Skip to content

Instantly share code, notes, and snippets.

@bokuweb

bokuweb/dynamo_backup.ts

Created February 29, 2020 02:39
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save bokuweb/5d9f9360f0b36729f5bb49f08d7b86a5 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save bokuweb/5d9f9360f0b36729f5bb49f08d7b86a5 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. bokuweb created this gist Feb 29, 2020.
    57 changes: 57 additions & 0 deletions dynamo_backup.ts
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,57 @@
    import * as cdk from '@aws-cdk/core';
    import * as backup from '@aws-cdk/aws-backup';
    import * as iam from '@aws-cdk/aws-iam';

    import { tables } from './tables';

    export class BackupStack extends cdk.Stack {
    constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    const name = 'DynamoBackup';

    const vault = new backup.CfnBackupVault(this, 'DynamoBackupVault', {
    backupVaultName: name,
    });

    const backupRole = new iam.Role(this, 'DynamoBackupRole', {
    assumedBy: new iam.ServicePrincipal('backup.amazonaws.com'),
    managedPolicies: [
    iam.ManagedPolicy.fromAwsManagedPolicyName('service-role/AWSBackupServiceRolePolicyForBackup'),
    iam.ManagedPolicy.fromAwsManagedPolicyName('service-role/AWSBackupServiceRolePolicyForRestores'),
    ],
    });
    const dynamoBackup = new backup.CfnBackupPlan(this, name + 'Plan', {
    backupPlan: {
    backupPlanName: name + 'Plan',
    backupPlanRule: [
    {
    ruleName: name + 'DailyWarmBackup',
    lifecycle: {
    deleteAfterDays: 35,
    },
    targetBackupVault: vault.attrBackupVaultName,
    scheduleExpression: 'cron(0 8 * * ? *)',
    },
    {
    ruleName: name + 'MonthlyColdBackup',
    lifecycle: {
    deleteAfterDays: 365,
    moveToColdStorageAfterDays: 30,
    },
    targetBackupVault: vault.attrBackupVaultName,
    scheduleExpression: 'cron(0 8 1 * ? *)',
    },
    ],
    },
    });
    new backup.CfnBackupSelection(this, name + 'DynamoBackupPlanSelection', {
    backupPlanId: dynamoBackup.attrBackupPlanId,
    backupSelection: {
    iamRoleArn: backupRole.roleArn,
    selectionName: name,
    resources: tables.map(table => 'arn:aws:dynamodb:' + this.region + ':' + this.account + ':table/' + table),
    },
    });
    }
    }