AWS Backup Module
The AWS Backup Module helps automates the setup of AWS Backup resources in a source account. It streamlines the process of creating, managing, and standardising backup configurations.
See terraform-aws-backup for more details.
Inputs
| Name | Description | Type | Default | Required | |——|————-|——|———|:——–:| | backup_copy_vault_account_id | The account id of the destination backup vault for allowing restores back into the source account. | string | "" | no | | backup_copy_vault_arn | The ARN of the destination backup vault for cross-account backup copies. | string | "" | no | | backup_plan_config | Configuration for backup plans | <pre>object({
selection_tag = string
compliance_resource_types = list(string)
rules = list(object({
name = string
schedule = string
enable_continuous_backup = optional(bool)
lifecycle = object({
delete_after = optional(number)
cold_storage_after = optional(number)
})
copy_action = optional(object({
delete_after = optional(number)
}))
}))
})</pre> | <pre>{
“compliance_resource_types”: [
“S3”
],
“rules”: [
{
“copy_action”: {
“delete_after”: 365
},
“lifecycle”: {
“delete_after”: 35
},
“name”: “daily_kept_5_weeks”,
“schedule”: “cron(0 0 ** ? )”
},
{
“copy_action”: {
“delete_after”: 365
},
“lifecycle”: {
“delete_after”: 90
},
“name”: “weekly_kept_3_months”,
“schedule”: “cron(0 1 ? SUN )”
},
{
“copy_action”: {
“delete_after”: 365
},
“lifecycle”: {
“cold_storage_after”: 30,
“delete_after”: 2555
},
“name”: “monthly_kept_7_years”,
“schedule”: “cron(0 2 1 ? )”
},
{
“copy_action”: {
“delete_after”: 365
},
“enable_continuous_backup”: true,
“lifecycle”: {
“delete_after”: 35
},
“name”: “point_in_time_recovery”,
“schedule”: “cron(0 5 ?)”
}
],
“selection_tag”: “BackupLocal”
}</pre> | no | | backup_plan_config_dynamodb | Configuration for backup plans with dynamodb | <pre>object({
enable = bool
selection_tag = string
compliance_resource_types = list(string)
rules = optional(list(object({
name = string
schedule = string
enable_continuous_backup = optional(bool)
lifecycle = object({
delete_after = number
cold_storage_after = optional(number)
})
copy_action = optional(object({
delete_after = optional(number)
}))
})))
})</pre> | <pre>{
“compliance_resource_types”: [
“DynamoDB”
],
“enable”: true,
“rules”: [
{
“copy_action”: {
“delete_after”: 365
},
“lifecycle”: {
“delete_after”: 35
},
“name”: “dynamodb_daily_kept_5_weeks”,
“schedule”: “cron(0 0 ** ? )”
},
{
“copy_action”: {
“delete_after”: 365
},
“lifecycle”: {
“delete_after”: 90
},
“name”: “dynamodb_weekly_kept_3_months”,
“schedule”: “cron(0 1 ? SUN )”
},
{
“copy_action”: {
“delete_after”: 365
},
“lifecycle”: {
“cold_storage_after”: 30,
“delete_after”: 2555
},
“name”: “dynamodb_monthly_kept_7_years”,
“schedule”: “cron(0 2 1 ? *)”
}
],
“selection_tag”: “BackupDynamoDB”
}</pre> | no | | bootstrap_kms_key_arn | The ARN of the bootstrap KMS key used for encryption at rest of the SNS topic. | string | n/a | yes | | environment_name | The name of the environment where AWS Backup is configured. | string | n/a | yes | | notifications_target_email_address | The email address to which backup notifications will be sent via SNS. | string | "" | no | | project_name | The name of the project this relates to. | string | n/a | yes | | reports_bucket | Bucket to drop backup reports into | string | n/a | yes | | restore_testing_plan_algorithm | Algorithm of the Recovery Selection Point | string | "LATEST_WITHIN_WINDOW" | no | | restore_testing_plan_recovery_point_types | Recovery Point Types | list(string) | <pre>[
“SNAPSHOT”
]</pre> | no | | restore_testing_plan_scheduled_expression | Scheduled Expression of Recovery Selection Point | string | "cron(0 1 ? * SUN *)" | no | | restore_testing_plan_selection_window_days | Selection window days | number | 7 | no | | restore_testing_plan_start_window | Start window from the scheduled time during which the test should start | number | 1 | no | | terraform_role_arn | ARN of Terraform role used to deploy to account | string | n/a | yes |
Example
module "test_aws_backup" {
source = "./modules/aws-backup"
environment = "environment"
notification_kms_key = kms_key[0].arn
project_name = "testproject"
reports_bucket = "compliance-reports"
management_ci_role_arn = data.aws_iam_role.terraform_role.arn
}
Requirements
No requirements.
