Created
February 29, 2020 02:39
-
-
Save bokuweb/5d9f9360f0b36729f5bb49f08d7b86a5 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import * as cdk from '@aws-cdk/core'; | |
| import * as backup from '@aws-cdk/aws-backup'; | |
| import * as iam from '@aws-cdk/aws-iam'; | |
| import { tables } from './tables'; | |
| export class BackupStack extends cdk.Stack { | |
| constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) { | |
| super(scope, id, props); | |
| const name = 'DynamoBackup'; | |
| const vault = new backup.CfnBackupVault(this, 'DynamoBackupVault', { | |
| backupVaultName: name, | |
| }); | |
| const backupRole = new iam.Role(this, 'DynamoBackupRole', { | |
| assumedBy: new iam.ServicePrincipal('backup.amazonaws.com'), | |
| managedPolicies: [ | |
| iam.ManagedPolicy.fromAwsManagedPolicyName('service-role/AWSBackupServiceRolePolicyForBackup'), | |
| iam.ManagedPolicy.fromAwsManagedPolicyName('service-role/AWSBackupServiceRolePolicyForRestores'), | |
| ], | |
| }); | |
| const dynamoBackup = new backup.CfnBackupPlan(this, name + 'Plan', { | |
| backupPlan: { | |
| backupPlanName: name + 'Plan', | |
| backupPlanRule: [ | |
| { | |
| ruleName: name + 'DailyWarmBackup', | |
| lifecycle: { | |
| deleteAfterDays: 35, | |
| }, | |
| targetBackupVault: vault.attrBackupVaultName, | |
| scheduleExpression: 'cron(0 8 * * ? *)', | |
| }, | |
| { | |
| ruleName: name + 'MonthlyColdBackup', | |
| lifecycle: { | |
| deleteAfterDays: 365, | |
| moveToColdStorageAfterDays: 30, | |
| }, | |
| targetBackupVault: vault.attrBackupVaultName, | |
| scheduleExpression: 'cron(0 8 1 * ? *)', | |
| }, | |
| ], | |
| }, | |
| }); | |
| new backup.CfnBackupSelection(this, name + 'DynamoBackupPlanSelection', { | |
| backupPlanId: dynamoBackup.attrBackupPlanId, | |
| backupSelection: { | |
| iamRoleArn: backupRole.roleArn, | |
| selectionName: name, | |
| resources: tables.map(table => 'arn:aws:dynamodb:' + this.region + ':' + this.account + ':table/' + table), | |
| }, | |
| }); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment