Terraform module to provision AWS Backup resources.
Terraform 1.0+. Pin module version to ~> v1.5. Submit pull-requests to main branch. Prior versions on master branch will need ~> v1.3.
If referring directly to the code instead of a pinned version, take note that from release 1.4.0 all future changes will only be made to the main branch.
module "backup" {
source = "umotif-public/backup/aws"
version = "~> 1.5"
vault_name = "test-rds-aurora"
vault_kms_key_arn = "arn:aws:kms:eu-west-1:1111111111:key/07a8a813-fcc9-4d7f-a982648d9c25"
tags = {
Environment = "test"
}
plan_name = "test-backup-plan"
rules = [
{
name = "test-backup-rule"
schedule = "cron(0 12 * * ? *)"
start_window = "65"
completion_window = "180"
recovery_point_tags = {
Project = "test"
Region = "eu-west-1"
}
lifecycle = {
cold_storage_after = 0
delete_after = 90
}
}
]
selection_name = "test-backup-selection"
selection_resources = ["arn:aws:rds:eu-west-1:1111111111:cluster:example-database-1"]
selection_tags = [
{
type = "STRINGEQUALS"
key = "Project"
value = "Test"
},
{
type = "STRINGEQUALS"
key = "Environment"
value = "test"
}
]
}Module is to be used with Terraform > 1.0.
- Backup with Aurora MySQL
- Backup with Aurora MySQL and Aurora PostgreSQL
- Backup with an externally created Vault
- Backup with Vault only
Module managed by:
- Module managed by uMotif.
| Name | Version |
|---|---|
| terraform | >= 1.5.0 |
| aws | >= 4.26.0 |
| Name | Version |
|---|---|
| aws | >= 4.26.0 |
No modules.
| Name | Type |
|---|---|
| aws_backup_plan.main | resource |
| aws_backup_selection.main | resource |
| aws_backup_vault.main | resource |
| aws_backup_vault_notifications.main | resource |
| aws_iam_policy.main_custom_policy | resource |
| aws_iam_role.main | resource |
| aws_iam_role_policy_attachment.main_custom_policy_attach | resource |
| aws_iam_role_policy_attachment.main_role_backup_policy_attach | resource |
| aws_iam_role_policy_attachment.main_role_restore_policy_attach | resource |
| aws_iam_role_policy_attachment.main_role_s3_backup_policy_attach | resource |
| aws_iam_role_policy_attachment.main_role_s3_restore_policy_attach | resource |
| aws_sns_topic.main | resource |
| aws_sns_topic_policy.main | resource |
| aws_iam_policy_document.main | data source |
| aws_iam_policy_document.main_custom_policy | data source |
| aws_iam_policy_document.sns_policy | data source |
| aws_partition.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| advanced_backup_settings | An object that specifies backup options for each resource type | any |
[] |
no |
| backup_vault_events | An array of events that indicate the status of jobs to back up resources to the backup vault. | list(string) |
[ |
no |
| create_sns_topic | Create SNS Topic | bool |
true |
no |
| enable_sns_notifications | Enable Backup Vault Notifications | bool |
false |
no |
| iam_role_name | Name of IAM Role to associate to the Backup Plan | string |
null |
no |
| plan_name | The display name of a backup plan | string |
n/a | yes |
| rules | A list of rules mapping rule configurations for a backup plan | any |
[] |
no |
| selection_name | The display name of a resource selection document | string |
null |
no |
| selection_not_resources | An array of strings that either contain Amazon Resource Names (ARNs) or match patterns of resources to exclude from a backup plan. | list(string) |
[] |
no |
| selection_resources | A list of strings that either contain Amazon Resource Names (ARNs) or match patterns of resources to assign to a backup plan | list(string) |
[] |
no |
| selection_tags | A list of selection tags map | list(any) |
[] |
no |
| sns_topic_arn | The Amazon Resource Name (ARN) that specifies the topic for a backup vault’s events | string |
null |
no |
| tags | A mapping of tags to assign to the resource | map(string) |
{} |
no |
| vault_force_destroy | A boolean that indicates that all recovery points stored in the vault are deleted so that the vault can be destroyed without error. | bool |
false |
no |
| vault_kms_key_arn | The server-side encryption key that is used to protect your backups | string |
null |
no |
| vault_name | Name of the backup vault to create. If not given, AWS use default | string |
null |
no |
| vault_sns_kms_key_arn | The server-side encryption key that is used to protect SNS messages for backups | string |
null |
no |
| Name | Description |
|---|---|
| backup_plan_arn | The Amazon Resource Name (ARN) that identifies the backup plan |
| backup_plan_id | The name of the backup plan |
| backup_plan_version | Unique, randomly generated, Unicode, UTF-8 encoded string that serves as the version ID of the backup plan. |
| backup_selection_id | The identifier of the backup selection |
| backup_sns_topic_arn | The Amazon Resource Name (ARN) that specifies the topic for a backup vault’s events |
| backup_vault_arn | The Amazon Resource Name (ARN) that identifies the AWS Backup Vault |
| backup_vault_events | An array of events that indicate the status of jobs to back up resources to the backup vault. |
| backup_vault_iam_role_arn | The ARN of the backup IAM role |
| backup_vault_iam_role_name | The name of the backup IAM role |
| backup_vault_id | The name of the AWS Backup Vault |
| backup_vault_recovery_points | The number of recovery points that are stored in a backup vault |
See LICENSE for full details.
pre-committerraform-docsrequired forterraform_docshooks.TFLintrequired forterraform_tflinthook.golangrequired for running tests.
We are using Terratest to run tests on this module.
brew install go
# Change to test directory
cd test
# Get dependencies
go mod download
# Run tests
go test -v -timeout 30mbrew install pre-commit terraform-docs tflint
brew tap git-chglog/git-chglog
brew install git-chglog