{"id":13623157,"url":"https://github.com/lgallard/terraform-aws-backup","last_synced_at":"2025-04-13T11:48:24.676Z","repository":{"id":40660144,"uuid":"215705753","full_name":"lgallard/terraform-aws-backup","owner":"lgallard","description":"Terraform module to create AWS Backup plans. AWS Backup is a fully managed backup service that makes it easy to centralize and automate the back up of data across AWS services (EBS volumes, RDS databases, DynamoDB tables, EFS file systems, and Storage Gateway volumes).","archived":false,"fork":false,"pushed_at":"2025-03-20T23:45:00.000Z","size":239,"stargazers_count":142,"open_issues_count":2,"forks_count":62,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-04-04T05:48:00.302Z","etag":null,"topics":["aws","aws-backup","dynamodb","dynamodb-backup","ebs","ebs-backup","efs","efs-backup","rds","rds-backup","terraform"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lgallard.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":"audit_manager.tf","citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-10-17T04:51:21.000Z","updated_at":"2025-03-20T23:44:04.000Z","dependencies_parsed_at":"2023-12-28T03:09:59.460Z","dependency_job_id":"e47681e1-ec2b-4189-b15e-ae67ad0c2a3a","html_url":"https://github.com/lgallard/terraform-aws-backup","commit_stats":null,"previous_names":[],"tags_count":46,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lgallard%2Fterraform-aws-backup","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lgallard%2Fterraform-aws-backup/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lgallard%2Fterraform-aws-backup/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lgallard%2Fterraform-aws-backup/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lgallard","download_url":"https://codeload.github.com/lgallard/terraform-aws-backup/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248710411,"owners_count":21149186,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-backup","dynamodb","dynamodb-backup","ebs","ebs-backup","efs","efs-backup","rds","rds-backup","terraform"],"created_at":"2024-08-01T21:01:28.740Z","updated_at":"2025-04-13T11:48:24.654Z","avatar_url":"https://github.com/lgallard.png","language":"HCL","funding_links":[],"categories":["HCL"],"sub_categories":[],"readme":"\u003c!-- BEGIN_TF_DOCS --\u003e\n![Terraform](https://lgallardo.com/images/terraform.jpg)\n\n# terraform-aws-backup\n\nTerraform module to create AWS Backup plans. AWS Backup is a fully managed backup service that makes it easy to centralize and automate the back up of data across AWS services (EBS volumes, RDS databases, DynamoDB tables, EFS file systems, and Storage Gateway volumes).\n\n## Features\n\n* Flexible backup plan customization\n* Comprehensive backup management:\n - Rules and selections\n - Copy actions and lifecycle policies\n - Retention periods and windows\n - Resource tagging\n* Advanced capabilities:\n - IAM role management\n - Multi-region support\n - Vault management\n - Framework integration\n - Organization policies\n* Enterprise features:\n - Notifications system\n - Audit Manager integration\n - Cross-account backups\n - Compliance controls\n\n## Usage\n\nYou can use this module to create a simple plan using the module's `rule_*` variables. You can also use the `rules` and `selections` list of maps variables to build a more complete plan by defining several rules and selections at once.\n\nCheck the [examples](/examples/) folder where you can see how to configure backup plans with different selection criteria.\n\n### Simple plan\n\n```hcl\n# AWS SNS Topic\nresource \"aws_sns_topic\" \"backup_vault_notifications\" {\n name = \"backup-vault-events\"\n}\n\n# AWS Backup\nmodule \"aws_backup_example\" {\n source = \"../..