AWS Backup is a fully-managed service that makes it easy to centralize and automate data protection across AWS services, in the cloud, and on premises.
This Terraform module provisions and manages AWS Backup resources including backup plans, IAM roles, backup vaults, and related configurations.
- Simplified Management: Abstracts away the complexity of provisioning and configuring AWS Backup resources, reducing the potential for errors and streamlining management tasks.
- Consistent Configuration: Ensures consistency in backup plan configurations across environments, promoting best practices and compliance with organizational policies.
- Scalability: Easily scale your backup infrastructure by defining multiple backup plans and vaults, adapting to changing backup requirements without manual intervention.
- Flexibility: Customize backup rules, IAM roles, vault policies, and SNS notifications to suit your specific backup and recovery needs, providing a tailored solution for your applications and data.
Examples available here
NOTE: These examples use the latest version of this module
module "backup_vault" {
source = "boldlink/backup/aws//modules/vault"
version = "<enter_latest_version_here>"
name = "${var.name}-vault"
}
module "backup_plan" {
source = "boldlink/backup/aws"
version = "<enter_latest_version_here>"
plan_name = "${var.name}-plan"
backup_rules = [
{
rule_name = "${var.name}-rule"
target_vault_name = module.backup_vault.id[0]
schedule = "cron(0 1 ? * * *)"
},
]
}
variable "name" {
description = "The display name of the stack"
type = string
default = "Example-minimum-backup"
}Terraform module documentation
NOTE
- Support for specifying both a day-of-week AND a day-of-month parameter in backup rules is currently not implemented by AWS.
- If you enable
enable_continuous_backup,cold_storage_aftermust not be specified. - Continuous backups and point-in-time restore (PITR) reference the changes recorded over a period of time; therefore, they cannot be scheduled with a time or cron expression.
- You can store continuous backups for up to 35 days.
- When
move to cold storageis enabled, delete_after days must bedays set in cold_storage_afterplus90 days in cold storage or more.
| Name | Version |
|---|---|
| terraform | >= 0.14.11 |
| aws | >= 5.47.0 |
| Name | Version |
|---|---|
| aws | 5.47.0 |
No modules.
| Name | Type |
|---|---|
| aws_backup_plan.main | resource |
| aws_backup_selection.main | resource |
| aws_iam_role.main | resource |
| aws_iam_role_policy_attachment.backup | resource |
| aws_iam_role_policy_attachment.restore | resource |
| aws_iam_policy_document.assume_role | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| backup_rules | A list of rules mapping rule configurations for a backup plan | any |
[] |
no |
| create_iam_role | Whether to create the IAM Role used to authenticate when restoring and backing up the target resources | bool |
true |
no |
| iam_role_arn | he ARN of the IAM role that AWS Backup uses to authenticate when restoring and backing up the target resource. | string |
null |
no |
| plan_name | (Required) The display name of a backup plan. | string |
n/a | yes |
| resource_assignments | A list of maps describing the resource assignments for the backup plan | any |
[] |
no |
| tags | (Optional) Metadata that you can assign to help organize the plans you create. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | map(string) |
{} |
no |
| Name | Description |
|---|---|
| arn | The ARN of the backup plan. |
| create_date | Creation date of the IAM role. |
| id | The id of the backup plan. |
| role_arn | Amazon Resource Name (ARN) specifying the role. |
| role_name | Name of the role. |
| tags_all | A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block. |
| unique_id | Stable and unique string identifying the role. |
| version | Unique, randomly generated, Unicode, UTF-8 encoded string that serves as the version ID of the backup plan. |
This repository uses third party software:
- pre-commit - Used to help ensure code and documentation consistency
- Install with
brew install pre-commit - Manually use with
pre-commit run
- Install with
- terraform 0.14.11 For backwards compatibility we are using version 0.14.11 for testing making this the min version tested and without issues with terraform-docs.
- terraform-docs - Used to generate the Inputs and Outputs sections
- Install with
brew install terraform-docs - Manually use via pre-commit
- Install with
- tflint - Used to lint the Terraform code
- Install with
brew install tflint - Manually use via pre-commit
- Install with
The example stacks are used by BOLDLink developers to validate the modules by building an actual stack on AWS.
Some of the modules have dependencies on other modules (ex. Ec2 instance depends on the VPC module) so we create them first and use data sources on the examples to use the stacks.
Any supporting resources will be available on the tests/supportingResources and the lifecycle is managed by the Makefile targets.
Resources on the tests/supportingResources folder are not intended for demo or actual implementation purposes, and can be used for reference.
The makefile contain in this repo is optimized for linux paths and the main purpose is to execute testing for now.
- Create all tests stacks including any supporting resources:
make tests- Clean all tests except existing supporting resources:
make clean- Clean supporting resources - this is done separately so you can test your module build/modify/destroy independently.
make cleansupporting- !!!DANGER!!! Clean the state files from examples and test/supportingResources - use with CAUTION!!!
make cleanstatefiles