UPD: refactored aws-backup module. dropping storage gateway support

This commit is contained in:
xpk 2024-04-29 19:02:31 +08:00
parent 341d09c71b
commit fb75064a58
Signed by: xpk
GPG Key ID: CD4FF6793F09AB86
3 changed files with 75 additions and 35 deletions

View File

@ -44,9 +44,11 @@ No modules.
| opt-in-rds | Opt in rds backup | `bool` | n/a | yes | | opt-in-rds | Opt in rds backup | `bool` | n/a | yes |
| opt-in-redshift | Opt in redshift backup | `bool` | n/a | yes | | opt-in-redshift | Opt in redshift backup | `bool` | n/a | yes |
| opt-in-s3 | Opt in s3 backup | `bool` | n/a | yes | | opt-in-s3 | Opt in s3 backup | `bool` | n/a | yes |
| opt-in-storagegateway | Opt in storage gateway backup | `bool` | n/a | yes |
| opt-in-virtualmachine | Opt in virtualmachine backup | `bool` | n/a | yes | | opt-in-virtualmachine | Opt in virtualmachine backup | `bool` | n/a | yes |
## Outputs
No outputs.
--- ---
## Authorship ## Authorship

View File

@ -1,24 +1,76 @@
# build local data structure
locals {
backup-config = {
"Aurora" : {
enabled = var.opt-in-aurora
arn-prefix = "arn:aws:rds:*:*:cluster:*"
}
"DynamoDB" : {
enabled = var.opt-in-dynamodb
arn-prefix = "arn:aws:dynamodb:*:*:table/*"
}
"EBS" : {
enabled = var.opt-in-ebs
arn-prefix = "arn:aws:ec2:*:*:volume/*"
}
"EC2" : {
enabled = var.opt-in-ec2
arn-prefix = "arn:aws:ec2:*:*:instance/*"
}
"EFS" : {
enabled = var.opt-in-efs
arn-prefix = "arn:aws:elasticfilesystem:*:*:file-system/*"
}
"FSx" : {
enabled = var.opt-in-fsx
arn-prefix = "arn:*:fsx:*"
}
"Redshift" : {
enabled = var.opt-in-redshift
arn-prefix = "arn:aws:redshift:*:*:cluster:*"
}
"RDS" : {
enabled = var.opt-in-rds
arn-prefix = "arn:aws:rds:*:*:db:*"
}
# this version can't handle space
# "Storage Gateway" : {
# enabled = var.opt-in-storagegateway
# arn-prefix = "arn:aws:storagegateway:*:*:gateway/*"
# }
"VirtualMachine" : {
enabled = var.opt-in-virtualmachine
arn-prefix = "arn:aws:backup-gateway:*:*:vm/*"
}
"S3" : {
enabled = var.opt-in-s3
arn-prefix = "arn:aws:s3:::*"
}
}
}
resource "aws_backup_region_settings" "ab-settings" { resource "aws_backup_region_settings" "ab-settings" {
resource_type_opt_in_preference = { resource_type_opt_in_preference = {
"Aurora" = var.opt-in-aurora "Aurora" = local.backup-config.Aurora.enabled
# not available in all regions "DocumentDB" = var.opt-in-documentdb "DynamoDB" = local.backup-config.DynamoDB.enabled
"DynamoDB" = var.opt-in-dynamodb "EBS" = local.backup-config.EBS.enabled
"EBS" = var.opt-in-ebs "EC2" = local.backup-config.EC2.enabled
"EC2" = var.opt-in-ec2 "EFS" = local.backup-config.EFS.enabled
"EFS" = var.opt-in-efs "FSx" = local.backup-config.FSx.enabled
"FSx" = var.opt-in-fsx "Redshift" = local.backup-config.Redshift.enabled
"Redshift" = var.opt-in-redshift "RDS" = local.backup-config.RDS.enabled
"RDS" = var.opt-in-rds # "Storage Gateway" = lookup(local.backup-config, "Storage Gateway").enabled
"Storage Gateway" = var.opt-in-storagegateway "VirtualMachine" = local.backup-config.VirtualMachine.enabled
"VirtualMachine" = var.opt-in-virtualmachine "S3" = local.backup-config.S3.enabled
"S3" = var.opt-in-s3 # not available in all regions "DocumentDB" = false
} }
} }
resource "aws_backup_vault" "ab-vault" { resource "aws_backup_vault" "ab-vault" {
for_each = toset([ for_each = toset([
for k, v in aws_backup_region_settings.ab-settings.resource_type_opt_in_preference : k for k, v in local.backup-config : k
if v if v.enabled
]) ])
name = "BackupVault-${each.value}" name = "BackupVault-${each.value}"
kms_key_arn = aws_kms_key.ab-kms-key.arn kms_key_arn = aws_kms_key.ab-kms-key.arn
@ -105,25 +157,10 @@ resource "aws_iam_role_policy_attachment" "ab-iam-role-policy" {
role = aws_iam_role.ab-iam-role.name role = aws_iam_role.ab-iam-role.name
} }
locals {
service-map = {
"EC2" : "arn:aws:ec2:*:*:instance/*",
"RDS" : "arn:aws:rds:*:*:db:*"
"S3" : "arn:aws:s3:::*"
"EBS" : "arn:aws:ec2:*:*:volume/*"
"DynamoDB" : "arn:aws:dynamodb:*:*:table/*"
"EFS" : "arn:aws:elasticfilesystem:*:*:file-system/*"
"FSx" : "arn:*:fsx:*"
"Redshift" : "arn:aws:redshift:*:*:cluster:*"
"Storage Gateway" : "arn:aws:storagegateway:*:*:gateway/*"
"VirtualMachine" : "arn:aws:backup-gateway:*:*:vm/*"
"Aurora" : "arn:aws:rds:*:*:cluster:*"
}
}
resource "aws_backup_selection" "ab-selection-by-service-type" { resource "aws_backup_selection" "ab-selection-by-service-type" {
for_each = aws_backup_plan.ab-plan for_each = aws_backup_plan.ab-plan
iam_role_arn = aws_iam_role.ab-iam-role.arn iam_role_arn = aws_iam_role.ab-iam-role.arn
name = "SelectionByServiceType" name = "SelectionByServiceType"
plan_id = each.value.id plan_id = each.value.id
resources = [lookup(local.service-map, replace(each.value.name, "BackupPlan-", ""))] resources = [lookup(local.backup-config, replace(each.value.name, "BackupPlan-", "")).arn-prefix]
} }

View File

@ -53,10 +53,11 @@ variable "opt-in-rds" {
description = "Opt in rds backup" description = "Opt in rds backup"
} }
variable "opt-in-storagegateway" { # not supported in this version
type = bool # variable "opt-in-storagegateway" {
description = "Opt in storage gateway backup" # type = bool
} # description = "Opt in storage gateway backup"
# }
variable "opt-in-virtualmachine" { variable "opt-in-virtualmachine" {
type = bool type = bool