AWS Backup¶
Backup schedules for EBS, RDS and S3¶
An AWS Backup Vault is created which stores backups. Backups are (by default) created every day at 01:00 and are stored for 30 days. These backups include snapshots of all S3 buckets which are managed by the toolkit, as well as backups from RDS. Where supported, we have enabled continuous backups for AWS services.
If no Gitaly nodes exist, the gitlab-rails data disks will be backed up as these will contain Gitaly data.
The following relevant terraform variables are available:
| Name | Default | Description |
|---|---|---|
backup_retention_period |
30 |
Number of days to keep backups in Vault |
backup_kms_key_arn |
null |
KMS key to use for the Backup Vault |
backup_mirror_vault_arn |
null |
Additional AWS Backup vault to mirror all snapshots to |
backup_mirror_retention_period |
null |
Number of days to keep backups in the mirror Vault |
backup_cron_schedule |
"cron(0 1 ? * * *)" |
Cron expression to control when AWS Backups are triggered |
Mirrorring backups to another region or vault¶
We support mirroring backups to an additional AWS Backup vault, which may be in another region or account. You must create the additional vault yourself, there is no support for provisioning one. Only snapshots created after enabling this option are copied, there is no backfilling support.
A ready to use example to copy into your solution can be found below:
## main.tf
provider "aws" {
alias = "mirror"
region = "eu-central-1" # Example for primary region 'eu-west-1'.
# Specify default_tags configuration and/or role switching here.
}
## backup_mirror.tf
resource "aws_kms_key" "mirror_key" {
provider = aws.mirror
key_usage = "ENCRYPT_DECRYPT"
customer_master_key_spec = "SYMMETRIC_DEFAULT"
deletion_window_in_days = 7
}
resource "aws_backup_vault" "mirror_backup_vault" {
provider = aws.mirror
name = "${var.prefix}-mirror-backup-vault"
kms_key_arn = aws_kms_key.mirror_key.arn
}
## environment.tf
module "gitlab_cluster" {
# ...
backup_mirror_vault_arn = aws_backup_vault.mirror_backup_vault.arn
backup_mirror_retention_period = 30 # Optional, will default to `backup_retention_period`.
# ...
}