#!/bin/bash
# Flag legend:
# -e - exit on error
# -u - error on undefined variables
# -o pipefail - set the exit code of a pipeline to that of the rightmost command to exit with a non-zero status,
# or to zero if all commands of the pipeline exit successfully
set -euo pipefail
# The script is designed to run by user who already completed authentication.
# Environment variables below are mandatory.
# Script fails with error if at least one of them is not present.
# For local usage, please complete authentication through Okta and pass these values as environment variables
# to the docker container:
# docker run -it \
# -e AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN \
# -e AWS_REGION=$AWS_REGION \
# -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \
# -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \
# pgtools
export AWS_REGION
export AWS_ACCESS_KEY_ID
export AWS_SECRET_ACCESS_KEY
export AWS_SESSION_TOKEN
read -rp 'Please enter the cluster name: ' source_cluster
# Restoring a cluster to point in time, use Z (UTC) timezone
function restore_cluster(){
# Flag legend:
# r - do not allow backslashes to escape any characters
# p - output the string PROMPT without a trailing newline before attempting to read
read -rp 'Please choose an option: PITR or SNAPSHOT: ' restore_mode
case $restore_mode in
PITR)
instance_engine=`aws rds describe-db-instances --filters "Name=db-cluster-id,Values=${source_cluster}" --query "DBInstances[0].Engine" | tr -d '\n\r\t[]" '`
instance_parameter_group_name=`aws rds describe-db-instances --filters "Name=db-cluster-id,Values=${source_cluster}" --query "DBInstances[0].DBParameterGroups[0].DBParameterGroupName" | tr -d '"\n\t\r '`
instance_source_security_group_ids=`aws rds describe-db-instances --filters "Name=db-cluster-id,Values=${source_cluster}" --query "DBInstances[0].VpcSecurityGroups[*].VpcSecurityGroupId" | tr -d '\n\r\t[]" ' | sed 's/,/ /g'`
instance_class=`aws rds describe-db-instances --filters "Name=db-cluster-id,Values=${source_cluster}" --query "DBInstances[0].DBInstanceClass" | tr -d '"\n\t\r '`
cluster_engine_mode=`aws rds describe-db-clusters --db-cluster-identifier="${source_cluster}" --query "DBClusters[0].EngineMode" | tr -d '"\n\t\r '`
cluster_source_db_subnet=$(aws rds describe-db-clusters --db-cluster-identifier="${source_cluster}" --query "DBClusters[0].DBSubnetGroup" | tr -d '"')
cluster_parameter_group=`aws rds describe-db-clusters --db-cluster-identifier="${source_cluster}" --query "DBClusters[0].DBClusterParameterGroup" | tr -d '"'`
cluster_iam_authentication_enable=`aws rds describe-db-clusters --db-cluster-identifier="${source_cluster}" --query "DBClusters[0].IAMDatabaseAuthenticationEnabled" | tr -d '"\n\t\r '`
export cluster_engine_mode
export cluster_source_db_subnet
export instance_class
export cluster_parameter_group
export instance_source_security_group_ids
export instance_parameter_group_name
export cluster_iam_authentication_enable
read -rp 'Please enter timestamp (e.g. 2023-10-11T18:00:00.000Z) : ' timestamp
aws rds restore-db-cluster-to-point-in-time \
--db-subnet-group-name "${cluster_source_db_subnet}" \
--db-cluster-parameter-group-name "${cluster_parameter_group}" \
--source-db-cluster-identifier "${source_cluster}" \
--db-cluster-identifier "${source_cluster}-pitr" \
--engine-mode "${cluster_engine_mode}" \
--enable-iam-database-authentication \
--vpc-security-group-ids ${instance_source_security_group_ids} \
--restore-to-time "${timestamp}"
sleep 5
aws rds create-db-instance \
--db-cluster-identifier "${source_cluster}-pitr" \
--db-instance-identifier "${source_cluster}-pitr-writer" \
--db-parameter-group-name "${instance_parameter_group_name}" \
--db-instance-class "${instance_class}" \
--engine "${instance_engine}"
;;
SNAPSHOT)
