We at FullStack are big on security and only allow SSH access to hosts by the IPs of our engineers. In AWS we create a single security group (SG) to allow SSH access. With the use VPNs, travel, and dynamic IPs it can some time be a pain to update a security group with your new IP. So I wrote a small python script using Boto3 that removes and updates a single ingress rule based on the description value. You just need to set the SG Id on line 5, and the value of the description on line 6 of the rule you want to update. We use a user name for the description value as it makes it easy to tell what rule belong to who.
So you have an Elastic Beanstalk environment with an RDS instance with automated backup and you just hosed your database and need to restore.
At first you may think this should be a quick and simple process until you try to restore your database. With RDS you can only restore a backup to a new instance. This seems reasonable until you figure out there’s no way to change your RDS endpoint in your Beanstalk environment, or at least no solution was readily available in the documentation. You also can’t create a new environment from an automated backup.
Here’s the steps I used to solve this problem:
- Restore the database to a new RDS instance.
- Make a manual backup of this new RDS instance.
- Create a new Beanstalk environment using your manual RDS backup.
- Test to make sure everything is working as expected.
- Update URLs or DNS to make sure traffic is routed to your new environment.
Let us know in the comments if you found a better solution or this saved you some headache.