Implementaremos una solución de recuperación ante desastres que incluye:
disaster-recovery/
├── infrastructure/
│ ├── terraform/
│ │ ├── drs/
│ │ │ ├── main.tf
│ │ │ ├── variables.tf
│ │ │ └── outputs.tf
│ │ ├── networking/
│ │ │ ├── vpc.tf
│ │ │ └── security.tf
│ │ └── monitoring/
│ │ └── cloudwatch.tf
│ │
│ ├── scripts/
│ │ ├── setup/
│ │ │ ├── install_drs_agent.sh
│ │ │ └── configure_source.sh
│ │ └── validation/
│ │ └── verify_replication.sh
│ │
│ └── configs/
│ ├── drs_settings.json
│ └── replication_settings.json
│
├── source-environment/
│ ├── inventory/
│ │ └── servers.json
│ └── scripts/
│ └── prepare_servers.sh
│
├── recovery-environment/
│ ├── launch-templates/
│ │ └── recovery_template.json
│ └── scripts/
│ └── post_launch.sh
│
├── monitoring/
│ ├── dashboards/
│ │ └── replication_status.json
│ └── alerts/
│ └── replication_alerts.json
│
└── docs/
├── setup.md
└── recovery_plan.md# infrastructure/terraform/drs/main.tf
provider "aws" {
region = var.primary_region
}
provider "aws" {
alias = "dr"
region = var.dr_region
}
resource "aws_drs_replication_configuration_template" "main" {
associate_default_security_group = true
bandwidth_throttling = 100
create_public_ip = false
data_plane_routing = "PRIVATE_IP"
ebs_encryption = true
replication_server_instance_type = "t3.medium"
tags = {
Environment = var.environment
Project = "DR-Solution"
}
}
resource "aws_drs_source_server" "example" {
count = length(var.source_servers)
source_server_id = var.source_servers[count.index].id
tags = {
Name = var.source_servers[count.index].name
Environment = var.environment
}
}#!/bin/bash
# infrastructure/scripts/setup/install_drs_agent.sh
# Variables
REGION="us-west-2"
AGENT_INSTALLER="aws-replication-installer-x86_64.rpm"
# Descargar el agente de DRS
aws s3 cp s3://aws-elastic-disaster-recovery-$REGION/$AGENT_INSTALLER .
# Instalar el agente
sudo yum install -y ./$AGENT_INSTALLER
# Configurar el agente
sudo /aws/aws-replication-installer -i $AWS_ACCESS_KEY -s $AWS_SECRET_KEY -r $REGION
# Verificar instalación
systemctl status aws-replication// infrastructure/configs/replication_settings.json
{
"replicationSettings": {
"bandwidthThrottling": {
"enabled": true,
"schedules": [
{
"dayOfWeek": "WEEKDAY",
"startTime": "09:00",
"endTime": "17:00",
"bandwidth": 100
},
{
"dayOfWeek": "WEEKEND",
"startTime": "00:00",
"endTime": "23:59",
"bandwidth": 500
}
]
},
"compression": {
"enabled": true,
"algorithm": "ZLIB"
},
"consistencyCheck": {
"enabled": true,
"interval": "24h"
}
}
}// source-environment/inventory/servers.json
{
"servers": [
{
"id": "srv-001",
"name": "web-server-1",
"type": "t3.medium",
"os": "Amazon Linux 2",
"ip": "10.0.1.10",
"priority": "high"
},
{
"id": "srv-002",
"name": "app-server-1",
"type": "t3.large",
"os": "Amazon Linux 2",
"ip": "10.0.1.11",
"priority": "high"
},
{
"id": "srv-003",
"name": "db-server-1",
"type": "r5.large",
"os": "Amazon Linux 2",
"ip": "10.0.1.12",
"priority": "critical"
}
]
}#!/bin/bash
# source-environment/scripts/prepare_servers.sh
# Variables
INVENTORY_FILE="inventory/servers.json"
LOG_FILE="/var/log/drs_preparation.log"
echo "Starting server preparation $(date)" >> $LOG_FILE
# Leer inventario
SERVERS=$(jq -r '.servers[]' $INVENTORY_FILE)
for SERVER in $SERVERS; do
SERVER_IP=$(echo $SERVER | jq -r '.ip')
echo "Preparing server $SERVER_IP" >> $LOG_FILE
# Instalar prerequisitos
ssh ec2-user@$SERVER_IP "sudo yum update -y && \
sudo yum install -y aws-cli jq"
# Configurar red
ssh ec2-user@$SERVER_IP "sudo sysctl -w net.ipv4.tcp_keepalive_time=60"
# Verificar espacio en disco
ssh ec2-user@$SERVER_IP "df -h" >> $LOG_FILE
