diff --git a/CHANGELOG.md b/CHANGELOG.md index 3919982..d4807ff 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,14 @@ +## 0.3.0 (April 17, 2020) + +ENHANCEMENTS: + +* Add support for Copy Action + +UPDATES: + +* Update completed_example to include copy_action block +* Update simple_plan_using_\* examples + ## 0.2.1 (April 1, 2020) UPDATES: diff --git a/README.md b/README.md index 5327457..263520b 100644 --- a/README.md +++ b/README.md @@ -81,39 +81,48 @@ module "aws_backup_example" { } ``` +## Providers + +| Name | Version | +|------|---------| +| aws | >= 2.58.0 | + ## Inputs -| Name | Description | Type | Default | Required | -| ------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------- | --------------- | -------- | -------- | -| enabled | Change to false to avoid deploying any AWS Backup resources | `bool` | `true` | no | -| plan\_name | The display name of a backup plan | `string` | n/a | yes | -| rule\_completion\_window | The amount of time AWS Backup attempts a backup before canceling the job and returning an error | `number` | n/a | yes | -| rule\_lifecycle\_cold\_storage\_after | Specifies the number of days after creation that a recovery point is moved to cold storage | `number` | n/a | yes | -| rule\_lifecycle\_delete\_after | Specifies the number of days after creation that a recovery point is deleted. Must be 90 days greater than `cold\_storage\_after` | `number` | n/a | yes | -| rule\_name | An display name for a backup rule | `string` | n/a | yes | -| rule\_recovery\_point\_tags | Metadata that you can assign to help organize the resources that you create | `map(string)` | `{}` | no | -| rule\_schedule | A CRON expression specifying when AWS Backup initiates a backup job | `string` | n/a | yes | -| rule\_start\_window | The amount of time in minutes before beginning a backup | `number` | n/a | yes | -| rules | A list of rule maps | `list` | `[]` | no | -| selection\_name | The display name of a resource selection document | `string` | n/a | yes | -| selection\_resources | An array of strings that either contain Amazon Resource Names (ARNs) or match patterns of resources to assign to a backup plan | `list` | `[]` | no | -| selection\_tag\_key | The key in a key-value pair | `string` | n/a | yes | -| selection\_tag\_type | An operation, such as StringEquals, that is applied to a key-value pair used to filter resources in a selection | `string` | n/a | yes | -| selection\_tag\_value | The value in a key-value pair | `string` | n/a | yes | -| selections | A list of selction maps | `list` | `[]` | no | -| tags | A mapping of tags to assign to the resource | `map(string)` | `{}` | no | -| vault\_kms\_key\_arn | The server-side encryption key that is used to protect your backups | `string` | n/a | yes | -| vault\_name | Name of the backup vault to create. If not given, AWS use default | `string` | n/a | yes | +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| enabled | Change to false to avoid deploying any AWS Backup resources | `bool` | `true` | no | +| plan\_name | The display name of a backup plan | `string` | n/a | yes | +| rule\_completion\_window | The amount of time AWS Backup attempts a backup before canceling the job and returning an error | `number` | n/a | yes | +| rule\_copy\_action\_destination\_vault\_arn | An Amazon Resource Name (ARN) that uniquely identifies the destination backup vault for the copied backup. | `string` | n/a | yes | +| rule\_copy\_action\_lifecycle | The lifecycle defines when a protected resource is copied over to a backup vault and when it expires. | `map` | `{}` | no | +| rule\_lifecycle\_cold\_storage\_after | Specifies the number of days after creation that a recovery point is moved to cold storage | `number` | n/a | yes | +| rule\_lifecycle\_delete\_after | Specifies the number of days