AWS Backup Terraform module

We help companies build, run, deploy and scale software and infrastructure by embracing the right technologies and principles. Check out our website at https://lablabs.io/

Description

A Terraform module to provision AWS Backup

Related Projects

Check out other terraform modules.

Examples

Single account example
Cross account example
- Backup vault in other account will be created

Requirements

Name	Version
terraform	>= 1.3
aws	>= 4.19.0

Modules

Name	Source	Version
source_kms_key	cloudposse/kms-key/aws	0.12.1
source_label	cloudposse/label/null	0.25.0
source_role	cloudposse/iam-role/aws	0.17.0
target_kms_key	cloudposse/kms-key/aws	0.12.1
target_label	cloudposse/label/null	0.25.0
target_role	cloudposse/iam-role/aws	0.17.0

Resources

Name	Type
aws_backup_plan.source	resource
aws_backup_selection.source	resource
aws_backup_selection.tag	resource
aws_backup_vault.source	resource
aws_backup_vault.target	resource
aws_backup_vault_policy.source	resource
aws_backup_vault_policy.target	resource
aws_caller_identity.source	data source
aws_caller_identity.target	data source
aws_iam_policy_document.kms_source_policy	data source
aws_iam_policy_document.kms_target_policy	data source
aws_iam_policy_document.source_vault	data source
aws_iam_policy_document.target_vault	data source

Inputs

Name	Description	Type	Default	Required
attributes	ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`, in the order they appear in the list. New attributes are appended to the end of the list. The elements of the list are joined by the `delimiter` and treated as a single ID element.	`list(string)`	`[]`	no
backup_plans	Backup plans config along with rule and resources setup	list(object({ name = string resources = optional(list(string), []) selection_tags = optional(list(object({ type = string key = string value = string })), []) rules = list(object({ name = string schedule = string enable_continuous_backup = optional(bool) start_window = optional(string, 60) completion_window = optional(number, 180) lifecycle = optional(object({ cold_storage_after = optional(number) delete_after = optional(number) })) copy_action_lifecycle = optional(object({ cold_storage_after = optional(number) delete_after = optional(number) })) recovery_point_tags = optional(map(string)) })) advanced_backup_setting = optional(object({ WindowsVSS = optional(string, null) resource_type = optional(string, null) }), null) }))	`[]`	no
context	Single object for setting entire context at once. See description of individual variables for details. Leave string and numeric variables as `null` to use default value. Individual variable settings (non-null) override settings in context object, except for attributes, tags, and additional_tag_map, which are merged.	`any`	{ "additional_tag_map": {}, "attributes": [], "delimiter": null, "descriptor_formats": {}, "enabled": true, "environment": null, "id_length_limit": null, "label_key_case": null, "label_order": [], "label_value_case": null, "labels_as_tags": [ "unset" ], "name": null, "namespace": null, "regex_replace_chars": null, "stage": null, "tags": {}, "tenant": null }	no
enabled	Variable indicating whether deployment is enabled	`bool`	`true`	no
environment	ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT'	`string`	`null`	no
is_cross_account_backup_enabled	Create backup vault on different account and turn on copy action to this vault (provider.target needs to be set)	`bool`	`false`	no
name	ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'. This is the only ID element not also included as a `tag`. The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input.	`string`	`null`	no
namespace	ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique	`string`	`null`	no
stage	ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release'	`string`	`null`	no
tags	Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`). Neither the tag keys nor the tag values will be modified by this module.	`map(string)`	`{}`	no

Outputs

Name	Description
source_backup_vault_arn	Backup Vault ARN of source backup vault
source_backup_vault_id	Backup Vault ID of source backup vault
target_backup_vault_arn	Backup Vault ARN of target backup vault
target_backup_vault_id	Backup Vault ID of target backup vault

Contributing and reporting issues

Feel free to create an issue in this repository if you have questions, suggestions or feature requests.

Validation, linters and pull-requests

We want to provide high quality code and modules. For this reason we are using several pre-commit hooks and GitHub Actions workflows. A pull-request to the main branch will trigger these validations and lints automatically. Please check your code before you will create pull-requests. See pre-commit documentation and GitHub Actions documentation for further details.

License

See LICENSE for full details.

Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements.  See the NOTICE file
distributed with this work for additional information
regarding copyright ownership.  The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License.  You may obtain a copy of the License at

  https://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied.  See the License for the
specific language governing permissions and limitations
under the License.

lablabs/terraform-aws-backup