Skip to content

Added force destroy feature + new restore policy #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Ohid25 merged 6 commits into from
Aug 18, 2022
Merged

Added force destroy feature + new restore policy #13

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
f7fb6b8
Updated Documentation + terratest version
Mohammed-afk91 Aug 18, 2022
88b6a06
Refactored examples to be 4.0 compatible
Mohammed-afk91 Aug 18, 2022
0fce036
New feature to allow force destroy for backup vault
Mohammed-afk91 Aug 18, 2022
b456793
Added restore policy
Mohammed-afk91 Aug 18, 2022
896b88d
Update documentation + upgrade go modules
Aug 18, 2022
4570b1a
Update github actions workflow
Aug 18, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 3 additions & 4 deletions .github/workflows/terraform-checks.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,12 @@
name: Lint and Validate

on:
pull_request:
branches:
- main
pull_request_review:
types: [submitted, edited]
workflow_dispatch:

env:
TF_VERSION: 0.13.0
TF_VERSION: 1.1.7

jobs:
fmt:
Expand Down
17 changes: 4 additions & 13 deletions .github/workflows/test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,13 @@
name: Terratest

on:
pull_request:
branches:
- main
pull_request_review:
types: [submitted, edited]
workflow_dispatch:

env:
TF_VERSION: 0.13.0
GO_VERSION: 1.16.5
TF_VERSION: 1.1.7
GO_VERSION: 1.19

jobs:
terratest:
Expand All @@ -28,20 +27,12 @@ jobs:
- name: Install dependencies
run: |
go mod download
go get -u golang.org/x/lint/golint
go get github.com/gruntwork-io/terratest/modules/[email protected]
working-directory: ${{ env.working-directory }}
- name: Run checks
run: |
go vet .
golint .
working-directory: ${{ env.working-directory }}

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-west-1
role-skip-session-tagging: true
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
Expand Down
6 changes: 3 additions & 3 deletions .pre-commit-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.0.1
rev: v4.3.0
hooks:
- id: check-added-large-files
args: ['--maxkb=500']
Expand All @@ -17,8 +17,8 @@ repos:
- id: detect-aws-credentials
args: ['--allow-missing-credentials']
- id: trailing-whitespace
- repo: git://github.com/antonbabenko/pre-commit-terraform
rev: v1.50.0
- repo: https://github.com/antonbabenko/pre-commit-terraform
rev: v1.74.1
hooks:
- id: terraform_fmt
- id: terraform_docs
Expand Down
10 changes: 8 additions & 2 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,12 @@ All notable changes to this project will be documented in this file.
<a name="unreleased"></a>
## [Unreleased]

- Migrate to main branch + manual trigger to pipeline


<a name="1.4.0"></a>
## [1.4.0] - 2021-06-28

- Migrate to main branch + manual trigger to pipeline ([#12](https://github.com/umotif-public/terraform-aws-backup/issues/12))


<a name="1.3.1"></a>
Expand Down Expand Up @@ -51,7 +56,8 @@ All notable changes to this project will be documented in this file.
- Initial commit


[Unreleased]: https://github.com/umotif-public/terraform-aws-backup/compare/1.3.1...HEAD
[Unreleased]: https://github.com/umotif-public/terraform-aws-backup/compare/1.4.0...HEAD
[1.4.0]: https://github.com/umotif-public/terraform-aws-backup/compare/1.3.1...1.4.0
[1.3.1]: https://github.com/umotif-public/terraform-aws-backup/compare/1.3.0...1.3.1
[1.3.0]: https://github.com/umotif-public/terraform-aws-backup/compare/1.2.0...1.3.0
[1.2.0]: https://github.com/umotif-public/terraform-aws-backup/compare/1.1.0...1.2.0
Expand Down
19 changes: 10 additions & 9 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ Terraform module to provision [AWS Backup](https://aws.amazon.com/backup/) resou

## Terraform versions

Terraform 0.13+. Pin module version to `~> v1.4`. Submit pull-requests to `main` branch. Prior versions on `master` branch will need `~> v1.3`.
Terraform 1.0+. Pin module version to `~> v1.5`. Submit pull-requests to `main` branch. Prior versions on `master` branch will need `~> v1.3`.

