AWS CLI で Redshift のスナップショットを共有してみたメモ。
スナップショットを共有する
共有元AWSアカウント
- スナップショットを作成する。
$ aws redshift create-cluster-snapshot --snapshot-identifier redshift-cluster-1-snapshot --cluster-identifier redshift-cluster-1
- 作成したスナップショットを共有する。
$ aws redshift authorize-snapshot-access --snapshot-identifier redshift-cluster-1-snapshot --account-with-restore-access 234567890123
共有先AWSアカウント
- 共有されたスナップショットを確認する。
$ aws redshift describe-cluster-snapshots --owner-account 123456789012 { "Snapshots": [ { "EstimatedSecondsToCompletion": 0, "OwnerAccount": "123456789012", "CurrentBackupRateInMegaBytesPerSecond": 12.6263, "ActualIncrementalBackupSizeInMegaBytes": 15.0, "SnapshotRetentionStartTime": "2019-05-07T23:30:43.771Z", "NumberOfNodes": 2, "Status": "available", "VpcId": "vpc-...", "ClusterVersion": "1.0", "Tags": [], "EncryptedWithHSM": false, "MasterUsername": "...", "ManualSnapshotRetentionPeriod": -1, "EnhancedVpcRouting": false, "TotalBackupSizeInMegaBytes": 85.0, "BackupProgressInMegaBytes": 15.0, "MaintenanceTrackName": "current", "ClusterCreateTime": "2019-01-22T09:01:46.365Z", "RestorableNodeTypes": [ "dc2.large" ], "ElapsedTimeInSeconds": 1, "ClusterIdentifier": "redshift-cluster-1", "SnapshotCreateTime": "2019-05-07T23:30:42.583Z", "AvailabilityZone": "ap-northeast-1d", "NodeType": "dc2.large", "Encrypted": false, "SnapshotType": "manual", "Port": 5439, "SnapshotIdentifier": "redshift-cluster-1-snapshot" } ] }
スナップショットの共有をやめる
共有元AWSアカウント
- スナップショットの共有をやめる。
$ aws redshift revoke-snapshot-access --snapshot-identifier redshift-cluster-1-snapshot --account-with-restore-access 234567890123
共有先AWSアカウント
- スナップショットが共有されてないことを確認する。
$ aws redshift describe-cluster-snapshots --owner-account 123456789012 { "Snapshots": [] }
補足
- CloudTrail でスナップショット共有時のイベント
{ "eventVersion": "1.05", "userIdentity": { "type": "AssumedRole", "principalId": "...:i-...", "arn": "arn:aws:sts::123456789012:assumed-role/EC2AdminRole/i-...", "accountId": "123456789012", "accessKeyId": "...", "sessionContext": { "attributes": { "mfaAuthenticated": "false", "creationDate": "2019-05-07T23:22:30Z" }, "sessionIssuer": { "type": "Role", "principalId": "...", "arn": "arn:aws:iam::123456789012:role/EC2AdminRole", "accountId": "123456789012", "userName": "EC2AdminRole" } } }, "eventTime": "2019-05-07T23:39:13Z", "eventSource": "redshift.amazonaws.com", "eventName": "AuthorizeSnapshotAccess", "awsRegion": "ap-northeast-1", "sourceIPAddress": "*.***.**.***", "userAgent": "aws-cli/1.16.86 Python/2.7.14 Linux/4.14.77-81.59.amzn2.x86_64 botocore/1.12.76", "requestParameters": { "snapshotIdentifier": "redshift-cluster-1-snapshot", "accountWithRestoreAccess": "234567890123" }, "responseElements": { "estimatedSecondsToCompletion": 0, "ownerAccount": "123456789012", "availabilityZone": "ap-northeast-1d", "backupProgressInMegaBytes": 15, "port": 5439, "clusterVersion": "1.0", "snapshotRetentionStartTime": "May 7, 2019 11:30:43 PM", "numberOfNodes": 2, "masterUsername": "...", "clusterIdentifier": "redshift-cluster-1", "actualIncrementalBackupSizeInMegaBytes": 15, "status": "available", "clusterCreateTime": "Jan 22, 2019 9:01:46 AM", "snapshotType": "manual", "encryptedWithHSM": false, "manualSnapshotRetentionPeriod": -1, "snapshotCreateTime": "May 7, 2019 11:30:42 PM", "nodeType": "dc2.large", "enhancedVpcRouting": false, "vpcId": "vpc-...", "totalBackupSizeInMegaBytes": 85, "maintenanceTrackName": "current", "elapsedTimeInSeconds": 1, "tags": [], "snapshotIdentifier": "redshift-cluster-1-snapshot", "encrypted": false, "currentBackupRateInMegaBytesPerSecond": 12.6263 }, "requestID": "51c2c8d6-7121-11e9-b0f2-cf53f67bbd19", "eventID": "982f38ce-e22c-42b6-b64c-c6fd39fde694", "eventType": "AwsApiCall", "recipientAccountId": "123456789012" }
- スナップショット共有削除時のイベント
{ "eventVersion": "1.05", "userIdentity": { "type": "AssumedRole", "principalId": "...:i-...", "arn": "arn:aws:sts::123456789012:assumed-role/EC2AdminRole/i-...", "accountId": "123456789012", "accessKeyId": "...", "sessionContext": { "attributes": { "mfaAuthenticated": "false", "creationDate": "2019-05-07T23:22:30Z" }, "sessionIssuer": { "type": "Role", "principalId": "...", "arn": "arn:aws:iam::123456789012:role/EC2AdminRole", "accountId": "123456789012", "userName": "EC2AdminRole" } } }, "eventTime": "2019-05-07T23:39:27Z", "eventSource": "redshift.amazonaws.com", "eventName": "RevokeSnapshotAccess", "awsRegion": "ap-northeast-1", "sourceIPAddress": "*.***.**.***", "userAgent": "aws-cli/1.16.86 Python/2.7.14 Linux/4.14.77-81.59.amzn2.x86_64 botocore/1.12.76", "requestParameters": { "snapshotIdentifier": "redshift-cluster-1-snapshot", "accountWithRestoreAccess": "234567890123" }, "responseElements": { "estimatedSecondsToCompletion": 0, "ownerAccount": "123456789012", "availabilityZone": "ap-northeast-1d", "backupProgressInMegaBytes": 15, "port": 5439, "clusterVersion": "1.0", "snapshotRetentionStartTime": "May 7, 2019 11:30:43 PM", "numberOfNodes": 2, "masterUsername": "awsuser", "clusterIdentifier": "redshift-cluster-1", "actualIncrementalBackupSizeInMegaBytes": 15, "status": "available", "clusterCreateTime": "Jan 22, 2019 9:01:46 AM", "snapshotType": "manual", "encryptedWithHSM": false, "manualSnapshotRetentionPeriod": -1, "snapshotCreateTime": "May 7, 2019 11:30:42 PM", "nodeType": "dc2.large", "enhancedVpcRouting": false, "vpcId": "vpc-e971228e", "totalBackupSizeInMegaBytes": 85, "maintenanceTrackName": "current", "elapsedTimeInSeconds": 1, "tags": [], "snapshotIdentifier": "redshift-cluster-1-snapshot", "encrypted": false, "currentBackupRateInMegaBytesPerSecond": 12.6263 }, "requestID": "5a6ddf09-7121-11e9-83f5-ef6166354d39", "eventID": "c4643f12-266c-4c12-9d52-f6d2fb3fe60c", "eventType": "AwsApiCall", "recipientAccountId": "123456789012" }
