-
Notifications
You must be signed in to change notification settings - Fork 7
/
_variables.tf
183 lines (160 loc) · 5.1 KB
/
_variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
#
# AWS Backup vault
#
variable "name" {
description = "Name of the backup vault to create."
type = string
}
variable "account_type" {
description = "Type of the account to create backup resources."
type = string
default = "workload"
validation {
condition = contains([
"workload",
"backup"
], var.account_type)
error_message = "Invalid account_type. Current valid types are: workload and backup."
}
}
variable "vault_kms_key_arn" {
description = "The server-side encryption key that is used to protect your backups"
type = string
default = null
}
variable "vault_policy" {
description = "The backup vault access policy document in JSON format"
type = string
default = ""
}
variable "enable_aws_backup_vault_notifications" {
description = "Enable vault notifications"
type = bool
default = false
}
variable "vault_notification_sns_topic_arn" {
description = "The Amazon Resource Name (ARN) that specifies the topic for a backup vaults events"
type = string
default = ""
}
variable "backup_vault_events" {
description = "An array of events that indicate the status of jobs to back up resources to the backup vault"
type = list(string)
default = ["BACKUP_JOB_FAILED", "COPY_JOB_FAILED"]
validation {
condition = alltrue([
for event in var.backup_vault_events : contains([
"BACKUP_JOB_STARTED",
"BACKUP_JOB_COMPLETED",
"BACKUP_JOB_SUCCESSFUL",
"BACKUP_JOB_FAILED",
"BACKUP_JOB_EXPIRED",
"RESTORE_JOB_STARTED",
"RESTORE_JOB_COMPLETED",
"RESTORE_JOB_SUCCESSFUL",
"RESTORE_JOB_FAILED",
"COPY_JOB_STARTED",
"COPY_JOB_SUCCESSFUL",
"COPY_JOB_FAILED",
"RECOVERY_POINT_MODIFIED",
"BACKUP_PLAN_CREATED",
"BACKUP_PLAN_MODIFIED",
"S3_BACKUP_OBJECT_FAILED",
"S3_RESTORE_OBJECT_FAILED"
], event)
])
error_message = "Invalid backup_vault_events."
}
}
# Default rule
variable "rule_schedule" {
description = "A CRON expression specifying when AWS Backup initiates a backup job"
type = string
default = null
}
variable "rule_start_window" {
description = "The amount of time in minutes before beginning a backup"
type = number
default = 60
}
variable "rule_completion_window" {
description = "The amount of time AWS Backup attempts a backup before canceling the job and returning an error"
type = number
default = 120
}
# Rule lifecycle
variable "rule_lifecycle_cold_storage_after" {
description = "Specifies the number of days after creation that a recovery point is moved to cold storage"
type = number
default = 30
}
variable "rule_lifecycle_delete_after" {
description = "Specifies the number of days after creation that a recovery point is deleted. Must be 90 days greater than `cold_storage_after`"
type = number
default = 120
}
# Selection
variable "selection_resources" {
description = "An array of strings that either contain Amazon Resource Names (ARNs) or match patterns of resources to assign to a backup plan"
type = list(any)
default = []
}
variable "selection_tag_type" {
description = "An operation, such as StringEquals, that is applied to a key-value pair used to filter resources in a selection"
type = string
default = "STRINGEQUALS"
}
variable "selection_tag_key" {
description = "The key in a key-value pair"
type = string
default = "Backup"
}
variable "selection_tag_value" {
description = "The value in a key-value pair"
type = string
default = "true"
}
variable "min_retention_days" {
description = "The minimum retention period that the vault retains its recovery points"
type = number
default = null
}
variable "max_retention_days" {
description = "The maximum retention period that the vault retains its recovery points"
type = number
default = null
}
variable "changeable_for_days" {
description = "The number of days before the lock date. Until that time, the configuration can be edited or removed. The minimum number of day is 3 days"
type = number
default = null
}
variable "rules" {
description = "List of backup rules"
type = list(object({
rule_name = string
schedule = optional(string)
start_window = optional(number, 60)
completion_window = optional(number, 120)
enable_continuous_backup = optional(bool, false)
lifecycle = optional(object({
cold_storage_after = optional(number)
delete_after = optional(number, 30)
}))
copy_actions = optional(list(object({
destination_vault_arn = optional(string)
lifecycle = optional(object({
cold_storage_after = optional(number)
delete_after = optional(number, 30)
}), {})
})), [])
}))
default = [{
rule_name = "backup-rule"
}]
}
variable "enabled" {
description = "Change to false to avoid deploying any AWS Backup resources"
type = bool
default = true
}