Add devx-backup tag to database #301
Conversation
| @@ -110,6 +111,7 @@ export class PinBoardStack extends GuStack { | |||
| publiclyAccessible: false, | |||
| removalPolicy: RemovalPolicy.RETAIN, | |||
| }); | |||
| Tags.of(database).add("devx-backup-enabled", "true"); | |||
There was a problem hiding this comment.
Looks like this db instance instantiates a number of different objects and the 'devx-backup-enabled' tag is added to all of these rather than just the db engine. Hold off on merging this until we verify that this won't have any negative impacts.
There was a problem hiding this comment.
Although it'd be cleaner to back up the AWS::RDS::DBInstance resource type only, I don't think there is any real downside to adding this tag to the associated resources, which are of the following types:
AWS::IAM::RoleAWS::EC2::SecurityGroupAWS::RDS::DBSubnetGroupAWS::SecretsManager::Secret
IIUC AWS Backup doesn't understand any of these types anyway, so the backup tooling is not going to select them.
In other words, I think it's fine to merge this as is.
Update: if we really want to access the RDS instance only for tagging purposes, we have to access the L1 construct - there's an example of that here: #302.
As we've tested this particular implementation on code and were satisfied it works (and would also like to get this merged now to verify prod tomorrow), I'll go ahead and merge this one. If there's any issues caused by the tagging on the other resources, it's good to know how we can get it to be limited to the instance though. |
|
Seen on PROD (merged by @Georges-GNM 4 minutes and 29 seconds ago) Please check your changes! |
Co-authored-by: @jorgeazevedo
Co-authored-by: michaelwmcnamara
Co-authored-by: @twrichards
Co-authored-by: @jacobwinch
What does this change?
Part of RDS Backups
Enables more robust backup processes powered by AWS backup service for the RDS database, as per this FAQ.
How to test
This was added to code, and we could verify this successfully enabled the desired backup in the AWS console.