\"\n\n # Vault\n vault_name = \"vault-3\"\n\n # Vault lock configuration\n min_retention_days = 7 # Minimum retention of 7 days\n max_retention_days = 90 # Maximum retention of 90 days\n\n # Plan\n plan_name = \"simple-plan\"\n\n # Multiple rules using a list of maps\n rules = [\n {\n name = \"rule-1\"\n schedule = \"cron(0 12 * * ? *)\"\n start_window = 120\n completion_window = 360\n lifecycle = {\n cold_storage_after = 0\n delete_after = 90\n }\n copy_actions = []\n recovery_point_tags = {\n Environment = \"prod\"\n }\n },\n {\n name = \"rule-2\"\n target_vault_name = \"Default\"\n schedule = \"cron(0 7 * * ? *)\"\n start_window = 120\n completion_window = 360\n lifecycle = {\n cold_storage_after = 0\n delete_after = 90\n }\n copy_actions = []\n recovery_point_tags = {\n Environment = \"prod\"\n }\n }\n ]\n\n # Multiple selections\n selections = [\n {\n name = \"selection-1\"\n resources = [\n \"arn:aws:dynamodb:us-east-1:123456789101:table/mydynamodb-table1\",\n \"arn:aws:dynamodb:us-east-1:123456789101:table/mydynamodb-table2\"\n ]\n selection_tags = [\n {\n type = \"STRINGEQUALS\"\n key = \"Environment\"\n value = \"prod\"\n }\n ]\n }\n ]\n\n tags = {\n Owner = \"backup team\"\n Environment = \"prod\"\n Terraform = true\n }\n}\n```\n\n### Simple plan using variables\n\n```hcl\n# AWS SNS Topic\nresource \"aws_sns_topic\" \"backup_vault_notifications\" {\n name = \"backup-vault-events\"\n}\n\n# AWS Backup\nmodule \"aws_backup_example\" {\n source = \"../..\"\n\n # Vault\n vault_name = \"vault-1\"\n\n # Vault lock configuration\n min_retention_days = 7\n max_retention_days = 120\n\n # Plan\n plan_name = \"simple-plan\"\n\n # Rule\n rule_name = \"rule-1\"\n rule_schedule = \"cron(0 12 * * ? *)\"\n rule_start_window = 120\n rule_completion_window = 360\n rule_lifecycle_cold_storage_after = 30\n rule_lifecycle_delete_after = 120\n rule_recovery_point_tags = {\n Environment = \"prod\"\n }\n\n # Selection\n selection_name = \"selection-1\"\n selection_resources = [\n \"arn:aws:dynamodb:us-east-1:123456789101:table/mydynamodb-table1\",\n \"arn:aws:dynamodb:us-east-1:123456789101:table/mydynamodb-table2\"\n ]\n selection_tags = [\n {\n type = \"STRINGEQUALS\"\n key = \"Environment\"\n value = \"prod\"\n }\n ]\n\n # Tags\n tags = {\n Owner = \"backup team\"\n Environment = \"prod\"\n Terraform = true\n }\n}\n```\n\n\n### Complete plan\n\n```hcl\n# AWS SNS Topic\nresource \"aws_sns_topic\" \"backup_vault_notifications\" {\n name = \"backup-vault-events\"\n}\n\n# AWS Backup\nmodule \"aws_backup_example\" {\n source = \"../..\"\n\n # Vault configuration\n vault_name = \"complete_vault\"\n vault_kms_key_arn = \"arn:aws:kms:us-west-2:123456789012:key/1234abcd-12ab-34cd-56ef-1234567890ab\"\n vault_force_destroy = true\n min_retention_days = 7\n max_retention_days = 360\n locked = true\n changeable_for_days = 3\n\n # Backup plan configuration\n plan_name = \"complete_backup_plan\"\n\n # Backup rules configuration\n rules = [\n {\n name = \"rule_1\"\n schedule = \"cron(0 5 ? * * *)\"\n start_window = 480\n completion_window = 561\n enable_continuous_backup = false\n lifecycle = {\n cold_storage_after = 30\n delete_after = 180\n }\n recovery_point_tags = {\n Environment = \"prod\"\n }\n copy_actions = [\n {\n destination_vault_arn = \"arn:aws:backup:us-east-1:123456789012:backup-vault:secondary_vault\"\n lifecycle = {\n cold_storage_after = 30\n delete_after = 180\n }\n }\n ]\n },\n {\n name = \"rule_2\"\n schedule = \"cron(0 5 ? * * *)\"\n start_window = 480\n completion_window = 561\n enable_continuous_backup = false\n lifecycle = {\n cold_storage_after = 30\n delete_after = 360\n }\n recovery_point_tags = {\n Environment = \"prod\"\n }\n copy_actions = [\n {\n destination_vault_arn = \"arn:aws:backup:us-east-1:123456789012:backup-vault:secondary_vault\"\n lifecycle = {\n cold_storage_after = 30\n delete_after = 360\n }\n }\n ]\n }\n ]\n\n # Backup selection configuration\n selections = [\n {\n name = \"complete_selection\"\n selection_tag = {\n type = \"STRINGEQUALS\"\n key = \"Environment\"\n value = \"prod\"\n }\n resources = [\n \"arn:aws:dynamodb:us-west-2:123456789012:table/my-table\",\n \"arn:aws:ec2:us-west-2:123456789012:volume/vol-12345678\"\n ]\n }\n ]\n\n tags = {\n Environment = \"prod\"\n Project = \"complete_backup\"\n }\n}\n```\n\n\n### Simple plan using AWS Organizations backup policies\n\n```hcl\nmodule \"aws_backup_example\" {\n source = \"../..