read -rp 'Please enter the snapshot identifier : ' snapshot_identifier
snapshot_engine=`aws rds describe-db-cluster-snapshots --db-cluster-snapshot-identifier="banking-int" --query "DBClusterSnapshots[0].Engine" | tr -d '"\n\t\r '`
snapshot_engine_mode=`aws rds describe-db-cluster-snapshots --db-cluster-snapshot-identifier="banking-int" --query "DBClusterSnapshots[0].EngineMode" | tr -d '"\n\t\r '`
snapshot_engine_version=`aws rds describe-db-cluster-snapshots --db-cluster-snapshot-identifier="banking-int" --query "DBClusterSnapshots[0].EngineVersion" | tr -d '"\n\t\r '`
cluster_parameter_groups=`aws rds describe-db-cluster-parameter-groups --query "DBClusterParameterGroups[*].DBClusterParameterGroupName" | tr -d '\n\r\t[]" ' | sed 's/,/ /g'`
database_parameter_groups=`aws rds describe-db-parameter-groups --query "DBParameterGroups[?DBParameterGroupFamily=='aurora-postgresql14'].DBParameterGroupName" | tr -d '\n\r\t[]" ' | sed 's/,/ /g'`
cluster_engine_version=`aws rds describe-db-cluster-snapshots --db-cluster-snapshot-identifier "${snapshot_identifier}" --query "DBClusterSnapshots[0].EngineVersion" | tr -d '"'`
cluster_vpcs=`aws ec2 describe-security-groups --query "SecurityGroups[*].VpcId" | tr -d '[]" ' | sed 's/,/ /g' | uniq -u | tr -d '\n\r\t'`
cluster_instance_shapes=`aws ec2 describe-instance-types --query InstanceTypes[].InstanceType | sort | tr -d '\n\r\t[]" ' | sed 's/,/ /g'`
export cluster_enine_version
export cluster_vpcs
echo "Please select cluster parameter group: "
select cluster_parameter_group_choice in ${cluster_parameter_groups}
do
cluster_parameter_group=${cluster_parameter_group_choice}
export cluster_parameter_group
break
done
echo "Please select database parameter group: "
select database_parameter_group_choice in ${database_parameter_groups}
do
database_parameter_group=${database_parameter_group_choice}
export database_parameter_group
break
done
echo "Please select VPC id: "
select cluster_vpc_id_choice in ${cluster_vpcs}
do
cluster_vpc_id=${cluster_vpc_id_choice}
export cluster_vpc_id
break
done
cluster_vpc_security_group_ids=`aws ec2 describe-security-groups --query "SecurityGroups[?VpcId=='${cluster_vpc_id}'].GroupId" | tr -d '\n\r\t[]" ' | sed 's/,/ /g'`
cluster_source_db_subnets=`aws rds describe-db-subnet-groups --query "DBSubnetGroups[?VpcId=='${cluster_vpc_id}'].DBSubnetGroupName" | tr -d '\n\r\t[]" ' | sed 's/,/ /g'`
export cluster_source_db_subnets
export cluster_vpc_security_group_ids
instance_db_shapes=`aws rds describe-orderable-db-instance-options --engine ${snapshot_engine} --engine-version ${snapshot_engine_version} --query "OrderableDBInstanceOptions[].DBInstanceClass" | tr -d '\n\r\t[]" ' | sed 's/,/ /g'`
echo "Please select the clusters' instance shape: "
select instance_db_shape_choice in ${instance_db_shapes}
do
instance_db_shape=${instance_db_shape_choice}
export instance_db_shape
break
done
aws rds restore-db-cluster-from-snapshot \
--engine "${snapshot_engine}" \
--enable-iam-database-authentication \
--engine-mode "${snapshot_engine_mode}" \
--engine-version "${snapshot_engine_version}" \
--snapshot-identifier "${snapshot_identifier}" \
--db-cluster-identifier "${source_cluster}-snapshot" \
--db-subnet-group-name "${cluster_source_db_subnets}" \
--vpc-security-group-ids ${cluster_vpc_security_group_ids} \
--db-cluster-parameter-group-name "${cluster_parameter_group}"
sleep 5
aws rds create-db-instance \
--db-cluster-identifier "${source_cluster}-snapshot" \
--db-instance-identifier "${source_cluster}-snapshot-writer" \
--db-parameter-group-name "${database_parameter_group}" \
--db-instance-class "${instance_db_shape}" \
--engine "${snapshot_engine}" \
--engine-version "${snapshot_engine_version}"
;;
*)
echo "You didn't enter any option"
;;
esac
}
restore_cluster