echo "Server $SERVER_IP prepared successfully" >> $LOG_FILE
done// monitoring/dashboards/replication_status.json
{
"widgets": [
{
"type": "metric",
"properties": {
"metrics": [
["AWS/DRS", "DataReplicationBytes", "SourceServerID", "srv-001"],
["...", "srv-002"],
["...", "srv-003"]
],
"period": 300,
"stat": "Sum",
"region": "us-west-2",
"title": "Data Replication Volume"
}
},
{
"type": "metric",
"properties": {
"metrics": [
["AWS/DRS", "ReplicationLag", "SourceServerID", "srv-001"],
["...", "srv-002"],
["...", "srv-003"]
],
"period": 300,
"stat": "Average",
"region": "us-west-2",
"title": "Replication Lag"
}
}
]
}// monitoring/alerts/replication_alerts.json
{
"alerts": [
{
"name": "HighReplicationLag",
"description": "Replication lag exceeds threshold",
"metric": "ReplicationLag",
"threshold": 3600,
"evaluationPeriods": 2,
"period": 300,
"statistic": "Average",
"comparisonOperator": "GreaterThanThreshold",
"treatMissingData": "breaching"
},
{
"name": "ReplicationStopped",
"description": "Replication has stopped",
"metric": "DataReplicationBytes",
"threshold": 0,
"evaluationPeriods": 3,
"period": 300,
"statistic": "Sum",
"comparisonOperator": "LessThanOrEqualToThreshold",
"treatMissingData": "breaching"
}
]
}# infrastructure/terraform/route53/main.tf
resource "aws_route53_zone" "main" {
name = var.domain_name
tags = {
Environment = var.environment
Project = "DR-Solution"
}
}
resource "aws_route53_health_check" "primary" {
fqdn = "primary.${var.domain_name}"
port = 443
type = "HTTPS"
request_interval = 30
failure_threshold = 3
tags = {
Name = "Primary-Health-Check"
}
}
resource "aws_route53_record" "primary" {
zone_id = aws_route53_zone.main.zone_id
name = "primary.${var.domain_name}"
type = "A"
failover_routing_policy {
type = "PRIMARY"
}
set_identifier = "primary"
health_check_id = aws_route53_health_check.primary.id
alias {
name = var.primary_lb_dns
zone_id = var.primary_lb_zone_id
evaluate_target_health = true
}
}
resource "aws_route53_record" "secondary" {
zone_id = aws_route53_zone.main.zone_id
name = "secondary.${var.domain_name}"
type = "A"
failover_routing_policy {
type = "SECONDARY"
}
set_identifier = "secondary"
alias {
name = var.secondary_lb_dns
zone_id = var.secondary_lb_zone_id
evaluate_target_health = true
}
}# infrastructure/scripts/health_checks/custom_health_check.py
import boto3
import requests
import json
def check_application_health():
endpoints = [
{"url": "https://api.example.com/health", "weight": 2},
{"url": "https://app.example.com/status", "weight": 1},
{"url": "https://db.example.com/ping", "weight": 3}
]
total_score = 0
max_score = sum(ep["weight"] for ep in endpoints)
for endpoint in endpoints:
try:
response = requests.get(endpoint["url"], timeout=5)
if response.status_code == 200:
total_score += endpoint["weight"]
except:
continue
health_percentage = (total_score / max_score) * 100
return health_percentage >= 80
def update_route53_health_check():
route53 = boto3.client('route53')
health_check_id = 'your-health-check-id'
if check_application_health():
status = 'Success'
else:
status = 'Failure'
route53.update_health_check(
HealthCheckId=health_check_id,
HealthCheckVersion=2,
Status=status
)// infrastructure/configs/failover_policy.json
{
"failoverConfig": {
"primaryRegion": "us-east-1",
"secondaryRegion": "us-west-2",
"healthCheckThreshold": 80,
"failoverTriggers": [
{
"type": "HealthCheck",
"threshold": 3,
"interval": "30s"
},
{
"type": "ManualTrigger",
"authorizedRoles": ["DR-Admin"]
}
],
"recoveryPoints": {
"rpo": "1h",
"rto": "4h"
},
