From 88396bceda6f2c2cc57202f629fbf3c741c0857e25118dd1b982de04c01d91d2 Mon Sep 17 00:00:00 2001
From: xpk <xpk@headdesk.me>
Date: Sat, 11 Apr 2026 00:13:55 +0800
Subject: [PATCH] enhance: updated module with suggestions from Qoder

---
 modules/storage/aws-backup/README.md       | 46 +++++++++++++++++++---
 modules/storage/aws-backup/example/main.tf | 27 +++++++++++++
 modules/storage/aws-backup/main.tf         |  7 ++--
 modules/storage/aws-backup/outputs.tf      | 10 +++++
 modules/storage/aws-backup/variables.tf    |  2 +-
 5 files changed, 83 insertions(+), 9 deletions(-)
 create mode 100644 modules/storage/aws-backup/example/main.tf
 create mode 100644 modules/storage/aws-backup/outputs.tf

diff --git a/modules/storage/aws-backup/README.md b/modules/storage/aws-backup/README.md
index 8553e07..fcbacc9 100644
--- a/modules/storage/aws-backup/README.md
+++ b/modules/storage/aws-backup/README.md
@@ -1,4 +1,36 @@
 <!-- This readme file is generated with terraform-docs -->
+## Example
+
+```hcl
+module "aws-backup" {
+  source = "../"
+
+  backup_kms_key           = "arn..."
+  daily-backup-cron        = "cron(0 20 * * ? *)"
+  daily-backup-retention   = 30
+  monthly-backup-cron      = ""
+  monthly-backup-retention = 360
+  service-opt-in = {
+    "Aurora" : false,
+    "DynamoDB" : false,
+    "EBS" : false,
+    "EC2" : true,
+    "EFS" : true,
+    "FSx" : false,
+    "Redshift" : false,
+    "RDS" : true,
+    "VirtualMachine" : false,
+    "S3" : true,
+    "EKS" : false,
+    "CloudFormation" : false,
+    "Neptune" : false,
+    "Redshift Serverless" : false,
+    "SAP HANA on Amazon EC2" : false,
+    "Storage Gateway" : false
+  }
+}
+```
+
 # aws-backup
 
 Module to configure AWSBackup service opt in and manage backup settings for typical workloads
@@ -10,7 +42,7 @@ No requirements.
 ## Providers
 
 | Name | Version |
-|------|---------|
+| ---- | ------- |
 | aws | n/a |
 
 ## Modules
@@ -20,7 +52,7 @@ No modules.
 ## Resources
 
 | Name | Type |
-|------|------|
+| ---- | ---- |
 | [aws_backup_plan.ab-plan](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_plan) | resource |
 | [aws_backup_region_settings.ab-settings](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_region_settings) | resource |
 | [aws_backup_selection.ab-selection-by-service-type](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_selection) | resource |
@@ -33,7 +65,7 @@ No modules.
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
+| ---- | ----------- | ---- | ------- | :------: |
 | backup\_kms\_key | KMS key arn for AWS Backup | `string` | `null` | no |
 | daily-backup-cron | Daily backup rule cron expression | `string` | n/a | yes |
 | daily-backup-retention | Daily backup retention period | `number` | n/a | yes |
@@ -41,11 +73,15 @@ No modules.
 | enable-vss | Enable VSS for Windows Ec2 | `bool` | `false` | no |
 | monthly-backup-cron | Monthly backup rule cron expression | `string` | `null` | no |
 | monthly-backup-retention | Monthly backup retention period | `number` | `null` | no |
-| service-opt-in | If not specified, EC2, RDS, EFS, and S3 are enabled | `map(string)` | <pre>{<br/>  "Aurora": false,<br/>  "CloudFormation": false,<br/>  "DynamoDB": false,<br/>  "EBS": false,<br/>  "EC2": true,<br/>  "EFS": true,<br/>  "EKS": false,<br/>  "FSx": false,<br/>  "Neptune": false,<br/>  "RDS": true,<br/>  "Redshift": false,<br/>  "Redshift Serverless": false,<br/>  "S3": true,<br/>  "SAP HANA on Amazon EC2": false,<br/>  "Storage Gateway": false,<br/>  "VirtualMachine": false<br/>}</pre> | no |
+| service-opt-in | If not specified, EC2, RDS, EFS, and S3 are enabled | `map(bool)` | <pre>{<br/>  "Aurora": false,<br/>  "CloudFormation": false,<br/>  "DynamoDB": false,<br/>  "EBS": false,<br/>  "EC2": true,<br/>  "EFS": true,<br/>  "EKS": false,<br/>  "FSx": false,<br/>  "Neptune": false,<br/>  "RDS": true,<br/>  "Redshift": false,<br/>  "Redshift Serverless": false,<br/>  "S3": true,<br/>  "SAP HANA on Amazon EC2": false,<br/>  "Storage Gateway": false,<br/>  "VirtualMachine": false<br/>}</pre> | no |
 