\"\n\n # Backup Plan configuration\n plan_name = \"organization_backup_plan\"\n\n # Vault configuration\n vault_name = \"organization_backup_vault\"\n min_retention_days = 7\n max_retention_days = 365\n\n rules = [\n {\n name = \"critical_systems\"\n target_vault_name = \"critical_systems_vault\"\n schedule = \"cron(0 5 ? * * *)\"\n start_window = 480\n completion_window = 561\n enable_continuous_backup = false\n lifecycle = {\n cold_storage_after = 30\n delete_after = 365\n }\n recovery_point_tags = {\n Environment = \"prod\"\n Criticality = \"high\"\n }\n copy_actions = [\n {\n destination_vault_arn = \"arn:aws:backup:us-east-1:123456789012:backup-vault:secondary_vault\"\n lifecycle = {\n cold_storage_after = 30\n delete_after = 365\n }\n }\n ]\n },\n {\n name = \"standard_systems\"\n target_vault_name = \"standard_systems_vault\"\n schedule = \"cron(0 5 ? * * *)\"\n start_window = 480\n completion_window = 561\n enable_continuous_backup = false\n lifecycle = {\n cold_storage_after = 0\n delete_after = 90\n }\n recovery_point_tags = {\n Environment = \"prod\"\n Criticality = \"standard\"\n }\n copy_actions = [\n {\n destination_vault_arn = \"arn:aws:backup:us-east-1:123456789012:backup-vault:secondary_vault\"\n lifecycle = {\n cold_storage_after = 0\n delete_after = 90\n }\n }\n ]\n }\n ]\n\n # Selection configuration\n selections = [\n {\n name = \"critical_systems\"\n selection_tag = {\n type = \"STRINGEQUALS\"\n key = \"Criticality\"\n value = \"high\"\n }\n },\n {\n name = \"standard_systems\"\n selection_tag = {\n type = \"STRINGEQUALS\"\n key = \"Criticality\"\n value = \"standard\"\n }\n }\n ]\n\n tags = {\n Environment = \"prod\"\n Project = \"organization_backup\"\n }\n}\n```\n\n### AWS Backup Audit Manager Framework\n\n```hcl\n# AWS Backup\nmodule \"aws_backup_example\" {\n source = \"../..\"\n\n # Audit Framework\n audit_framework = {\n create = true\n name = \"exampleFramework\"\n description = \"this is an example framework\"\n\n controls = [\n # Vault lock check - ensures resources are protected by vault lock\n {\n name = \"BACKUP_RESOURCES_PROTECTED_BY_BACKUP_VAULT_LOCK\"\n parameter_name = \"maxRetentionDays\"\n parameter_value = \"100\" # Maximum retention period allowed by vault lock\n },\n ]\n }\n\n # Tags are now specified separately\n tags = {\n Name = \"Example Framework\"\n }\n}\n```\n\n\u003c!-- BEGIN_TF_DOCS --\u003e\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | \u003e= 1.0.0 |\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | \u003e= 4.0.0 |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | 5.91.0 |\n\n## Modules\n\nNo modules.\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [aws_backup_framework.ab_framework](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_framework) | resource |\n| [aws_backup_plan.ab_plan](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_plan) | resource |\n| [aws_backup_report_plan.ab_report](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_report_plan) | resource |\n| [aws_backup_selection.ab_selection](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_selection) | resource |\n| [aws_backup_selection.ab_selections](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_selection) | resource |\n| [aws_backup_vault.ab_vault](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_vault) | resource |\n| [aws_backup_vault_lock_configuration.ab_vault_lock_configuration](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_vault_lock_configuration) | resource |\n| [aws_backup_vault_notifications.backup_events](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_vault_notifications) | resource |\n| [aws_iam_policy.ab_tag_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |\n| [aws_iam_role.ab_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |\n| [aws_iam_role_policy_attachment.ab_backup_s3_policy_attach](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_iam_role_policy_attachment.ab_policy_attach](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_iam_role_policy_attachment.ab_restores_policy_attach](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_iam_role_policy_attachment.ab_restores_s3_policy_attach](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_iam_role_policy_attachment.ab_tag_policy_attach](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_organizations_policy.backup_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/organizations_policy) | resource |\n| [aws_organizations_policy_attachment.backup_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/organizations_policy_attachment) | resource |\n| [aws_sns_topic_policy.backup_events](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_policy) | resource |\n| [aws_iam_policy_document.ab_role_assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.ab_tag_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.backup_events](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_advanced_backup_settings\"\u003e\u003c/a\u003e [advanced\\_backup\\_settings](#input\\_advanced\\_backup\\_settings) | Advanced backup settings by resource type | `map(map(string))` | `{}` | no |\n| \u003ca name=\"input_audit_framework\"\u003e\u003c/a\u003e [audit\\_framework](#input\\_audit\\_framework) | Configuration for AWS Backup Audit Manager framework | \u003cpre\u003eobject({\u003cbr/\u003e create = bool\u003cbr/\u003e name = string\u003cbr/\u003e description = optional(string)\u003cbr/\u003e controls = list(object({\u003cbr/\u003e name = string\u003cbr/\u003e parameter_name = optional(string)\u003cbr/\u003e parameter_value = optional(string)\u003cbr/\u003e }))\u003cbr/\u003e })\u003c/pre\u003e | \u003cpre\u003e{\u003cbr/\u003e \"controls\": [],\u003cbr/\u003e \"create\": false,\u003cbr/\u003e \"description\": null,\u003cbr/\u003e \"name\": null\u003cbr/\u003e}\u003c/pre\u003e | no |\n| \u003ca name=\"input_backup_policies\"\u003e\u003c/a\u003e [backup\\_policies](#input\\_backup\\_policies) | Map of backup policies to create | \u003cpre\u003emap(object({\u003cbr/\u003e target_vault_name = string\u003cbr/\u003e schedule = string\u003cbr/\u003e start_window = number\u003cbr/\u003e completion_window = number\u003cbr/\u003e lifecycle = object({\u003cbr/\u003e delete_after = number\u003cbr/\u003e cold_storage_after = optional(number)\u003cbr/\u003e })\u003cbr/\u003e recovery_point_tags = optional(map(string))\u003cbr/\u003e copy_actions = optional(list(map(string)))\u003cbr/\u003e enable_continuous_backup = optional(bool)\u003cbr/\u003e }))\u003c/pre\u003e | `{}` | no |\n| \u003ca name=\"input_backup_regions\"\u003e\u003c/a\u003e [backup\\_regions](#input\\_backup\\_regions) | List of regions where backups should be created | `list(string)` | `[]` | no |\n| \u003ca name=\"input_backup_selections\"\u003e\u003c/a\u003e [backup\\_selections](#input\\_backup\\_selections) | Map of backup selections | \u003cpre\u003emap(object({\u003cbr/\u003e resources = optional(list(string))\u003cbr/\u003e not_resources = optional(list(string))\u003cbr/\u003e conditions = optional(map(any))\u003cbr/\u003e tags = optional(map(string))\u003cbr/\u003e }))\u003c/pre\u003e | `{}` | no |\n| \u003ca name=\"input_changeable_for_days\"\u003e\u003c/a\u003e [changeable\\_for\\_days](#input\\_changeable\\_for\\_days) | The number of days before the lock date. If omitted creates a vault lock in governance mode, otherwise it will create a vault lock in compliance mode | `number` | `null` | no |\n| \u003ca name=\"input_enable_org_policy\"\u003e\u003c/a\u003e [enable\\_org\\_policy](#input\\_enable\\_org\\_policy) | Enable AWS Organizations backup policy | `bool` | `false` | no |\n| \u003ca name=\"input_enabled\"\u003e\u003c/a\u003e [enabled](#input\\_enabled) | Change to false to avoid deploying any AWS Backup resources | `bool` | `true` | no |\n| \u003ca name=\"input_iam_role_arn\"\u003e\u003c/a\u003e [iam\\_role\\_arn](#input\\_iam\\_role\\_arn) | If configured, the module will attach this role to selections, instead of creating IAM resources by itself | `string` | `null` | no |\n| \u003ca name=\"input_iam_role_name\"\u003e\u003c/a\u003e [iam\\_role\\_name](#input\\_iam\\_role\\_name) | Allow to set IAM role name, otherwise use predefined default | `string` | `\"\"` | no |\n| \u003ca name=\"input_locked\"\u003e\u003c/a\u003e [locked](#input\\_locked) | Change to true to add a lock configuration for the backup vault | `bool` | `false` | no |\n| \u003ca name=\"input_max_retention_days\"\u003e\u003c/a\u003e [max\\_retention\\_days](#input\\_max\\_retention\\_days) | The maximum retention period that the vault retains its recovery points | `number` | `null` | no |\n| \u003ca name=\"input_min_retention_days\"\u003e\u003c/a\u003e [min\\_retention\\_days](#input\\_min\\_retention\\_days) | The minimum retention period that the vault retains its recovery points | `number` | `null` | no |\n| \u003ca name=\"input_notifications\"\u003e\u003c/a\u003e [notifications](#input\\_notifications) | Notification block which defines backup vault events and the SNS Topic ARN to send AWS Backup notifications to. Leave it empty to disable notifications | `any` | `{}` | no |\n| \u003ca name=\"input_notifications_disable_sns_policy\"\u003e\u003c/a\u003e [notifications\\_disable\\_sns\\_policy](#input\\_notifications\\_disable\\_sns\\_policy) | Disable the creation of the SNS policy. Enable if you need to manage the policy elsewhere. | `bool` | `false` | no |\n| \u003ca name=\"input_org_policy_description\"\u003e\u003c/a\u003e [org\\_policy\\_description](#input\\_org\\_policy\\_description) | Description of the AWS Organizations backup policy | `string` | `\"AWS Organizations backup policy\"` | no |\n| \u003ca name=\"input_org_policy_name\"\u003e\u003c/a\u003e [org\\_policy\\_name](#input\\_org\\_policy\\_name) | Name of the AWS Organizations backup policy | `string` | `\"backup-policy\"` | no |\n| \u003ca name=\"input_org_policy_target_id\"\u003e\u003c/a\u003e [org\\_policy\\_target\\_id](#input\\_org\\_policy\\_target\\_id) | Target ID (Root/OU/Account) for the backup policy | `string` | `null` | no |\n| \u003ca name=\"input_plan_name\"\u003e\u003c/a\u003e [plan\\_name](#input\\_plan\\_name) | The display name of a backup plan | `string` | `null` | no |\n| \u003ca name=\"input_reports\"\u003e\u003c/a\u003e [reports](#input\\_reports) | The default cache behavior for this distribution. | \u003cpre\u003elist(object({\u003cbr/\u003e name = string\u003cbr/\u003e description = optional(string, null)\u003cbr/\u003e formats = optional(list(string), null)\u003cbr/\u003e s3_bucket_name = string\u003cbr/\u003e s3_key_prefix = optional(string, null)\u003cbr/\u003e report_template = string\u003cbr/\u003e accounts = optional(list(string), null)\u003cbr/\u003e organization_units = optional(list(string), null)\u003cbr/\u003e regions = optional(list(string), null)\u003cbr/\u003e framework_arns = optional(list(string), [])\u003cbr/\u003e }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_rule_completion_window\"\u003e\u003c/a\u003e [rule\\_completion\\_window](#input\\_rule\\_completion\\_window) | The amount of time AWS Backup attempts a backup before canceling the job and returning an error | `number` | `null` | no |\n| \u003ca name=\"input_rule_enable_continuous_backup\"\u003e\u003c/a\u003e [rule\\_enable\\_continuous\\_backup](#input\\_rule\\_enable\\_continuous\\_backup) | Enable continuous backups for supported resources. | `bool` | `false` | no |\n| \u003ca name=\"input_rule_lifecycle_cold_storage_after\"\u003e\u003c/a\u003e [rule\\_lifecycle\\_cold\\_storage\\_after](#input\\_rule\\_lifecycle\\_cold\\_storage\\_after) | Specifies the number of days after creation that a recovery point is moved to cold storage | `number` | `null` | no |\n| \u003ca name=\"input_rule_lifecycle_delete_after\"\u003e\u003c/a\u003e [rule\\_lifecycle\\_delete\\_after](#input\\_rule\\_lifecycle\\_delete\\_after) | Specifies the number of days after creation that a recovery point is deleted. Must be 90 days greater than `cold_storage_after` | `number` | `null` | no |\n| \u003ca name=\"input_rule_name\"\u003e\u003c/a\u003e [rule\\_name](#input\\_rule\\_name) | An display name for a backup rule | `string` | `null` | no |\n| \u003ca name=\"input_rule_recovery_point_tags\"\u003e\u003c/a\u003e [rule\\_recovery\\_point\\_tags](#input\\_rule\\_recovery\\_point\\_tags) | Metadata that you can assign to help organize the resources that you create | `map(string)` | `{}` | no |\n| \u003ca name=\"input_rule_schedule\"\u003e\u003c/a\u003e [rule\\_schedule](#input\\_rule\\_schedule) | A CRON expression specifying when AWS Backup initiates a backup job | `string` | `null` | no |\n| \u003ca name=\"input_rule_start_window\"\u003e\u003c/a\u003e [rule\\_start\\_window](#input\\_rule\\_start\\_window) | The amount of time in minutes before beginning a backup | `number` | `null` | no |\n| \u003ca name=\"input_rules\"\u003e\u003c/a\u003e [rules](#input\\_rules) | A list of rule maps | \u003cpre\u003elist(object({\u003cbr/\u003e name = string\u003cbr/\u003e target_vault_name = optional(string)\u003cbr/\u003e schedule = optional(string)\u003cbr/\u003e start_window = optional(number)\u003cbr/\u003e completion_window = optional(number)\u003cbr/\u003e enable_continuous_backup = optional(bool)\u003cbr/\u003e lifecycle = optional(object({\u003cbr/\u003e cold_storage_after = optional(number)\u003cbr/\u003e delete_after = number\u003cbr/\u003e }))\u003cbr/\u003e recovery_point_tags = optional(map(string))\u003cbr/\u003e copy_actions = optional(list(object({\u003cbr/\u003e destination_vault_arn = string\u003cbr/\u003e lifecycle = optional(object({\u003cbr/\u003e cold_storage_after = optional(number)\u003cbr/\u003e delete_after = number\u003cbr/\u003e }))\u003cbr/\u003e })))\u003cbr/\u003e }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_selection_conditions\"\u003e\u003c/a\u003e [selection\\_conditions](#input\\_selection\\_conditions) | A map of conditions that you define to assign resources to your backup plans using tags. | `map(any)` | `{}` | no |\n| \u003ca name=\"input_selection_name\"\u003e\u003c/a\u003e [selection\\_name](#input\\_selection\\_name) | The display name of a resource selection document | `string` | `null` | no |\n| \u003ca name=\"input_selection_not_resources\"\u003e\u003c/a\u003e [selection\\_not\\_resources](#input\\_selection\\_not\\_resources) | An array of strings that either contain Amazon Resource Names (ARNs) or match patterns of resources to exclude from a backup plan. | `list(any)` | `[]` | no |\n| \u003ca name=\"input_selection_resources\"\u003e\u003c/a\u003e [selection\\_resources](#input\\_selection\\_resources) | An array of strings that either contain Amazon Resource Names (ARNs) or match patterns of resources to assign to a backup plan | `list(any)` | `[]` | no |\n| \u003ca name=\"input_selection_tags\"\u003e\u003c/a\u003e [selection\\_tags](#input\\_selection\\_tags) | List of tags for `selection_name` var, when using variable definition. | `list(any)` | `[]` | no |\n| \u003ca name=\"input_selections\"\u003e\u003c/a\u003e [selections](#input\\_selections) | A list or map of backup selections. If passing a list, each selection must have a name attribute. | `any` | `[]` | no |\n| \u003ca name=\"input_tags\"\u003e\u003c/a\u003e [tags](#input\\_tags) | A mapping of tags to assign to the resource | `map(string)` | `{}` | no |\n| \u003ca name=\"input_vault_force_destroy\"\u003e\u003c/a\u003e [vault\\_force\\_destroy](#input\\_vault\\_force\\_destroy) | A