terraform-aws-backup
This terraform module automate the backup of data across AWS services using a resource tag.
The following resources will be created:
- An Identity and Access Management (IAM) that Provides AWS Backup permissions to create backups of all supported resource types on your behalf.
- AWS Backup - It is a fully managed backup service that makes it easy to centralize and automate the backup of data across AWS services
- AWS Vault - Backup vaults are containers where your backups are stored. You can have one default vault, or multiple vaults to backup to.
- AWS Backup plan - Backup rules specify the backup schedule, backup window, and lifecycle rules.
- The amount of time AWS Backup attempts a backup before canceling the job and returning an error
- The default value is 120
- The number of days after creation that a recovery point is moved to cold storage
- The default value is 30
- The number of days after creation that a recovery point is deleted. Must be 90 days greater than cold storage
- The default value is 120
- The amount of time in minutes before beginning a backup
- The default value is 60
- A cron specifying when AWS Backup initiates a backup job
- The amount of time AWS Backup attempts a backup before canceling the job and returning an error
Requirements
No requirements.
Providers
| Name | Version |
|---|---|
| aws | n/a |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| account_type | Type of the account to create backup resources. | string |
"workload" |
no |
| backup_vault_events | An array of events that indicate the status of jobs to back up resources to the backup vault | list(string) |
<pre>[ “BACKUP_JOB_FAILED”, “COPY_JOB_FAILED” ]</pre> |
no |
| changeable_for_days | The number of days before the lock date. Until that time, the configuration can be edited or removed. The minimum number of day is 3 days | number |
null |
no |
| enable_aws_backup_vault_notifications | Enable vault notifications | bool |
false |
no |
| enabled | Change to false to avoid deploying any AWS Backup resources | bool |
true |
no |
| max_retention_days | The maximum retention period that the vault retains its recovery points | number |
null |
no |
| min_retention_days | The minimum retention period that the vault retains its recovery points | number |
null |
no |
| name | Name of the backup vault to create. | string |
"" |
no |
| rule | List of backup rules | <pre>list(object({ rule_name = string target_vault_name = string schedule = string start_window = number completion_window = number enable_continuous_backup = bool lifecycle_cold_storage_after = number lifecycle_delete_after = number lifecycle = object({ cold_storage_after = number delete_after = number }) }))</pre> |
<pre>[ { “completion_window”: 120, “enable_continuous_backup”: true, “lifecycle”: { “cold_storage_after”: null, “delete_after”: 30 }, “lifecycle_cold_storage_after”: null, “lifecycle_delete_after”: 30, “rule_name”: “backup-rule”, “schedule”: null, “start_window”: 60, “target_vault_name”: “backup-vault” } ]</pre> |
no |
| rule_completion_window | The amount of time AWS Backup attempts a backup before canceling the job and returning an error | number |
120 |
no |
| rule_lifecycle_cold_storage_after | Specifies the number of days after creation that a recovery point is moved to cold storage | number |
30 |
no |
| rule_lifecycle_delete_after | Specifies the number of days after creation that a recovery point is deleted. Must be 90 days greater than cold_storage_after |
number |
120 |
no |
| rule_schedule | A CRON expression specifying when AWS Backup initiates a backup job | string |
null |
no |
| rule_start_window | The amount of time in minutes before beginning a backup | number |
60 |
no |
| selection_resources | An array of strings that either contain Amazon Resource Names (ARNs) or match patterns of resources to assign to a backup plan | list(any) |
[] |
no |
| selection_tag_key | The key in a key-value pair | string |
"Backup" |
no |
| selection_tag_type | An operation, such as StringEquals, that is applied to a key-value pair used to filter resources in a selection | string |
"STRINGEQUALS" |
no |
| selection_tag_value | The value in a key-value pair | string |
"true" |
no |
| vault_kms_key_arn | The server-side encryption key that is used to protect your backups | string |
null |
no |
| vault_notification_sns_topic_arn | The Amazon Resource Name (ARN) that specifies the topic for a backup vaults events | string |
"" |
no |
| vault_policy | The backup vault access policy document in JSON format | string |
"" |
no |
Outputs
No output.
Authors
Module managed by DNX Solutions.
License
Apache 2 Licensed. See LICENSE for full details.