Skip to content

Latest commit

 

History

History
97 lines (82 loc) · 6.33 KB

README.md

File metadata and controls

97 lines (82 loc) · 6.33 KB

AWS Backup Plan Module

This module creates AWS Backup Plan and Backup Vault.

Example

# main.tf
module "backup_plan" {
  source = "git::https://github.com/lpavliuk/Terraform-Modules.git//aws_backup_plan"

  name = local.codename

  backup_resources      = []
  backup_not_resources  = [
    # For the following resources separate backup plans are used:
    "arn:aws:s3:::*"
  ]
  backup_selection_tags = [{
    type  = "STRINGEQUALS"
    key   = "backup-plan:${local.codename}"
    value = "true"
  }]

  rules = [
    { # Run at 14:00 UTC (01:00 Sydney AEDT) every day
      name                   = "daily"
      schedule_cron          = "0 14 ? * * *"
      start_window_mins      = 120 # 2 hours
      completion_window_mins = 240 # 4 hours
      lifecycle              = {
        delete_after_days = 30
      }
      copy_action = {
        destination_vault_arn = local.cross_region_backup_vault_arn
        lifecycle             = {
          delete_after_days = 30
        }
      }
    }
  ]

  notifications_sns_topic_arn = local.notifications_sns_topic_arn
  notifications_events        = [
    "BACKUP_JOB_FAILED",
    "COPY_JOB_FAILED",
  ]
}

Requirements

Name Version
terraform < 2.0.0, >= 1.6.6
aws < 6.0, >= 5.22

Inputs

Name Description Type Default Required
name Codename for this backup plan string n/a yes
rules List of backup plan rules.
start_window_min: >= 60 mins

schedule_cron expressions reference		 
list(object({
    name                     = string
    schedule_cron            = string
    start_window_mins        = optional(string)
    completion_window_mins   = optional(string)
    enable_continuous_backup = optional(string)
    recovery_point_tags      = optional(map(string))
    lifecycle                = optional(object({
      cold_storage_after_days = optional(number)
      delete_after_days       = optional(number)
    }))
    copy_action              = optional(object({
      destination_vault_arn = string
      lifecycle             = optional(object({
        cold_storage_after_days = optional(number)
        delete_after_days       = optional(number)
      }))
    }))
  }))
 n/a yes
backup_resources List of resources ARNs that get backup by this plan list(string) [] no
backup_not_resources List of resources ARNs this plan will ignore list(string) [] no
backup_selection_tags List of tags resource of which will get backup by this plan. Available type:
- STRINGEQUALS
- STRINGLIKE
- STRINGNOTEQUALS
- STRINGNOTLIKE		 
list(object({
    type  = string
    key   = string
    value = string
  }))
 [] no
notifications_events List of the notification events. Available:
- BACKUP_JOB_STARTED
- BACKUP_JOB_COMPLETED
- BACKUP_JOB_FAILED
- COPY_JOB_STARTED
- COPY_JOB_SUCCESSFUL
- COPY_JOB_FAILED
- RESTORE_JOB_STARTED
- RESTORE_JOB_COMPLETED
- RECOVERY_POINT_MODIFIED
- S3_BACKUP_OBJECT_FAILED
- S3_RESTORE_OBJECT_FAILED

Backup Vault Notifications		 list(string) [] no
notifications_sns_topic_arn SNS topic ARN for all notifications are defined in notifications_events string "" no

Outputs

Name Description
id Backup Plan ID
arn Backup Plan ARN
name Backup Plan Name
backup_vault_id Backup Vault ID
backup_vault_arn Backup Vault ARN
backup_vault_name Backup Vault Name

Resources

Name Type
aws_backup_plan.this resource
aws_backup_selection.this resource
aws_backup_vault.this resource
aws_backup_vault_notifications.this resource
aws_cloudwatch_metric_alarm.backup_jobs_failed resource
aws_iam_role.this resource
aws_iam_role_policy_attachment.this_iam_role resource
aws_caller_identity.current data source
aws_iam_policy_document.assume_role data source
aws_partition.current data source