after creation that a recovery point is deleted. Must be 90 days greater than `cold_storage_after` | `number` | n/a | yes | +| rule\_name | An display name for a backup rule | `string` | n/a | yes | +| rule\_recovery\_point\_tags | Metadata that you can assign to help organize the resources that you create | `map(string)` | `{}` | no | +| rule\_schedule | A CRON expression specifying when AWS Backup initiates a backup job | `string` | n/a | yes | +| rule\_start\_window | The amount of time in minutes before beginning a backup | `number` | n/a | yes | +| rules | A list of rule maps | `any` | `[]` | no | +| selection\_name | The display name of a resource selection document | `string` | n/a | yes | +| selection\_resources | An array of strings that either contain Amazon Resource Names (ARNs) or match patterns of resources to assign to a backup plan | `list` | `[]` | no | +| selection\_tag\_key | The key in a key-value pair | `string` | n/a | yes | +| selection\_tag\_type | An operation, such as StringEquals, that is applied to a key-value pair used to filter resources in a selection | `string` | n/a | yes | +| selection\_tag\_value | The value in a key-value pair | `string` | n/a | yes | +| selections | A list of selction maps | `list` | `[]` | no | +| tags | A mapping of tags to assign to the resource | `map(string)` | `{}` | no | +| vault\_kms\_key\_arn | The server-side encryption key that is used to protect your backups | `string` | n/a | yes | +| vault\_name | Name of the backup vault to create. If not given, AWS use default | `string` | n/a | yes | ## Outputs -| Name | Description | -| ------------- | ---------------------------------------------------------------------------------------------------------- | -| plan\_arn | The ARN of the backup plan | -| plan\_id | The id of the backup plan | +| Name | Description | +|------|-------------| +| plan\_arn | The ARN of the backup plan | +| plan\_id | The id of the backup plan | | plan\_version | Unique, randomly generated, Unicode, UTF-8 encoded string that serves as the version ID of the backup plan | -| vault\_arn | The ARN of the vault | -| vault\_id | The name of the vault | +| vault\_arn | The ARN of the vault | +| vault\_id | The name of the vault | + ## Known issues diff --git a/examples/complete_plan/main.tf b/examples/complete_plan/main.tf index 11c41f3..0e883e6 100644 --- a/examples/complete_plan/main.tf +++ b/examples/complete_plan/main.tf @@ -1,6 +1,6 @@ module "aws_backup_example" { - source = "../modules/terraform-aws-backup" + source = "git::https://github.com/lgallard/terraform-aws-backup.git" # Vault vault_name = "vault-3" @@ -20,6 +20,13 @@ module "aws_backup_example" { cold_storage_after = 0 delete_after = 90 }, + copy_action = { + lifecycle = { + cold_storage_after = 0 + delete_after = 90 + }, + destination_vault_arn = "arn:aws:backup:us-west-2:123456789101:backup-vault:Default" + } recovery_point_tags = { Environment = "production" } @@ -31,6 +38,7 @@ module "aws_backup_example" { start_window = 120 completion_window = 360 lifecycle = {} + copy_action = {} recovery_point_tags = {} }, ] diff --git a/examples/complete_plan/terraform.tfvars b/examples/complete_plan/terraform.tfvars index 2b2ad87..e635d38 100644 --- a/examples/complete_plan/terraform.tfvars +++ b/examples/complete_plan/terraform.tfvars @@ -1,5 +1,5 @@ env = { region = "us-east-1" - profile = "myprofile" + profile = "default" } diff --git a/examples/complete_plan/variables.tf b/examples/complete_plan/variables.tf index 8a23afd..7f4c349 100644 --- a/examples/complete_plan/variables.tf +++ b/examples/complete_plan/variables.tf @@ -1,5 +1,5 @@ variable "env" { - type = "map" + type = map default = {} } diff --git a/examples/simple_plan_using_lists/main.tf b/examples/simple_plan_using_lists/main.tf index 0974e46..37684fa 