RDS Backups

RDS Backup

AWS RDS automatically backs up database instances.

Turbot can enforce a backup retention period policy for all database instances and clusters through setting the AWS > RDS > Backup Retention Period policy.

RDS Manual Snapshots

When a database is deleted in RDS, AWS will also delete all of the automatic backups associated with the instance. RDS prompts the user to create a final snapshot, but this is not required.
Turbot provides two levels of protection against accidental or malicious data loss through deletion:

Database deletion is restricted to users with AWS/RDS/Admin or higher.
Turbot can automatically create manual snapshots of databases and retain them according to a schedule.

AWS > RDS > Database Data Protection: This policy is designed to be set by the organization as a high level (e.g. cluster level). It defines the minimum level of manual snapshots that are acceptable to the organization. Turbot enforces this for all RDS under the scope of the Heirarchy (e.g. If set at the cluster level, it would apply and be enforced for all RDS instances for all accounts in the cluster.)

AWS > RDS > Database Backup: This policy is designed to be set at the Account or RDS Instance level. It allows an individual application team to specify more frequent or longer retention periods than are defined in AWS > RDS > Database Data Protection

AWS > RDS > Database Backup Name Prefix: This policy defines a prefix that is used in the name of snapshots that turbot automates, to differentiate them from manual snaps.

The setting in AWS > RDS > Database Backup will only be effective if the frequency or retention of the policy is greater than the setting for AWS > RDS > Database Data Protection.
In other words: AWS > RDS > Database Data Protection policy defines the minimum sets of backups Turbot will take, regardless of AWS > RDS > Backup policy definition.

The choices for both policies are:

- Skip
- Enforce: None
- Enforce: Daily for 3 days
- Enforce: Daily for 7 days
- Enforce: Daily for 14 days
- Enforce: Daily for 30 days
- Enforce: Daily for 90 days
- Enforce: Daily with backoff to 3 months
- Enforce: Daily with backoff to 1 year
- Enforce: Daily with backoff
- Enforce: Hourly with backoff to 7 days
- Enforce: Hourly with backoff to 14 days
- Enforce: Hourly with backoff to 1 month
- Enforce: Hourly with backoff to 3 months
- Enforce: Hourly with backoff to 1 year
- Enforce: Hourly with backoff to 3 years
- Enforce: Hourly with backoff

Turbot executes these schedules by taking Hourly snapshots for each and then deleting unneeded snapshots. When choosing one of the Daily with backoff options, please note that Turbot still creates hourly snapshots, but only keeps the latest snapshot + each days retained snapshot per the above schedule.

Examples:

Enforce: Hourly with backoff to 1 year would create the following snaps:

- 72 Hourly snapshots
- 14 Daily snapshots
- 12 monthly snapshots
- 1 yearly snapshot

Enforce: Daily with backoff to 3 months would create the following snaps:
- Latest hourly snapshot
- 14 Daily snapshots
- 3 Monthly snapshots

Deprecated policies:

AWS > RDS > Snapshot Period Days
AWS > RDS > Snapshot Retention Days

These policies also automatically create snapshots and retain them based on the schedule set. If both AWS > RDS > Snapshot Period Days and AWS > RDS > Database Data Protection are set, two separate sets of snapshots will be created. These policies will be removed from Turbot in version 5.

Was this article helpful?
0 out of 0 found this helpful