Forem: Alexandre Rabello Santana The latest articles on Forem by Alexandre Rabello Santana (@alexandrerabellosantana). https://forem.com/alexandrerabellosantana https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1200608%2F5813930e-950c-4293-bca4-fc870b2618d7.jpeg Forem: Alexandre Rabello Santana https://forem.com/alexandrerabellosantana en 🚀 Disaster Recovery Solution Using AWS Backups 🌐 Alexandre Rabello Santana Thu, 13 Jun 2024 14:36:05 +0000 https://forem.com/alexandrerabellosantana/disaster-recovery-solution-using-aws-backups-2p28 https://forem.com/alexandrerabellosantana/disaster-recovery-solution-using-aws-backups-2p28 <p>Recently, I implemented an innovative Disaster Recovery (DR) solution to support our Amazon RDS backups using the powerful tools provided by AWS. Here's a brief overview of the project:</p> <p>🔹 Challenge: Ensure that our RDS database backups are securely and efficiently replicated across different AWS accounts and regions. The solution needed to be robust, automated, and capable of supporting our recovery needs in the event of catastrophic failures.</p> <p>🔹 Solution: I developed an AWS Lambda function to automate the copying of recovery points from AWS Backup across regions and accounts. This function runs daily, ensuring that all recovery points created on the current day are replicated from the source vault to the destination vault in the region where our DR resources are located.</p> <p>🔹 Technologies Used:</p> <p>AWS Backup: To create and manage the recovery points.<br> Amazon RDS: The primary data source we are protecting.<br> AWS Lambda: To automate the recovery points copy process.<br> IAM Roles: To manage permissions and security between accounts and regions.<br> 🔹 Benefits:</p> <p>Resilience: Ensuring that data is securely stored in multiple regions, ready to be recovered in case of disaster.<br> Automation: Fully automated backup and recovery processes, reducing manual workload and the risk of human error.<br> Efficiency: Fast and secure data replication, minimizing recovery time.<br> This DR solution is a significant step towards protecting our critical data and maintaining business continuity. I am excited to continue exploring and implementing innovative solutions that enhance the resilience and security of our systems!</p> <p>If you're interested in discussing more about backup strategies and disaster recovery, feel free to reach out!</p> <p><strong>GITHUB :</strong> <code>https://github.com/alerabello/AWS-Backup-Copy</code></p> <h1> AWS #Backup #DisasterRecovery #RDS #CloudComputing #Automation #AWSLambda #CrossRegion #CloudSecurity </h1> aws cloud Github Actions — Terraform — CI/CD Multiple Accounts AWS Alexandre Rabello Santana Sun, 09 Jun 2024 01:02:48 +0000 https://forem.com/alexandrerabellosantana/github-actions-terraform-cicd-multiple-accounts-aws-1ek4 https://forem.com/alexandrerabellosantana/github-actions-terraform-cicd-multiple-accounts-aws-1ek4 <h1> Terraform - Multiple AWS Accounts </h1> <p>This repository contains a GitHub Actions workflow for managing Terraform deployments across multiple AWS accounts. The workflow allows for planning, manual approval, and applying or destroying Terraform configurations.</p> <h2> Workflow: Terraform Plan, Approval, and Deploy </h2> <h3> Workflow Dispatch Inputs </h3> <ul> <li> <strong>action</strong>: Specifies the action to perform (<code>apply</code> or <code>destroy</code>). Default is <code>apply</code>.</li> <li> <strong>aws_account</strong>: Specifies the AWS account to deploy to (<code>shared</code>, <code>network</code>, <code>production</code>, <code>stage</code>, <code>develop</code>).</li> <li> <strong>terraform_version</strong>: Specifies the version of Terraform to use. Default is <code>1.8.0</code>.