UPD: refactored aws-backup module. dropping storage gateway support

2024-04-29 19:02:31 +08:00 · 2024-04-29 19:02:31 +08:00 · fb75064a58
commit fb75064a58
parent 341d09c71b
3 changed files with 75 additions and 35 deletions
--- a/modules/storage/aws-backup/README.md
+++ b/modules/storage/aws-backup/README.md
@ -44,9 +44,11 @@ No modules.
 | opt-in-rds | Opt in rds backup | `bool` | n/a | yes |
 | opt-in-redshift | Opt in redshift backup | `bool` | n/a | yes |
 | opt-in-s3 | Opt in s3 backup | `bool` | n/a | yes |
-| opt-in-storagegateway | Opt in storage gateway backup | `bool` | n/a | yes |
 | opt-in-virtualmachine | Opt in virtualmachine backup | `bool` | n/a | yes |

+## Outputs
+
+No outputs.
 
 ---
 ## Authorship
--- a/modules/storage/aws-backup/main.tf
+++ b/modules/storage/aws-backup/main.tf
@ -1,24 +1,76 @@
+# build local data structure
+
+locals {
+  backup-config = {
+    "Aurora" : {
+      enabled    = var.opt-in-aurora
+      arn-prefix = "arn:aws:rds:*:*:cluster:*"
+    }
+    "DynamoDB" : {
+      enabled    = var.opt-in-dynamodb
+      arn-prefix = "arn:aws:dynamodb:*:*:table/*"
+    }
+    "EBS" : {
+      enabled    = var.opt-in-ebs
+      arn-prefix = "arn:aws:ec2:*:*:volume/*"
+    }
+    "EC2" : {
+      enabled    = var.opt-in-ec2
+      arn-prefix = "arn:aws:ec2:*:*:instance/*"
+    }
+    "EFS" : {
+      enabled    = var.opt-in-efs
+      arn-prefix = "arn:aws:elasticfilesystem:*:*:file-system/*"
+    }
+    "FSx" : {
+      enabled    = var.opt-in-fsx
+      arn-prefix = "arn:*:fsx:*"
+    }
+    "Redshift" : {
+      enabled    = var.opt-in-redshift
+      arn-prefix = "arn:aws:redshift:*:*:cluster:*"
+    }
+    "RDS" : {
+      enabled    = var.opt-in-rds
+      arn-prefix = "arn:aws:rds:*:*:db:*"
+    }
+    # this version can't handle space
+    #     "Storage Gateway" : {
+    #       enabled    = var.opt-in-storagegateway
+    #       arn-prefix = "arn:aws:storagegateway:*:*:gateway/*"
+    #     }
+    "VirtualMachine" : {
+      enabled    = var.opt-in-virtualmachine
+      arn-prefix = "arn:aws:backup-gateway:*:*:vm/*"
+    }
+    "S3" : {
+      enabled    = var.opt-in-s3
+      arn-prefix = "arn:aws:s3:::*"
+    }
+  }
+}
+
 resource "aws_backup_region_settings" "ab-settings" {
  resource_type_opt_in_preference = {
-    "Aurora" = var.opt-in-aurora
-    # not available in all regions "DocumentDB"      = var.opt-in-documentdb
-    "DynamoDB"        = var.opt-in-dynamodb
-    "EBS"             = var.opt-in-ebs
-    "EC2"             = var.opt-in-ec2
-    "EFS"             = var.opt-in-efs
-    "FSx"             = var.opt-in-fsx
-    "Redshift"        = var.opt-in-redshift
-    "RDS"             = var.opt-in-rds
-    "Storage Gateway" = var.opt-in-storagegateway
-    "VirtualMachine"  = var.opt-in-virtualmachine
-    "S3"              = var.opt-in-s3
+    "Aurora"          = local.backup-config.Aurora.enabled
+    "DynamoDB"        = local.backup-config.DynamoDB.enabled
+    "EBS"             = local.backup-config.EBS.enabled
+    "EC2"             = local.backup-config.EC2.enabled
+    "EFS"             = local.backup-config.EFS.enabled
+    "FSx"             = local.backup-config.FSx.enabled
+    "Redshift"        = local.backup-config.Redshift.enabled
+    "RDS"             = local.backup-config.RDS.enabled
+    # "Storage Gateway" = lookup(local.backup-config, "Storage Gateway").enabled
+    "VirtualMachine"  = local.backup-config.VirtualMachine.enabled
+    "S3"              = local.backup-config.S3.enabled
+    # not available in all regions "DocumentDB"      = false
  }
 }

 resource "aws_backup_vault" "ab-vault" {
  for_each = toset([
-    for k, v in aws_backup_region_settings.ab-settings.resource_type_opt_in_preference : k
-    if v
+    for k, v in local.backup-config : k
+    if v.enabled
  ])
  name        = "BackupVault-${each.value}"
  kms_key_arn = aws_kms_key.ab-kms-key.arn
@ -105,25 +157,10 @@ resource "aws_iam_role_policy_attachment" "ab-iam-role-policy" {
  role       = aws_iam_role.ab-iam-role.name
 }

-locals {
-  service-map = {
-    "EC2" : "arn:aws:ec2:*:*:instance/*",
-    "RDS" : "arn:aws:rds:*:*:db:*"
-    "S3" : "arn:aws:s3:::*"
-    "EBS" : "arn:aws:ec2:*:*:volume/*"
-    "DynamoDB" : "arn:aws:dynamodb:*:*:table/*"
-    "EFS" : "arn:aws:elasticfilesystem:*:*:file-system/*"
-    "FSx" : "arn:*:fsx:*"
-    "Redshift" : "arn:aws:redshift:*:*:cluster:*"
-    "Storage Gateway" : "arn:aws:storagegateway:*:*:gateway/*"
-    "VirtualMachine" : "arn:aws:backup-gateway:*:*:vm/*"
-    "Aurora" : "arn:aws:rds:*:*:cluster:*"
-  }
-}
 resource "aws_backup_selection" "ab-selection-by-service-type" {
  for_each     = aws_backup_plan.ab-plan
  iam_role_arn = aws_iam_role.ab-iam-role.arn
  name         = "SelectionByServiceType"
  plan_id      = each.value.id
-  resources    = [lookup(local.service-map, replace(each.value.name, "BackupPlan-", ""))]
+  resources    = [lookup(local.backup-config, replace(each.value.name, "BackupPlan-", "")).arn-prefix]
 }
--- a/modules/storage/aws-backup/variables.tf
+++ b/modules/storage/aws-backup/variables.tf
@ -53,10 +53,11 @@ variable "opt-in-rds" {
  description = "Opt in rds backup"
 }

-variable "opt-in-storagegateway" {
-  type        = bool
-  description = "Opt in storage gateway backup"
-}
+# not supported in this version
+# variable "opt-in-storagegateway" {
+#   type        = bool
+#   description = "Opt in storage gateway backup"
+# }

 variable "opt-in-virtualmachine" {
  type        = bool