - Boolean -
DBClusterIdentifieroptional - String -
DBClusterParameterGroupNameoptional - String -
DBSubnetGroupNameoptional - String -
DatabaseNameoptional - String -
DeletionProtectionoptional - Boolean -
EnableCloudwatchLogsExportsoptional - List -
EnableHttpEndpointoptional - Boolean -
EnableIAMDatabaseAuthenticationoptional - Boolean -
Enginerequired - String -
EngineModeoptional - String -
EngineVersionoptional - String -
GlobalClusterIdentifieroptional - String -
KmsKeyIdoptional - String -
MasterUserPasswordoptional - String -
MasterUsernameoptional - String -
Portoptional - Integer -
PreferredBackupWindowoptional - String -
PreferredMaintenanceWindowoptional - String -
ReplicationSourceIdentifieroptional - String -
RestoreTypeoptional - String -
ScalingConfigurationoptional - ScalingConfiguration -
SnapshotIdentifieroptional - String -
SourceDBClusterIdentifieroptional - String -
SourceRegionoptional - String -
StorageEncryptedoptional - Boolean -
Tagsoptional - List of Tag -
UseLatestRestorableTimeoptional - Boolean -
VpcSecurityGroupIdsoptional - List
Explanation in CloudFormation Registry
The
AWS::RDS::DBClusterresource creates an Amazon Aurora DB cluster. For more information, see Managing an Amazon Aurora DB Cluster in the Amazon Aurora User Guide.Note You can only create this resource in AWS Regions where Amazon Aurora is supported.
Updating DB clustersWhen properties labeled "Update requires: Replacement" are updated, AWS CloudFormation first creates a replacement DB cluster, then changes references from other dependent resources to point to the replacement DB cluster, and finally deletes the old DB cluster.
Important We highly recommend that you take a snapshot of the database before updating the stack. If you don't, you lose the data when AWS CloudFormation replaces your DB cluster. To preserve your data, perform the following procedure: Deactivate any applications that are using the DB cluster so that there's no activity on the DB instance.
Create a snapshot of the DB cluster. For more information about creating DB snapshots, see Creating a DB Cluster Snapshot.
If you want to restore your DB cluster using a DB cluster snapshot, modify the updated template with your DB cluster changes and add the
SnapshotIdentifierproperty with the ID of the DB cluster snapshot that you want to use. After you restore a DB cluster with aSnapshotIdentifierproperty, you must specify the sameSnapshotIdentifierproperty for any future updates to the DB cluster. When you specify this property for an update, the DB cluster is not restored from the DB cluster snapshot again, and the data in the database is not changed. However, if you don't specify theSnapshotIdentifierproperty, an empty DB cluster is created, and the original DB cluster is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB cluster is restored from the specifiedSnapshotIdentifierproperty, and the original DB cluster is deleted.Update the stack.
Currently, when you are updating the stack for an Aurora Serverless DB cluster, you can't include changes to any other properties when you specify one of the following properties:
PreferredBackupWindow,PreferredMaintenanceWindow, andPort. This limitation doesn't apply to provisioned DB clusters.For more information about updating other properties of this resource, see
[ModifyDBCluster](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBCluster.html). For more information about updating stacks, see AWS CloudFormation Stacks Updates.Deleting DB clustersThe default
DeletionPolicyforAWS::RDS::DBClusterresources isSnapshot. For more information about how AWS CloudFormation deletes resources, see DeletionPolicy Attribute.
Frequently asked questions
What is AWS Amazon RDS Snapshot?
AWS Amazon RDS Snapshot is a resource for Amazon RDS of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Amazon RDS Snapshot?
For Terraform, the Alan18081/custom-infra, danielssabin/teste and ICpTrial/starterLibrary source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the jcroall/kaimonkey-demo, mallik-user1/kaimonkey_customized and accurics/KaiMonkey source code examples are useful. See the CloudFormation Example section for further details.
