Skip to content

Latest commit

 

History

History
170 lines (135 loc) · 10.1 KB

README.md

File metadata and controls

170 lines (135 loc) · 10.1 KB

License Latest Release Build Status Build Status Build Status Build Status Build Status Build Status Build Status Build Status

AWS Backup Terraform Module

Description

AWS Backup is a fully-managed service that makes it easy to centralize and automate data protection across AWS services, in the cloud, and on premises.

This Terraform module provisions and manages AWS Backup resources including backup plans, IAM roles, backup vaults, and related configurations.

Why use this module over standard resources

  • Simplified Management: Abstracts away the complexity of provisioning and configuring AWS Backup resources, reducing the potential for errors and streamlining management tasks.
  • Consistent Configuration: Ensures consistency in backup plan configurations across environments, promoting best practices and compliance with organizational policies.
  • Scalability: Easily scale your backup infrastructure by defining multiple backup plans and vaults, adapting to changing backup requirements without manual intervention.
  • Flexibility: Customize backup rules, IAM roles, vault policies, and SNS notifications to suit your specific backup and recovery needs, providing a tailored solution for your applications and data.

Examples available here

Usage

NOTE: These examples use the latest version of this module

module "backup_vault" {
  source  = "boldlink/backup/aws//modules/vault"
  version = "<enter_latest_version_here>"
  name    = "${var.name}-vault"
}

module "backup_plan" {
  source          = "boldlink/backup/aws"
  version         = "<enter_latest_version_here>"
  plan_name = "${var.name}-plan"
  backup_rules = [
    {
      rule_name         = "${var.name}-rule"
      target_vault_name = module.backup_vault.id[0]
      schedule          = "cron(0 1 ? * * *)"
    },
  ]
}

variable "name" {
  description = "The display name of the stack"
  type        = string
  default     = "Example-minimum-backup"
}

Documentation

AWS Backup Documentation

Terraform module documentation

NOTE

  • Support for specifying both a day-of-week AND a day-of-month parameter in backup rules is currently not implemented by AWS.
  • If you enable enable_continuous_backup, cold_storage_after must not be specified.
  • Continuous backups and point-in-time restore (PITR) reference the changes recorded over a period of time; therefore, they cannot be scheduled with a time or cron expression.
  • You can store continuous backups for up to 35 days.
  • When move to cold storage is enabled, delete_after days must be days set in cold_storage_after plus 90 days in cold storage or more.

Requirements

Name Version
terraform >= 0.14.11
aws >= 5.47.0

Providers

Name Version
aws 5.47.0

Modules

No modules.

Resources

Name Type
aws_backup_plan.main resource
aws_backup_selection.main resource
aws_iam_role.main resource
aws_iam_role_policy_attachment.backup resource
aws_iam_role_policy_attachment.restore resource
aws_iam_policy_document.assume_role data source

Inputs

Name Description Type Default Required
backup_rules A list of rules mapping rule configurations for a backup plan any [] no
create_iam_role Whether to create the IAM Role used to authenticate when restoring and backing up the target resources bool true no
iam_role_arn he ARN of the IAM role that AWS Backup uses to authenticate when restoring and backing up the target resource. string null no
plan_name (Required) The display name of a backup plan. string n/a yes
resource_assignments A list of maps describing the resource assignments for the backup plan any [] no
tags (Optional) Metadata that you can assign to help organize the plans you create. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. map(string) {} no

Outputs

Name Description
arn The ARN of the backup plan.
create_date Creation date of the IAM role.
id The id of the backup plan.
role_arn Amazon Resource Name (ARN) specifying the role.
role_name Name of the role.
tags_all A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
unique_id Stable and unique string identifying the role.
version Unique, randomly generated, Unicode, UTF-8 encoded string that serves as the version ID of the backup plan.

Third party software

This repository uses third party software:

  • pre-commit - Used to help ensure code and documentation consistency
    • Install with brew install pre-commit
    • Manually use with pre-commit run
  • terraform 0.14.11 For backwards compatibility we are using version 0.14.11 for testing making this the min version tested and without issues with terraform-docs.
  • terraform-docs - Used to generate the Inputs and Outputs sections
    • Install with brew install terraform-docs
    • Manually use via pre-commit
  • tflint - Used to lint the Terraform code
    • Install with brew install tflint
    • Manually use via pre-commit

Supporting resources:

The example stacks are used by BOLDLink developers to validate the modules by building an actual stack on AWS.

Some of the modules have dependencies on other modules (ex. Ec2 instance depends on the VPC module) so we create them first and use data sources on the examples to use the stacks.

Any supporting resources will be available on the tests/supportingResources and the lifecycle is managed by the Makefile targets.

Resources on the tests/supportingResources folder are not intended for demo or actual implementation purposes, and can be used for reference.

Makefile

The makefile contain in this repo is optimized for linux paths and the main purpose is to execute testing for now.

  • Create all tests stacks including any supporting resources:
make tests
  • Clean all tests except existing supporting resources:
make clean
  • Clean supporting resources - this is done separately so you can test your module build/modify/destroy independently.
make cleansupporting
  • !!!DANGER!!! Clean the state files from examples and test/supportingResources - use with CAUTION!!!
make cleanstatefiles

BOLDLink-SIG 2024