Configuring Backups

  1. Set the following environment variables:

    export AWS_ACCOUNT_ID=123456789012
export AWS_REGION=us-east-1
export EKS_OIDC=oidc.eks.us-east-1.amazonaws.com/id/EXAMPLE1234567890123456789
export CF_BUCKET_NAME=tembo-cf-templates
export BACKUPS_BUCKET_NAME=tembo-backups
export TEMBO_NAMESPACE=tembo
export TEMBO_CHART_NAME=tembo

  2. Download the aws-resource-gen.sh script.

    curl -O https://raw.githubusercontent.com/tembo-io/tembo-enterprise/main/scripts/aws-resource-gen.sh
chmod +x aws-resource-gen.sh

  3. Run the aws-resource-gen.sh script to create templated resource definitions for AWS.

    ./aws-resource-gen.sh

Create Buckets

Create Bucket for CloudFormation Template

  1. Create an S3 bucket for storing a CloudFormation. The conductor component will use this template to create IAM resources that allow Postgres instances to access the S3 bucket for backups.

    aws s3api create-bucket --bucket $CF_BUCKET_NAME --region $AWS_REGION

  2. Upload the CloudFormation templates to the S3 bucket.

    aws s3 cp conductor-cf-template.yaml s3://$CF_BUCKET_NAME
    aws s3 cp conductor-cf-template-v2.yaml s3://$CF_BUCKET_NAME

  3. Add bucket policy

    aws s3api put-bucket-policy --bucket $CF_BUCKET_NAME --policy file://tembo-cf-bucket-policy.json

  4. Configure bucket access

    aws s3api put-public-access-block \
 --bucket $CF_BUCKET_NAME \
 --public-access-block-configuration "BlockPublicAcls=false,IgnorePublicAcls=true,BlockPublicPolicy=false,RestrictPublicBuckets=false"

Create Bucket for Backups

  1. Create an S3 bucket for storing backups.

    aws s3api create-bucket --bucket $BACKUPS_BUCKET_NAME --region $AWS_REGION

  2. Add bucket policy

    aws s3api put-bucket-policy --bucket $BACKUPS_BUCKET_NAME --policy file://tembo-backups-bucket-policy.json

  3. Create directory coredb in the tembo-backups bucket.

    aws s3api put-object --bucket $BACKUPS_BUCKET_NAME --key coredb/ --server-side-encryption AES256

Create IAM Policy and Role

  1. Create IAM Policy

    aws iam create-policy --policy-name tembo --policy-document file://tembo-iam-policy.json

  2. Create IAM Role and Trust Relationship

    aws iam create-role --role-name tembo --assume-role-policy-document file://tembo-trust-relationship.json

  3. Attach IAM Policy to IAM Role

    aws iam attach-role-policy --role-name tembo --policy-arn arn:aws:iam::$AWS_ACCOUNT_ID:policy/tembo

Enable Backups in Helm Chart

Set the following helm values and upgrade the Tembo chart.

  conductor:
    serviceAccount:
      annotations:
        eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/tembo
    env:
      - name: BACKUP_ARCHIVE_BUCKET
        value: "tembo-backups"
      - name: CF_TEMPLATE_BUCKET
        value: "tembo-cf-templates"
      - name: IS_CLOUD_FORMATION
        value: "true"
      - name: AWS_REGION
        value: <my-region>
  tembo-operator:
    controller:
      env:
        - name: ENABLE_BACKUP
          value: "true"
        - name: ENABLE_VOLUME_SNAPSHOT
          value: "false"

Next

chevron right arrow

Overview

Tembo operator

What's next?

Elephant logo Try Tembo Cloud for free
Github cat logo Star us on Github
Youtube play button logo Subscribe to our Youtube Channel
Github cat logo Subscribe to the RSS feed
X logo Follow us on X
Mastodon logo Follow us on Mastodon
Slack logo Join our Community Slack
Edit page on github logo Edit this page on Github