"dnsUpdateStrategy": {
"updateType": "Gradual",
"interval": "5m",
"percentage": 20
}
}
}# infrastructure/scripts/failover/execute_failover.py
import boto3
import json
import time
from datetime import datetime
class DRFailover:
def __init__(self):
self.drs = boto3.client('drs')
self.route53 = boto3.client('route53')
self.sns = boto3.client('sns')
def initiate_failover(self, source_servers):
try:
# Registrar inicio de failover
start_time = datetime.now()
# Iniciar recuperación de servidores
job_ids = []
for server in source_servers:
response = self.drs.initialize_service(
sourceServerID=server['id']
)
job_ids.append(response['jobID'])
# Monitorear progreso
while not self._all_jobs_complete(job_ids):
time.sleep(30)
# Actualizar DNS
self._update_dns_records()
# Notificar completitud
self._send_notification(
f"Failover completed successfully in "
f"{(datetime.now() - start_time).total_seconds()} seconds"
)
return True
except Exception as e:
self._send_notification(f"Failover failed: {str(e)}")
raise
def _all_jobs_complete(self, job_ids):
for job_id in job_ids:
response = self.drs.describe_job(jobID=job_id)
if response['status'] != 'completed':
return False
return True
def _update_dns_records(self):
with open('infrastructure/configs/failover_policy.json', 'r') as f:
policy = json.load(f)
update_batch = {
'Changes': [
{
'Action': 'UPSERT',
'ResourceRecordSet': {
'Name': 'app.example.com',
'Type': 'A',
'SetIdentifier': 'failover',
'Region': policy['failoverConfig']['secondaryRegion'],
'AliasTarget': {
'HostedZoneId': 'ZONE_ID',
'DNSName': 'dr-endpoint.example.com',
'EvaluateTargetHealth': True
}
}
}
]
}
self.route53.change_resource_record_sets(
HostedZoneId='ZONE_ID',
ChangeBatch=update_batch
)
def _send_notification(self, message):
self.sns.publish(
TopicArn='arn:aws:sns:region:account:DR-Notifications',
Message=message,
Subject='DR Failover Status'
)# infrastructure/scripts/failover/validate_failover.py
import requests
import dns.resolver
import json
def validate_failover():
checks = {
'dns_propagation': check_dns_propagation(),
'application_health': check_application_health(),
'data_consistency': check_data_consistency(),
'performance': check_performance_metrics()
}
return all(checks.values()), checks
def check_dns_propagation():
resolver = dns.resolver.Resolver()
resolver.nameservers = ['8.8.8.8', '1.1.1.1']
try:
answers = resolver.resolve('app.example.com', 'A')
expected_ip = get_dr_endpoint_ip()
return str(answers[0]) == expected_ip
except:
return False
def check_application_health():
endpoints = [
'/api/health',
'/api/status',
'/api/metrics'
]
results = []
for endpoint in endpoints:
try:
response = requests.get(f'https://app.example.com{endpoint}')
results.append(response.status_code == 200)
except:
results.append(False)
return all(results)
def check_data_consistency():
# Implementar verificaciones de consistencia de datos
pass
def check_performance_metrics():
# Implementar verificaciones de rendimiento
pass// monitoring/dashboards/failover_dashboard.json
{
"widgets": [
{
"type": "metric",
"properties": {
"metrics": [
["AWS/Route53", "HealthCheckStatus", "HealthCheckId", "check-1"],
["AWS/DRS", "RecoveryTime", "ServerID", "server-1"],
["AWS/DRS", "DataTransferRate", "ServerID", "server-1"]
],
"period": 60,
"stat": "Average",
"region": "us-east-1",
"title": "Failover Metrics"
}
}
]
}# monitoring/alerts/failover_alerts.py
def setup_failover_alerts():
cloudwatch = boto3.client('cloudwatch')
alerts = [
{
'name': 'FailoverInitiated',
'metric': 'FailoverStatus',
'threshold': 1,
'period': 60,
'evaluation_periods': 1
},
{