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| backup_copy_vault_account_id | The account id of the destination backup vault for allowing restores back into the source account. | string | "" | no |
| backup_copy_vault_arn | The ARN of the destination backup vault for cross-account backup copies. | string | "" | no |
| backup_plan_config_dynamodb | Configuration for backup plans with dynamodb | <pre>object({ enable = bool selection_tag = string compliance_resource_types = list(string) rules = optional(list(object({ name = string schedule = string enable_continuous_backup = optional(bool) lifecycle = object({ delete_after = number cold_storage_after = optional(number) }) copy_action = optional(object({ delete_after = optional(number) })) }))) })</pre> | <pre>{ “compliance_resource_types”: [ “DynamoDB” ], “enable”: false, “rules”: [ { “copy_action”: { “delete_after”: 365 }, “lifecycle”: { “delete_after”: 35 }, “name”: “dynamodb_daily_kept_5_weeks”, “schedule”: “cron(0 0 * * ? *)” }, { “copy_action”: { “delete_after”: 365 }, “lifecycle”: { “delete_after”: 90 }, “name”: “dynamodb_weekly_kept_3_months”, “schedule”: “cron(0 1 ? * SUN *)” }, { “copy_action”: { “delete_after”: 365 }, “lifecycle”: { “cold_storage_after”: 30, “delete_after”: 2555 }, “name”: “dynamodb_monthly_kept_7_years”, “schedule”: “cron(0 2 1 * ? *)” } ], “selection_tag”: “BackupDynamoDB” }</pre> | no |
| backup_plan_config_s3 | Configuration for backup plans for s3 | <pre>object({ enable = bool selection_tag = string compliance_resource_types = list(string) rules = list(object({ name = string schedule = string enable_continuous_backup = optional(bool) lifecycle = object({ delete_after = optional(number) cold_storage_after = optional(number) }) copy_action = optional(object({ delete_after = optional(number) })) })) })</pre> | <pre>{ “compliance_resource_types”: [ “S3” ], “enable”: false, “rules”: [ { “copy_action”: { “delete_after”: 365 }, “lifecycle”: { “delete_after”: 35 }, “name”: “daily_kept_5_weeks”, “schedule”: “cron(0 0 * * ? *)” }, { “copy_action”: { “delete_after”: 365 }, “lifecycle”: { “delete_after”: 90 }, “name”: “weekly_kept_3_months”, “schedule”: “cron(0 1 ? * SUN *)” }, { “copy_action”: { “delete_after”: 365 }, “lifecycle”: { “cold_storage_after”: 30, “delete_after”: 2555 }, “name”: “monthly_kept_7_years”, “schedule”: “cron(0 2 1 * ? *)” }, { “copy_action”: { “delete_after”: 365 }, “enable_continuous_backup”: true, “lifecycle”: { “delete_after”: 35 }, “name”: “point_in_time_recovery”, “schedule”: “cron(0 5 * * ? *)” } ], “selection_tag”: “BackupLocal” }</pre> | no |
| component | The name of the tfscaffold component | string | n/a | yes |
| default_tags | Default tag map for application to all taggable resources in the module | map(string) | {} | no |
| environment | The name of the environment where AWS Backup is configured. | string | n/a | yes |
| management_ci_role_arn | ARN of Terraform role used to deploy to account | string | n/a | yes |
| name | The variable encapsulating the name of this bucket | string | "backup" | no |
| notification_kms_key | The ARN of the bootstrap KMS key used for encryption at rest of the SNS topic. | string | n/a | yes |
| notifications_target_email_address | The email address to which backup notifications will be sent via SNS. | string | "" | no |
| principal_org_id | The AWS Org ID (numeric) | string | n/a | yes |
| project | The name of the project this relates to. | string | n/a | yes |
| reports_bucket | Bucket to drop backup reports into | string | n/a | yes |
| restore_testing_plan_algorithm | Algorithm of the Recovery Selection Point | string | "LATEST_WITHIN_WINDOW" | no |
| restore_testing_plan_recovery_point_types | Recovery Point Types | list(string) | <pre>[ “SNAPSHOT” ]</pre> | no |
| restore_testing_plan_scheduled_expression | Scheduled Expression of Recovery Selection Point | string | "cron(0 1 ? * SUN *)" | no |
| restore_testing_plan_selection_window_days | Selection window days | number | 7 | no |
| restore_testing_plan_start_window | Start window from the scheduled time during which the test should start | number | 1 | no |
| vault_max_retention_days | Maximum retention days for the vault lock | number | 35 | no |
| vault_min_retention_days | Minimum retention days for the vault lock | number | 7 | no |
Outputs
No outputs.