5db814629f
* Adapt budget alarms and increase cost threshold Signed-off-by: Johann Hoffmann <johann.hoffmann@mailbox.org> * Fix Terraform syntax Signed-off-by: Johann Hoffmann <johann.hoffmann@mailbox.org> * Add lifecycle rule for logs bucket Signed-off-by: Johann Hoffmann <johann.hoffmann@mailbox.org> * Add name tags for S3 buckets Signed-off-by: Johann Hoffmann <johann.hoffmann@mailbox.org> * Fix Terraform syntax Signed-off-by: Johann Hoffmann <johann.hoffmann@mailbox.org> * Fix name tag Signed-off-by: Johann Hoffmann <johann.hoffmann@mailbox.org> * Fix deprecation warnings Signed-off-by: Johann Hoffmann <johann.hoffmann@mailbox.org> * Re-add versioning config for backup bucket Signed-off-by: Johann Hoffmann <johann.hoffmann@mailbox.org> * Fix more deprecation warnings and upgrade Terraform providers Signed-off-by: Johann Hoffmann <johann.hoffmann@mailbox.org> * Reset monthly budget for other projects and add cost anomaly alert Signed-off-by: Johann Hoffmann <johann.hoffmann@mailbox.org> * Remove policy condition Signed-off-by: Johann Hoffmann <johann.hoffmann@mailbox.org> Signed-off-by: Johann Hoffmann <johann.hoffmann@mailbox.org>
Abstract
This repo provides a code that deploy AWS infrastructure using Terraform on AWS to perform daily backups of github repositiories to S3 bucket.
Installation
-
Install terraform https://www.terraform.io/downloads.html.
-
Configure AWS access https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html.
First time setup
-
Cd to
remote_state_tfdirectory and runterraform initfollowed byterraform applyin order to create AWS S3 bucket storing terraform state. -
Cd to
tfdirectory and runterraform initfollowed byterraform applywhich creates AWS Step Function, IAM roles, ECS cluster etc. -
Cd to
images/build_image_github_repo_backup, executebuild_docker_image.shscript which builds docker image and pushes it to AWS ECR. Repeat the step forimages/build_image_atlassian_cloud_backup. -
Subscribe necessary emails to SNS
arn:aws:sns:<region>:<account id>:repo_backup. -
Update
/sfn/atlassian-token,/sfn/atlassian-user,/sfn/github-tokenkeys in SSM parameter store with valid values at https://console.aws.amazon.com/systems-manager/parameters/.
Updates to the backup code
All backup logic is stored in build_image directory, mainly in build_image/entrypoint_repo_backup.sh. Once the code is updated, execute build_docker_image.sh script which builds docker image and pushes it to AWS ECR.
Updates to the terraform code
IAM permissions, S3 bucket name, gihub token, github organization name, blacklisted repo list, backup schedule are passed as environment variables to ECS task and are managed by terraform (tf/terraform.tfvars). Once terraform code in tf directory is updated, execute terraform apply in order to apply the changes.
As an example, if you need to change S3 bucket name, perform the following steps:
-
Cd into
tfdirectory, runterraform state rm aws_s3_bucket.repo_backupandterraform state rm aws_s3_bucket_public_access_block.repo_backup. -
Update S3 bucket name -
s3_bucket_backup_namevariable intf/terraform.tfvars. -
Run
terraform apply. -
Copy the objects from old to new bucket https://aws.amazon.com/premiumsupport/knowledge-center/move-objects-s3-bucket/.
-
Cleanup old bucket
aws s3 rm s3://bucket-name --recursive(see more at https://docs.aws.amazon.com/AmazonS3/latest/dev/delete-or-empty-bucket.html). -
Delete old bucket via AWS S3 console.