</li> </ul> <h3> Workflow Jobs </h3> <h4> 1. Plan </h4> <ul> <li> <strong>Runs on</strong>: <code>ubuntu-latest</code> </li> <li> <strong>Permissions</strong>: <ul> <li><code>actions: read</code></li> <li><code>issues: write</code></li> <li><code>id-token: write</code></li> <li><code>contents: write</code></li> </ul> </li> <li> <strong>Timeout</strong>: 5 minutes</li> <li> <strong>Steps</strong>: <ul> <li>Checkout the code.</li> <li>Configure AWS credentials based on the selected AWS account.</li> <li>Install and run <code>tflint</code> for linting Terraform files.</li> <li>Setup Terraform with the specified version.</li> <li>Initialize Terraform.</li> <li>Plan Terraform changes and save the plan.</li> <li>Cache Terraform files.</li> <li>Upload the Terraform plan as an artifact.</li> </ul> </li> </ul> <h4> 2. Approval </h4> <ul> <li> <strong>Needs</strong>: <code>plan</code> </li> <li> <strong>Runs on</strong>: <code>ubuntu-latest</code> </li> <li> <strong>Permissions</strong>: <ul> <li><code>actions: read</code></li> <li><code>issues: write</code></li> <li><code>id-token: write</code></li> <li><code>contents: write</code></li> </ul> </li> <li> <strong>Steps</strong>: <ul> <li>Request manual approval from the specified approvers.</li> </ul> </li> </ul> <h4> 3. Deploy </h4> <ul> <li> <strong>Needs</strong>: <code>approval</code> </li> <li> <strong>Runs on</strong>: <code>ubuntu-latest</code> </li> <li> <strong>Permissions</strong>: <ul> <li><code>id-token: write</code></li> <li><code>contents: write</code></li> </ul> </li> <li> <strong>Timeout</strong>: 20 minutes</li> <li> <strong>Steps</strong>: <ul> <li>Checkout the code.</li> <li>Configure AWS credentials based on the selected AWS account.</li> <li>Setup Terraform with the specified version.</li> <li>Download the Terraform plan artifact.</li> <li>Move the Terraform plan.</li> <li>Initialize Terraform.</li> <li>Apply or destroy the Terraform plan based on the specified action.</li> </ul> </li> </ul> <h2> Usage </h2> <p>To trigger the workflow, go to the Actions tab in your GitHub repository, select the <code>Terraform - Multiple AWS Accounts</code> workflow, and click on <code>Run workflow</code>. Fill in the required inputs and run the workflow.</p> <h2> Secrets </h2> <p>The following secrets need to be configured in your GitHub repository:</p> <ul> <li><code>AWS_ACCESS_KEY_ID</code></li> <li><code>AWS_SECRET_ACCESS_KEY</code></li> <li><code>AWS_ROLE_ARN_NETWORK</code></li> <li><code>AWS_ROLE_ARN_PROD</code></li> <li><code>AWS_ROLE_ARN_DEVELOP</code></li> <li><code>AWS_ROLE_ARN_STAGE</code></li> <li> <code>GITHUB_TOKEN</code> (automatically provided by GitHub)</li> </ul> <h2> Notes </h2> <ul> <li>Ensure the roles specified in the AWS credentials have the necessary permissions to perform the Terraform actions.</li> <li>Modify the role ARNs and other configurations as per your AWS setup.</li> </ul> <p>For more information on GitHub Actions and Terraform, refer to the <a href="https://docs.github.com/en/actions" rel="noopener noreferrer">GitHub Actions documentation</a> and <a href="https://www.terraform.io/docs" rel="noopener noreferrer">Terraform documentation</a>.</p> <p>Code : <code>deploy-to-terraform.yml</code></p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>name: Terraform - Multiple AWS Accounts on: workflow_dispatch: inputs: action: description: 'Action to perform (apply or destroy)' required: true default: 'apply' aws_account: description: 'AWS Account to deploy to (shared, network, production, stage, develop)' required: true terraform_version: description: 'Version of Terraform to use' required: true default: '1.8.0' jobs: plan: runs-on: ubuntu-latest permissions: actions: read issues: write id-token: write # This is required for requesting the JWT contents: write # This is required for actions/checkout timeout-minutes: 5 steps: - name: