forked from awslabs/amazon-redshift-utils
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdeploy.yaml
162 lines (162 loc) · 4.89 KB
/
deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
AWSTemplateFormatVersion: 2010-09-09
Transform: AWS::Serverless-2016-10-31
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
-
Label:
default: Configuration
Parameters:
- Namespace
- TargetClusterName
- Region
- SnapshotIntervalHours
- SnapshotRetentionDays
-
Label:
default: VPC
Parameters:
- SecurityGroups
- SubnetIds
ParameterLabels:
SnapshotIntervalHours:
default: Interval between Snapshots
TargetClusterName:
default: Target Cluster Name
Namespace:
default: Schedule Name
Region:
default: Region
SnapshotRetentionDays:
default: Snapshot Retention Days
SecurityGroups:
default: VPC Security Groups
SubnetIds:
default: VPC Subnet IDs
Parameters:
SnapshotIntervalHours:
Default: 1
Description: Interval between Snapshots
Type: Number
MinValue: 1
MaxValue: 8
TargetClusterName:
Default: mycluster
Description: Target Cluster Name (for example 'mycluster' in 'mycluster.XXXXXX.region.redshift.amazonaws.com')
Type: String
Namespace:
Default: My New Schedule
Description: Name for the schedule, to help you identify schedule execution
Type: String
Region:
Default: us-east-1
Description: The AWS Region where the cluster resides
Type: String
AllowedValues:
- ap-south-1
- eu-west-2
- eu-west-1
- eu-west-3
- ap-northeast-2
- ap-northeast-1
- sa-east-1
- ca-central-1
- ap-southeast-1
- ap-southeast-2
- eu-central-1
- us-east-1
- us-east-2
- us-west-1
- us-west-2
SnapshotRetentionDays:
Default: 31
Description: Number of days to retain snapshots
Type: Number
MinValue: 1
SecurityGroups:
Default: mygroup1, mygroup2
Description: Security Groups as CSV list to use for the deployed function (may be required for Redshift security policy)
Type: CommaDelimitedList
SubnetIds:
Default: subnet1, subnet2, subnet3
Description: List of private Subnets in VPC in which the function will egress network connections
Type: CommaDelimitedList
Resources:
RedshiftSnapshotManager:
Type: AWS::Serverless::Function
Properties:
Handler: index.handler
Runtime: nodejs8.10
CodeUri:
Bucket: !Sub awslabs-code-${AWS::Region}
Key: RedshiftSnapshotManager/RedshiftSnapshotManager-1.1.1.zip
MemorySize: 192
Timeout: 300
Tags:
Name: RedshiftSnapshotManager
Role: !GetAtt RedshiftSnapshotAutomationIAMRole.Arn
VpcConfig:
SecurityGroupIds:
!Ref SecurityGroups
SubnetIds:
!Ref SubnetIds
RedshiftSnapshotAutomationIAMRole:
Type: "AWS::IAM::Role"
Properties:
RoleName: "LambdaRedshiftSnapshotRole"
Path: "/"
ManagedPolicyArns:
- "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
-
Sid: "AllowLambdaServiceToAssumeRole"
Effect: "Allow"
Action:
- "sts:AssumeRole"
Principal:
Service:
- "lambda.amazonaws.com"
Policies:
-
PolicyName: "LambdaRedshiftSnapshotPolicy"
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action:
- "redshift:CreateClusterSnapshot"
- "redshift:CopyClusterSnapshot"
- "redshift:DeleteClusterSnapshot"
- "redshift:DescribeClusterSnapshots"
- "redshift:CreateTags"
Resource: "*"
RunSnapshotManagerRule:
Type: "AWS::Events::Rule"
Properties:
Description: CloudWatch Events Rule to invoke Redshift Snapshot Manager
Name: RedshiftSnapshotManager
ScheduleExpression: rate(15 minutes)
State: ENABLED
Targets:
- Arn: !GetAtt RedshiftSnapshotManager.Arn
Id: RedshiftSnapshotManagerFunction
Input:
!Sub |
{
"snapshotIntervalHours": "${SnapshotIntervalHours}",
"targetResource": "${TargetClusterName}",
"namespace": "${Namespace}",
"region": "${Region}",
"snapshotRetentionDays": "${SnapshotRetentionDays}"
}
CWEventsInvokeSnapshotPermission:
Type: 'AWS::Lambda::Permission'
Properties:
FunctionName: !GetAtt RedshiftSnapshotManager.Arn
Action: 'lambda:InvokeFunction'
Principal: events.amazonaws.com
SourceAccount: !Ref 'AWS::AccountId'
SourceArn: !GetAtt RunSnapshotManagerRule.Arn