Restore RDS DB from snapshot

examples/ec2-rds-vpc-dbinstance.nix

@@ -0,0 +1,50 @@
+{
+  region ? "us-east-1"
+, accessKeyId ? "AKIA..."
+, vpcId ? "vpc-.."
+, subnetId1 ? "subnet-.."
+, subnetId2 ? "subnet-.."
+, ...
+}:
+{
+  network.description = "NixOps RDS Testing";
+
+  resources.ec2SecurityGroups.test-rds-sg =
+    {
+      inherit region accessKeyId;
+      vpcId = vpcId;
+      name = "nixops-sg";
+      description = "testing vpc sg for rds";
+      rules = [
+        {
+          fromPort = 3306;
+          toPort = 3306;
+          sourceIp = "0.0.0.0/0";
+        }
+      ];
+    };
+
+  resources.rdsSubnetGroups.test-rds-subnet-group =
+    {
+      inherit region accessKeyId;
+      subnetIds = [ subnetId1 subnetId2 ];
+    };
+
+  resources.rdsDbInstances.test-rds-vpc-instance =
+    { resources, ... }:
+    {
+      inherit region accessKeyId;
+      id = "test-rds-vpc";
+      instanceClass = "db.m3.large";
+      snapshot = "test-rds-vpc-final-snapshot-372cd7f1ecbe4bb7a59e3026a15d7535";
+      allocatedStorage = 30;
+      masterUsername = "administrator";
+      masterPassword = "testing123";
+      port = 3306;
+      engine = "mysql";
+      dbName = "testNixOps";
+      multiAZ = true;
+      subnetGroup = resources.rdsSubnetGroups.test-rds-subnet-group;
+      vpcSecurityGroups = [ resources.ec2SecurityGroups.test-rds-sg ];
+    };
+}

nixops_aws/backends/options.py

@@ -30,7 +30,8 @@ class DiskOptions(ResourceOptions):
     deleteOnTermination: bool
     encrypt: bool
     encryptionType: Union[
-        Literal["luks"], Literal["ebs"],
+        Literal["luks"],
+        Literal["ebs"],
     ]
     cipher: str
     keySize: int

nixops_aws/ec2_utils.py

@@ -20,8 +20,8 @@
 
 def fetch_aws_secret_key(access_key_id) -> Tuple[str, str]:
     """
-        Fetch the secret access key corresponding to the given access key ID from ~/.ec2-keys,
-        or from ~/.aws/credentials, or from the environment (in that priority).
+    Fetch the secret access key corresponding to the given access key ID from ~/.ec2-keys,
+    or from ~/.aws/credentials, or from the environment (in that priority).
     """
 
     def parse_ec2_keys():
@@ -141,8 +141,8 @@ def retry(
     f, error_codes: Optional[Iterable[Any]] = None, logger=None, num_retries: int = 7
 ):
     """
-        Retry function f up to 7 times. If error_codes argument is empty list, retry on all EC2 response errors,
-        otherwise, only on the specified error codes.
+    Retry function f up to 7 times. If error_codes argument is empty list, retry on all EC2 response errors,
+    otherwise, only on the specified error codes.
     """
 
     if error_codes is None:

nixops_aws/nix/ec2-rds-dbinstance.nix

@@ -90,6 +90,15 @@ with import ./lib.nix lib;
       '';
     };
 
+    snapshot = mkOption {
+      default = null;
+      type = types.nullOr types.str;
+      example = "rds:super-database-2020-11-23-03-47";
+      description = ''
+        A DB snapshot name from which the RDS DB will be restored
+      '';
+    };
+
     securityGroups = mkOption {
       default = [ "default" ];
       type = types.listOf (types.either types.str (resource "ec2-rds-security-group"));

nixops_aws/resources/cloudwatch_log_group.py

@@ -115,7 +115,8 @@ def lookup_cloudwatch_log_group(self, log_group_name, next_token=None):
                         return True, log["arn"]
             if "nextToken" in response:
                 self.lookup_cloudwatch_log_group(
-                    log_group_name=log_group_name, next_token=response["nextToken"],
+                    log_group_name=log_group_name,
+                    next_token=response["nextToken"],
                 )
         return False, None