Checkout Code uses: actions/checkout@v2 - name: Configure AWS Credentials if: ${{ github.event.inputs.aws_account == 'network' }} uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ secrets.AWS_ROLE_ARN_NETWORK }} aws-region: us-east-1 - name: Configure AWS Credentials if: ${{ github.event.inputs.aws_account == 'prod' }} uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ secrets.AWS_ROLE_ARN_PROD }} aws-region: us-east-1 - name: Configure AWS Credentials if: ${{ github.event.inputs.aws_account == 'stage' }} uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ secrets.AWS_ROLE_ARN_STAGE }} aws-region: us-east-1 - name: Configure AWS Credentials if: ${{ github.event.inputs.aws_account == 'develop' }} uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ secrets.AWS_ROLE_ARN_DEVELOP }} aws-region: us-east-1 - name: Install TFLint run: | curl -L https://github.com/terraform-linters/tflint/releases/latest/download/tflint_linux_amd64.zip -o tflint.zip unzip tflint.zip sudo mv tflint /usr/local/bin/ rm tflint.zip - name: Lint Terraform files run: tflint - name: Setup Terraform uses: hashicorp/setup-terraform@v3 with: terraform_version: ${{ github.event.inputs.terraform_version }} env: AWS_DEFAULT_REGION: us-east-1 - name: Initialize Terraform run: terraform init -reconfigure - name: Plan Terraform changes run: terraform plan -out=tfplan - name: Cache Terraform files uses: actions/cache@v2 with: path: | .terraform .terraform.lock.hcl key: ${{ runner.os }}-terraform-${{ hashFiles('**/*.tf') }} - name: Upload Terraform plan uses: actions/upload-artifact@v2 with: name: tfplan path: tfplan approval: needs: plan runs-on: ubuntu-latest permissions: actions: read issues: write id-token: write # This is required for requesting the JWT contents: write # This is required for actions/checkout steps: - name: Request Manual Approval uses: trstringer/manual-approval@v1 with: secret: ${{ secrets.GITHUB_TOKEN }} approvers: alerabello minimum-approvals: 1 additional-approved-words: 'Approve, Approved, approve, approved' timeout-minutes: 10 deploy: needs: approval runs-on: ubuntu-latest permissions: id-token: write # This is required for requesting the JWT contents: write # This is required for actions/checkout timeout-minutes: 20 steps: - name: Checkout Code uses: actions/checkout@v2 - name: Configure AWS Credentials if: ${{ github.event.inputs.aws_account == 'network' }} uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ secrets.AWS_ROLE_ARN_NETWORK }} aws-region: us-east-1 - name: Configure AWS Credentials if: ${{ github.event.inputs.aws_account == 'prod' }} uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ secrets.AWS_ROLE_ARN_PROD }} aws-region: us-east-1 - name: Configure AWS Credentials if: ${{ github.event.inputs.aws_account == 'stage' }} uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ secrets.AWS_ROLE_ARN_STAGE }} aws-region: us-east-1 - name: Configure AWS Credentials if: ${{ github.event.inputs.aws_account == 'develop' }} uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ secrets.AWS_ROLE_ARN_DEVELOP }} aws-region: us-east-1 - name: Setup Terraform uses: hashicorp/setup-terraform@v3 with: terraform_version: ${{ github.event.inputs.terraform_version }} - name: Download repository artifact uses: actions/download-artifact@v2 with: name: tfplan path: ./tfplan - name: Move Terraform plan run: mv ./tfplan/tfplan ./tfplan.tfplan - name: Initialize Terraform run: terraform init -reconfigure - name: Apply or Destroy Terraform run: | if [ "${{ github.event.inputs.action }}" == "apply" ]; then terraform apply -auto-approve ./tfplan.tfplan elif [ "${{ github.event.inputs.action }}" == "destroy" ]; then terraform destroy -auto-approve else echo "Invalid action specified: ${{ github.event.inputs.action }}" exit 1 fi </code></pre> </div> devops aws githubactions