'name': 'HighRecoveryTime',
'metric': 'RecoveryTime',
'threshold': 14400, # 4 hours
'period': 300,
'evaluation_periods': 1
}
]
for alert in alerts:
cloudwatch.put_metric_alarm(
AlarmName=alert['name'],
MetricName=alert['metric'],
Namespace='DR/Failover',
Period=alert['period'],
EvaluationPeriods=alert['evaluation_periods'],
Threshold=alert['threshold'],
ComparisonOperator='GreaterThanThreshold',
AlarmActions=['arn:aws:sns:region:account:DR-Alerts']
)# infrastructure/ssm/runbooks/dr_recovery.yaml
schemaVersion: '0.3'
description: 'Runbook for automated disaster recovery'
parameters:
EnvironmentType:
type: String
description: Environment to recover (prod/stage)
allowedValues:
- prod
- stage
InitiatorEmail:
type: String
description: Email of the person initiating recovery
mainSteps:
- name: ValidatePrerequisites
action: 'aws:executeScript'
inputs:
Runtime: python3.8
Handler: validate_prerequisites
Script: |
def validate_prerequisites(events, context):
# Validar estado de replicación
# Verificar recursos disponibles
# Comprobar permisos
return {'ValidationStatus': 'Success'}
- name: InitiateRecovery
action: 'aws:executeScript'
inputs:
Runtime: python3.8
Handler: start_recovery
Script: |
def start_recovery(events, context):
import boto3
drs = boto3.client('drs')
response = drs.start_recovery_job(
sourceServerID=events['SourceServerID']
)
return {'JobId': response['jobID']}
- name: MonitorRecovery
action: 'aws:executeScript'
inputs:
Runtime: python3.8
Handler: monitor_recovery
Script: |
def monitor_recovery(events, context):
import boto3
import time
drs = boto3.client('drs')
job_id = events['JobId']
while True:
status = drs.describe_job(jobID=job_id)
if status['status'] in ['completed', 'failed']:
return status
time.sleep(60)
- name: UpdateDNS
action: 'aws:executeScript'
inputs:
Runtime: python3.8
Handler: update_dns
Script: |
def update_dns(events, context):
import boto3
route53 = boto3.client('route53')
# Actualizar registros DNS
return {'DNSUpdateStatus': 'Success'}
- name: NotifyCompletion
action: 'aws:executeScript'
inputs:
Runtime: python3.8
Handler: notify_completion
Script: |
def notify_completion(events, context):
import boto3
sns = boto3.client('sns')
sns.publish(
TopicArn='arn:aws:sns:region:account:DR-Notifications',
Message=f"DR Recovery completed: {events}",
Subject='DR Recovery Status'
)# infrastructure/ssm/automation/test_automation.py
import boto3
import json
def create_test_automation():
ssm = boto3.client('ssm')
document = {
"schemaVersion": "0.3",
"description": "Automation for DR testing",
"parameters": {
"TestType": {
"type": "String",
"description": "Type of DR test to perform",
"allowedValues": [
"FullFailover",
"PartialFailover",
"ComponentTest"
]
}
},
"mainSteps": [
{
"name": "PrepareTestEnvironment",
"action": "aws:runCommand",
"inputs": {
"DocumentName": "AWS-RunShellScript",
"Parameters": {
"commands": [
"#!/bin/bash",
"echo 'Preparing test environment'",
"# Setup test data",
"# Configure monitoring"
]
}
}
},
{
"name": "ExecuteTest",
"action": "aws:executeAutomation",
"inputs": {
"DocumentName": "DR-Recovery",
"RuntimeParameters": {
"EnvironmentType": "test"
}
}
},
{
"name": "ValidateResults",
"action": "aws:executeScript",
"inputs": {
"Runtime": "python3.8",
"Handler": "validate_test_results",
"Script": "validate_results.py"
}
}
]
}
ssm.create_document(
Content=json.dumps(document),
Name='DR-TestAutomation',
DocumentType='Automation',
DocumentFormat='JSON'
)# testing/dr_test_plan.py
class DRTestPlan:
def __init__(self):
self.ssm = boto3.client('ssm')
self.drs = boto3.client('drs')
