Terraform module which creates ressources for the RDS snapshot tool on source and destination accounts on AWS.
This module is based on the CloudFormation templates from https://github.com/awslabs/rds-snapshot-tool
Terraform 0.12 and newer.
Source account:
module "rds_snapshot_tool_src" {
source = "/path/to/terraform-aws-rds-snapshot-tool"
name = var.name
region = var.region
is_source_account = true
backup_interval = var.backup_interval
delete_old_snapshots = true
destination_account = var.destination_account_id
share_snapshots = true
}Destination account:
module "rds_snapshot_tool_dest" {
source = "/path/to/terraform-aws-rds-snapshot-tool"
name = var.name
region = var.region
is_source_account = false
delete_old_snapshots = true
kms_key_source = var.kms_key_source
kms_key_destination = var.kms_key_destination
region_dest = var.region_dest
}| Name | Version |
|---|---|
| terraform | >= 0.12.6 |
| aws | >= 2.65 |
| Name | Version |
|---|---|
| aws | >= 2.65 |
No modules.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| backup_automatically | