CDK Construct Business Continuity — สร้าง
CDK Business Continuity
AWS CDK Construct Business Continuity Infrastructure as Code Multi-AZ DR Automation Backup RTO RPO Multi-Region Failover Chaos Engineering TypeScript Python
| DR Strategy | RTO | RPO | Cost | เหมาะกับ |
|---|---|---|---|---|
| Backup & Restore | ชั่วโมง | ชั่วโมง | ต่ำ | Non-critical |
| Pilot Light | 10-30 นาที | นาที | ต่ำ-ปานกลาง | Core systems |
| Warm Standby | นาที | วินาที | ปานกลาง | Important |
| Multi-site Active | วินาที | 0 | สูง | Mission-critical |
CDK Multi-AZ Stack
=== CDK Business Continuity Construct ===
npm install aws-cdk-lib constructs
lib/bc-stack.ts
import * as cdk from 'aws-cdk-lib';
import * as ec2 from 'aws-cdk-lib/aws-ec2';
import * as rds from 'aws-cdk-lib/aws-rds';
import * as ecs from 'aws-cdk-lib/aws-ecs';
import * as s3 from 'aws-cdk-lib/aws-s3';
import * as route53 from 'aws-cdk-lib/aws-route53';
import { Construct } from 'constructs';
export class BCStack extends cdk.Stack {
constructor(scope: Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
Multi-AZ VPC
const vpc = new ec2.Vpc(this, 'BCVPC', {
maxAzs: 3,
natGateways: 2,
subnetConfiguration: [
{ name: 'Public', subnetType: ec2.SubnetType.PUBLIC },
{ name: 'Private', subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS },
{ name: 'Isolated', subnetType: ec2.SubnetType.PRIVATE_ISOLATED },
],
});
RDS Multi-AZ
const database = new rds.DatabaseInstance(this, 'Database', {
engine: rds.DatabaseInstanceEngine.postgres({
version: rds.PostgresEngineVersion.VER_16,
}),
เนื้อหาเกี่ยวข้อง — บทความที่เกี่ยวข้อง: Calico Network Policy Event Driven Design
instanceType: ec2.InstanceType.of(
ec2.InstanceClass.R6G, ec2.InstanceSize.LARGE
),
vpc,
multiAz: true,
storageEncrypted: true,
backupRetention: cdk.Duration.days(30),
deletionProtection: true,
แนะนำเพิ่มเติม — คู่มือเทรดจาก SiamCafeBook
autoMinorVersionUpgrade: true,
});
S3 with Cross-Region Replication
const bucket = new s3.Bucket(this, 'DataBucket', {
versioned: true,
encryption: s3.BucketEncryption.S3_MANAGED,
lifecycleRules: [{
transitions: [{
storageClass: s3.StorageClass.INTELLIGENT_TIERING,
transitionAfter: cdk.Duration.days(30),
}],
}],
});
}
}
from dataclasses import dataclass
@dataclass
class AWSResource:
service: str
config: str
ha_feature: str
rto: str
เนื้อหาเกี่ยวข้อง — ทำความเข้าใจ Dagster Pipeline High Availability HA Setup
rpo: str
resources = [
AWSResource("VPC", "3 AZs, 2 NAT GW", "Multi-AZ Subnets", "0", "0"),
AWSResource("RDS PostgreSQL", "Multi-AZ Standby", "Auto Failover", "60s", "0"),
AWSResource("S3", "Cross-Region Replication", "11 nines durability", "0", "Minutes"),
AWSResource("ECS Fargate", "Multi-AZ Tasks", "Auto-replace failed", "30s", "0"),
AWSResource("ALB", "Cross-AZ", "Health Check Routing", "0", "0"),
AWSResource("Route53", "Health Check Failover", "DNS Failover", "60s", "0"),
AWSResource("ElastiCache", "Multi-AZ Replica", "Auto Failover", "30s", "Seconds"),
]
print("=== BC Architecture ===")
for r in resources:
print(f" [{r.service}] {r.config}")
print(f" HA: {r.ha_feature} | RTO: {r.rto} | RPO: {r.rpo}")
Backup และ Recovery
=== Automated Backup Strategy ===
CDK — AWS Backup Plan
แนะนำเพิ่มเติม — บทวิเคราะห์จาก XM Signal
import * as backup from 'aws-cdk-lib/aws-backup';
const plan = new backup.BackupPlan(this, 'BackupPlan', {
backupPlanRules: [
new backup.BackupPlanRule({
ruleName: 'DailyBackup',
scheduleExpression: events.Schedule.cron({
hour: '2', minute: '0'
}),
deleteAfter: cdk.Duration.days(30),
moveToColdStorageAfter: cdk.Duration.days(90),
}),
new backup.BackupPlanRule({
ruleName: 'WeeklyBackup',
เนื้อหาเกี่ยวข้อง — ทำความเข้าใจ Backup Strategy 3-2-1
scheduleExpression: events.Schedule.cron({
weekDay: 'SUN', hour: '3', minute: '0'
}),
deleteAfter: cdk.Duration.days(365),
}),
],
});
plan.addSelection('Selection', {
resources: [
backup.BackupResource.fromRdsDatabaseInstance(database),
backup.BackupResource.fromDynamoDbTable(table),
backup.BackupResource.fromEfsFileSystem(efs),
],
});
SSM Automation — DR Runbook
aws ssm create-document --name "DR-Failover" --content '{
"schemaVersion": "0.3",
"mainSteps": [
{ "action": "aws:executeAwsApi",
"name": "PromoteRDSReadReplica",
"inputs": {
"Service": "rds",
"Api": "PromoteReadReplica",
"DBInstanceIdentifier": "dr-replica"
}
},
{ "action": "aws:executeAwsApi",
"name": "UpdateRoute53",
"inputs": {
เนื้อหาเกี่ยวข้อง — อ่านต่อ: LLM Inference vLLM Service Level Objective SLO
"Service": "route53",
"Api": "ChangeResourceRecordSets",
...
