initial commit

2026-02-13 15:44:24 +08:00
parent 66be8224f4
commit 09ce4c881a
570 changed files with 61807 additions and 0 deletions
@@ -0,0 +1,64 @@
+data "aws_caller_identity" "this" {}
+
+resource "aws_backup_vault" "AbVault" {
+  for_each    = var.vaults
+  name        = each.key
+  kms_key_arn = each.value.kms_key_arn
+}
+
+resource "aws_backup_vault_policy" "AbPolicy" {
+  for_each          = aws_backup_vault.AbVault
+  backup_vault_name = each.value
+  policy = var.policy != null ? var.policy : jsonencode({
+    "Version" : "2012-10-17",
+    "Statement" : [
+      {
+        "Sid" : "DefaultAwsBackupPolicy"
+        "Effect" : "Allow",
+        "Principal" : {
+          "AWS" : data.aws_caller_identity.this.account_id
+        },
+        "Action" : [
+          "backup:*"
+        ],
+        "Resource" : "*"
+      }
+    ]
+  })
+}
+
+resource "aws_backup_plan" "plan" {
+  for_each = var.plans
+  name     = each.key
+  dynamic "rule" {
+    for_each = var.plans
+    content {
+      rule_name         = rule.value.rule.rule_name
+      schedule          = rule.value.rule.schedule
+      target_vault_name = rule.value.rule.target_vault_name
+      dynamic "lifecycle" {
+        for_each = rule.value.rule.lifecycle
+        content {
+          cold_storage_after = lifecycle.value.cold_storage_after
+          delete_after       = lifecycle.value.delete_after
+        }
+      }
+    }
+  }
+}
+
+resource "aws_backup_selection" "AbSelection" {
+  for_each     = var.selections
+  name         = each.key
+  iam_role_arn = each.value.iam_role_arn
+  plan_id      = each.value.plan_id
+
+  dynamic "selection_tag" {
+    for_each = each.value.selection_tags
+    content {
+      type  = selection_tag.value.type
+      key   = selection_tag.value.key
+      value = selection_tag.value.value
+    }
+  }
+}
@@ -0,0 +1,39 @@
+variable "vaults" {
+  type = object({
+    kms_key_arn = string
+  })
+  description = "Map of vaults"
+}
+
+variable "policy" {
+  type        = string
+  description = "Json encoded policy"
+}
+
+variable "plans" {
+  type = object({
+    rule = object({
+      rule_name         = string
+      schedule          = string
+      target_vault_name = string
+      lifecycle = object({
+        cold_storage_after = number
+        delete_after       = number
+      })
+    })
+  })
+  description = "Backup plans"
+}
+
+variable "selections" {
+  type = object({
+    iam_role_arn = string
+    plan_id      = string
+    selection_tags = object({
+      type  = string
+      key   = string
+      value = string
+    })
+  })
+  description = "Backup selections"
+}