-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathbackup_weekly.tf
61 lines (49 loc) · 1.5 KB
/
backup_weekly.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
## Weekly Backup Plan
# - Runs every week on SUNDAY @ 12:00 AM UTC
# - Backups are removed after 90 days
resource "aws_backup_vault" "weekly" {
count = local.weekly_backup_count
name = "weekly"
tags = merge(var.tags, var.tags_vault)
}
resource "aws_backup_vault" "weekly_cross_region" {
count = var.cross_region_backup_enabled ? local.weekly_backup_count : 0
name = "weekly_cross_region"
tags = merge(var.tags, var.tags_vault)
provider = aws.cross-region
}
resource "aws_backup_plan" "weekly" {
count = local.weekly_backup_count
name = "weekly"
tags = merge(var.tags, var.tags_plan)
rule {
rule_name = "weekly"
target_vault_name = aws_backup_vault.weekly[0].name
schedule = "cron(0 0 ? * SUN *)"
start_window = var.start_window_minutes
completion_window = var.completion_window_minutes
lifecycle {
delete_after = 90
}
dynamic "copy_action" {
for_each = var.cross_region_backup_enabled ? ["copy backups to the new region"] : []
content {
destination_vault_arn = aws_backup_vault.weekly_cross_region[0].arn
lifecycle {
delete_after = 90
}
}
}
}
}
resource "aws_backup_selection" "weekly" {
count = local.weekly_backup_count
iam_role_arn = aws_iam_role.service_role[0].arn
name = "weekly"
plan_id = aws_backup_plan.weekly[0].id
selection_tag {
type = "STRINGEQUALS"
key = var.weekly_backup_tag_key
value = var.weekly_backup_tag_value
}
}