Skip to main content
Sponsor @cloudposse

Module: backup

Terraform module to provision AWS Backup, a fully managed backup service that makes it easy to centralize and automate the back up of data across AWS services such as Amazon EBS volumes, Amazon EC2 instances, Amazon RDS databases, Amazon DynamoDB tables, Amazon EFS file systems, and AWS Storage Gateway volumes.

note

The syntax of declaring a backup schedule has changed as of release 0.14.0, follow the instructions in the 0.13.x to 0.14.x+ migration guide.

warning

The deprecated variables have been fully deprecated as of 1.x.x. Please use the new variables as described in the 0.13.x to 0.14.x+ migration guide.

Usage

For a complete example on how to backup an Elastic File System (EFS), see examples/complete.

For automated tests of the complete example using bats and Terratest (which tests and deploys the example on AWS), see test.

provider "aws" {
  region = var.region
}

module "vpc" {
  source = "cloudposse/vpc/aws"
  # Cloud Posse recommends pinning every module to a specific version
  # version     = "x.x.x"

  namespace  = var.namespace
  stage      = var.stage
  name       = var.name
  attributes = var.attributes
  tags       = var.tags
  delimiter  = var.delimiter

  ipv4_primary_cidr_block = "172.16.0.0/16"
}

module "subnets" {
  source = "cloudposse/dynamic-subnets/aws"
  # Cloud Posse recommends pinning every module to a specific version
  # version     = "x.x.x"

  namespace  = var.namespace
  stage      = var.stage
  name       = var.name
  attributes = var.attributes
  tags       = var.tags
  delimiter  = var.delimiter

  availability_zones   = var.availability_zones
  vpc_id               = module.vpc.vpc_id
  igw_id               = [module.vpc.igw_id]
  ipv4_cidr_block      = module.vpc.vpc_cidr_block
  nat_gateway_enabled  = false
  nat_instance_enabled = false
}

module "efs" {
  source = "cloudposse/efs/aws"
  # Cloud Posse recommends pinning every module to a specific version
  # version     = "x.x.x"

  namespace  = var.namespace
  stage      = var.stage
  name       = var.name
  attributes = var.attributes
  tags       = var.tags
  delimiter  = var.delimiter

  region             = var.region
  availability_zones = var.availability_zones
  vpc_id             = module.vpc.vpc_id
  subnets            = module.subnets.private_subnet_ids

  allowed_security_group_ids = [module.vpc.vpc_default_security_group_id]
}

module "backup" {
  source = "cloudposse/backup/aws"
  # Cloud Posse recommends pinning every module to a specific version
  # version     = "x.x.x"

  namespace  = var.namespace
  stage      = var.stage
  name       = var.name
  attributes = var.attributes
  tags       = var.tags
  delimiter  = var.delimiter

  plan_name_suffix = var.plan_name_suffix
  vault_enabled    = var.vault_enabled
  iam_role_enabled = var.iam_role_enabled
  plan_enabled     = var.plan_enabled

  selection_tags   = var.selection_tags
  backup_resources = [module.efs.arn]
  not_resources    = var.not_resources

  rules = var.rules

  kms_key_arn = var.kms_key_arn

  advanced_backup_setting         = var.advanced_backup_setting
  backup_vault_lock_configuration = var.backup_vault_lock_configuration

}

In the above example var.rules could be defined as follows:

rules = [
  {
    name              = "${module.this.name}-daily"
    schedule          = var.schedule
    start_window      = var.start_window
    completion_window = var.completion_window
    lifecycle         = {
      cold_storage_after = var.cold_storage_after
      delete_after       = var.delete_after
    }
  }
]

or as yaml

rules:
  - name: "plan-daily"
    schedule: "cron(0 5 ? * * *)"
    start_window: 320 # 60 * 8             # minutes
    completion_window: 10080 # 60 * 24 * 7 # minutes
    delete_after: 35 # 7 * 5