-
Notifications
You must be signed in to change notification settings - Fork 62
/
main.tf
104 lines (91 loc) · 3.57 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
# AWS Backup vault
resource "aws_backup_vault" "ab_vault" {
count = var.enabled && var.vault_name != null ? 1 : 0
name = var.vault_name
kms_key_arn = var.vault_kms_key_arn
force_destroy = var.vault_force_destroy
tags = var.tags
}
# AWS Backup vault lock configuration
resource "aws_backup_vault_lock_configuration" "ab_vault_lock_configuration" {
count = var.locked && var.vault_name != null ? 1 : 0
backup_vault_name = aws_backup_vault.ab_vault[0].name
changeable_for_days = var.changeable_for_days
max_retention_days = var.max_retention_days
min_retention_days = var.min_retention_days
}
# AWS Backup plan
resource "aws_backup_plan" "ab_plan" {
count = var.enabled && length(local.rules) > 0 ? 1 : 0
name = var.plan_name
# Rules
dynamic "rule" {
for_each = local.rules
content {
rule_name = lookup(rule.value, "name", null)
target_vault_name = lookup(rule.value, "target_vault_name", null) != null ? rule.value.target_vault_name : var.vault_name != null ? aws_backup_vault.ab_vault[0].name : "Default"
schedule = lookup(rule.value, "schedule", null)
start_window = lookup(rule.value, "start_window", null)
completion_window = lookup(rule.value, "completion_window", null)
enable_continuous_backup = lookup(rule.value, "enable_continuous_backup", null)
recovery_point_tags = length(lookup(rule.value, "recovery_point_tags", {})) == 0 ? var.tags : lookup(rule.value, "recovery_point_tags")
# Lifecycle
dynamic "lifecycle" {
for_each = length(lookup(rule.value, "lifecycle", {})) == 0 ? [] : [lookup(rule.value, "lifecycle", {})]
content {
cold_storage_after = lookup(lifecycle.value, "cold_storage_after", 0)
delete_after = lookup(lifecycle.value, "delete_after", 90)
}
}
# Copy action
dynamic "copy_action" {
for_each = lookup(rule.value, "copy_actions", [])
content {
destination_vault_arn = lookup(copy_action.value, "destination_vault_arn", null)
# Copy Action Lifecycle
dynamic "lifecycle" {
for_each = length(lookup(copy_action.value, "lifecycle", {})) == 0 ? [] : [lookup(copy_action.value, "lifecycle", {})]
content {
cold_storage_after = lookup(lifecycle.value, "cold_storage_after", 0)
delete_after = lookup(lifecycle.value, "delete_after", 90)
}
}
}
}
}
}
# Advanced backup setting
dynamic "advanced_backup_setting" {
for_each = var.windows_vss_backup ? [1] : []
content {
backup_options = {
WindowsVSS = "enabled"
}
resource_type = "EC2"
}
}
# Tags
tags = var.tags
# First create the vault if needed
depends_on = [aws_backup_vault.ab_vault]
}
locals {
# Rule
rule = var.rule_name == null ? [] : [
{
name = var.rule_name
target_vault_name = var.vault_name != null ? var.vault_name : "Default"
schedule = var.rule_schedule
start_window = var.rule_start_window
completion_window = var.rule_completion_window
lifecycle = var.rule_lifecycle_cold_storage_after == null ? {} : {
cold_storage_after = var.rule_lifecycle_cold_storage_after
delete_after = var.rule_lifecycle_delete_after
}
enable_continuous_backup = var.rule_enable_continuous_backup
recovery_point_tags = var.rule_recovery_point_tags
}
]
# Rules
rules = concat(local.rule, var.rules)
}