Skip to content

T
terraform-aws-backups
Commit d25da88e authored by Jose Ernesto Suarez's avatar Jose Ernesto Suarez
Browse files
Options

Initial commit

parents
Expand all Show whitespace changes
Inline Side-by-side
Showing with 237 additions and 0 deletions
.gitignore 0 → 100644
View file @ d25da88e
.history
.DS_Store
.terraform/
.terragrunt-cache/
*.tfstate*
*.zip
.git/
.vscode/
.idea/
\ No newline at end of file
LICENSE 0 → 100644
View file @ d25da88e
This diff is collapsed.
README.md 0 → 100644
View file @ d25da88e
# Introduction
Module to configure backups.
You can select a resource to backup with `selection tags` or selecting the `resources`.
# Example
```
vault_name = "customer-infra"
backup_plan_name = "d1w_w2w"
backup_plan_rules = [{
name = "d1w"
resources = []
selection_tag = [{
type = "STRINGEQUALS"
key = "Name"
value = "customer-platform-infra"
}]
schedule = "cron(0 21 ? * MON-SAT *)"
start_window = 60
completion_window = 240
delete_after = 6
},{
name = "w2w"
resources = []
selection_tag = [{
type = "STRINGEQUALS"
key = "Name"
value = "customer-platform-infra"
}]
schedule = "cron(0 21 ? * SUN *)"
start_window = 60
completion_window = 240
delete_after = 15
}]
```
\ No newline at end of file
main.tf 0 → 100644
View file @ d25da88e
resource "aws_backup_vault" "default" {
count = var.enable_backup ? 1 : 0
name = var.vault_name
kms_key_arn = var.kms_key_arn
tags = var.tags
}
resource "aws_backup_plan" "default" {
count = var.enable_backup ? 1 : 0
name = "${var.vault_name}-${var.backup_plan_name}"
tags = var.tags
dynamic "rule" {
for_each = var.backup_plan_rules
content {
rule_name = rule.value.name
target_vault_name = aws_backup_vault.default[0].name
schedule = rule.value.schedule
start_window = rule.value.start_window
completion_window = rule.value.completion_window
recovery_point_tags = var.tags
dynamic "lifecycle" {
for_each = rule.value.delete_after != null ? ["true"] : []
content {
delete_after = rule.value.delete_after
}
}
}
}
}
data "aws_iam_policy_document" "assume_role" {
count = var.enable_backup ? 1 : 0
statement {
effect = "Allow"
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["backup.amazonaws.com"]
}
}
}
resource "aws_iam_role" "default" {
count = var.enable_backup ? 1 : 0
name = "${var.vault_name}-backup-role"
assume_role_policy = join("", data.aws_iam_policy_document.assume_role.*.json)
tags = var.tags
}
resource "aws_iam_role_policy_attachment" "default" {
count = var.enable_backup ? 1 : 0
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup"
role = join("", aws_iam_role.default.*.name)
}
resource "aws_backup_selection" "default" {
count = var.enable_backup ? length(var.backup_plan_rules) : 0
name = "${var.vault_name}-selection-${var.backup_plan_rules[count.index].name}"
iam_role_arn = join("", aws_iam_role.default.*.arn)
plan_id = aws_backup_plan.default[0].id
resources = var.backup_plan_rules[count.index].resources
dynamic "selection_tag" {
for_each = var.backup_plan_rules[count.index].selection_tag
content {
type = selection_tag.value.type
key = selection_tag.value.key
value = selection_tag.value.value
}
}
}
outputs.tf 0 → 100644
View file @ d25da88e
output "backup_vault_id" {
value = join("", aws_backup_vault.default.*.id)
description = "Backup Vault ID"
}
output "backup_vault_arn" {
value = join("", aws_backup_vault.default.*.arn)
description = "Backup Vault ARN"
}
output "backup_vault_recovery_points" {
value = join("", aws_backup_vault.default.*.recovery_points)
description = "Backup Vault recovery points"
}
output "backup_plan_arn" {
value = join("", aws_backup_plan.default.*.arn)
description = "Backup Plan ARN"
}
output "backup_plan_version" {
value = join("", aws_backup_plan.default.*.version)
description = "Unique, randomly generated, Unicode, UTF-8 encoded string that serves as the version ID of the backup plan"
}
output "backup_selection_id" {
value = join("", aws_backup_selection.default.*.id)
description = "Backup Selection ID"
}
provider.tf 0 → 100644
View file @ d25da88e
provider "aws" {
region = var.region
}
\ No newline at end of file
variables.tf 0 → 100644
View file @ d25da88e
variable "enable_backup" {
type = bool
description = "Enable backup true creates all resources associated to this module"
}
variable "region" {
description = "Region where the backups will be configured"
type = string
default = "eu-west-1"
}
variable "vault_name" {
type = string
description = "Solution name, e.g. 'app' or 'cluster'"
}
variable "tags" {
type = map(string)
default = {}
description = "Additional tags (e.g. `map('BusinessUnit`,`XYZ`)"
}
variable "kms_key_arn" {
type = string
description = "The server-side encryption key that is used to protect your backups"
default = null
}
variable "backup_plan_name" {
description = "Plan name"
type = string
default = "d1w_w2w"
}
variable "backup_plan_rules" {
description = "Backups plan to be created and store their backups in the vault"
type = list(object({
name = string
resources = list(string)
selection_tag = list(map(string))
schedule = string
start_window = number
completion_window = number
delete_after = number
}))
default = [{
name = "d1w"
resources = []
selection_tag = []
schedule = "cron(0 21 ? * MON-SAT *)"
start_window = 60
completion_window = 240
delete_after = 6
},{
name = "w2w"
resources = []
selection_tag = []
schedule = "cron(0 21 ? * SUN *)"
start_window = 60
completion_window = 240
delete_after = 15
}]
}
\ No newline at end of file
versions.tf 0 → 100644
View file @ d25da88e
terraform {
required_version = ">= 0.13"
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.7"
}
local = {
source = "hashicorp/local"
}
null = {
source = "hashicorp/null"
}
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment