GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → CloudSnorkel → RDS-sanitized-snapshots

CloudSnorkel / RDS-sanitized-snapshots

Licence: MIT license
Take periodic snapshots of RDS databases, sanitize them, and share with other accounts. Useful for QA/dev databases.

Programming Languages

python
139335 projects - #7 most used programming language

Labels

awsrdssnapshots

Projects that are alternatives of or similar to RDS-sanitized-snapshots

Win Acme
A simple ACME client for Windows (for use with Let's Encrypt et al.)
Stars: ✭ 4,305 (+10400%)
Mutual labels:  rds
Aws Cli Cheatsheet
☁️ AWS CLI + JQ = Make life easier
Stars: ✭ 94 (+129.27%)
Mutual labels:  rds
Pyreadr
Python package to read and write R RData and Rds files into/from pandas dataframes. No R or other external dependencies required.
Stars: ✭ 137 (+234.15%)
Mutual labels:  rds
Startup Kit Templates
CloudFormation templates to accelerate getting started on AWS.
Stars: ✭ 669 (+1531.71%)
Mutual labels:  rds
Waliyun
阿里云Node.js Open API SDK(完整版)
Stars: ✭ 40 (-2.44%)
Mutual labels:  rds
Check Reserved Instances
Compare instance reservations and running instances for AWS services
Stars: ✭ 102 (+148.78%)
Mutual labels:  rds
Aws Demos
A hands on repo with multiple demonstrations on AWS 🎓
Stars: ✭ 324 (+690.24%)
Mutual labels:  rds
Collector
pganalyze statistics collector for gathering PostgreSQL metrics and log data
Stars: ✭ 181 (+341.46%)
Mutual labels:  rds
Awesome Aws
A curated list of awesome Amazon Web Services (AWS) libraries, open source repos, guides, blogs, and other resources. Featuring the Fiery Meter of AWSome.
Stars: ✭ 9,895 (+24034.15%)
Mutual labels:  rds
Aws Appsync Rds Aurora Sample
An AWS AppSync Serverless resolver for the Amazon Aurora relational database.
Stars: ✭ 122 (+197.56%)
Mutual labels:  rds
Aliyun Sdk Js
阿里云 SDK for Javascript,支持在浏览器和 Nodejs 环境使用,支持大部分阿里云服务。
Stars: ✭ 727 (+1673.17%)
Mutual labels:  rds
Alibaba Cloud Sdk Go
Alibaba Cloud SDK for Go
Stars: ✭ 876 (+2036.59%)
Mutual labels:  rds
K8s Rds
Kubernetes RDS provisioner
Stars: ✭ 117 (+185.37%)
Mutual labels:  rds
Terraform Aws Rds
Terraform module which creates RDS resources on AWS
Stars: ✭ 430 (+948.78%)
Mutual labels:  rds
Terraform Aws Rds Aurora
Terraform module which creates RDS Aurora resources on AWS
Stars: ✭ 165 (+302.44%)
Mutual labels:  rds
Commit Watcher
Find interesting and potentially hazardous commits in git projects
Stars: ✭ 345 (+741.46%)
Mutual labels:  rds
Awstaghelper
AWS bulk tagging tool
Stars: ✭ 98 (+139.02%)
Mutual labels:  rds
Komiser
☁️ Cloud Environment Inspector 👮🔒 💰
Stars: ✭ 2,684 (+6446.34%)
Mutual labels:  rds
Aws Cost Saver
A tiny CLI tool to help save costs in development environments when you're asleep and don't need them!
Stars: ✭ 178 (+334.15%)
Mutual labels:  rds
Deploy Strapi On Aws
Deploying a Strapi API on AWS (EC2 & RDS & S3)
Stars: ✭ 121 (+195.12%)
Mutual labels:  rds
View All Similar Projects ➔

REPLACED BY https://github.com/CloudSnorkel/cdk-rds-sanitized-snapshots

AWS RDS Sanitized Snapshots

Periodically take snapshots of RDS databases, sanitize them, and share with selected accounts.

Use this to automate your development and/or QA database creation, instead of forcing them to use a database that was created last year and was kind of kept in shape by random acts of kindness. Developers and QA love real data and this lets you create non-production databases with sanitized production data. Use the sanitization step to delete passwords, remove credit card numbers, eliminate PII, etc.

Download latest version or get older versions in the Releases tab.

Overview

Architecture diagram

This project supplies a CloudFormation template that setups a step function and a timer to execute this function. The function will create a sanitized snapshot of a given database and share it with configured accounts. Those accounts can then create new databases from those snapshots.

The step function does the following to create the snapshot:

  1. Get a snapshot of the given database by either:
    • Finding the latest snapshot for the given database
    • Creating and waiting for a new fresh snapshot
  2. Re-encrypt snapshot if KMS key is supplied
  3. Create a temporary database from the snapshot
  4. Wait for the database to be ready
  5. Reset the master password on the temporary database to a random password
  6. Wait for the password to be set
  7. Use a Fargate task to connect to the temporary database and run configured SQL statements to sanitize the data
  8. Take a snapshot of the temporary database
  9. Optionally share the snapshot with other accounts (if you have separate accounts for developers/QA)
  10. Delete temporary database and snapshot

Deploy

RDS-sanitized-snapshots is contained in one CloudFormation template and has no external dependencies but the RDS database itself. It is completely serverless, so you only ever pay for what you use.

Download the template and deploy it as you normally would from the terminal or in the AWS CloudFormation console.

Parameters

Parameter Description
Source database identifier The id (not ARN) of the database you want to snapshot.
Use existing snapshot or create new one Choose whether to create a new snapshot of the database, or to use the latest available snapshot. The latest available would usually be the automatic back-up so it might be a week old.
Snapshot schedule Cron expression describing when the job should run.
Sanitization SQL statements SQL statement used to sanitize the temporary database. Use this to remove any data you don't want in the final snapshot, or the trim the data for size. You can separate multiple statements with a semicolon.
List of AWS accounts to share snapshot with A comma-separated list of AWS accounts to share the final snapshot with. These accounts will see the snapshot under the "Shared with me" tab in the RDS console.
Snapshot name format Final snapshot name format. A new snapshot will be created periodically, so this should contain the date to provide uniqueness. Make sure it follows the naming rules of AWS.
KMS key id Re-encrypt the snapshot with a different key. If left empty, it will be encrypted with the same key used for the original database.
Network Network parameters are required to create the temporary database. Make sure to select at least two subnets that are associated with the selected VPC

Encryption

The new snapshot will be encrypted with the same key used by the original database. If the original database wasn't encrypted, the snapshot won't be encrypted either. To add another step that changes the key, use the KMS key parameter.

See AWS documentation for instructions on giving other accounts access to the key.

Known Limitations

  • The chosen VPC and subnet must have internet access for Fargate to be able to download the right Docker image used to connect to the temporary database.
  • Database clusters are not supported yet.
  • Only PostgreSQL, MySQL and MariaDB are supported for now.

Troubleshooting

  • Check the status of the state machine for the step function. Click on the failed step and check out the input, output and exception.
  • Look for sanitization errors in CloudWatch log group <MY STACK NAME>-SanitizerLogs-<RANDOM>

Building from Source

To build the template from source code:

  1. Install Python 3.10
  2. pip install poetry
  3. poetry install
  4. poetry run python gen-cfm.py --output my-new-template.yml
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].