RDS Backup Setup
These are instructions to setup the RDS backup script for each region, along with Cloud Watch logging, and SNS (Simple Notification System) notifications via email of errors in the backup process.
Here is the backup script to run backup_and_check_cron_job.sh
After placing the script on the server, setup a cron job like this:
0 2 * * * /home/ubuntu/backup_and_check_cron_job.sh
Create an SNS topic
- In the AWS console, set your region, in this example I’ll use the Canada ca-central-1 region.
- Go to Amazon SNS -> Topics -> Create topic.
- Type: Standard.
- Name: rds-backup-errors.
- Leave defaults for the rest and click Create topic.
Add an email subscription
- You should land on the new topic’s detail page. Click Create subscription.
- Protocol: Email.
- Endpoint: name@specifysoftware.org
- Click Create subscription.
- Check your email and Confirm subscription, and then see back in SNS -> Subscriptions, the status should become confirmed after you click the email link.
Quick SNS test
- On the topic page, click Publish message, set a simple subject/body, and click Publish.
- You should receive the test email.
Create a CloudWatch Logs log group
- Go to CloudWatch -> Logs -> Log groups -> Create log group.
- Log group name: ca-rds-backups-errors.
- A retention of 5 days is good.
- Click Create.
Add a Metric Filter on the log group
- Still in CloudWatch -> Logs -> Log groups, click the log group rds-backups-errors.
- Go to the Metric filters tab -> Create metric filter.
- Filter pattern: ERROR
- This will increment a metric by 1 for each log event containing ERROR.
- Click Next.
- Filter name: ErrorCountFilter.
- Metric namespace: RDSBackup.
- Metric name: ErrorCount.
- Metric value: 1.
- Default value: 0
- Click Next -> Create metric filter.
Create a CloudWatch Alarm on that metric and connect it to SNS
- Go to CloudWatch -> Alarms -> All alarms -> Create alarm
- Click Select metric.
- Easiest path: Logs -> Metrics with filters.
- Expand your log group/namespace until you see RDSBackup / ErrorCount.
- Click Select metric.
- Conditions:
- Threshold type: Static
- Whenever Sum is Greater than or equal to 1
- Period: 5 minutes is good
- Datapoints to alarm / evaluation period: 1 out of 1
- Click Next to Notifications:
- Alarm state trigger: In alarm
- Select an SNS topic: choose rds-backup-errors.
- Click Next -> Name and description:
- Alarm name: RDSBackupErrorAlarm
- Description: Triggered when a mysqldump error occurs
- Click Next -> Create alarm.
Test the alarm
- Go to CloudWatch -> Alarms -> find RDSBackupErrorAlarm.
- Select it -> Actions -> Set alarm state -> State: In alarm -> Set state.
- You should receive the alarm email from SNS.
Here is a way to test the logging, alarm, and subscription from the command line:
# Test Alarm
export LOG_GROUP="eu-rds-backups-and-checks"
export LOG_STREAM="mysqldump-2025_08_06"
TOKEN=$(aws logs describe-log-streams \
--log-group-name "$LOG_GROUP" \
--log-stream-name-prefix "$LOG_STREAM" \
--query 'logStreams[0].uploadSequenceToken' \
--output text \
--region eu-west-3)
timestamp_ms=$(date +%s%3N)
aws logs put-log-events \
--log-group-name "$LOG_GROUP" \
--log-stream-name "$LOG_STREAM" \
--sequence-token "$TOKEN" \
--log-events timestamp=$timestamp_ms,message="ERROR: Simulated mysqldump failure for testing" \
--region eu-west-3
Backup Locations
us:
s3://specify-cloud-rds-backups/dumps/<date>/<client_name>_<date>.sql.gzca:
s3://specify-cloud-rds-backups-ca/dumps/<date>/<client_name>_<date>.sql.gzeu:
s3://specify-cloud-rds-backups-eu/dumps/<date>/<client_name>_<date>.sql.gzil:
s3://specify-cloud-rds-backups-il/dumps/<date>/<client_name>_<date>.sql.gzbr:
s3://specify-cloud-rds-backups-br/dumps/<date>/<client_name>_<date>.sql.gz