This module creates an entire AWS Backup configuration with a vault, plan, selection and optional IAM Role
Due to previous bugs 8431 and 8737
we need to set the minimum aws provider version at 2.34.0
module "backup" {
source = "[email protected]:rackspace-infrastructure-automation/aws-terraform-backup//modules/backup/?ref=v0.12.0"
iam_role_name = "newRolename"
plan_name = "newPlanName"
resources = [
#Dynamo
"arn:aws:dynamodb:us-west-2:<account>:table/<table_name>",
# EFS
"arn:aws:elasticfilesystem:us-west-2:<account>:file-system/fs-c9f44862",
# EBS
"arn:aws:ec2:us-west-2:<account>:volume/vol-0589bb15c1d311dfa",
]
rule_name = "newRuleName"
selection_name = "fullSelectionName"
selection_tag = [
{
type = "STRINGEQUALS"
key = "backup_it"
value = "all"
},
]
vault_name = "newVault"
}Changes were required while adding terraform 0.12 compatibility.
The following module variable was updated due to requirements for a reserved name:
lifecycle->lifecycle_bu
No provider.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| completion_window | The amount of time AWS Backup attempts a backup before canceling the job and returning an error. Defaults to 8 hours. Completion windows only apply to EFS backups. | number |
480 |
no |
| create_iam_role | Create a new IAM role that AWS Backup uses to authenticate when backing up the target resource(s) using the default policy, AWSBackupServiceRolePolicyForBackup. Setting this to true must be accompanied by iam_role_name. If this is false and both iam_role_arn and iam_role_name are empty the module will attempt to use the default AWS Backup role, AWSBackupDefaultServiceRole. |
bool |
false |
no |
| environment | Application environment for which these resources are being created, e.g. Production, Development, etc. | string |
"Development" |
no |
| iam_role_arn | Optional, the ARN of an existing IAM role that AWS Backup uses to authenticate when backing up the target resource(s). Must have the appropriate permissions for the target(s) and AWS Backup. | string |
"" |
no |
| iam_role_name | Optional, the name for the IAM Role to be created if setting create_iam_role to true. |
string |
"" |
no |
| kms_key_arn | Optional server-side KMS encryption key that is used to protect your backups. If this is not provided AWS Backup will use a default aws:kms key for this service. | string |
"" |
no |
| lifecycle_bu | Optionally specify a lifecycle configuration map for the backup. lifecycle_enable must be true.cold_storage_after - (Optional) Specifies the number of days after creation that a recovery point is moved to cold storage. delete_after - (Optional) Specifies the number of days after creation that a recovery point is deleted. Must be 90 days greater than cold_storage_after. See examples. |
map(string) |
{} |
no |
| lifecycle_enable | Set to true if an input was provided for variable lifecycle. |
bool |
false |
no |
| plan_name | The display name of the backup plan. | string |
n/a | yes |
| plan_tags | Map of tags to assign to created plan. | map(string) |
{} |
no |
| recovery_point_tags | Map of tags to assign to created recovery points. Note that changes to this variable once set will require the rule to be deleted due to Terraform providers issues 8431 and 8737. | map(string) |
{} |
no |
| resources | Optional list of strings that either contain Amazon Resource Names (ARNs) or match patterns of resources to assign to a backup plan. Must use selection_tag and/or resources. i.e ['arn:aws:ec2:us-east-1:123456789012:volume/','arn:aws:ec2:us-east-1:56789012234:volume/'] |
list(string) |
[] |
no |
| rule_name | A display name for the backup rule. | string |
n/a | yes |
| schedule | A CRON expression specifying when AWS Backup initiates a backup job. Default is 05:00 UTC every day. Consult https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ScheduledEvents.html for expression help. | string |
"cron(0 5 ? * * *)" |
no |
| selection_name | The display name of the resource selection document. | string |
n/a | yes |
| selection_tag | Optional list of maps used to specify a set of resources to assign to a backup plan. Must use selection_tag and/or resources. Please note that due to Terraform limitations, because selection_tag is a block, interpolations inside a given list may result in an error.type - must equal "STRINGEQUALS"key - the tag key to match value - the tag value to match See examples. |
list(map(string)) |
[] |
no |
| start_window | The amount of time in minutes after a backup is scheduled before a job is canceled if it doesn't start successfully. Minimum and Default value is 60. Max is 720 (12 Hours). | number |
60 |
no |
| vault_name | Name of the backup vault to create. | string |
n/a | yes |
| vault_tags | Map of tags to assign to created vault. | map(string) |
{} |
no |
| Name | Description |
|---|---|
| backup_iam_role_arn | ARN for given IAM Role or newly created IAM Role. |
| plan_arn | Plan ARN. |
| plan_id | Plan ID |
| plan_version | Unique, randomly generated, Unicode, UTF-8 encoded string that serves as the version ID of the backup plan. |
| selection_id | Backup Selection identifier. |
| vault_arn | The ARN of the vault. |
| vault_name | The name of the vault. |
| vault_recovery_points | The number of recovery points that are stored in a backup vault. |