100644 --- a/examples/simple_plan_using_lists/main.tf +++ b/examples/simple_plan_using_lists/main.tf @@ -1,6 +1,6 @@ module "aws_backup_example" { - source = "../modulesi/terraform-aws-backup" + source = "git::https://github.com/lgallard/terraform-aws-backup.git" # Vault vault_name = "vault-1" diff --git a/examples/simple_plan_using_lists/terraform.tfvars b/examples/simple_plan_using_lists/terraform.tfvars index 2b2ad87..e635d38 100644 --- a/examples/simple_plan_using_lists/terraform.tfvars +++ b/examples/simple_plan_using_lists/terraform.tfvars @@ -1,5 +1,5 @@ env = { region = "us-east-1" - profile = "myprofile" + profile = "default" } diff --git a/examples/simple_plan_using_lists/variables.tf b/examples/simple_plan_using_lists/variables.tf index 8a23afd..7f4c349 100644 --- a/examples/simple_plan_using_lists/variables.tf +++ b/examples/simple_plan_using_lists/variables.tf @@ -1,5 +1,5 @@ variable "env" { - type = "map" + type = map default = {} } diff --git a/examples/simple_plan_using_variables/main.tf b/examples/simple_plan_using_variables/main.tf index 7db1661..91754f9 100644 --- a/examples/simple_plan_using_variables/main.tf +++ b/examples/simple_plan_using_variables/main.tf @@ -1,6 +1,6 @@ module "aws_backup_example" { - source = "../modules/terraform-aws-backup" + source = "git::https://github.com/lgallard/terraform-aws-backup.git" # Vault vault_name = "vault-0" diff --git a/examples/simple_plan_using_variables/terraform.tfvars b/examples/simple_plan_using_variables/terraform.tfvars index 2b2ad87..e635d38 100644 --- a/examples/simple_plan_using_variables/terraform.tfvars +++ b/examples/simple_plan_using_variables/terraform.tfvars @@ -1,5 +1,5 @@ env = { region = "us-east-1" - profile = "myprofile" + profile = "default" } diff --git a/examples/simple_plan_using_variables/variables.tf b/examples/simple_plan_using_variables/variables.tf index 8a23afd..7f4c349 100644 --- a/examples/simple_plan_using_variables/variables.tf +++ b/examples/simple_plan_using_variables/variables.tf @@ -1,5 +1,5 @@ variable "env" { - type = "map" + type = map default = {} } diff --git a/main.tf b/main.tf index cdbe81e..8919e46 100644 --- a/main.tf +++ b/main.tf @@ -30,6 +30,24 @@ resource "aws_backup_plan" "ab_plan" { delete_after = lookup(lifecycle.value, "delete_after", 90) } } + + # Copy action + dynamic "copy_action" { + for_each = length(lookup(rule.value, "copy_action", {})) == 0 ? [] : [lookup(rule.value, "copy_action", {})] + content { + destination_vault_arn = lookup(copy_action.value, "destination_vault_arn", null) + + # Copy Action Lifecycle + dynamic "lifecycle" { + for_each = length(lookup(copy_action.value, "lifecycle", {})) == 0 ? [] : [lookup(copy_action.value, "lifecycle", {})] + content { + cold_storage_after = lookup(lifecycle.value, "cold_storage_after", 0) + delete_after = lookup(lifecycle.value, "delete_after", 90) + } + } + } + } + } } diff --git a/variables.tf b/variables.tf index 9b4e7c2..67aab39 100644 --- a/variables.tf +++ b/variables.tf @@ -71,10 +71,24 @@ variable "rule_lifecycle_delete_after" { default = null } +# Rule copy action +variable "rule_copy_action_lifecycle" { + description = "The lifecycle defines when a protected resource is copied over to a backup vault and when it expires." + type = map + default = {} +} + +variable "rule_copy_action_destination_vault_arn" { + description = "An Amazon Resource Name (ARN) that uniquely identifies the destination backup vault for the copied backup." + type = string + default = null +} + + # Rules variable "rules" { description = "A list of rule maps" - type = list + type = any default = [] } diff --git a/versions.tf b/versions.tf index 8007815..dfaae96 100644 --- a/versions.tf +++ b/versions.tf @@ -1,4 +1,8 @@ terraform { required_version = ">= 0.12" + + required_providers { + aws = ">= 2.58.0" + } }