## Usage

Expand All @@ -17,7 +17,7 @@ Terraform 0.13+. Pin module version to `~> v1.4`. Submit pull-requests to `main`
```hcl
module "backup" {
source = "umotif-public/backup/aws"
version = "~> 1.4"
version = "~> 1.5"

vault_name = "test-rds-aurora"
vault_kms_key_arn = "arn:aws:kms:eu-west-1:1111111111:key/07a8a813-fcc9-4d7f-a982648d9c25"
Expand Down Expand Up @@ -66,7 +66,7 @@ module "backup" {

## Assumptions

Module is to be used with Terraform > 0.13.
Module is to be used with Terraform > 1.0.

## Examples

Expand All @@ -79,22 +79,21 @@ Module is to be used with Terraform > 0.13.

Module managed by:

* [Marcin Cuber](https://github.com/marcincuber) ([LinkedIn](https://www.linkedin.com/in/marcincuber/))
* [Abdul Wahid](https://github.com/Ohid25) ([LinkedIn](https://www.linkedin.com/in/abdul-wahid/))
* Module managed by [uMotif](https://github.com/umotif-public/).

<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Requirements

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.11 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.11 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.11 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.0.0 |

## Modules

Expand All @@ -111,7 +110,8 @@ No modules.
| [aws_iam_policy.main_custom_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_role.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role_policy_attachment.main_custom_policy_attach](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_role_policy_attachment.main_role_policy_attach](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_role_policy_attachment.main_role_backup_policy_attach](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_role_policy_attachment.main_role_restore_policy_attach](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_sns_topic.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |
| [aws_sns_topic_policy.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_policy) | resource |
| [aws_iam_policy_document.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
Expand Down Expand Up @@ -148,6 +148,7 @@ No modules.
| <a name="input_selection_tags"></a> [selection\_tags](#input\_selection\_tags) | A list of selection tags map | `list(any)` | `[]` | no |
| <a name="input_sns_topic_arn"></a> [sns\_topic\_arn](#input\_sns\_topic\_arn) | The Amazon Resource Name (ARN) that specifies the topic for a backup vault’s events | `string` | `null` | no |
| <a name="input_tags"></a> [tags](#input\_tags) | A mapping of tags to assign to the resource | `map(string)` | `{}` | no |
| <a name="input_vault_force_destroy"></a> [vault\_force\_destroy](#input\_vault\_force\_destroy) | A boolean that indicates that all recovery points stored in the vault are deleted so that the vault can be destroyed without error. | `bool` | `false` | no |
| <a name="input_vault_kms_key_arn"></a> [vault\_kms\_key\_arn](#input\_vault\_kms\_key\_arn) | The server-side encryption key that is used to protect your backups | `string` | `null` | no |
| <a name="input_vault_name"></a> [vault\_name](#input\_vault\_name) | Name of the backup vault to create. If not given, AWS use default | `string` | `null` | no |
| <a name="input_vault_sns_kms_key_arn"></a> [vault\_sns\_kms\_key\_arn](#input\_vault\_sns\_kms\_key\_arn) | The server-side encryption key that is used to protect SNS messages for backups | `string` | `null` | no |
Expand Down
24 changes: 15 additions & 9 deletions examples/multiple-dbs/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,15 @@ data "aws_vpc" "default" {
default = true
}

data "aws_subnet_ids" "all" {
vpc_id = data.aws_vpc.default.id
data "aws_subnets" "all" {
filter {
name = "vpc-id"
values = [data.aws_vpc.default.id]
}
}

data "aws_subnet" "public" {
for_each = data.aws_subnet_ids.all.ids
for_each = toset(data.aws_subnets.all.ids)
id = each.value
}

Expand All @@ -40,14 +43,15 @@ data "aws_kms_key" "sns_backup" {
# RDS Aurora
#############
module "aurora-mysql" {
source = "umotif-public/rds-aurora/aws"
source = "umotif-public/rds-aurora/aws"
version = "~> 3"

name_prefix = "${var.name_prefix}-aurora-mysql"
database_name = "${var.name_prefix}mysqldb"
engine = "aurora-mysql"

vpc_id = data.aws_vpc.default.id
subnets = data.aws_subnet_ids.all.ids
subnets = data.aws_subnets.all.ids

kms_key_id = data.aws_kms_key.rds.arn

Expand All @@ -61,7 +65,8 @@ module "aurora-mysql" {
}

module "aurora-postgresql" {
source = "umotif-public/rds-aurora/aws"
source = "umotif-public/rds-aurora/aws"
version = "~> 3"

name_prefix = "${var.name_prefix}-postgresql"
database_name = "${var.name_prefix}postgresqldb"
Expand All @@ -70,7 +75,7 @@ module "aurora-postgresql" {
engine_parameter_family = "aurora-postgresql11"

vpc_id = data.aws_vpc.default.id
subnets = data.aws_subnet_ids.all.ids
subnets = data.aws_subnets.all.ids

kms_key_id = data.aws_kms_key.rds.arn

Expand All @@ -90,8 +95,9 @@ module "backup" {
