codeenigma · matej5 · Sep 16, 2025 · Sep 2, 2025 · Sep 4, 2025 · Sep 8, 2025
diff --git a/roles/aws/aws_backup/tasks/resource.yml b/roles/aws/aws_backup/tasks/resource.yml
@@ -52,8 +52,9 @@
       instance: "ec2"
       file-system: "elasticfilesystem"
       db: "rds"
+      cluster: "rds"
   ansible.builtin.set_fact:
-    _resource_arn: "arn:aws:{{ arn_construct[backup.resource_type] }}:{{ _aws_region }}:{{ caller_info.account }}:{{ backup.resource_type }}{% if backup.resource_type == 'db' %}:{% else %}/{% endif %}{{ backup.resource_id }}"
+    _resource_arn: "arn:aws:{{ arn_construct[backup.resource_type] }}:{{ _aws_region }}:{{ caller_info.account }}:{{ backup.resource_type }}{% if backup.resource_type == 'db' or backup.resource_type == 'cluster' %}:{% else %}/{% endif %}{{ backup.resource_id }}"
 
 - name: Check if the resource selection exists.
   ansible.builtin.command: >

diff --git a/roles/aws/aws_backup_validation/tasks/testing_resources.yml b/roles/aws/aws_backup_validation/tasks/testing_resources.yml
@@ -68,33 +68,26 @@
       instance: "EC2"
       file-system: "EFS"
       db: "RDS"
+      cluster: "AURORA"
 
 - name: Set instance type for template.
   ansible.builtin.set_fact:
     _instance_type_restore: "{{ instance_type[backup.resource_type] }}"
-    _template_prefix: "{{ instance_type[backup.resource_type] }}"
   when: backup.resource_type != 'file-system'
 
-- name: Set instance type to Aurora if defined.
-  ansible.builtin.set_fact:
-    _instance_type_restore: "Aurora"
-  when:
-    - backup.resource_type == 'db'
-    - "'aurora' in aws_rds.engine"
-
 - name: Create restore testing query file.
   ansible.builtin.template:
-    src: "{{ _template_prefix }}_restore_testing.j2"
+    src: "{{ _instance_type_restore }}_restore_testing.j2"
     dest: /tmp/restore_testing.json
   register: _restore_testing_query
-  when: _template_prefix is defined
+  when: _instance_type_restore is defined
 
 - name: Check if protected reource exist.
   ansible.builtin.command: >
     aws backup list-protected-resources --query "Results[?ResourceArn=='{{ _resource_arn }}']" --region {{ _aws_region }}
   register: _protected_res
 
-- name: Assign {{ _template_prefix }} resource to AWS restore testing plan.
+- name: Assign {{ _instance_type_restore }} resource to AWS restore testing plan.
   ansible.builtin.command: >
     aws backup create-restore-testing-selection --cli-input-json file:///tmp/restore_testing.json --region {{ _aws_region }}
-  when: _template_prefix is defined and _testing_plan_info.stdout != "null" and _testing_selection_exists.stdout | length == 0 and _protected_res.stdout | length != 0
+  when: _instance_type_restore is defined and _testing_plan_info.stdout != "null" and _testing_selection_exists.stdout | length == 0 and _protected_res.stdout | length != 0
diff --git a/roles/aws/aws_backup_validation/templates/AURORA_restore_testing.j2 b/roles/aws/aws_backup_validation/templates/AURORA_restore_testing.j2
@@ -0,0 +1,16 @@
+{
+    "RestoreTestingPlanName": "{{ _testing_plan_info.stdout | from_json | json_query("RestoreTestingPlanName") }}",
+    "RestoreTestingSelection": {
+        "IamRoleArn": "{{ _default_backup_role_arn.iam_roles[0].arn }}",
+        "ProtectedResourceArns": [
+            "{{ _resource_arn }}"
+        ],
+        "ProtectedResourceType": "{{ _instance_type_restore }}",
+        "RestoreMetadataOverrides": {
+            "vpcSecurityGroupIds": "[\"{{ _restore_testing_sg.group_id }}\"]",
+            "dbsubnetgroupname": "{{ aws_rds.name }}"
+        },
+        "RestoreTestingSelectionName": "{{ backup.selection_name | replace("-", "_") }}",
+        "ValidationWindowHours": 1
+    }
+}
diff --git a/roles/aws/aws_ec2_autoscale_cluster/tasks/main.yml b/roles/aws/aws_ec2_autoscale_cluster/tasks/main.yml
@@ -778,3 +778,10 @@
   when:
     - aws_ec2_autoscale_cluster.route_53.zone is defined
     - aws_ec2_autoscale_cluster.route_53.zone | length > 0
+
+- name: Copy AMI to backup region.
+  community.aws.ec2_ami_copy:
+    aws_profile: "{{ aws_ec2_autoscale_cluster.aws_profile }}"
+    source_region: "{{ aws_ec2_autoscale_cluster.region }}"
+    region: "{{ aws_backup.copy_vault.region }}"
+    source_image_id: "{{ aws_ec2_autoscale_cluster_image_latest }}"
diff --git a/roles/aws/aws_rds/tasks/main.yml b/roles/aws/aws_rds/tasks/main.yml
@@ -233,3 +233,18 @@
     - aws_rds.backup is defined
     - aws_rds.backup | length > 0
     - "'aurora' not in aws_rds.engine"
+
+- name: Assign Aurora resource to backup plan.
+  ansible.builtin.include_role:
+    name: aws/aws_backup
+    tasks_from: resource
+  vars:
+    backup:
+      backup_plan_name: "{{ aws_rds.backup }}"
+      selection_name: "AURORA-{{ aws_rds.name }}-{{ _env_type }}"
+      resource_id: "{{ aws_rds.name }}"
+      resource_type: "cluster"
+  when:
+    - aws_rds.backup is defined
+    - aws_rds.backup | length > 0
+    - "'aurora' in aws_rds.engine"