This terraform module automate the backup of data across AWS services using a resource tag.
The following resources will be created:
- An Identity and Access Management (IAM) that Provides AWS Backup permissions to create backups of all supported resource types on your behalf.
- AWS Backup - It is a fully managed backup service that makes it easy to centralize and automate the backup of data across AWS services
- AWS Vault - Backup vaults are containers where your backups are stored. You can have one default vault, or multiple vaults to backup to.
- AWS Backup plan - Backup rules specify the backup schedule, backup window, and lifecycle rules.
- The amount of time AWS Backup attempts a backup before canceling the job and returning an error
- The default value is 120
- The number of days after creation that a recovery point is moved to cold storage
- The default value is 30
- The number of days after creation that a recovery point is deleted. Must be 90 days greater than cold storage
- The default value is 120
- The amount of time in minutes before beginning a backup
- The default value is 60
- A cron specifying when AWS Backup initiates a backup job
- The amount of time AWS Backup attempts a backup before canceling the job and returning an error
No requirements.
| Name | Version |
|---|---|
| aws | n/a |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| account_type | Type of the account to create backup resources. | string |
"workload" |
no |
| backup_vault_events | An array of events that indicate the status of jobs to back up resources to the backup vault | list(string) |
[ |
no |
| changeable_for_days | The number of days before the lock date. Until that time, the configuration can be edited or removed. The minimum number of day is 3 days | number |
null |
no |
| enable_aws_backup_vault_notifications | Enable vault notifications | bool |
false |
no |
| enabled | Change to false to avoid deploying any AWS Backup resources | bool |
true |
no |
| max_retention_days | The maximum retention period that the vault retains its recovery points | number |
null |
no |
| min_retention_days | The minimum retention period that the vault retains its recovery points | number |
null |
no |
| name | Name of the backup vault to create. | string |
"" |
no |
| rule | List of backup rules | list(object({ |
[ |
no |
| rule_completion_window | The amount of time AWS Backup attempts a backup before canceling the job and returning an error | number |
120 |
no |
| rule_lifecycle_cold_storage_after | Specifies the number of days after creation that a recovery point is moved to cold storage | number |
30 |
no |
| rule_lifecycle_delete_after | Specifies the number of days after creation that a recovery point is deleted. Must be 90 days greater than cold_storage_after |
number |
120 |
no |
| rule_schedule | A CRON expression specifying when AWS Backup initiates a backup job | string |
null |
no |
| rule_start_window | The amount of time in minutes before beginning a backup | number |
60 |
no |
| selection_resources | An array of strings that either contain Amazon Resource Names (ARNs) or match patterns of resources to assign to a backup plan | list(any) |
[] |
no |
| selection_tag_key | The key in a key-value pair | string |
"Backup" |
no |
| selection_tag_type | An operation, such as StringEquals, that is applied to a key-value pair used to filter resources in a selection | string |
"STRINGEQUALS" |
no |
| selection_tag_value | The value in a key-value pair | string |
"true" |
no |
| vault_kms_key_arn | The server-side encryption key that is used to protect your backups | string |
null |
no |
| vault_notification_sns_topic_arn | The Amazon Resource Name (ARN) that specifies the topic for a backup vaults events | string |
"" |
no |
| vault_policy | The backup vault access policy document in JSON format | string |
"" |
no |
No output.
Module managed by DNX Solutions.
Apache 2 Licensed. See LICENSE for full details.