Skip to content

Commit

Permalink
fix(DMVP-5908): fix and test
Browse files Browse the repository at this point in the history
  • Loading branch information
SarhadMeta committed Dec 4, 2024
1 parent 0aa8852 commit 080159c
Show file tree
Hide file tree
Showing 7 changed files with 63 additions and 44 deletions.
8 changes: 4 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@
| [aws_backup_plan.daily](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_plan) | resource |
| [aws_backup_selection.tagged_daily](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_selection) | resource |
| [aws_backup_vault.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_vault) | resource |
| [aws_backup_vault_notifications.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_vault_notifications) | resource |
| [aws_iam_role.backup](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role_policy_attachment.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_role_policy_attachment.s3_backup](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
Expand Down Expand Up @@ -55,10 +54,11 @@
| <a name="input_backup_schedule"></a> [backup\_schedule](#input\_backup\_schedule) | Schedule of aws backup plan | `string` | `"cron(0 1 * * ? *)"` | no |
| <a name="input_enable_continuous_backup"></a> [enable\_continuous\_backup](#input\_enable\_continuous\_backup) | Flag to enable continuos backup | `bool` | `false` | no |
| <a name="input_enable_sns_notifications"></a> [enable\_sns\_notifications](#input\_enable\_sns\_notifications) | Create an SNS topic where backup notifications go | `bool` | `true` | no |
| <a name="input_env"></a> [env](#input\_env) | Deployment environment | `string` | n/a | yes |
| <a name="input_plan_selection_tag"></a> [plan\_selection\_tag](#input\_plan\_selection\_tag) | Resource selection for the plan | `list(map)` | <pre>[<br/> {<br/> "key": "",<br/> "value": ""<br/> }<br/>]</pre> | no |
| <a name="input_env"></a> [env](#input\_env) | Envrionment for the plan | `string` | `"prod"` | no |
| <a name="input_plan_selection_tag"></a> [plan\_selection\_tag](#input\_plan\_selection\_tag) | Resource selection for the plan | `list(map(string))` | <pre>[<br/> {<br/> "key": "Environment",<br/> "value": "Production"<br/> }<br/>]</pre> | no |
| <a name="input_region"></a> [region](#input\_region) | The region where resources should be managed. | `string` | `"eu-central-1"` | no |
| <a name="input_rules"></a> [rules](#input\_rules) | List of rules to attach to the plan | `list(map)` | <pre>[<br/> {<br/> "continuous_backup": true,<br/> "name": "daily",<br/> "recovery_point_tags": {<br/> "Environment": "dev",<br/> "Plan": "plan name"<br/> },<br/> "schedule": "cron(0 12 * * ? *)",<br/> "vault": "Backup"<br/> }<br/>]</pre> | no |
| <a name="input_rules"></a> [rules](#input\_rules) | List of rules to attach to the plan | `list(any)` | <pre>[<br/> {<br/> "continuous_backup": true,<br/> "name": "daily",<br/> "schedule": "cron(0 12 * * ? *)",<br/> "vault": "Backup"<br/> }<br/>]</pre> | no |
| <a name="input_vault_name"></a> [vault\_name](#input\_vault\_name) | Backup vault name | `string` | `"backup_vault"` | no |

## Outputs

Expand Down
2 changes: 1 addition & 1 deletion iam.tf
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ data "aws_iam_policy_document" "assume_backup_role" {
}

resource "aws_iam_role" "backup" {
name = local.vault_name
name = var.vault_name
assume_role_policy = data.aws_iam_policy_document.assume_backup_role.json
}

Expand Down
3 changes: 0 additions & 3 deletions locals.tf

This file was deleted.

30 changes: 14 additions & 16 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -8,34 +8,34 @@ resource "aws_kms_key" "backup" {
}

resource "aws_kms_alias" "backup" {
name = "alias/aws_backup-${var.env}"
name = "alias/aws_backup-${var.vault_name}"
target_key_id = aws_kms_key.backup.arn
}

resource "aws_backup_vault" "this" {
name = local.vault_name
name = var.vault_name
kms_key_arn = aws_kms_key.backup.arn

lifecycle {
prevent_destroy = true
prevent_destroy = false
}
}

resource "aws_backup_plan" "daily" {
name = "daily-${var.env}"

rule {
rule_name = "daily"
target_vault_name = aws_backup_vault.this.name
schedule = var.backup_schedule
enable_continuous_backup = var.enable_continuous_backup
dynamic "rule" {
for_each = var.rules
content {
rule_name = rule.value.name
target_vault_name = aws_backup_vault.this.name
schedule = rule.value.schedule
enable_continuous_backup = rule.value.continuous_backup

lifecycle {
delete_after = var.backup_retention_days
}
lifecycle {
delete_after = var.backup_retention_days
}

recovery_point_tags = {
Environment = var.env
}
}
}
Expand All @@ -44,16 +44,14 @@ resource "aws_backup_selection" "tagged_daily" {
name = "daily-tagged-${var.env}"
plan_id = aws_backup_plan.daily.id

# selection rules
# Selection rules
dynamic "selection_tag" {
for_each = var.plan_selection_tag
content {
type = "STRINGEQUALS"
key = selection_tag.value["key"]
value = selection_tag.value["value"]

}

}

iam_role_arn = aws_iam_role.backup.arn
Expand Down
20 changes: 10 additions & 10 deletions monitoring.tf
Original file line number Diff line number Diff line change
Expand Up @@ -129,13 +129,13 @@ locals {
EOT
}

resource "aws_backup_vault_notifications" "this" {
count = var.enable_sns_notifications ? 1 : 0
backup_vault_name = local.vault_name
sns_topic_arn = module.sns_topic.sns_topic_arn
backup_vault_events = [
"BACKUP_JOB_COMPLETED", # filter successful backups on sns subscription!
"RESTORE_JOB_STARTED", "RESTORE_JOB_COMPLETED",
"S3_BACKUP_OBJECT_FAILED", "S3_RESTORE_OBJECT_FAILED"
]
}
# resource "aws_backup_vault_notifications" "this" {
# count = var.enable_sns_notifications ? 1 : 0
# backup_vault_name = var.vault_name
# sns_topic_arn = module.sns_topic.sns_topic_arn
# backup_vault_events = [
# "BACKUP_JOB_COMPLETED", # filter successful backups on sns subscription!
# "RESTORE_JOB_STARTED", "RESTORE_JOB_COMPLETED",
# "S3_BACKUP_OBJECT_FAILED", "S3_RESTORE_OBJECT_FAILED"
# ]
# }
22 changes: 22 additions & 0 deletions tests/example.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
provider "aws" {
region = "eu-central-1"
}

module "aws_backup" {
source = "./.."

plan_selection_tag = [
{
key = "Environment"
value = "dev"
}
]

rules = [
{
name = "rule1"
schedule = "cron(0 12 * * ? *)"
continuous_backup = true
}
]
}
22 changes: 12 additions & 10 deletions variables.tf
Original file line number Diff line number Diff line change
@@ -1,8 +1,14 @@
variable "env" {
description = "Deployment environment"
variable "vault_name" {
description = "Backup vault name"
type = string
default = "backup_vault"
}

variable "env" {
description = "Envrionment for the plan"
type = string
default = "prod"
}
variable "region" {
description = "The region where resources should be managed."
type = string
Expand Down Expand Up @@ -53,29 +59,25 @@ variable "backup_plan_name" {

variable "plan_selection_tag" {
description = "Resource selection for the plan"
type = list(map)
type = list(map(string))
default = [
{
key = ""
value = ""
key = "Environment"
value = "Production"
}
]
}

variable "rules" {
description = "List of rules to attach to the plan"
type = list(map)
type = list(any)
default = [
{
name = "daily"
schedule = "cron(0 12 * * ? *)"
continuous_backup = true
vault = "Backup"

recovery_point_tags = {
Environment = "dev"
Plan = "plan name"
}
}
]
}

0 comments on commit 080159c

Please sign in to comment.