Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How do I set up automatic cross-Region and cross-account disaster recovery for Amazon Redshift?

4 minute read
13

I want to set up automatic disaster recovery across AWS Regions and AWS accounts for Amazon Redshift.

Resolution

Turn on cross-Region snapshot replication

To turn on cross-Region snapshot replication, see Configuring cross-Region snapshot copy for a nonencrypted cluster.

If you use an Amazon Redshift cluster that has AWS Key Management Service (AWS KMS) encryption, then see Configuring cross-Region snapshot copy for an AWS KMS-encrypted cluster.

Use Lambda to automate manual snapshot creation

To use AWS Lambda to automate manual snapshot creation, you must use an AWS Identity and Access Management (IAM) role. Also, you must create a Lambda function that takes and retains snapshots.

Create the IAM role

First, create an IAM policy with the following permissions to create cluster snapshots:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "redshift:CreateClusterSnapshot",
      "Resource": "*"
    }
  ]
}

Then, create the IAM role. For Service or use case, choose Lambda and for Permissions policies, select the preceding policy. Or, attach the preceding policy to an existing Lambda service role.

Create the Lambda function

Complete the following steps:

  1. Open the Lambda console.

  2. In the navigation pane, choose Functions, and then choose Create function.

  3. For Function name, enter a name for your function. For example, RedshiftSnapshotCreation.

  4. From the Runtime dropdown list, choose a supported version of Python, and then choose Create function.

  5. In the Code source editor, enter the following Lambda code:

    import boto3
import json

def lambda_handler(event, context):
redshift = boto3.client('redshift')
cluster_id = 'redshift-cluster-1' 
timestamp = datetime.datetime.utcnow().strftime('%Y-%m-%d-%H-%M-%S')
snapshot_id = f'manual-snapshot-{timestamp}'

try:
response = redshift.create_cluster_snapshot(
SnapshotIdentifier=snapshot_id,
ClusterIdentifier=cluster_id,
ManualSnapshotRetentionPeriod=2 # Retain for 2 days
)
print(f"Snapshot {snapshot_id} created successfully.")

return {
'status': 'Snapshot created successfully',
'snapshot_id': snapshot_id,
'cluster_id': cluster_id,
'created_at': datetime.datetime.utcnow().isoformat()
}

except Exception as e:
print(f"Error creating snapshot: {e}")
raise

    Note: Replace redshift-cluster-1 with your Amazon Redshift cluster ID. For ManualSnapshotRetentionPeriod, replace 2 with the number of days that you want your snapshot to be retained for.

  6. Choose Deploy.

Use EventBridge Scheduler to invoke the Lambda function

Create an Amazon EventBridge schedule to invoke the Lambda function. When you create the schedule, take the following actions:

  • For Schedule type, choose Recurring schedule, and then choose Rate-based schedule. To invoke the Lambda function every hour, for Rate expression, choose 1 for Value, and then choose Hours for Unit. From the Flexible time window dropdown list, choose Off.
  • For Invoke, select the Lambda function that you created in the Create the Lambda function section of this article.

Automate cross-account snapshot sharing in target Region

To share your snapshots to an account in a different AWS Region, complete the following steps:

  1. Create a new IAM policy with the following permissions:

    {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "redshift:DescribeClusterSnapshots",
        "redshift:AuthorizeSnapshotAccess"
      ],
      "Resource": "*"
    }
  ]
}

  2. Create a new IAM role. Take the following actions:
    For Service or use case, choose Lambda.
    For Permissions policies, attach the preceding policy.

  3. Create a Lambda function. Choose the Code tab, and then enter the following code:

    import boto3
import json

def lambda_handler(event, context):
redshift = boto3.client('redshift')
target_account = 'target_account_id'

try:
# Get list of manual snapshots
response = redshift.describe_cluster_snapshots(
SnapshotType='manual',
)

for snapshot in response['Snapshots']:
snapshot_id = snapshot['SnapshotIdentifier']

try:
redshift.authorize_snapshot_access(
SnapshotIdentifier=snapshot_id,
AccountWithRestoreAccess=target_account
)
print(f"Shared snapshot {snapshot_id} with account {target_account}")

except redshift.exceptions.AuthorizationAlreadyExistsFault:
print(f"Snapshot {snapshot_id} already shared with {target_account}")

except Exception as e:
print(f"Error sharing snapshot {snapshot_id}: {str(e)}")

return {
'statusCode': 200,
'body': 'Snapshot sharing process completed'
}

except Exception as e:
print(f"Error: {str(e)}")
raise e

    Note: Replace target_account_id with the target AWS account ID.

  4. Follow the instructions in the Use EventBridge to invoke the Lambda function section of this article. For Invoke, select the Lambda function that you created in the preceding step.

Related information

Copying a snapshot to another AWS Region

Topics
Analytics
Tags
Amazon Redshift
Language
English
AWS OFFICIALUpdated a month ago
No comments

Relevant content