Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(DMVP-5908): fix rules #4

Merged
merged 6 commits into from
Dec 6, 2024
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ repos:
args: ['--allow-missing-credentials']
- id: detect-private-key
- repo: https://github.com/antonbabenko/pre-commit-terraform
rev: v1.64.1
rev: v1.96.2
hooks:
- id: terraform_fmt
- id: terraform_docs
Expand Down
66 changes: 66 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
# terraform-aws-backup
mrdntgrn marked this conversation as resolved.
Show resolved Hide resolved

<!-- BEGIN_TF_DOCS -->
## Requirements

| Name | Version |
|------|---------|
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 5.0 |

## Modules

| Name | Source | Version |
|------|--------|---------|
| <a name="module_sns_topic"></a> [sns\_topic](#module\_sns\_topic) | terraform-aws-modules/sns/aws | ~> 3.0 |

## Resources

| Name | Type |
|------|------|
| [aws_backup_plan.daily](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_plan) | resource |
| [aws_backup_selection.tagged_daily](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_selection) | resource |
| [aws_backup_vault.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_vault) | resource |
| [aws_backup_vault_notifications.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_vault_notifications) | resource |
| [aws_iam_role.backup](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role_policy_attachment.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_role_policy_attachment.s3_backup](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_role_policy_attachment.s3_restore](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_kms_alias.backup](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource |
| [aws_kms_alias.backup_sns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource |
| [aws_kms_key.backup](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
| [aws_kms_key.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
| [aws_lambda_permission.with_sns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
| [aws_sns_topic_subscription.email](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource |
| [aws_sns_topic_subscription.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource |
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_iam_policy_document.assume_backup_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.backup_kms](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.backup_notifications](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.kms](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_alarm_email_addresses"></a> [alarm\_email\_addresses](#input\_alarm\_email\_addresses) | E-Mail addresses that should be subscribed to monitoring notifications | `list(string)` | `[]` | no |
| <a name="input_alarm_lambda_arn"></a> [alarm\_lambda\_arn](#input\_alarm\_lambda\_arn) | ARN of a lambda function that should be subscribed to monitoring notifications | `string` | `""` | no |
| <a name="input_backup_plan_name"></a> [backup\_plan\_name](#input\_backup\_plan\_name) | Initial part of the plan name to which will be appended the env | `string` | `""` | no |
| <a name="input_backup_retention_days"></a> [backup\_retention\_days](#input\_backup\_retention\_days) | Number of days recovery points should be kept. | `number` | `7` | no |
| <a name="input_backup_schedule"></a> [backup\_schedule](#input\_backup\_schedule) | Schedule of aws backup plan | `string` | `"cron(0 1 * * ? *)"` | no |
| <a name="input_enable_continuous_backup"></a> [enable\_continuous\_backup](#input\_enable\_continuous\_backup) | Flag to enable continuos backup | `bool` | `false` | no |
| <a name="input_enable_sns_notifications"></a> [enable\_sns\_notifications](#input\_enable\_sns\_notifications) | Create an SNS topic where backup notifications go | `bool` | `true` | no |
| <a name="input_env"></a> [env](#input\_env) | Deployment environment | `string` | n/a | yes |
| <a name="input_plan_selection_tag"></a> [plan\_selection\_tag](#input\_plan\_selection\_tag) | Resource selection for the plan | `list(map)` | <pre>[<br/> {<br/> "key": "",<br/> "value": ""<br/> }<br/>]</pre> | no |
| <a name="input_region"></a> [region](#input\_region) | The region where resources should be managed. | `string` | `"eu-central-1"` | no |
| <a name="input_rules"></a> [rules](#input\_rules) | List of rules to attach to the plan | `list(map)` | <pre>[<br/> {<br/> "continuous_backup": true,<br/> "name": "daily",<br/> "recovery_point_tags": {<br/> "Environment": "dev",<br/> "Plan": "plan name"<br/> },<br/> "schedule": "cron(0 12 * * ? *)",<br/> "vault": "Backup"<br/> }<br/>]</pre> | no |

## Outputs

No outputs.
<!-- END_TF_DOCS -->
2 changes: 1 addition & 1 deletion githooks/commit-msg
100644 → 100755
Original file line number Diff line number Diff line change
Expand Up @@ -17,4 +17,4 @@ elif [ -x "$INSTALL_PYTHON" ]; then
else
echo '`pre-commit` not found. Did you forget to activate your virtualenv?' 1>&2
exit 1a
fi
fi
2 changes: 1 addition & 1 deletion githooks/pre-commit
100644 → 100755
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#!/bin/bash

set -e
pre-commit run --show-diff-on-failure --color=always --all-files
pre-commit run --show-diff-on-failure --color=always --all-files
6 changes: 1 addition & 5 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -55,10 +55,6 @@ resource "aws_backup_selection" "tagged_daily" {
}

}
selection_tag {
type = "STRINGEQUALS"
key = "backup:rule:efs"
value = "daily-${var.env}"
}

iam_role_arn = aws_iam_role.backup.arn
}
6 changes: 0 additions & 6 deletions monitoring.tf
Original file line number Diff line number Diff line change
@@ -1,8 +1,4 @@
data "aws_iam_policy_document" "kms" {
# Copy of default KMS policy that lets you manage it
#checkov:skip=CKV_AWS_111: Does not apply here because KMS key policies only apply to the key itself. (https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-write-access-without-constraint)
#checkov:skip=CKV_AWS_109: Does not apply here because KMS key policies only apply to the key itself. (https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint)
#checkov:skip=CKV_AWS_356: ignoring asterisk for policies
statement {
sid = "Enable IAM User Permissions"
actions = ["kms:*"]
Expand Down Expand Up @@ -52,7 +48,6 @@ data "aws_iam_policy_document" "kms" {
}

data "aws_iam_policy_document" "backup_notifications" {
#checkov:skip=CKV_AWS_356: ignoring asterisk for policies
policy_id = "aws_backup_${var.env}"

statement {
Expand Down Expand Up @@ -96,7 +91,6 @@ resource "aws_kms_alias" "backup_sns" {
}

module "sns_topic" {
#checkov:skip=CKV_TF_1: https://github.com/bridgecrewio/checkov/issues/5286
source = "terraform-aws-modules/sns/aws"
version = "~> 3.0"

Expand Down
24 changes: 0 additions & 24 deletions provider.tf

This file was deleted.

24 changes: 18 additions & 6 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,6 @@ variable "region" {
default = "eu-central-1"
}

variable "component" {
description = "The component to which the resources deployed in this module belong to. This can be an application or a part of the overall infrastructure."
type = string
}

variable "backup_retention_days" {
description = "Number of days recovery points should be kept."
type = number
Expand Down Expand Up @@ -65,5 +60,22 @@ variable "plan_selection_tag" {
value = ""
}
]
}

}
variable "rules" {
description = "List of rules to attach to the plan"
type = list(map)
default = [
{
name = "daily"
schedule = "cron(0 12 * * ? *)"
continuous_backup = true
mrdntgrn marked this conversation as resolved.
Show resolved Hide resolved
vault = "Backup"

recovery_point_tags = {
Environment = "dev"
Plan = "plan name"
}
}
]
}
Loading