Support for AWS Backup

[Quentin-M]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

AWS just launched a new service called AWS Backup, which replaces and significantly extends the AWS Data Lifecycle Manager; by providing finer-grained policies (e.g. cron schedule), cold storage, adding the ability to backup not only EBS volumes but various other services (e.g. RDS databases, DynamoDB tables, EFS file systems, and Storage Gateway volumes).

The community could greatly profit from a Terraform implementation of this resource.

[slapula]

I can take shot at this if no one has started on it yet.

[ewbankkit]

It looks like we'll want:

• aws_backup_plan
• aws_backup_selection
• aws_backup_vault

resources.

[slapula]

Something like this will likely need to be merged first before we add these resources to the provider: #7164

[slapula]

Seeing as that the aws-go-sdk docs have been updated to include this service now, I'll get started today. It makes most sense to start with aws_backup_vault since that seems to be the backbone for the other resources.

[peimanja]

Any update on this one?

[slapula]

@peimanja I have these resources written but I need to expand on the acceptance tests. Once that's done, all three PRs will need to be reviewed by the maintainers.

[bflad]

The new aws_backup_vault resource has been merged and will release with version 1.58.0 of the Terraform AWS provider, likely in the next day or two.

[bflad]

The new aws_backup_vault resource has been released in version 1.58.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

[grumpper]

Any insights when should we expect the rest of the needed aws_backup related resources (plan & selection)? Since I am not seeing any updates in their PRs (7350 & 7382) for 2 weeks now...

[asweat-pubfactory]

Any updates on this? We're actively looking to deploy this to our existing Terraform setup.

[bflad]

The new aws_backup_plan resource has been merged and will release with version 2.3.0 of the Terraform AWS Provider, likely middle of this week.

[AndrewCi]

Just to confirm - it appears aws_backup_selection is the only resource not currently included in terraform?

[bflad]

Hi folks! 👋 The aws_backup_selection resource has been merged and will release with version 2.5.0 of the Terraform AWS Provider, likely later today.

For any other feature requests or bug reports with the Backup service, please create new GitHub issues. Thanks!

[bflad]

The aws_backup_selection resource has been released in version 2.5.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

[Geartrixy]

Really appreciate the speed at which this has been implemented!

Quick question:

According to the lifecycle documentation here https://www.terraform.io/docs/providers/aws/r/backup_plan.html , it states:

"(Required) Specifies the number of days after creation that a recovery point is moved to cold storage."

But there is an option to specify "Never". Does assigning the value "0" equate to "Never"? I ask as they are required values for the lifecycle block.

Thanks in advance :)

[slapula]

@Geartrixy this issue has been noted and is being handled in #8236 (which I believe will be reviewed and merged soon -- just not sure when).

[Geartrixy]

Also the following doesn't inform of a configuration error, but causes terraform to either crash or feedback multiple state refresh errors "Error: Error refreshing state":

lifecycle { cold_storage_after = "Never" delete_after = "Never" }

[Spenser309]

So, I noticed an issue which may require assistance with the aws_backup_vault resource

* module.dev.aws_backup_vault.dev-backup-vault (destroy): 1 error(s) occurred:

* aws_backup_vault.dev-backup-vault: error deleting Backup Vault (test-vault): InvalidRequestException: Backup vault cannot be deleted (contains 1 recovery points)
	status code: 400, request id: 31737fa3-24e8-47e9-b039-928046fac433

It looks like a force option may be needed on the vault resource to allow destroy to work properly.

[grumpper]

@Spenser309 this is also valid if you try to do it from AWS Console manually and it does not even give you an option to bulk delete and you have to get rid of recovery points one by one.... Bottom line is I think is unrelated to Terraform at all and force option will not be possible

[missioncloud]

We encountered this as well but had 1000+ recovery points; manually deleting was not feasible, especially with radio buttons on the console. We whipped up a little script to clean up previous recovery points - here's the source: https://gist.github.com/missioncloud/4dc21c48eb2c07ab7db93e11ebb08cc6

python3 delete_recovery_points.py $VAULT_NAME

Hope it helps someone!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!