diff --git a/modules/storage/aws-backup/README.md b/modules/storage/aws-backup/README.md
index 8553e07..fcbacc9 100644
--- a/modules/storage/aws-backup/README.md
+++ b/modules/storage/aws-backup/README.md
@@ -1,4 +1,36 @@
+## Example
+
+```hcl
+module "aws-backup" {
+ source = "../"
+
+ backup_kms_key = "arn..."
+ daily-backup-cron = "cron(0 20 * * ? *)"
+ daily-backup-retention = 30
+ monthly-backup-cron = ""
+ monthly-backup-retention = 360
+ service-opt-in = {
+ "Aurora" : false,
+ "DynamoDB" : false,
+ "EBS" : false,
+ "EC2" : true,
+ "EFS" : true,
+ "FSx" : false,
+ "Redshift" : false,
+ "RDS" : true,
+ "VirtualMachine" : false,
+ "S3" : true,
+ "EKS" : false,
+ "CloudFormation" : false,
+ "Neptune" : false,
+ "Redshift Serverless" : false,
+ "SAP HANA on Amazon EC2" : false,
+ "Storage Gateway" : false
+ }
+}
+```
+
# aws-backup
Module to configure AWSBackup service opt in and manage backup settings for typical workloads
@@ -10,7 +42,7 @@ No requirements.
## Providers
| Name | Version |
-|------|---------|
+| ---- | ------- |
| aws | n/a |
## Modules
@@ -20,7 +52,7 @@ No modules.
## Resources
| Name | Type |
-|------|------|
+| ---- | ---- |
| [aws_backup_plan.ab-plan](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_plan) | resource |
| [aws_backup_region_settings.ab-settings](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_region_settings) | resource |
| [aws_backup_selection.ab-selection-by-service-type](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_selection) | resource |
@@ -33,7 +65,7 @@ No modules.
## Inputs
| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
+| ---- | ----------- | ---- | ------- | :------: |
| backup\_kms\_key | KMS key arn for AWS Backup | `string` | `null` | no |
| daily-backup-cron | Daily backup rule cron expression | `string` | n/a | yes |
| daily-backup-retention | Daily backup retention period | `number` | n/a | yes |
@@ -41,11 +73,15 @@ No modules.
| enable-vss | Enable VSS for Windows Ec2 | `bool` | `false` | no |
| monthly-backup-cron | Monthly backup rule cron expression | `string` | `null` | no |
| monthly-backup-retention | Monthly backup retention period | `number` | `null` | no |
-| service-opt-in | If not specified, EC2, RDS, EFS, and S3 are enabled | `map(string)` | {
"Aurora": false,
"CloudFormation": false,
"DynamoDB": false,
"EBS": false,
"EC2": true,
"EFS": true,
"EKS": false,
"FSx": false,
"Neptune": false,
"RDS": true,
"Redshift": false,
"Redshift Serverless": false,
"S3": true,
"SAP HANA on Amazon EC2": false,
"Storage Gateway": false,
"VirtualMachine": false
} | no |
+| service-opt-in | If not specified, EC2, RDS, EFS, and S3 are enabled | `map(bool)` | {
"Aurora": false,
"CloudFormation": false,
"DynamoDB": false,
"EBS": false,
"EC2": true,
"EFS": true,
"EKS": false,
"FSx": false,
"Neptune": false,
"RDS": true,
"Redshift": false,
"Redshift Serverless": false,
"S3": true,
"SAP HANA on Amazon EC2": false,
"Storage Gateway": false,
"VirtualMachine": false
} | no |
## Outputs
-No outputs.
+| Name | Description |
+| ---- | ----------- |
+| backup\_iam\_role\_arn | n/a |
+| backup\_plan\_ids | n/a |
+| backup\_vault\_arns | n/a |
---
## Authorship
diff --git a/modules/storage/aws-backup/example/main.tf b/modules/storage/aws-backup/example/main.tf
new file mode 100644
index 0000000..67e9621
--- /dev/null
+++ b/modules/storage/aws-backup/example/main.tf
@@ -0,0 +1,27 @@
+module "aws-backup" {
+ source = "../"
+
+ backup_kms_key = "arn..."
+ daily-backup-cron = "cron(0 20 * * ? *)"
+ daily-backup-retention = 30
+ monthly-backup-cron = ""
+ monthly-backup-retention = 360
+ service-opt-in = {
+ "Aurora" : false,
+ "DynamoDB" : false,
+ "EBS" : false,
+ "EC2" : true,
+ "EFS" : true,
+ "FSx" : false,
+ "Redshift" : false,
+ "RDS" : true,
+ "VirtualMachine" : false,
+ "S3" : true,
+ "EKS" : false,
+ "CloudFormation" : false,
+ "Neptune" : false,
+ "Redshift Serverless" : false,
+ "SAP HANA on Amazon EC2" : false,
+ "Storage Gateway" : false
+ }
+}
\ No newline at end of file
diff --git a/modules/storage/aws-backup/main.tf b/modules/storage/aws-backup/main.tf
index 119cec2..ed276ab 100644
--- a/modules/storage/aws-backup/main.tf
+++ b/modules/storage/aws-backup/main.tf
@@ -58,18 +58,19 @@ locals {
}
"CloudFormation" : {
enabled = var.service-opt-in["CloudFormation"].enabled
+ arn-prefix = "arn:aws:cloudformation:*:*:stack/*/*"
}
"Neptune" : {
enabled = var.service-opt-in["Neptune"].enabled
+ arn-prefix = "arn:aws:neptune-db:*:*:cluster:*"
}
"Redshift Serverless" : {
enabled = var.service-opt-in["Redshift Serverless"].enabled
+ arn-prefix = "arn:aws:redshift-serverless:*:*:workgroup/*"
}
"SAP HANA on Amazon EC2" : {
enabled = var.service-opt-in["SAP HANA on Amazon EC2"].enabled
- }
- "Storage Gateway" : {
- enabled = var.service-opt-in["Storage Gateway"].enabled
+ arn-prefix = "arn:aws:sap:*:*:application/*/*"
}
}
}
diff --git a/modules/storage/aws-backup/outputs.tf b/modules/storage/aws-backup/outputs.tf
new file mode 100644
index 0000000..b59a0a3
--- /dev/null
+++ b/modules/storage/aws-backup/outputs.tf
@@ -0,0 +1,10 @@
+output "backup_vault_arns" {
+ value = { for k, v in aws_backup_vault.ab-vault : k => v.arn }
+}
+output "backup_plan_ids" {
+ value = { for k, v in aws_backup_plan.ab-plan : k => v.id }
+}
+output "backup_iam_role_arn" {
+ value = aws_iam_role.ab-iam-role.arn
+}
+
\ No newline at end of file
diff --git a/modules/storage/aws-backup/variables.tf b/modules/storage/aws-backup/variables.tf
index db6ce9c..09f2e34 100644
--- a/modules/storage/aws-backup/variables.tf
+++ b/modules/storage/aws-backup/variables.tf
@@ -27,7 +27,7 @@ variable "monthly-backup-retention" {
}
variable "service-opt-in" {
- type = map(string)
+ type = map(bool)
description = "If not specified, EC2, RDS, EFS, and S3 are enabled"
default = {
"Aurora" : false,