Fsx backup checks

[kk1532]

Adding a new filter called 'consecutive-backups' for collecting daily backup reports of AWS Fsx resources, so that we can determine the number of consecutive daily backups for each AWS Fsx resources. The compliance reporting requires that all AWS Fsx resources should have at least 7 days worth of backups. This filter allows to calculate the number of daily consecutive backups.

Sample policy

 - name: fsx-daily-backup-count
   resource: fsx
   filters:
         - type: consecutive-backups
           days: 7
   actions:
      - type: notify

Similar filter was created for RDS instances and RDS Cluster resources. The difference on this PR is, for ONTAP and Non ONTAP Fsx resources backup methods are different. So the API calls are also different.

Below is the reference to the RDS related PR.
#7190

[darrendao]

@kk1532 can you update the PR with a proper description?

[kk1532]

Adding a new filter called 'consecutive-backups' for collecting daily backup reports of AWS Fsx resources, so that we can determine the number of consecutive daily backups for each AWS Fsx resources. The compliance reporting requires that all AWS Fsx resources should have at least 7 days worth of backups. This filter allows to calculate the number of daily consecutive backups.

Sample policy

 - name: fsx-daily-backup-count
   resource: fsx
   filters:
         - type: consecutive-backups
           days: 7
   actions:
      - type: notify

Similar filter was created for RDS instances and RDS Cluster resources. The difference on this PR is, for ONTAP and Non ONTAP Fsx resources backup methods are different. So the API calls are also different.

Below is the reference to the RDS related PR.
#7190

[darrendao]

@kk1532 for the PR description, can you put it at the top (edit) rather than putting it as a comment down here? That way people can quickly understand what this PR is about.

[ajkerrigan]

This looks good to me @kk1532 , nice job adapting the existing RDS filter to a more complex resource 👍

[ajkerrigan]

Nice use of chunking and filters here, and handling the differences between ONTAP and non-ONTAP file systems. I wasn't familiar with the nuances of filesystem vs. volume-level backups until reviewing this, but your code looked clear anyway and that's a good sign 👍

[kk1532]

@ajkerrigan Thank you for the approval.

[ajkerrigan]

Apologies, noticed an issue late with regard to chunking. FYI I found the max number of filter values in the service data here but you can also produce a failure on demand with an intentionally broken AWS CLI command like this:

aws fsx describe-backups --filters Name=file-system-id,Values=[fs-12345678901234567,...]

And copy the same file system ID 21 times 🙈 . You'll get an error like:

An error occurred (BadRequest) when calling the DescribeBackups operation: 1 validation error detected: Value '...' at 'filters.1.member.values' failed to satisfy constraint: Member must have length less than or equal to 20

[ajkerrigan]

Actually I noticed something here that we'll need to tweak. First, it looks like the max number of filter values per API call is 20 (reference). And second, we'll need to handle the chunking at a different level. As-is the chunking includes ontap and non-ontap filesystems - we'd want to chunk those separately because they feed into separate API calls. Also since ontap backups are volume-based and there may be more than one volume per filesystem, we'll need to chunk at the volume-level rather than filesystem-level.

My gut says that it'd be helpful to:

• Split process_resource_set into dedicated separate methods for ontap and non-ontap resources
• Handle the chunking in those individual methods, at the volume level for ontap and filesystem level for non-ontap

[kk1532]

• As suggested I have splitted the method process_resource_set into two as for ontap and non-ontap resources
• Changed the chunking logics as well.
• Now it should handle the describe filter limitation issue.

[ajkerrigan]

Looks good with the changes, thanks again for the work on this one @kk1532 !