UPD: refactored aws-backup module. dropping storage gateway support
This commit is contained in:
parent
341d09c71b
commit
fb75064a58
@ -44,9 +44,11 @@ No modules.
|
|||||||
| opt-in-rds | Opt in rds backup | `bool` | n/a | yes |
|
| opt-in-rds | Opt in rds backup | `bool` | n/a | yes |
|
||||||
| opt-in-redshift | Opt in redshift backup | `bool` | n/a | yes |
|
| opt-in-redshift | Opt in redshift backup | `bool` | n/a | yes |
|
||||||
| opt-in-s3 | Opt in s3 backup | `bool` | n/a | yes |
|
| opt-in-s3 | Opt in s3 backup | `bool` | n/a | yes |
|
||||||
| opt-in-storagegateway | Opt in storage gateway backup | `bool` | n/a | yes |
|
|
||||||
| opt-in-virtualmachine | Opt in virtualmachine backup | `bool` | n/a | yes |
|
| opt-in-virtualmachine | Opt in virtualmachine backup | `bool` | n/a | yes |
|
||||||
|
|
||||||
|
## Outputs
|
||||||
|
|
||||||
|
No outputs.
|
||||||
|
|
||||||
---
|
---
|
||||||
## Authorship
|
## Authorship
|
||||||
|
@ -1,24 +1,76 @@
|
|||||||
|
# build local data structure
|
||||||
|
|
||||||
|
locals {
|
||||||
|
backup-config = {
|
||||||
|
"Aurora" : {
|
||||||
|
enabled = var.opt-in-aurora
|
||||||
|
arn-prefix = "arn:aws:rds:*:*:cluster:*"
|
||||||
|
}
|
||||||
|
"DynamoDB" : {
|
||||||
|
enabled = var.opt-in-dynamodb
|
||||||
|
arn-prefix = "arn:aws:dynamodb:*:*:table/*"
|
||||||
|
}
|
||||||
|
"EBS" : {
|
||||||
|
enabled = var.opt-in-ebs
|
||||||
|
arn-prefix = "arn:aws:ec2:*:*:volume/*"
|
||||||
|
}
|
||||||
|
"EC2" : {
|
||||||
|
enabled = var.opt-in-ec2
|
||||||
|
arn-prefix = "arn:aws:ec2:*:*:instance/*"
|
||||||
|
}
|
||||||
|
"EFS" : {
|
||||||
|
enabled = var.opt-in-efs
|
||||||
|
arn-prefix = "arn:aws:elasticfilesystem:*:*:file-system/*"
|
||||||
|
}
|
||||||
|
"FSx" : {
|
||||||
|
enabled = var.opt-in-fsx
|
||||||
|
arn-prefix = "arn:*:fsx:*"
|
||||||
|
}
|
||||||
|
"Redshift" : {
|
||||||
|
enabled = var.opt-in-redshift
|
||||||
|
arn-prefix = "arn:aws:redshift:*:*:cluster:*"
|
||||||
|
}
|
||||||
|
"RDS" : {
|
||||||
|
enabled = var.opt-in-rds
|
||||||
|
arn-prefix = "arn:aws:rds:*:*:db:*"
|
||||||
|
}
|
||||||
|
# this version can't handle space
|
||||||
|
# "Storage Gateway" : {
|
||||||
|
# enabled = var.opt-in-storagegateway
|
||||||
|
# arn-prefix = "arn:aws:storagegateway:*:*:gateway/*"
|
||||||
|
# }
|
||||||
|
"VirtualMachine" : {
|
||||||
|
enabled = var.opt-in-virtualmachine
|
||||||
|
arn-prefix = "arn:aws:backup-gateway:*:*:vm/*"
|
||||||
|
}
|
||||||
|
"S3" : {
|
||||||
|
enabled = var.opt-in-s3
|
||||||
|
arn-prefix = "arn:aws:s3:::*"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
resource "aws_backup_region_settings" "ab-settings" {
|
resource "aws_backup_region_settings" "ab-settings" {
|
||||||
resource_type_opt_in_preference = {
|
resource_type_opt_in_preference = {
|
||||||
"Aurora" = var.opt-in-aurora
|
"Aurora" = local.backup-config.Aurora.enabled
|
||||||
# not available in all regions "DocumentDB" = var.opt-in-documentdb
|
"DynamoDB" = local.backup-config.DynamoDB.enabled
|
||||||
"DynamoDB" = var.opt-in-dynamodb
|
"EBS" = local.backup-config.EBS.enabled
|
||||||
"EBS" = var.opt-in-ebs
|
"EC2" = local.backup-config.EC2.enabled
|
||||||
"EC2" = var.opt-in-ec2
|
"EFS" = local.backup-config.EFS.enabled
|
||||||
"EFS" = var.opt-in-efs
|
"FSx" = local.backup-config.FSx.enabled
