Initial commit

Author: goruha

.github/settings.yml

@@ -1,11 +1,7 @@
 # Upstream changes from _extends are only recognized when modifications are made to this file in the default branch.
 _extends: .github
 repository:
-  name: template
-  description: Template for Terraform Components
+  name: aws-backup
+  description: This component is responsible for provisioning an AWS Backup Plan
   homepage: https://cloudposse.com/accelerate
   topics: terraform, terraform-component
-
-
-
-

README.yaml

@@ -1,8 +1,20 @@
-locals {
-  enabled = module.this.enabled
-}
+module "backup" {
+  source  = "cloudposse/backup/aws"
+  version = "1.0.0"
 
+  plan_name_suffix = var.plan_name_suffix
+  vault_enabled    = var.vault_enabled
+  iam_role_enabled = var.iam_role_enabled
+  plan_enabled     = var.plan_enabled
 
+  backup_resources = var.backup_resources
+  selection_tags   = var.selection_tags
 
+  kms_key_arn = var.kms_key_arn
 
+  rules                           = var.rules
+  advanced_backup_setting         = var.advanced_backup_setting
+  backup_vault_lock_configuration = var.backup_vault_lock_configuration
 
+  context = module.this.context
+}

src/main.tf

@@ -1,4 +1,24 @@
-output "mock" {
-  description = "Mock output example for the Cloud Posse Terraform component template"
-  value       = local.enabled ? "hello ${basename(abspath(path.module))}" : ""
+output "backup_vault_id" {
+  value       = module.backup.backup_vault_id
+  description = "Backup Vault ID"
+}
+
+output "backup_vault_arn" {
+  value       = module.backup.backup_vault_arn
+  description = "Backup Vault ARN"
+}
+
+output "backup_plan_arn" {
+  value       = module.backup.backup_plan_arn
+  description = "Backup Plan ARN"
+}
+
+output "backup_plan_version" {
+  value       = module.backup.backup_plan_version
+  description = "Unique, randomly generated, Unicode, UTF-8 encoded string that serves as the version ID of the backup plan"
+}
+
+output "backup_selection_id" {
+  value       = module.backup.backup_selection_id
+  description = "Backup Selection ID"
 }

src/outputs.tf

@@ -0,0 +1,19 @@
+provider "aws" {
+  region = var.region
+
+  # Profile is deprecated in favor of terraform_role_arn. When profiles are not in use, terraform_profile_name is null.
+  profile = module.iam_roles.terraform_profile_name
+
+  dynamic "assume_role" {
+    # module.iam_roles.terraform_role_arn may be null, in which case do not assume a role.
+    for_each = compact([module.iam_roles.terraform_role_arn])
+    content {
+      role_arn = assume_role.value
+    }
+  }
+}
+
+module "iam_roles" {
+  source  = "../account-map/modules/iam-roles"
+  context = module.this.context
+}

src/providers.tf

@@ -0,0 +1,94 @@
+variable "region" {
+  type        = string
+  description = "AWS Region"
+}
+
+variable "kms_key_arn" {
+  type        = string
+  description = "The server-side encryption key that is used to protect your backups"
+  default     = null
+}
+
+variable "backup_vault_lock_configuration" {
+  type = object({
+    changeable_for_days = optional(number)
+    max_retention_days  = optional(number)
+    min_retention_days  = optional(number)
+  })
+  description = <<-EOT
+    The backup vault lock configuration, each vault can have one vault lock in place. This will enable Backup Vault Lock on an AWS Backup vault  it prevents the deletion of backup data for the specified retention period. During this time, the backup data remains immutable and cannot be deleted or modified."
+    `changeable_for_days` - The number of days before the lock date. If omitted creates a vault lock in `governance` mode, otherwise it will create a vault lock in `compliance` mode.
+  EOT
+  default     = null
+}
+
+variable "selection_tags" {
+  type        = list(map(string))
+  description = "An array of tag condition objects used to filter resources based on tags for assigning to a backup plan"
+  default     = []
+}
+
+variable "backup_resources" {
+  type        = list(string)
+  description = "An array of strings that either contain Amazon Resource Names (ARNs) or match patterns of resources to assign to a backup plan"
+  default     = []
+}
+
+variable "plan_name_suffix" {
+  type        = string
+  description = "The string appended to the plan name"
+  default     = null
+}
+
+variable "vault_enabled" {
+  type        = bool
+  description = "Whether or not a new Vault should be created"
+  default     = true
+}
+
+variable "plan_enabled" {
+  type        = bool
+  description = "Whether or not to create a new Plan"
+  default     = true
+}
+
+variable "iam_role_enabled" {
+  type        = bool
+  description = "Whether or not to create a new IAM Role and Policy Attachment"
+  default     = true
+}
+
+
+variable "rules" {
+  type = list(object({
+    name                     = string
+    schedule                 = optional(string)
+    enable_continuous_backup = optional(bool)
+    start_window             = optional(number)
+    completion_window        = optional(number)
+    lifecycle = optional(object({
+      cold_storage_after                        = optional(number)
+      delete_after                              = optional(number)
+      opt_in_to_archive_for_supported_resources = optional(bool)
+    }))
+    copy_action = optional(object({
+      destination_vault_arn = optional(string)
+      lifecycle = optional(object({
+        cold_storage_after                        = optional(number)
+        delete_after                              = optional(number)
+        opt_in_to_archive_for_supported_resources = optional(bool)
+      }))
+    }))
+  }))
+  description = "An array of rule maps used to define schedules in a backup plan"
+  default     = []
+}
+
+variable "advanced_backup_setting" {
+  type = object({
+    backup_options = string
+    resource_type  = string
+  })
+  description = "An object that specifies backup options for each resource type."
+  default     = null
+}

src/variables.tf

@@ -1,5 +1,10 @@
 terraform {
-  required_version = ">= 1.0.0"
+  required_version = ">= 1.3.0"
 
-  required_providers {}
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.9.0"
+    }
+  }
 }