 ## Outputs
 
-No outputs.
+| Name | Description |
+| ---- | ----------- |
+| backup\_iam\_role\_arn | n/a |
+| backup\_plan\_ids | n/a |
+| backup\_vault\_arns | n/a |
  
 ---
 ## Authorship
diff --git a/modules/storage/aws-backup/example/main.tf b/modules/storage/aws-backup/example/main.tf
new file mode 100644
index 0000000..67e9621
--- /dev/null
+++ b/modules/storage/aws-backup/example/main.tf
@@ -0,0 +1,27 @@
+module "aws-backup" {
+  source = "../"
+
+  backup_kms_key           = "arn..."
+  daily-backup-cron        = "cron(0 20 * * ? *)"
+  daily-backup-retention   = 30
+  monthly-backup-cron      = ""
+  monthly-backup-retention = 360
+  service-opt-in = {
+    "Aurora" : false,
+    "DynamoDB" : false,
+    "EBS" : false,
+    "EC2" : true,
+    "EFS" : true,
+    "FSx" : false,
+    "Redshift" : false,
+    "RDS" : true,
+    "VirtualMachine" : false,
+    "S3" : true,
+    "EKS" : false,
+    "CloudFormation" : false,
+    "Neptune" : false,
+    "Redshift Serverless" : false,
+    "SAP HANA on Amazon EC2" : false,
+    "Storage Gateway" : false
+  }
+}
\ No newline at end of file
diff --git a/modules/storage/aws-backup/main.tf b/modules/storage/aws-backup/main.tf
index 119cec2..ed276ab 100644
--- a/modules/storage/aws-backup/main.tf
+++ b/modules/storage/aws-backup/main.tf
@@ -58,18 +58,19 @@ locals {
     }
     "CloudFormation" : {
       enabled = var.service-opt-in["CloudFormation"].enabled
+      arn-prefix = "arn:aws:cloudformation:*:*:stack/*/*"
     }
     "Neptune" : {
       enabled = var.service-opt-in["Neptune"].enabled
+      arn-prefix = "arn:aws:neptune-db:*:*:cluster:*"
     }
     "Redshift Serverless" : {
       enabled = var.service-opt-in["Redshift Serverless"].enabled
+      arn-prefix = "arn:aws:redshift-serverless:*:*:workgroup/*"
     }
     "SAP HANA on Amazon EC2" : {
       enabled = var.service-opt-in["SAP HANA on Amazon EC2"].enabled
-    }
-    "Storage Gateway" : {
-      enabled = var.service-opt-in["Storage Gateway"].enabled
+      arn-prefix = "arn:aws:sap:*:*:application/*/*"
     }
   }
 }
diff --git a/modules/storage/aws-backup/outputs.tf b/modules/storage/aws-backup/outputs.tf
new file mode 100644
index 0000000..b59a0a3
--- /dev/null
+++ b/modules/storage/aws-backup/outputs.tf
@@ -0,0 +1,10 @@
+output "backup_vault_arns" {
+  value = { for k, v in aws_backup_vault.ab-vault : k => v.arn }
+}
+output "backup_plan_ids" {
+  value = { for k, v in aws_backup_plan.ab-plan : k => v.id }
+}
+output "backup_iam_role_arn" {
+  value = aws_iam_role.ab-iam-role.arn
+}
+   
\ No newline at end of file
diff --git a/modules/storage/aws-backup/variables.tf b/modules/storage/aws-backup/variables.tf
index db6ce9c..09f2e34 100644
--- a/modules/storage/aws-backup/variables.tf
+++ b/modules/storage/aws-backup/variables.tf
@@ -27,7 +27,7 @@ variable "monthly-backup-retention" {
 }
 
 variable "service-opt-in" {
-  type        = map(string)
+  type        = map(bool)
   description = "If not specified, EC2, RDS, EFS, and S3 are enabled"
   default = {
     "Aurora" : false,