source = "../.."

# Create a Vault
vault_name = "${var.name_prefix}-rds-aurora"
vault_kms_key_arn = data.aws_kms_key.backup.arn
vault_name = "${var.name_prefix}-rds-aurora"
vault_kms_key_arn = data.aws_kms_key.backup.arn
vault_force_destroy = true

tags = {
Environment = "test"
Expand Down
22 changes: 14 additions & 8 deletions examples/one-db/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,15 @@ data "aws_vpc" "default" {
default = true
}

data "aws_subnet_ids" "all" {
vpc_id = data.aws_vpc.default.id
data "aws_subnets" "all" {
filter {
name = "vpc-id"
values = [data.aws_vpc.default.id]
}
}

data "aws_subnet" "public" {
for_each = data.aws_subnet_ids.all.ids
for_each = toset(data.aws_subnets.all.ids)
id = each.value
}

Expand All @@ -33,14 +36,15 @@ data "aws_kms_key" "rds" {
# RDS Aurora
#############
module "aurora" {
source = "umotif-public/rds-aurora/aws"
source = "umotif-public/rds-aurora/aws"
version = "~> 3"

name_prefix = "${var.name_prefix}-aurora-mysql"
database_name = "${var.name_prefix}mysqldb"
engine = "aurora-mysql"

vpc_id = data.aws_vpc.default.id
subnets = data.aws_subnet_ids.all.ids
subnets = data.aws_subnets.all.ids

kms_key_id = data.aws_kms_key.rds.arn

Expand All @@ -60,9 +64,9 @@ module "backup" {
source = "../.."

# Create a Vault
vault_name = "${var.name_prefix}-rds-aurora"
vault_kms_key_arn = data.aws_kms_key.backup.arn

vault_name = "${var.name_prefix}-rds-aurora"
vault_kms_key_arn = data.aws_kms_key.backup.arn
vault_force_destroy = true
tags = {
Environment = "test"
}
Expand All @@ -78,10 +82,12 @@ module "backup" {
Project = "test"
Region = "eu-west-1"
}
schedule = "cron(0 2 ? * MON-FRI *)"

lifecycle = {
delete_after = 30
}

}
]

Expand Down
19 changes: 13 additions & 6 deletions main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,10 @@
resource "aws_backup_vault" "main" {
count = var.vault_name != null ? 1 : 0

name = var.vault_name
kms_key_arn = var.vault_kms_key_arn
tags = var.tags
name = var.vault_name
kms_key_arn = var.vault_kms_key_arn
force_destroy = var.vault_force_destroy
tags = var.tags
}

#####
Expand Down Expand Up @@ -117,18 +118,24 @@ resource "aws_iam_role" "main" {
tags = var.tags
}

resource "aws_iam_role_policy_attachment" "main_role_policy_attach" {
resource "aws_iam_role_policy_attachment" "main_role_backup_policy_attach" {
policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup"
role = aws_iam_role.main.name
}

resource "aws_iam_role_policy_attachment" "main_role_restore_policy_attach" {
policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForRestores"
role = aws_iam_role.main.name
}

resource "aws_iam_policy" "main_custom_policy" {
description = "AWS Backup Tag policy"
policy = data.aws_iam_policy_document.main_custom_policy.json

policy = data.aws_iam_policy_document.main_custom_policy.json
tags = var.tags
}

resource "aws_iam_role_policy_attachment" "main_custom_policy_attach" {
policy_arn = aws_iam_policy.main_custom_policy.arn
role = aws_iam_role.main.name
}
}
36 changes: 27 additions & 9 deletions test/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,32 @@ module github.com/umotif-public/terraform-aws-backup/test
go 1.15

require (
github.com/gruntwork-io/terratest v0.31.0
github.com/jinzhu/copier v0.1.0 // indirect
github.com/kr/text v0.2.0 // indirect
github.com/stretchr/testify v1.6.1
golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c // indirect
golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 // indirect
golang.org/x/tools v0.1.4 // indirect
cloud.google.com/go v0.103.0 // indirect
cloud.google.com/go/compute v1.8.0 // indirect
cloud.google.com/go/storage v1.25.0 // indirect
github.com/aws/aws-sdk-go v1.44.79 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/snappy v0.0.4 // indirect
github.com/googleapis/gax-go/v2 v2.5.1 // indirect
github.com/gruntwork-io/terratest v0.40.20
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-getter v1.6.2 // indirect
github.com/hashicorp/go-multierror v1.1.1 // indirect
github.com/hashicorp/go-version v1.6.0 // indirect
github.com/hashicorp/hcl/v2 v2.13.0 // indirect
github.com/hashicorp/terraform-json v0.14.0 // indirect
github.com/jinzhu/copier v0.3.5 // indirect
github.com/klauspost/compress v1.15.9 // indirect
github.com/mattn/go-zglob v0.0.3 // indirect
github.com/mitchellh/go-testing-interface v1.14.1 // indirect
github.com/stretchr/testify v1.8.0
github.com/tmccombs/hcl2json v0.3.4 // indirect
github.com/ulikunitz/xz v0.5.10 // indirect
golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8 // indirect
golang.org/x/net v0.0.0-20220812174116-3211cb980234 // indirect
golang.org/x/oauth2 v0.0.0-20220808172628-8227340efae7 // indirect
golang.org/x/sys v0.0.0-20220817070843-5a390386f1f2 // indirect
google.golang.org/api v0.93.0 // indirect
google.golang.org/genproto v0.0.0-20220817144833-d7fd3f11b9b1 // indirect
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 // indirect
)
Loading