Initial commit

Author: michaelmoussa

.gitignore

@@ -0,0 +1,7 @@
+*.js
+*.d.ts
+node_modules
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out

.npmignore

@@ -0,0 +1,6 @@
+*.ts
+!*.d.ts
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out

CODE_OF_CONDUCT.md

@@ -0,0 +1,5 @@
+## Code of Conduct
+
+This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
+For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
+[email protected] with any additional questions or comments.

CONTRIBUTING.md

@@ -0,0 +1,61 @@
+# Contributing Guidelines
+
+Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional
+documentation, we greatly value feedback and contributions from our community.
+
+Please read through this document before submitting any issues or pull requests to ensure we have all the necessary
+information to effectively respond to your bug report or contribution.
+
+
+## Reporting Bugs/Feature Requests
+
+We welcome you to use the GitHub issue tracker to report bugs or suggest features.
+
+When filing an issue, please check existing open, or recently closed, issues to make sure somebody else hasn't already
+reported the issue. Please try to include as much information as you can. Details like these are incredibly useful:
+
+* A reproducible test case or series of steps
+* The version of our code being used
+* Any modifications you've made relevant to the bug
+* Anything unusual about your environment or deployment
+
+
+## Contributing via Pull Requests
+Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that:
+
+1. You are working against the latest source on the *master* branch.
+2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already.
+3. You open an issue to discuss any significant work - we would hate for your time to be wasted.
+
+To send us a pull request, please:
+
+1. Fork the repository.
+2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change.
+3. Ensure local tests pass.
+4. Commit to your fork using clear commit messages.
+5. Send us a pull request, answering any default questions in the pull request interface.
+6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation.
+
+GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and
+[creating a pull request](https://help.github.com/articles/creating-a-pull-request/).
+
+
+## Finding contributions to work on
+Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any 'help wanted' issues is a great place to start.
+
+
+## Code of Conduct
+This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
+For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
+[email protected] with any additional questions or comments.
+
+
+## Security issue notifications
+If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue.
+
+
+## Licensing
+
+See the [LICENSE](LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
+
+We may ask you to sign a [Contributor License Agreement (CLA)](http://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes.

LICENSE

@@ -0,0 +1,14 @@
+Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -0,0 +1,34 @@
+## RDS Snapshot Export to S3 Pipeline
+
+This repository creates the automation necessary to export Amazon RDS snapshots to S3 for a specific database whenever an automated snapshot is created.
+
+## Usage
+
+1. Install the [Amazon Cloud Development Kit](https://aws.amazon.com/cdk/) (CDK).
+2. Clone this repository and `cd` into it.
+3. Modify the arguments to the `RdsSnapshotExportPipelineStack` constructor in `$/bin/cdk.ts` according to your environment.
+    * `dbName`: This RDS database must already exist.
+    * `rdsEventId`: This should be `RdsEventId.DB_AUTOMATED_AURORA_SNAPSHOT_CREATED` for Amazon Aurora databases or `RdsEventId.DB_AUTOMATED_SNAPSHOT_CREATED` otherwise.
+    * `s3BucketName`: An S3 bucket with the provided name will be created automatically for you.
+4. Execute the following:
+    * `npm install`
+    * `npm run cdk bootstrap`
+    * `npm run cdk deploy`
+5. Open up your `<dbName>-rds-snapshot-exporter` function in the [AWS Lambda](https://console.aws.amazon.com/lambda/home) console and configure a test event using the contents of [$/event.json](./event.json) as a template.
+    * **NOTE:** The example content is a *subset* of an SNS event notification containing the minimum valid event data necessary to successfully trigger the Lambda function's execution. You should modify the `<SNAPSHOT_NAME>` value within the `Message` key to match an existing RDS snapshot (e.g. `rds:<dbName>-YYYY-MM-DD-hh-mm`). You may also need to modify the `MessageId` if you are attempting to export the same snapshot more than once.
+6. Click the **Test** button to start an export.
+
+You can check on the progress of the export in the [Exports in Amazon S3](https://console.aws.amazon.com/rds/home#snapshots-list:tab=exporttos3) listing. When that is finished, you can use the [AWS Glue Crawler](https://console.aws.amazon.com/glue/home#catalog:tab=crawlers) that was created for you to crawl the export, then use [Amazon Athena](https://console.aws.amazon.com/athena/home#query) to perform queries on the exported snapshot.
+
+## Cleanup
+
+Execute `npm run cdk destroy` to delete resources pertaining to this example.
+
+You will also need to delete the following manually:
+   * The S3 bucket that was created to store the snapshot exports.
+   * The [CDKToolkit CloudFormation Stack](https://console.aws.amazon.com/cloudformation/home#/stacks?filteringText=CDKToolkit) created by `npm run cdk bootstrap`.
+   * The `cdktoolkit-stagingbucket-<...>` bucket.
+
+## License
+
+This library is licensed under the MIT-0 License. See the [LICENSE](./LICENSE) file.