def execute_test_plan(self, test_type):
test_cases = {
'FullFailover': self._full_failover_test,
'PartialFailover': self._partial_failover_test,
'ComponentTest': self._component_test
}
test_function = test_cases.get(test_type)
if test_function:
return test_function()
else:
raise ValueError(f"Unknown test type: {test_type}")
def _full_failover_test(self):
steps = [
self._validate_replication_status,
self._execute_failover,
self._verify_applications,
self._test_data_consistency,
self._measure_recovery_time
]
results = []
for step in steps:
result = step()
results.append(result)
if not result['success']:
break
return {
'testType': 'FullFailover',
'steps': results,
'overallSuccess': all(r['success'] for r in results)
}
def _validate_replication_status(self):
try:
response = self.drs.describe_source_servers()
all_healthy = all(
server['state'] == 'HEALTHY'
for server in response['items']
)
return {
'step': 'ValidateReplication',
'success': all_healthy,
'details': response
}
except Exception as e:
return {
'step': 'ValidateReplication',
'success': False,
'error': str(e)
}# testing/validation/test_validator.py
class DRTestValidator:
def __init__(self):
self.cloudwatch = boto3.client('cloudwatch')
def validate_recovery_metrics(self, test_results):
metrics = {
'RecoveryTime': self._validate_recovery_time,
'DataConsistency': self._validate_data_consistency,
'ApplicationHealth': self._validate_application_health
}
validation_results = {}
for metric_name, validator in metrics.items():
validation_results[metric_name] = validator(test_results)
return validation_results
def _validate_recovery_time(self, results):
recovery_time = results.get('recoveryTime', float('inf'))
return {
'metric': 'RecoveryTime',
'value': recovery_time,
'success': recovery_time <= 14400, # 4 hours
'threshold': 14400
}
def _validate_data_consistency(self, results):
consistency_check = results.get('dataConsistency', {})
return {
'metric': 'DataConsistency',
'value': consistency_check.get('percentage', 0),
'success': consistency_check.get('percentage', 0) >= 99.9,
'threshold': 99.9
}# reporting/test_report_generator.py
class DRTestReportGenerator:
def generate_report(self, test_results):
report = {
'executionDate': datetime.now().isoformat(),
'summary': self._generate_summary(test_results),
'details': self._generate_details(test_results),
'recommendations': self._generate_recommendations(test_results)
}
return self._format_report(report)
def _generate_summary(self, results):
return {
'testType': results['testType'],
'overallSuccess': results['overallSuccess'],
'recoveryTime': results.get('recoveryTime'),
'criticalIssues': len([
step for step in results['steps']
if not step['success'] and step.get('critical', True)
])
}
def _format_report(self, report):
template = """
# DR Test Report
## Summary
- Test Type: {testType}
- Overall Success: {overallSuccess}
- Recovery Time: {recoveryTime}
- Critical Issues: {criticalIssues}
## Details
{details}
## Recommendations
{recommendations}
"""
return template.format(**report)# docs/dr_documentation.md
# Plan de Recuperación ante Desastres
## 1. Visión General
- Objetivo del Plan
- Roles y Responsabilidades
- RTO y RPO Objetivos
## 2. Procedimientos
### 2.1 Activación del Plan
1. Criterios de Activación
2. Proceso de Escalamiento
3. Comunicaciones
### 2.2 Recuperación
1. Pasos de Recuperación
2. Validaciones
3. Rollback
### 2.3 Pruebas
1. Tipos de Pruebas
2. Calendario
3. Métricas
## 3. Mantenimiento
- Actualizaciones del Plan
- Revisiones
- Mejora ContinuaEste ejercicio completo proporciona:
Puntos clave para recordar: