-
Notifications
You must be signed in to change notification settings - Fork 22
68 lines (60 loc) · 2.3 KB
/
backup-cognito-users.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
name: Create backup of cognito users
on:
schedule:
- cron: '0 1 * * 0'
workflow_dispatch:
env:
region: ${{ secrets.AWS_REGION }}
pool-name: 'biomage-user-pool-case-insensitive-production'
permissions:
id-token: write
contents: read
jobs:
load-config:
uses: ./.github/workflows/load-config.yaml
backup-users:
name: create backup of cognito users
runs-on: ubuntu-20.04
needs: load-config
strategy:
matrix:
environment_name: ${{fromJson(needs.load-config.outputs.environment_names)}}
environment: ${{ matrix.environment_name }}
steps:
- id: setup-node
uses: actions/setup-node@v2
with:
node-version: '14'
- id: install
name: Install dependencies
run: |-
npm install -g cognito-backup-restore
sudo apt install -y jq
- id: setup-aws
name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/ci-iac-role
aws-region: ${{ env.region }}
- id: backup-users
name: create backup json of cognito users
run: |-
userPoolId=$(aws cognito-idp list-user-pools --max-results 20 | jq -c '.UserPools[] | select(.Name | test("${{env.pool-name}}")) | .Id' | tr -d '"' )
cbr backup --region ${{env.region}} --use-env-vars --pool ${userPoolId} --directory .
- id: save-to-s3
name: save backup json to s3
run: |-
BUCKET_NAME="biomage-backups-production-${{steps.setup-aws.outputs.aws-account-id}}"
current_date=$(date '+%Y-%m-%d.%H-%M-%S')
userPoolId=$(aws cognito-idp list-user-pools --max-results 20 | jq -c '.UserPools[] | select(.Name | test("${{env.pool-name}}")) | .Id' | tr -d '"' )
aws s3api put-object --bucket $BUCKET_NAME --key ${current_date}/${{ env.pool-name }}/data.json --body ./${userPoolId}.json
- id: send-to-slack
name: Send failure notification to Slack
if: failure() && github.ref == 'refs/heads/master'
env:
SLACK_BOT_TOKEN: ${{ secrets.WORKFLOW_STATUS_BOT_TOKEN }}
uses: voxmedia/github-action-slack-notify-build@v1
with:
channel: workflow-failures
status: FAILED
color: danger