Deletion protection and Backup resources
Using the AWS Cloud Development Kit (CDK) we can configure Amplify generated resource to enable deletion protection and backups on supported resources. For example, you can use AWS CDK to enable Point-in-time recovery for DynamoDB tables, or use AWS Backup as a advanced backup option.
Using underlying CDK construct properties you can modify resource configurations. This allows you to customize backend resources beyond what is offered via the define*
functions.
Enabling deletion protection on a Auth resource
For example, if you would like to enable deletion protection on a Cognito user pool resource created by Amplify Auth.
import { defineBackend } from '@aws-amplify/backend';import { auth } from './auth/resource';import { data } from './data/resource';
const backend = defineBackend({ auth, data});
const { cfnUserPool } = backend.auth.resources.cfnResourcescfnUserPool.deletionProtection = "ACTIVE";
Enabling Deletion protection on a Data resource
For example, if you would like to enable Deletion protection on all DynamoDB tables created by GraphQL API.
import { defineBackend } from '@aws-amplify/backend';import { auth } from './auth/resource';import { data } from './data/resource';
const backend = defineBackend({ auth, data});
const { amplifyDynamoDbTables } = backend.data.resources.cfnResources;for (const table of Object.values(amplifyDynamoDbTables)) { table.deletionProtectionEnabled = true;}
Enabling Point-in-time recovery for DynamoDB tables
For example, enabling Point-in-time recovery for all the DynamoDB tables created by GraphQL API. By default Point-in-Time recovery retains backups for 35 days.
import { defineBackend } from '@aws-amplify/backend';import { auth } from './auth/resource';import { data } from './data/resource';
const backend = defineBackend({ auth, data});
const { amplifyDynamoDbTables } = backend.data.resources.cfnResources;for (const table of Object.values(amplifyDynamoDbTables)) { table.pointInTimeRecoveryEnabled = true;}
Enabling Backups for DynamoDB tables
For example, if your DynamoDB tables requires backups that extend the default 35 days point-in-time recovery, AWS Backup service can be utilized to centralize and automate backups for DynamoDB tables. The example below outlines a backup plan configured to run daily at midnight, for all DynamoDB tables.
import { defineBackend } from "@aws-amplify/backend";import { BackupPlan, BackupPlanRule, BackupResource, BackupVault,} from "aws-cdk-lib/aws-backup";import { Schedule } from "aws-cdk-lib/aws-events";import { Duration } from "aws-cdk-lib/core";import { auth } from "./auth/resource";import { data } from "./data/resource";
const backend = defineBackend({ auth, data,});
const backupStack = backend.createStack("backup-stack");const myTables = Object.values(backend.data.resources.tables);
const vault = new BackupVault(backupStack, "BackupVault", { backupVaultName: "backup-vault",});
const plan = new BackupPlan(backupStack, "BackupPlan", { backupPlanName: "backup-plan", backupVault: vault,});
plan.addRule( new BackupPlanRule({ deleteAfter: Duration.days(60), ruleName: "backup-plan-rule", scheduleExpression: Schedule.cron({ minute: "0", hour: "0", day: "*", month: "*", year: "*", }), }));
plan.addSelection("BackupPlanSelection", { resources: myTables.map((table) => BackupResource.fromDynamoDbTable(table)), allowRestores: true,});