Data Recovery and Backup Procedure
This section describes the customer data recovery and backup procedure.
Prerequisite
You must enable continuous automatic backup of ConfigDB Aurora DB on an active cluster.
AWS Backup Overview
Amazon Web Services (AWS) Backup is a fully-managed service that makes it easy to centralize and automate data protection across AWS services, in the cloud, and on premises. Using this service, one can configure backup policies and monitor activity for your AWS resources in one place. It automates and consolidate backup tasks that were previously performed service-by-service and removes the need to create custom scripts and manual processes.
Note | To use the AWS Backup service, you must opt in to have the AWS Backup service to back up the assigned resources. |
Supported Resources
The supported resources include Amazon Elastic Compute Cloud (Amazon EC2) instances, Amazon Elastic Block Store (Amazon EBS) volumes, Amazon Relational Database Service (Amazon RDS) databases (including Amazon Aurora clusters), Amazon DynamoDB tables, Amazon Neptune databases, Amazon DocumentDB (with MongoDB compatibility) databases, Amazon Elastic File System (Amazon EFS) file systems, Amazon FSx for Lustre file systems, Amazon FSx for Windows File Server file systems, and AWS Storage Gateway volumes.
Backup Rules
Define a backup rule to specify the backup schedule, backup window, destination regions, and lifecycle rules.
-
Frequency - hourly, daily, weekly, monthly
-
Backup window - default or custom
-
Retention period - days, weeks, months, years
-
Destination regions - List of available regions
Note | The recommended values are for every 1 hour with a retention period of 7 days with at least 3 destination regions. |
Resource Assignment
After you create the rule, assign the desired services to perform the backup. In this case, the Aurora DB is assigned to the rule.
DB Recovery Procedure
This section describes the steps required to recover data.
-
Create an AWS SMI substrate on the specified region provided to you with the AWS account , for example, us-west-2, so you can deploy the SMI cluster.
-
Deploy the SMI cluster and initiate all the required SMI cluster components except the ConfigDB database, these are ConfigFE, ConfigBE, and the monitoring clusters on the specified region provided with your AWS account.
-
After a resource (ConfigDB) is backed up at least once in the active region, for example, us-east-2, it is considered protected and is available to be restored using the AWS Backup dashboard under protected resources in each region. Each resource has specific steps to restore from the backup. Initiate the ConfigDB in the backup region, for example, us-west-2.
-
Configure and initiate the backup cluster active state. After the Aurora DB is restored, configure the ConfigDB to point to the newly restored resource ARN and secret ARN to enable the ConfigDB to access the DB.
After the DB is connected, ensure that all the other clusters connect to ConfigDB and are fully active.
-
Configure the vault KMS and storage using information about the newly restored DB.
-
Verify the vault encryption and decryption. For example, the encrypted fields on the us-east-2 are decrypted on the us-west-2 region.