assets/exporter/main.py

@@ -0,0 +1,62 @@
+import json
+import logging
+import os
+import re
+
+import boto3
+
+"""
+Evaluates whether or not the triggering event notification is for an automated
+snapshot of the desired DB_NAME, then initiates an RDS snapshot export to S3
+task of that snapshot if so.
+
+The function returns the response from the `start_export_task` API call if
+it was successful. The function execution will fail if any errors are produced
+when making the API call. Otherwise, if the triggering event does not correspond
+to the RDS_EVENT_ID or DB_NAME we are expecting to see, the function will return
+nothing.
+"""
+
+logger = logging.getLogger()
+logger.setLevel(os.getenv("LOG_LEVEL", logging.INFO))
+
+
+def handler(event, context):
+    if event["Records"][0]["EventSource"] != "aws:sns":
+        logger.warning(
+            "This function only supports invocations via SNS events, "
+            "but was triggered by the following:\n"
+            f"{json.dumps(event)}"
+        )
+        return
+
+    logger.debug("EVENT INFO:")
+    logger.debug(json.dumps(event))
+
+    message = json.loads(event["Records"][0]["Sns"]["Message"])
+
+    if message["Event ID"].endswith(os.environ["RDS_EVENT_ID"]) and re.match(
+        "^rds:" + os.environ["DB_NAME"] + "-\d{4}-\d{2}-\d{2}-\d{2}-\d{2}$",
+        message["Source ID"],
+    ):
+        export_task_identifier = event["Records"][0]["Sns"]["MessageId"]
+        account_id = boto3.client("sts").get_caller_identity()["Account"]
+        response = boto3.client("rds").start_export_task(
+            ExportTaskIdentifier=(
+                message["Source ID"][4:27] + '-' + event["Records"][0]["Sns"]["MessageId"]
+            ),
+            SourceArn=f"arn:aws:rds:{os.environ['AWS_REGION']}:{account_id}:snapshot:{message['Source ID']}",
+            S3BucketName=os.environ["SNAPSHOT_BUCKET_NAME"],
+            IamRoleArn=os.environ["SNAPSHOT_TASK_ROLE"],
+            KmsKeyId=os.environ["SNAPSHOT_TASK_KEY"],
+        )
+        response["SnapshotTime"] = str(response["SnapshotTime"])
+
+        logger.info("Snapshot export task started")
+        logger.info(json.dumps(response))
+    else:
+        logger.info(f"Ignoring event notification for {message['Source ID']}")
+        logger.info(
+            f"Function is configured to accept {os.environ['RDS_EVENT_ID']} "
+            f"notifications for {os.environ['DB_NAME']} only"
+        )

bin/cdk.ts

@@ -0,0 +1,11 @@
+#!/usr/bin/env node
+import 'source-map-support/register';
+import * as cdk from '@aws-cdk/core';
+import { RdsSnapshotExportPipelineStack, RdsEventId } from '../lib/rds-snapshot-export-pipeline-stack';
+
+const app = new cdk.App();
+new RdsSnapshotExportPipelineStack(app, 'RdsSnapshotExportToS3Pipeline', {
+  dbName: '<existing-rds-database-name>',
+  rdsEventId: RdsEventId.DB_AUTOMATED_SNAPSHOT_CREATED,
+  s3BucketName: '<desired-s3-bucket-name>',
+});

cdk.context.json

@@ -0,0 +1,4 @@
+{
+  "@aws-cdk/core:enableStackNameDuplicates": "true",
+  "aws-cdk:enableDiffNoFail": "true"
+}

cdk.json

@@ -0,0 +1,3 @@
+{
+  "app": "npx ts-node bin/cdk.ts"
+}

event.json

@@ -0,0 +1,12 @@
+{
+    "Records": [
+        {
+            "EventSource": "aws:sns",
+            "Sns": {
+                "Type": "Notification",
+                "MessageId": "00000000-0000-0000-0000-000000000000",
+                "Message": "{\"Event Source\":\"db-snapshot\",\"Source ID\":\"<SNAPSHOT_NAME>\",\"Event ID\":\"http://docs.amazonwebservices.com/AmazonRDS/latest/UserGuide/USER_Events.html#RDS-EVENT-0091\"}"
+            }
+        }
+    ]
+}