boolean that indicates that all recovery points stored in the vault are deleted so that the vault can be destroyed without error | `bool` | `false` | no |\n| \u003ca name=\"input_vault_kms_key_arn\"\u003e\u003c/a\u003e [vault\\_kms\\_key\\_arn](#input\\_vault\\_kms\\_key\\_arn) | The server-side encryption key that is used to protect your backups | `string` | `null` | no |\n| \u003ca name=\"input_vault_name\"\u003e\u003c/a\u003e [vault\\_name](#input\\_vault\\_name) | Name of the backup vault to create. If not given, AWS use default | `string` | `null` | no |\n| \u003ca name=\"input_windows_vss_backup\"\u003e\u003c/a\u003e [windows\\_vss\\_backup](#input\\_windows\\_vss\\_backup) | Enable Windows VSS backup option and create a VSS Windows backup | `bool` | `false` | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_framework_arn\"\u003e\u003c/a\u003e [framework\\_arn](#output\\_framework\\_arn) | The ARN of the backup framework |\n| \u003ca name=\"output_framework_creation_time\"\u003e\u003c/a\u003e [framework\\_creation\\_time](#output\\_framework\\_creation\\_time) | The date and time that the backup framework was created |\n| \u003ca name=\"output_framework_id\"\u003e\u003c/a\u003e [framework\\_id](#output\\_framework\\_id) | The unique identifier of the backup framework |\n| \u003ca name=\"output_framework_status\"\u003e\u003c/a\u003e [framework\\_status](#output\\_framework\\_status) | The deployment status of the backup framework |\n| \u003ca name=\"output_plan_arn\"\u003e\u003c/a\u003e [plan\\_arn](#output\\_plan\\_arn) | The ARN of the backup plan |\n| \u003ca name=\"output_plan_id\"\u003e\u003c/a\u003e [plan\\_id](#output\\_plan\\_id) | The id of the backup plan |\n| \u003ca name=\"output_plan_role\"\u003e\u003c/a\u003e [plan\\_role](#output\\_plan\\_role) | The service role of the backup plan |\n| \u003ca name=\"output_plan_version\"\u003e\u003c/a\u003e [plan\\_version](#output\\_plan\\_version) | Unique, randomly generated, Unicode, UTF-8 encoded string that serves as the version ID of the backup plan |\n| \u003ca name=\"output_vault_arn\"\u003e\u003c/a\u003e [vault\\_arn](#output\\_vault\\_arn) | The ARN of the vault |\n| \u003ca name=\"output_vault_id\"\u003e\u003c/a\u003e [vault\\_id](#output\\_vault\\_id) | The name of the vault |\n\u003c!-- END_TF_DOCS --\u003e\n\n## Known Issues\n\nDuring the development of the module, the following issues were found:\n\n### Error creating Backup Vault\n\nIn case you get an error message similar to this one:\n\n```\nerror creating Backup Vault (): AccessDeniedException: status code: 403, request id: 8e7e577e-5b74-4d4d-95d0-bf63e0b2cc2e,\n```\n\nAdd the [required IAM permissions mentioned in the CreateBackupVault row](https://docs.aws.amazon.com/aws-backup/latest/devguide/access-control.html#backup-api-permissions-ref) to the role or user creating the Vault (the one running Terraform CLI). In particular make sure `kms` and `backup-storage` permissions are added.\n\u003c!-- END_TF_DOCS --\u003e\n\n## Known Issues\n\nDuring the development of the module, the following issues were found:\n\n### Error creating Backup Vault\n\nIn case you get an error message similar to this one:\n\n```\nerror creating Backup Vault (): AccessDeniedException: status code: 403, request id: 8e7e577e-5b74-4d4d-95d0-bf63e0b2cc2e,\n```\n\nAdd the [required IAM permissions mentioned in the CreateBackupVault row](https://docs.aws.amazon.com/aws-backup/latest/devguide/access-control.html#backup-api-permissions-ref) to the role or user creating the Vault (the one running Terraform CLI). In particular make sure `kms` and `backup-storage` permissions are added.\n\u003c!-- END_TF_DOCS --\u003e","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flgallard%2Fterraform-aws-backup","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flgallard%2Fterraform-aws-backup","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flgallard%2Fterraform-aws-backup/lists"}