-
-
Notifications
You must be signed in to change notification settings - Fork 60
/
variables.tf
133 lines (118 loc) · 4.15 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
variable "kms_key_arn" {
type = string
description = "The server-side encryption key that is used to protect your backups"
default = null
}
variable "rules" {
type = list(object({
name = string
schedule = optional(string)
enable_continuous_backup = optional(bool)
start_window = optional(number)
completion_window = optional(number)
lifecycle = optional(object({
cold_storage_after = optional(number)
delete_after = optional(number)
opt_in_to_archive_for_supported_resources = optional(bool)
}))
copy_action = optional(object({
destination_vault_arn = optional(string)
lifecycle = optional(object({
cold_storage_after = optional(number)
delete_after = optional(number)
opt_in_to_archive_for_supported_resources = optional(bool)
}))
}))
}))
description = <<-EOT
A list of rule objects used to define schedules in a backup plan. Follows the following structure:
```yaml
rules:
- name: "plan-daily"
schedule: "cron(0 5 ? * * *)"
start_window: 320 # 60 * 8 # minutes
completion_window: 10080 # 60 * 24 * 7 # minutes
delete_after: 35 # 7 * 5 # days
- name: "plan-weekly"
schedule: "cron(0 5 ? * SAT *)"
start_window: 320 # 60 * 8 # minutes
completion_window: 10080 # 60 * 24 * 7 # minutes
delete_after: 90 # 30 * 3
```
EOT
default = []
}
variable "advanced_backup_setting" {
type = object({
backup_options = string
resource_type = string
})
description = "An object that specifies backup options for each resource type"
default = null
}
variable "backup_resources" {
type = list(string)
description = "An array of strings that either contain Amazon Resource Names (ARNs) or match patterns of resources to assign to a backup plan"
default = []
}
variable "not_resources" {
type = list(string)
description = "An array of strings that either contain Amazon Resource Names (ARNs) or match patterns of resources to exclude from a backup plan"
default = []
}
variable "selection_tags" {
type = list(object({
type = string
key = string
value = string
}))
description = "An array of tag condition objects used to filter resources based on tags for assigning to a backup plan"
default = []
}
variable "plan_name_suffix" {
type = string
description = "The string appended to the plan name"
default = null
}
variable "vault_name" {
type = string
description = "Override target Vault Name"
default = null
}
variable "vault_enabled" {
type = bool
description = "Should we create a new Vault"
default = true
}
variable "plan_enabled" {
type = bool
description = "Should we create a new Plan"
default = true
}
variable "iam_role_enabled" {
type = bool
description = "Should we create a new Iam Role and Policy Attachment"
default = true
}
variable "iam_role_name" {
type = string
description = "Override target IAM Role Name"
default = null
}
variable "permissions_boundary" {
type = string
default = null
description = "The permissions boundary to set on the role"
}
variable "backup_vault_lock_configuration" {
type = object({
changeable_for_days = optional(number)
max_retention_days = optional(number)
min_retention_days = optional(number)
})
description = <<-EOT
The backup vault lock configuration, each vault can have one vault lock in place. This will enable Backup Vault Lock on an AWS Backup vault it prevents the deletion of backup data for the specified retention period. During this time, the backup data remains immutable and cannot be deleted or modified."
`changeable_for_days` - The number of days before the lock date. If omitted creates a vault lock in `governance` mode, otherwise it will create a vault lock in `compliance` mode.
EOT
default = null
}