/terraform-aws-backup

Terraform module to automate the backup of data across AWS services using a resource tag.

Primary LanguageHCLApache License 2.0Apache-2.0

terraform-aws-backup

Lint Status LICENSE

This terraform module automate the backup of data across AWS services using a resource tag.

The following resources will be created:

  • An Identity and Access Management (IAM) that Provides AWS Backup permissions to create backups of all supported resource types on your behalf.
  • AWS Backup - It is a fully managed backup service that makes it easy to centralize and automate the backup of data across AWS services
  • AWS Vault - Backup vaults are containers where your backups are stored. You can have one default vault, or multiple vaults to backup to.
  • AWS Backup plan - Backup rules specify the backup schedule, backup window, and lifecycle rules.
    • The amount of time AWS Backup attempts a backup before canceling the job and returning an error
      • The default value is 120
    • The number of days after creation that a recovery point is moved to cold storage
      • The default value is 30
    • The number of days after creation that a recovery point is deleted. Must be 90 days greater than cold storage
      • The default value is 120
    • The amount of time in minutes before beginning a backup
      • The default value is 60
    • A cron specifying when AWS Backup initiates a backup job

Requirements

No requirements.

Providers

Name Version
aws n/a

Inputs

Name Description Type Default Required
account_type Type of the account to create backup resources. string "workload" no
backup_vault_events An array of events that indicate the status of jobs to back up resources to the backup vault list(string) 
[
  "BACKUP_JOB_FAILED",
  "COPY_JOB_FAILED"
]
 no
changeable_for_days The number of days before the lock date. Until that time, the configuration can be edited or removed. The minimum number of day is 3 days number null no
enable_aws_backup_vault_notifications Enable vault notifications bool false no
enabled Change to false to avoid deploying any AWS Backup resources bool true no
max_retention_days The maximum retention period that the vault retains its recovery points number null no
min_retention_days The minimum retention period that the vault retains its recovery points number null no
name Name of the backup vault to create. string "" no
rule List of backup rules 
list(object({
    rule_name                    = string
    target_vault_name            = string
    schedule                     = string
    start_window                 = number
    completion_window            = number
    enable_continuous_backup    = bool
    lifecycle_cold_storage_after = number
    lifecycle_delete_after       = number
    lifecycle                    = object({
      cold_storage_after = number
      delete_after       = number
    })
  }))
 
[
  {
    "completion_window": 120,
    "enable_continuous_backup": true,
    "lifecycle": {
      "cold_storage_after": null,
      "delete_after": 30
    },
    "lifecycle_cold_storage_after": null,
    "lifecycle_delete_after": 30,
    "rule_name": "backup-rule",
    "schedule": null,
    "start_window": 60,
    "target_vault_name": "backup-vault"
  }
]
 no
rule_completion_window The amount of time AWS Backup attempts a backup before canceling the job and returning an error number 120 no
rule_lifecycle_cold_storage_after Specifies the number of days after creation that a recovery point is moved to cold storage number 30 no
rule_lifecycle_delete_after Specifies the number of days after creation that a recovery point is deleted. Must be 90 days greater than cold_storage_after number 120 no
rule_schedule A CRON expression specifying when AWS Backup initiates a backup job string null no
rule_start_window The amount of time in minutes before beginning a backup number 60 no
selection_resources An array of strings that either contain Amazon Resource Names (ARNs) or match patterns of resources to assign to a backup plan list(any) [] no
selection_tag_key The key in a key-value pair string "Backup" no
selection_tag_type An operation, such as StringEquals, that is applied to a key-value pair used to filter resources in a selection string "STRINGEQUALS" no
selection_tag_value The value in a key-value pair string "true" no
vault_kms_key_arn The server-side encryption key that is used to protect your backups string null no
vault_notification_sns_topic_arn The Amazon Resource Name (ARN) that specifies the topic for a backup vaults events string "" no
vault_policy The backup vault access policy document in JSON format string "" no

Outputs

No output.

Authors

Module managed by DNX Solutions.

License

Apache 2 Licensed. See LICENSE for full details.