}
}
]
}'
@dataclass
class BackupPolicy:
resource: str
frequency: str
retention: str
cross_region: bool
tested: str
policies = [
BackupPolicy("RDS PostgreSQL", "Daily 2AM", "30 days", True, "Weekly"),
BackupPolicy("DynamoDB", "Continuous (PITR)", "35 days", True, "Monthly"),
BackupPolicy("S3 Data", "Versioned + CRR", "Indefinite", True, "Quarterly"),
BackupPolicy("EFS Files", "Daily 3AM", "30 days", False, "Monthly"),
BackupPolicy("EC2 AMI", "Weekly Sunday", "90 days", True, "Monthly"),
BackupPolicy("Secrets Manager", "Replicated", "N/A", True, "Quarterly"),
]
print("\n=== Backup Policies ===")
for p in policies:
crr = "CRR" if p.cross_region else "Same Region"
print(f" [{p.resource}]")
print(f" Frequency: {p.frequency} | Retention: {p.retention}")
print(f" Region: {crr} | Test: {p.tested}")
Chaos Testing
# === Chaos Engineering & DR Testing ===
# AWS Fault Injection Simulator
# aws fis create-experiment-template \
# --description "AZ Failure Test" \
# --targets '{
# "Instances": {
# "resourceType": "aws:ec2:instance",
# "selectionMode": "ALL",
# "filters": [{"path": "Placement.AvailabilityZone", "values": ["ap-southeast-1a"]}]
# }
# }' \
# --actions '{
# "StopInstances": {
# "actionId": "aws:ec2:stop-instances",
# "targets": {"Instances": "Instances"},
# "parameters": {"startInstancesAfterDuration": "PT10M"}
# }
# }' \
# --stopConditions '[{"source": "none"}]' \
# --roleArn arn:aws:iam::123456789:role/FISRole
@dataclass
class ChaosTest:
name: str
target: str
impact: str
expected_behavior: str
frequency: str
last_result: str
tests = [
ChaosTest("AZ Failure", "Stop all instances in 1 AZ", "33% capacity", "Auto-recover in other AZs", "Monthly", "Pass"),
ChaosTest("RDS Failover", "Force failover to standby", "60s DB downtime", "App reconnects auto", "Monthly", "Pass"),
ChaosTest("Instance Termination", "Random instance kill", "1 instance lost", "ASG replaces in 2min", "Weekly", "Pass"),
ChaosTest("Network Disruption", "Block traffic to 1 AZ", "Partial outage", "ALB routes to healthy AZ", "Monthly", "Pass"),
ChaosTest("Region Failover", "Simulate region outage", "Full region down", "Route53 switches to DR", "Quarterly", "Pass"),
ChaosTest("Data Corruption", "Restore from backup", "Data loss to RPO", "Restore completes in RTO", "Quarterly", "Pass"),
]
print("Chaos Tests:")
for t in tests:
print(f" [{t.last_result}] {t.name} ({t.frequency})")
print(f" Target: {t.target}")
print(f" Impact: {t.impact}")
print(f" Expected: {t.expected_behavior}")
dr_metrics = {
"RTO Target": "5 minutes",
"RTO Actual (last test)": "3.5 minutes",
"RPO Target": "1 minute",
"RPO Actual (last test)": "0 seconds (Multi-AZ)",
"DR Tests (12 months)": "12 passed, 0 failed",
"MTTR (Mean Time to Recover)": "4.2 minutes",
"Availability (12 months)": "99.99%",
}
print(f"\n\nDR Metrics:")
for k, v in dr_metrics.items():
print(f" {k}: {v}")เคล็ดลับ
- Multi-AZ: ทุก Resource ต้อง Multi-AZ เป็นอย่างน้อย
- Backup: Test Backup Restore ทุกเดือน ไม่ใช่แค่ Backup
- CDK: สร้าง Reusable Construct แชร์ทั้งองค์กร
- Chaos: ทำ Chaos Testing ทุกเดือน ไม่รอให้ล่มจริง
- Runbook: Automate DR Runbook ด้วย SSM ลดเวลา Manual
AWS CDK คืออะไร
Infrastructure as Code TypeScript Python Java Construct Stack AWS Resource L1 L2 L3 Pattern cdk deploy Building Block
