Merge pull request #43 from lgallard/feature/multiple-copy-actions

Feature/multiple copy actions
lgallard · Jul 16, 2021 · dde44a2 · dde44a2
2 parents 7f977b3 + 63e8245
commit dde44a2
Show file tree

Hide file tree

Showing 7 changed files with 47 additions and 19 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 0.12.0 (July 16, 2021)
+
+ENHANCEMENTS:
+
+* Add multiple `copy_action` support (thanks @unni-kr)
+* Add "Error creating Backup Vault" know issue in README
+
 ## 0.11.6 (May 13, 2021)
 
 FIXES:
@@ -31,7 +38,6 @@ ENHANCEMENTS:
 * Add .gitignore file
 * Update README
 
-
 ## 0.11.2 (April 10, 2021)
 
 FIXES:

diff --git a/README.md b/README.md
@@ -45,13 +45,15 @@ module "aws_backup_example" {
         cold_storage_after = 0
         delete_after       = 30
       },
-      copy_action = {
-        lifecycle = {
-          cold_storage_after = 0
-          delete_after       = 90
+      copy_actions = [
+        {
+          lifecycle = {
+            cold_storage_after = 0
+            delete_after       = 90
+          },
+          destination_vault_arn = "arn:aws:backup:us-west-2:123456789101:backup-vault:Default"
         },
-        destination_vault_arn = "arn:aws:backup:us-west-2:123456789101:backup-vault:Default"
-      }
+      ]
       recovery_point_tags = {
         Environment = "production"
       }
@@ -175,3 +177,15 @@ No modules.
 | <a name="output_vault_arn"></a> [vault\_arn](#output\_vault\_arn) | The ARN of the vault |
 | <a name="output_vault_id"></a> [vault\_id](#output\_vault\_id) | The name of the vault |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+## Know Issue:
+
+### error creating Backup Vault
+
+In case you get an error message similar to this one:
+
+```
+error creating Backup Vault (): AccessDeniedException: status code: 403, request id: 8e7e577e-5b74-4d4d-95d0-bf63e0b2cc2e,
+```
+
+Add the [required IAM permissions mentioned in the CreateBackupVault row](https://docs.aws.amazon.com/aws-backup/latest/devguide/access-control.html#backup-api-permissions-ref) to the role or user creating the Vault (the one running Terraform CLI). In particular make sure `kms` and `backup-storage` permissions are added.
diff --git a/examples/complete_plan/main.tf b/examples/complete_plan/main.tf
@@ -33,13 +33,22 @@ module "aws_backup_example" {
         cold_storage_after = 0
         delete_after       = 30
       },
-      copy_action = {
-        lifecycle = {
-          cold_storage_after = 0
-          delete_after       = 90
+      copy_actions = [
+        {
+          lifecycle = {
+            cold_storage_after = 0
+            delete_after       = 90
+          },
+          destination_vault_arn = "arn:aws:backup:us-west-2:123456789101:backup-vault:Default"
         },
-        destination_vault_arn = "arn:aws:backup:us-west-2:123456789101:backup-vault:Default"
-      }
+        {
+          lifecycle = {
+            cold_storage_after = 0
+            delete_after       = 90
+          },
+          destination_vault_arn = "arn:aws:backup:us-east-2:123456789101:backup-vault:Default"
+        },
+      ]
       recovery_point_tags = {
         Environment = "production"
       }

diff --git a/examples/complete_plan/variables.tf b/examples/complete_plan/variables.tf
@@ -1,4 +1,4 @@
 variable "env" {
-  type    = map
+  type    = map(any)
   default = {}
 }
diff --git a/examples/selection_by_tags/main.tf b/examples/selection_by_tags/main.tf
@@ -31,7 +31,7 @@ module "aws_backup_example" {
       start_window        = 120
       completion_window   = 360
       lifecycle           = {}
-      copy_action         = {}
+      copy_actions        = []
       recovery_point_tags = {}
     },
   ]

diff --git a/examples/selection_by_tags/variables.tf b/examples/selection_by_tags/variables.tf
@@ -1,4 +1,4 @@
 variable "env" {
-  type    = map
+  type    = map(any)
   default = {}
 }
diff --git a/main.tf b/main.tf
@@ -25,7 +25,7 @@ resource "aws_backup_plan" "ab_plan" {
 
       # Lifecycle
       dynamic "lifecycle" {
-        for_each = length(lookup(rule.value, "lifecycle")) == 0 ? [] : [lookup(rule.value, "lifecycle", {})]
+        for_each = length(lookup(rule.value, "lifecycle", {})) == 0 ? [] : [lookup(rule.value, "lifecycle", {})]
         content {
           cold_storage_after = lookup(lifecycle.value, "cold_storage_after", 0)
           delete_after       = lookup(lifecycle.value, "delete_after", 90)
@@ -34,7 +34,7 @@ resource "aws_backup_plan" "ab_plan" {
 
       # Copy action
       dynamic "copy_action" {
-        for_each = length(lookup(rule.value, "copy_action", {})) == 0 ? [] : [lookup(rule.value, "copy_action", {})]
+        for_each = lookup(rule.value, "copy_actions", [])
         content {
           destination_vault_arn = lookup(copy_action.value, "destination_vault_arn", null)
 
@@ -48,7 +48,6 @@ resource "aws_backup_plan" "ab_plan" {
           }
         }
       }
-
     }
   }