forked from lgallard/terraform-aws-backup
-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.tf
234 lines (201 loc) · 6.33 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
#
# AWS Backup vault
#
variable "vault_name" {
description = "Name of the backup vault to create. If not given, AWS use default"
type = string
default = null
}
variable "vault_kms_key_arn" {
description = "The server-side encryption key that is used to protect your backups"
type = string
default = null
}
variable "tags" {
description = "A mapping of tags to assign to the resource"
type = map(string)
default = {}
}
variable "vault_force_destroy" {
description = "A boolean that indicates that all recovery points stored in the vault are deleted so that the vault can be destroyed without error."
type = bool
default = false
}
#
# AWS Backup vault lock configuration
#
variable "locked" {
description = "Change to true to add a lock configuration for the backup vault"
type = bool
default = false
}
variable "changeable_for_days" {
description = "The number of days before the lock date. If omitted creates a vault lock in governance mode, otherwise it will create a vault lock in compliance mode"
type = number
default = null
}
variable "max_retention_days" {
description = "The maximum retention period that the vault retains its recovery points"
type = number
default = null
}
variable "min_retention_days" {
description = "The minimum retention period that the vault retains its recovery points"
type = number
default = null
}
#
# AWS Backup plan
#
variable "plan_name" {
description = "The display name of a backup plan"
type = string
default = null
}
# Default rule
variable "rule_name" {
description = "An display name for a backup rule"
type = string
default = null
}
variable "rule_schedule" {
description = "A CRON expression specifying when AWS Backup initiates a backup job"
type = string
default = null
}
variable "rule_start_window" {
description = "The amount of time in minutes before beginning a backup"
type = number
default = null
}
variable "rule_completion_window" {
description = "The amount of time AWS Backup attempts a backup before canceling the job and returning an error"
type = number
default = null
}
variable "rule_recovery_point_tags" {
description = "Metadata that you can assign to help organize the resources that you create"
type = map(string)
default = {}
}
# Rule lifecycle
variable "rule_lifecycle_cold_storage_after" {
description = "Specifies the number of days after creation that a recovery point is moved to cold storage"
type = number
default = null
}
variable "rule_lifecycle_delete_after" {
description = "Specifies the number of days after creation that a recovery point is deleted. Must be 90 days greater than `cold_storage_after`"
type = number
default = null
}
# Rule copy action
variable "rule_copy_action_lifecycle" {
description = "The lifecycle defines when a protected resource is copied over to a backup vault and when it expires."
type = map(any)
default = {}
}
variable "rule_copy_action_destination_vault_arn" {
description = "An Amazon Resource Name (ARN) that uniquely identifies the destination backup vault for the copied backup."
type = string
default = null
}
variable "rule_enable_continuous_backup" {
description = " Enable continuous backups for supported resources."
type = bool
default = false
}
# Rules
variable "rules" {
description = "A list of rule maps"
type = any
default = []
}
# Selection
variable "selection_name" {
description = "The display name of a resource selection document"
type = string
default = null
}
variable "selection_resources" {
description = "An array of strings that either contain Amazon Resource Names (ARNs) or match patterns of resources to assign to a backup plan"
type = list(any)
default = []
}
variable "selection_not_resources" {
description = "An array of strings that either contain Amazon Resource Names (ARNs) or match patterns of resources to exclude from a backup plan."
type = list(any)
default = []
}
variable "selection_conditions" {
description = "A map of conditions that you define to assign resources to your backup plans using tags."
type = map(any)
default = {}
}
variable "selection_tags" {
description = "List of tags for `selection_name` var, when using variable definition."
type = list(any)
default = []
}
# Selection
variable "selections" {
description = "A list of selction maps"
type = any
default = []
}
variable "enabled" {
description = "Change to false to avoid deploying any AWS Backup resources"
type = bool
default = true
}
# Windows Backup parameter
variable "windows_vss_backup" {
description = "Enable Windows VSS backup option and create a VSS Windows backup"
type = bool
default = false
}
#
# Notifications
#
variable "notifications" {
description = "Notification block which defines backup vault events and the SNS Topic ARN to send AWS Backup notifications to. Leave it empty to disable notifications"
type = any
default = {}
}
variable "notifications_disable_sns_policy" {
description = "Disable the creation of the SNS policy. Enable if you need to manage the policy elsewhere."
type = bool
default = false
}
#
# IAM
#
variable "iam_role_arn" {
description = "If configured, the module will attach this role to selections, instead of creating IAM resources by itself"
type = string
default = null
}
variable "iam_role_name" {
description = "Allow to set IAM role name, otherwise use predefined default"
type = string
default = ""
}
#
# AWS Backup Report Plan
#
variable "reports" {
description = "The default cache behavior for this distribution."
type = list(object({
name = string
description = optional(string, null)
formats = optional(list(string), null)
s3_bucket_name = string
s3_key_prefix = optional(string, null)
report_template = string
accounts = optional(list(string), null)
organization_units = optional(list(string), null)
regions = optional(list(string), null)
framework_arns = optional(list(string), [])
}))
default = []
}