|
||||||
"FSx" = var.opt-in-fsx
|
"Redshift" = local.backup-config.Redshift.enabled
|
||||||
"Redshift" = var.opt-in-redshift
|
"RDS" = local.backup-config.RDS.enabled
|
||||||
"RDS" = var.opt-in-rds
|
# "Storage Gateway" = lookup(local.backup-config, "Storage Gateway").enabled
|
||||||
"Storage Gateway" = var.opt-in-storagegateway
|
"VirtualMachine" = local.backup-config.VirtualMachine.enabled
|
||||||
"VirtualMachine" = var.opt-in-virtualmachine
|
"S3" = local.backup-config.S3.enabled
|
||||||
"S3" = var.opt-in-s3
|
# not available in all regions "DocumentDB" = false
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_backup_vault" "ab-vault" {
|
resource "aws_backup_vault" "ab-vault" {
|
||||||
for_each = toset([
|
for_each = toset([
|
||||||
for k, v in aws_backup_region_settings.ab-settings.resource_type_opt_in_preference : k
|
for k, v in local.backup-config : k
|
||||||
if v
|
if v.enabled
|
||||||
])
|
])
|
||||||
name = "BackupVault-${each.value}"
|
name = "BackupVault-${each.value}"
|
||||||
kms_key_arn = aws_kms_key.ab-kms-key.arn
|
kms_key_arn = aws_kms_key.ab-kms-key.arn
|
||||||
@ -105,25 +157,10 @@ resource "aws_iam_role_policy_attachment" "ab-iam-role-policy" {
|
|||||||
role = aws_iam_role.ab-iam-role.name
|
role = aws_iam_role.ab-iam-role.name
|
||||||
}
|
}
|
||||||
|
|
||||||
locals {
|
|
||||||
service-map = {
|
|
||||||
"EC2" : "arn:aws:ec2:*:*:instance/*",
|
|
||||||
"RDS" : "arn:aws:rds:*:*:db:*"
|
|
||||||
"S3" : "arn:aws:s3:::*"
|
|
||||||
"EBS" : "arn:aws:ec2:*:*:volume/*"
|
|
||||||
"DynamoDB" : "arn:aws:dynamodb:*:*:table/*"
|
|
||||||
"EFS" : "arn:aws:elasticfilesystem:*:*:file-system/*"
|
|
||||||
"FSx" : "arn:*:fsx:*"
|
|
||||||
"Redshift" : "arn:aws:redshift:*:*:cluster:*"
|
|
||||||
"Storage Gateway" : "arn:aws:storagegateway:*:*:gateway/*"
|
|
||||||
"VirtualMachine" : "arn:aws:backup-gateway:*:*:vm/*"
|
|
||||||
"Aurora" : "arn:aws:rds:*:*:cluster:*"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
resource "aws_backup_selection" "ab-selection-by-service-type" {
|
resource "aws_backup_selection" "ab-selection-by-service-type" {
|
||||||
for_each = aws_backup_plan.ab-plan
|
for_each = aws_backup_plan.ab-plan
|
||||||
iam_role_arn = aws_iam_role.ab-iam-role.arn
|
iam_role_arn = aws_iam_role.ab-iam-role.arn
|
||||||
name = "SelectionByServiceType"
|
name = "SelectionByServiceType"
|
||||||
plan_id = each.value.id
|
plan_id = each.value.id
|
||||||
resources = [lookup(local.service-map, replace(each.value.name, "BackupPlan-", ""))]
|
resources = [lookup(local.backup-config, replace(each.value.name, "BackupPlan-", "")).arn-prefix]
|
||||||
}
|
}
|
||||||
|
@ -53,10 +53,11 @@ variable "opt-in-rds" {
|
|||||||
description = "Opt in rds backup"
|
description = "Opt in rds backup"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "opt-in-storagegateway" {
|
# not supported in this version
|
||||||
type = bool
|
# variable "opt-in-storagegateway" {
|
||||||
description = "Opt in storage gateway backup"
|
# type = bool
|
||||||
}
|
# description = "Opt in storage gateway backup"
|
||||||
|
# }
|
||||||
|
|
||||||
variable "opt-in-virtualmachine" {
|
variable "opt-in-virtualmachine" {
|
||||||
type = bool
|
type = bool
|
||||||
|
Loading…
Reference in New Issue
Block a user