Initial commit

kabisa · Sep 18, 2019 · 99e8fc8 · 99e8fc8
1 parent e1e495c
commit 99e8fc8
Show file tree

Hide file tree

Showing 5 changed files with 127 additions and 0 deletions.
diff --git a/backup.tf b/backup.tf
@@ -0,0 +1,55 @@
+resource "aws_kms_key" "kms_key" {
+  description             = "${module.label.id}${module.label.delimiter}kms${module.label.delimiter}key"
+}
+
+resource "aws_backup_vault" "vault" {
+  name        = "${module.label.id}${module.label.delimiter}backup${module.label.delimiter}vault"
+  kms_key_arn = aws_kms_key.kms_key.arn
+}
+
+resource "aws_backup_plan" "plan" {
+  name = "${module.label.id}${module.label.delimiter}backup${module.label.delimiter}plan"
+
+  rule {
+    rule_name         = "${module.label.id}${module.label.delimiter}daily${module.label.delimiter}rule"
+    target_vault_name = aws_backup_vault.vault.name
+    schedule          = "cron(0 0 * * ? *)"
+
+    lifecycle {
+//      5 weeks * 7 days = 35 days
+      delete_after = 35
+    }
+  }
+
+  rule {
+    rule_name         = "${module.label.id}${module.label.delimiter}weekly${module.label.delimiter}rule"
+    target_vault_name = aws_backup_vault.vault.name
+    schedule          = "cron(0 0 ? * 1 *)"
+
+    lifecycle {
+//      3 months * 30 days = 90 days
+      delete_after = 90
+    }
+  }
+
+  rule {
+    rule_name         = "${module.label.id}${module.label.delimiter}monthly${module.label.delimiter}rule"
+    target_vault_name = aws_backup_vault.vault.name
+    schedule          = "cron(0 0 1 * ? *)"
+
+    lifecycle {
+//      3 months * 30 days = 90 days
+      cold_storage_after = 90
+//      2 years * 365 days = 730 days
+      delete_after = 730
+    }
+  }
+}
+
+resource "aws_backup_selection" "arn_resource_selection" {
+  iam_role_arn = aws_iam_role.aws_backup_role.arn
+  name         = "${module.label.id}${module.label.delimiter}arn${module.label.delimiter}resource${module.label.delimiter}selection"
+  plan_id      = aws_backup_plan.plan.id
+
+  resources = var.backup_resource_ids
+}
diff --git a/iam.tf b/iam.tf
@@ -0,0 +1,23 @@
+resource "aws_iam_role" "aws_backup_role" {
+  name               = "${module.label.id}${module.label.delimiter}backup${module.label.delimiter}role"
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": ["sts:AssumeRole"],
+      "Effect": "allow",
+      "Principal": {
+        "Service": ["backup.amazonaws.com"]
+      }
+    }
+  ]
+}
+POLICY
+  tags = module.label.tags
+}
+
+resource "aws_iam_role_policy_attachment" "aws_backup_policy" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup"
+  role       = aws_iam_role.aws_backup_role.name
+}
diff --git a/labels.tf b/labels.tf
@@ -0,0 +1,7 @@
+module "label" {
+  source     = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.15.0"
+  namespace  = var.namespace
+  name       = var.name
+  stage      = var.stage
+  tags       = var.tags
+}
diff --git a/outputs.tf b/outputs.tf
@@ -0,0 +1,9 @@
+output "key_arn" {
+  value       = aws_kms_key.kms_key.arn
+  description = "Key ARN"
+}
+
+output "key_id" {
+  value       = aws_kms_key.kms_key.key_id
+  description = "Key ID"
+}
diff --git a/variables.tf b/variables.tf
@@ -0,0 +1,33 @@
+# General
+variable "region" {
+  default = "eu-west-1"
+}
+
+variable "backup_resource_ids" {
+  type = "list"
+}
+
+# Labels
+variable "namespace" {
+  type        = "string"
+  default     = ""
+  description = "Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'"
+}
+
+variable "name" {
+  type        = "string"
+  default     = ""
+  description = "Solution name, e.g. 'app' or 'jenkins'"
+}
+
+variable "tags" {
+  type        = "map"
+  default     = {}
+  description = "Additional tags (e.g. map(`BusinessUnit`,`XYZ`)"
+}
+
+variable "stage" {
+  type        = "string"
+  description = "Stage (e.g. `prod`, `dev`, `staging`)"
+  default     = ""
+}