Terraform AWS Organizations Backup

Description

This module creates an AWS Organization Backup Policy consisting of one or more backup plans to be deployed to accounts within the specified Organizational Unit.

Usage

The following example creates a generalised backup policy targeting all compatible AWS Backup resources. Resources are matched if they have a tag with the key BackupPolicy and a value matching the plan name - in this case daily. This policy is applied to all accounts within the specified organizational unit and is run on a daily schedule starting at 3am.

module "basic" {
  source  = "appvia/backup/aws"
  version = "1.0.0"

  name                = "general-backup"
  organizational_unit = "ou-1tbg-wpzfzxb7"

  plans = [{
    name                    = "daily"
    schedule                = "cron(0 3 ? * * *)"
    start_window_minutes    = "60"
    complete_window_minutes = "300"
  }]
}

resource "aws_s3_bucket" "data_pending_processing" {
  bucket = "io-appvia-data-pending-processing"

  tags = {
    BackupPolicy = "daily"
  }
}

Update Documentation

The terraform-docs utility is used to generate this README. Follow the below steps to update:

1. Make changes to the .terraform-docs.yml file
2. Fetch the terraform-docs binary (https://terraform-docs.io/user-guide/installation/)
3. Run terraform-docs markdown table --output-file ${PWD}/README.md --output-mode inject .

Requirements

Name	Version
terraform	>= 1.7
aws	>= 5

Providers

Name	Version
aws	>= 5

Modules

No modules.

Resources

Name	Type
aws_cloudformation_stack_set.role	resource
aws_cloudformation_stack_set.vault	resource
aws_cloudformation_stack_set_instance.role	resource
aws_cloudformation_stack_set_instance.vault	resource
aws_organizations_policy.backup	resource
aws_organizations_policy_attachment.backup	resource
aws_region.current	data source

Inputs

Name	Description	Type	Default	Required
name	Name of the backup policy	string	n/a	yes
plans	List of plan definitions. Each definition defines a backup plan governing the frequency, destinations and retention settings.	list(object({ name = string schedule = string start_window_minutes = optional(number, 60) complete_window_minutes = optional(number, 360) backup_tag_name = optional(string, "BackupPolicy") backup_role_name = optional(string, "lza-backup-service-linked-role") vault_name = optional(string, "Default") copy_backups = optional(list(object({ target_vault = string lifecycle = optional(object({ cold_storage_after_days = optional(number) delete_after_days = optional(number) })) })), []) lifecycle = optional(object({ cold_storage_after_days = optional(number) delete_after_days = optional(number) })) }))	n/a	yes
deployment_targets	The accounts or organizational unit to attach the backup policy to.	list(string)	[]	no
regions	List of regions where resources to be backed up are located	list(string)	[]	no
tags	Map of tags to apply to resources create by this module. These are also passed down to individual backups.	map(string)	{}	no
vaults	List of Backup Vaults to be created along with their lock configuration	list(object({ name = string change_grace_days = optional(number) min_retention_days = optional(number) max_retention_days = optional(number) }))	[]	no

Outputs

No outputs.