jameshy / Pgdump Aws Lambda
Licence: mit
Lambda function for executing pg_dump and streaming the output to s3.
Stars: ✭ 80
Programming Languages
javascript
184084 projects - #8 most used programming language
Projects that are alternatives of or similar to Pgdump Aws Lambda
Serverless Pg
A package for managing PostgreSQL connections at SERVERLESS scale
Stars: ✭ 142 (+77.5%)
Mutual labels: aws-lambda, postgres
Content Lambda Boto3
Automating AWS with Lambda, Python, and Boto3
Stars: ✭ 91 (+13.75%)
Mutual labels: aws-lambda, backup
Barman
Barman - Backup and Recovery Manager for PostgreSQL
Stars: ✭ 1,044 (+1205%)
Mutual labels: postgres, backup
Discfg
A distributed, serverless, configuration tool using AWS services
Stars: ✭ 75 (-6.25%)
Mutual labels: aws-lambda
Lambda Refarch Webapp
The Web Application reference architecture is a general-purpose, event-driven, web application back-end that uses AWS Lambda, Amazon API Gateway for its business logic. It also uses Amazon DynamoDB as its database and Amazon Cognito for user management. All static content is hosted using AWS Amplify Console.
Stars: ✭ 1,208 (+1410%)
Mutual labels: aws-lambda
Serverless Plugin Git Variables
⚡️ Expose git variables to serverless
Stars: ✭ 75 (-6.25%)
Mutual labels: aws-lambda
Serverless Node Simple Messaging
Simple email AWS lambda function
Stars: ✭ 75 (-6.25%)
Mutual labels: aws-lambda
Aws Lambda Unzip
Function for AWS Lambda to extract zip files uploaded to S3
Stars: ✭ 79 (-1.25%)
Mutual labels: aws-lambda
Image Lambda
An AWS Lambda function that AWS S3 can invoke to create thumbnails or reduce file size for png and jpg images.
Stars: ✭ 78 (-2.5%)
Mutual labels: aws-lambda
Bgworker
Background Worker Processes for PostgreSQL written in Go
Stars: ✭ 77 (-3.75%)
Mutual labels: postgres
Docker Openldap Backup
A docker image to run OpenLDAP, and make periodic backups 🐳
Stars: ✭ 75 (-6.25%)
Mutual labels: backup
Aws Maintenance
Collection of scripts and Lambda functions used for maintaining AWS resources
Stars: ✭ 75 (-6.25%)
Mutual labels: aws-lambda
Vip Manager
Manages a virtual IP based on state kept in etcd or Consul
Stars: ✭ 75 (-6.25%)
Mutual labels: postgres
Rdiffweb
A simplified backup management software for quick access to your archives through an efficient web interface.
Stars: ✭ 76 (-5%)
Mutual labels: backup
Blindchat
a facebook messenger bot that allows users to chat with other people on facebook anonymously
Stars: ✭ 78 (-2.5%)
Mutual labels: postgres
pgdump-aws-lambda
An AWS Lambda function that runs pg_dump and streams the output to s3.
It can be configured to run periodically using CloudWatch events.
Quick start
-
Create an AWS lambda function:
- Author from scratch
- Runtime: Node.js 12.x
-
Configuration -> Function code:
- Code Entry Type: Upload a .zip file
- Upload (pgdump-aws-lambda.zip)
- Basic Settings -> Timeout: 15 minutes
- Save
- Code Entry Type: Upload a .zip file
-
Configuration -> Execution role
- Edit the role and attach the policy "AmazonS3FullAccess"
-
Test
- Create new test event, e.g.:
{ "PGDATABASE": "dbname", "PGUSER": "postgres", "PGPASSWORD": "password", "PGHOST": "host", "S3_BUCKET" : "db-backups", "ROOT": "hourly-backups" }
- Test and check the output
-
Create a CloudWatch rule:
- Event Source: Schedule -> Fixed rate of 1 hour
- Targets: Lambda Function (the one created in step #1)
- Configure input -> Constant (JSON text) and paste your config (as per step #4)
File Naming
This function will store your backup with the following s3 key:
s3://${S3_BUCKET}${ROOT}/YYYY-MM-DD/[email protected]
AWS Firewall
- If you run the Lambda function outside a VPC, you must enable public access to your database instance, a non VPC Lambda function executes on the public internet.
- If you run the Lambda function inside a VPC (not tested), you must allow access from the Lambda Security Group to your database instance. Also you must add a NAT gateway to your VPC so the Lambda can connect to S3.
Encryption
You can add an encryption key to your event, e.g.
{
"PGDATABASE": "dbname",
"PGUSER": "postgres",
"PGPASSWORD": "password",
"PGHOST": "host",
"S3_BUCKET" : "db-backups",
"ROOT": "hourly-backups",
"ENCRYPT_KEY": "c0d71d7ae094bdde1ef60db8503079ce615e71644133dc22e9686dc7216de8d0"
}
The key should be exactly 64 hex characters (32 hex bytes).
When this key is present the function will do streaming encryption directly from pg_dump -> S3.
It uses the aes-256-cbc encryption algorithm with a random IV for each backup file. The IV is stored alongside the backup in a separate file with the .iv extension.
You can decrypt such a backup with the following bash command:
openssl enc -aes-256-cbc -d \
-in [email protected] \
-out [email protected] \
-K c0d71d7ae094bdde1ef60db8503079ce615e71644133dc22e9686dc7216de8d0 \
-iv $(< [email protected])
Developer
Bundling a new pg_dump binary
- Launch an EC2 instance with the Amazon Linux 2 AMI
- Connect via SSH and Install PostgreSQL using yum.
- Locally, create a new directory for your pg_dump binaries:
mkdir bin/postgres-11.6 - Copy the binaries
scp -i <aws PEM> [email protected]<EC2 Instance IP>:/usr/bin/pg_dump ./bin/postgres-11.6/pg_dumpscp -i <aws PEM> [email protected]<EC2 Instance IP>:/usr/lib64/{libcrypt.so.1,libnss3.so,libsmime3.so,libssl3.so,libsasl2.so.3,liblber-2.4.so.2,libldap_r-2.4.so.2} ./bin/postgres-11.6/scp -i <aws PEM> [email protected]<EC2 Instance IP>:/usr/pgsql-11/lib/libpq.so.5 ./bin/postgres-11.6/libpq.so.5
- When calling the handler, pass the environment variable
PGDUMP_PATH=postgres-11.6to use the binaries in the bin/postgres-11.6 directory.
Creating a new function zip
npm run deploy
Contributing
Please submit issues and PRs.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].