0

Currently, we are mainly using DMS, RDS & IAM AWS services. Now, if we want to use those services in different region / account then how to take only configuration backup? Like -

  1. DMS - Replication instances, Endpoint, Event subscriptions.
  2. RDS - DB Instances, Subnet groups, Parameter groups, Event subscriptions.
  3. IAM - Users, Groups, Role, Policy

In all above services database backup is not required, just want configuration settings using which same infrastructure can be created in other region / account.

CloudFormation can be used when we have template ready but here infrastructure created by someone else so we need some AWS service using which infrastructure configuration can be backed up which later can be used in newer infra creation.

Krishna Pagar
  • 17
  • 3
  • 2
    Note: IAM is a global service, not regional. – jarmod May 09 '23 at 11:06
  • Look for a tool designed to generate CloudFormation or Terraform scripts based on an existing account configuration. I'm not familiar with any such tools but I expect that one must exist. A security audit tool such as ScoutSuite can pull a lot of your configuration but it might miss some things that it doesn't care about and the results will not be in a format conducive to deploying that configuration into a new account. – user3553031 May 09 '23 at 22:46

2 Answers2

1

Typically you would use an Infrastructure as Code (Iac) tool such as CloudFormation or Terraform to create your AWS resources. Then your configuration would be code, checked into source control (Git) such that you can see exactly what your infrastructure should be at any moment just by looking at the IaC templates, and you can see how it has changed over time by looking at the history of the templates in your source control tool.

Then when you want to deploy the same configuration to another region, all you have to do is run your IaC tool again with a different region configured.

Mark B
  • 183,023
  • 24
  • 297
  • 295
  • Infrastructure created by someone else, and he is not part of team now. If we use CloudFormation here, then we don't know each service component in depth to create templates. Do we have any service / way by which we can export templates automatically with current infrastructure setup? – Krishna Pagar May 09 '23 at 11:42
  • 1
    it's hard to retroactively apply automation. You may be able to import the resources into terraform or even cloudformation. Personally I would probably lean towards rebuilding the whole thing using existing resources as an example because if "he is not part of team now" a lot of his infra knowledge might have left with him, and you are gonna need some more expertise. – erik258 May 09 '23 at 11:59
1

I think using AWS CLI describe command aws SERVICE_NAME describe-* is good option to copy all the service content in json file which later on use or refer for creation of same service in other region / account.

Krishna Pagar
  • 17
  • 3