They had the following requirements:
- Full backup every night. No need to worry about differentials or incrementals.
- Backups must be encrypted prior to transmission.
- Transmission must take place over secure channel.
- Following a backup run, an email notification must be sent to the DBA's.
- Instead of 3DES, I used AES192 CBC mode, mostly due to performance reasons. Also, due to Cipher Block Chaining mode, any file corruption during file transfer would be detected during decryption.
- Integrated s3cp for uploading the resulting encrypted dump file to AWS S3.
- Added lines to calculate backup size and md5 checksum to be included in the emails sent to DBAs.
- Added email notification feature.
Update: Redacted documentation "AWS_MySQL_backup.pdf"