-
-
Notifications
You must be signed in to change notification settings - Fork 33
/
Copy pathREADME.yaml
165 lines (136 loc) · 6.09 KB
/
README.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
#
# This is the canonical configuration for the `README.md`
# Run `make readme` to rebuild the `README.md`
#
# Name of this project
name: terraform-aws-efs-backup
# Tags of this project
tags:
- aws
- terraform
- terraform-modules
- backups
- datapipeline
- s3
- efs
- nfs
- snapshot
- lambda
- automatic
- scheduled-job
- cronjob
# Categories of this project
categories:
- terraform-modules/backups
# Logo for this project
#logo: docs/logo.png
# License of this project
license: "APACHE2"
# Canonical GitHub repo
github_repo: cloudposse/terraform-aws-efs-backup
# Badges to display
badges:
- name: Latest Release
image: https://img.shields.io/github/release/cloudposse/terraform-aws-efs-backup.svg?style=for-the-badge
url: https://github.com/cloudposse/terraform-aws-efs-backup/releases/latest
- name: Last Updated
image: https://img.shields.io/github/last-commit/cloudposse/terraform-aws-efs-backup.svg?style=for-the-badge
url: https://github.com/cloudposse/terraform-aws-efs-backup/commits
- name: Slack Community
image: https://slack.cloudposse.com/for-the-badge.svg
url: https://slack.cloudposse.com
# List any related terraform modules that this module may be used with or that this module depends on.
related:
- name: "terraform-aws-efs"
description: "Terraform Module to define an EFS Filesystem (aka NFS)"
url: "https://github.com/cloudposse/terraform-aws-efs"
- name: "terraform-aws-efs-cloudwatch-sns-alarms"
description: "Terraform module that configures CloudWatch SNS alerts for EFS"
url: "https://github.com/cloudposse/terraform-aws-efs-cloudwatch-sns-alarms"
# Short description of this project
description: |-
Terraform module designed to easily backup EFS filesystems to S3 using DataPipeline.
The workflow is simple:
* Periodically launch resource (EC2 instance) based on schedule
* Execute the shell command defined in the activity on the instance
* Sync data from Production EFS to S3 Bucket by using `aws-cli`
* The execution log of the activity is stored in `S3`
* Publish the success or failure of the activity to an `SNS` topic
* Automatically rotate the backups using `S3 lifecycle rule`
# How to use this project
usage: |-
Include this module in your existing terraform code:
```hcl
module "efs_backup" {
source = "git::https://github.com/cloudposse/terraform-aws-efs-backup.git?ref=master"
name = "${var.name}"
stage = "${var.stage}"
namespace = "${var.namespace}"
vpc_id = "${var.vpc_id}"
efs_mount_target_id = "${var.efs_mount_target_id}"
use_ip_address = "false"
noncurrent_version_expiration_days = "${var.noncurrent_version_expiration_days}"
ssh_key_pair = "${var.ssh_key_pair}"
datapipeline_config = "${var.datapipeline_config}"
modify_security_group = "true"
}
output "efs_backup_security_group" {
value = "${module.efs_backup.security_group_id}"
}
```
## Integration with `EFS`
To enable connectivity between the `DataPipeline` instances and the `EFS`, use one of the following methods to configure Security Groups:
1. Explicitly add the `DataPipeline` SG (the output of this module `security_group_id`) to the list of the `ingress` rules of the `EFS` SG. For example:
```hcl
module "elastic_beanstalk_environment" {
source = "git::https://github.com/cloudposse/terraform-aws-elastic-beanstalk-environment.git?ref=master"
namespace = "${var.namespace}"
name = "${var.name}"
stage = "${var.stage}"
delimiter = "${var.delimiter}"
attributes = ["${compact(concat(var.attributes, list("eb-env")))}"]
tags = "${var.tags}"
# ..............................
}
module "efs" {
source = "git::https://github.com/cloudposse/terraform-aws-efs.git?ref=tmaster"
namespace = "${var.namespace}"
name = "${var.name}"
stage = "${var.stage}"
delimiter = "${var.delimiter}"
attributes = ["${compact(concat(var.attributes, list("efs")))}"]
tags = "${var.tags}"
# Allow EB/EC2 instances and DataPipeline instances to connect to the EFS
security_groups = ["${module.elastic_beanstalk_environment.security_group_id}", "${module.efs_backup.security_group_id}"]
}
module "efs_backup" {
source = "git::https://github.com/cloudposse/terraform-aws-efs-backup.git?ref=master"
name = "${var.name}"
stage = "${var.stage}"
namespace = "${var.namespace}"
delimiter = "${var.delimiter}"
attributes = ["${compact(concat(var.attributes, list("efs-backup")))}"]
tags = "${var.tags}"
# Important to set it to `false` since we added the `DataPipeline` SG (output of the `efs_backup` module) to the `security_groups` of the `efs` module
# See NOTE below for more information
modify_security_group = "false"
# ..............................
}
```
2. Set `modify_security_group` attribute to `true` so the module will modify the `EFS` SG to allow the `DataPipeline` to connect to the `EFS`
**NOTE:** Do not mix these two methods together.
`Terraform` does not support using a Security Group with in-line rules in conjunction with any Security Group Rule resources.
https://www.terraform.io/docs/providers/aws/r/security_group_rule.html
> NOTE on Security Groups and Security Group Rules: Terraform currently provides both a standalone Security Group Rule resource
(a single ingress or egress rule), and a Security Group resource with ingress and egress rules defined in-line.
At this time you cannot use a Security Group with in-line rules in conjunction with any Security Group Rule resources.
Doing so will cause a conflict of rule settings and will overwrite rules.
references:
- name: "datapipeline-efs-backup-demo"
description: 'Thanks for inspiration'
url: "https://github.com/knakayama/datapipeline-efs-backup-demo"
include:
- "docs/targets.md"
- "docs/terraform.md"
# Contributors to this project
contributors: []