-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdefault_plan.tf
108 lines (108 loc) · 5.35 KB
/
default_plan.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
locals {
default_plan = {
"plans" : {
"organization_${var.name}" : {
"rules" : {
# overlapping backup schedules to make costs predictable and backups consistent
"001_14DayRule" : merge({
"schedule_expression" : { "@@assign" : "cron(50 5 ? * * *)" }, # daily at 05:50
"target_backup_vault_name" : { "@@assign" : module.backup_vault.backup_vault_name },
"start_backup_window_minutes" : { "@@assign" : "300" }, # daily backups at most so ok, avoid collisions with RDS / FSx
"complete_backup_window_minutes" : { "@@assign" : "2880" }, # max 2 days then fail
"enable_continuous_backup" : { "@@assign" : true },
"recovery_point_tags" : { for k, v in merge(data.aws_default_tags.current.tags, { "Inherited" : "True" }) :
k => { "tag_key" : { "@@assign" : k }, "tag_value" : { "@@assign" : v } }
},
"lifecycle" : {
# "move_to_cold_storage_after_days": {"@@assign": "0"},
"delete_after_days" : { "@@assign" : "14" } # 1 week + 3 day margin
} }, length(module.backup_vault_external) > 0 ? {
"copy_actions" : {
"${module.backup_vault_external[0].backup_vault_arn}" : {
"target_backup_vault_arn" : {
"@@assign" : module.backup_vault_external[0].backup_vault_arn
},
"lifecycle" : {
# "move_to_cold_storage_after_days": {"@@assign": "180"},
"delete_after_days" : { "@@assign" : "14" }
}
}
}
} : {})
"002_42DayRule" : merge({
"schedule_expression" : { "@@assign" : "cron(50 5 ? * 2 *)" }, # every week on Monday at 05:50
"target_backup_vault_name" : { "@@assign" : module.backup_vault.backup_vault_name },
"start_backup_window_minutes" : { "@@assign" : "300" }, # daily backups at most so ok, avoid collisions with RDS / FSx
"complete_backup_window_minutes" : { "@@assign" : "2880" }, # max 2 days then fail
"enable_continuous_backup" : { "@@assign" : false },
"recovery_point_tags" : { for k, v in merge(data.aws_default_tags.current.tags, { "Inherited" : "True" }) :
k => { "tag_key" : { "@@assign" : k }, "tag_value" : { "@@assign" : v } }
},
"lifecycle" : {
# "move_to_cold_storage_after_days": {"@@assign": "10"},
"delete_after_days" : { "@@assign" : "42" } # 1 month + 1 week margin
} }, length(module.backup_vault_external) > 0 ? {
"copy_actions" : {
"${module.backup_vault_external[0].backup_vault_arn}" : {
"target_backup_vault_arn" : {
"@@assign" : module.backup_vault_external[0].backup_vault_arn
},
"lifecycle" : {
# "move_to_cold_storage_after_days": {"@@assign": "10"},
"delete_after_days" : { "@@assign" : "42" }
}
}
}
} : {})
"003_420DayRule" : merge({
"schedule_expression" : { "@@assign" : "cron(50 5 ? * 2#1 *)" }, # every first Monday at the month at 05:50
"target_backup_vault_name" : { "@@assign" : module.backup_vault.backup_vault_name },
"start_backup_window_minutes" : { "@@assign" : "300" }, # daily backups at most so ok, avoid collisions with RDS / FSx
"complete_backup_window_minutes" : { "@@assign" : "2880" }, # max 2 days then fail
"enable_continuous_backup" : { "@@assign" : false },
"recovery_point_tags" : { for k, v in merge(data.aws_default_tags.current.tags, { "Inherited" : "True" }) :
k => { "tag_key" : { "@@assign" : k }, "tag_value" : { "@@assign" : v } }
},
"lifecycle" : {
"move_to_cold_storage_after_days" : { "@@assign" : "90" },
"delete_after_days" : { "@@assign" : "420" } # 1 year + 1 month margin
} }, length(module.backup_vault_external) > 0 ? {
"copy_actions" : {
"${module.backup_vault_external[0].backup_vault_arn}" : {
"target_backup_vault_arn" : {
"@@assign" : module.backup_vault_external[0].backup_vault_arn
},
"lifecycle" : {
"move_to_cold_storage_after_days" : { "@@assign" : "90" },
"delete_after_days" : { "@@assign" : "420" }
}
}
}
} : {})
},
"regions" : {
"@@assign" : [data.aws_region.current.name]
},
"selections" : {
"tags" : {
"BackupEnabled" : {
"iam_role_arn" : { "@@assign" : replace(module.iam_role.role_arn, data.aws_caller_identity.current.account_id, "$account") },
"tag_key" : { "@@assign" : "BackupEnabled" },
"tag_value" : {
"@@assign" : ["True"]
}
}
}
},
"advanced_backup_settings" : {
"ec2" : {
"windows_vss" : { "@@assign" : "enabled" }
}
},
"backup_plan_tags" : { for k, v in data.aws_default_tags.current.tags :
k => { "tag_key" : { "@@assign" : k }, "tag_value" : { "@@assign" : v } }
}
}
}
}
}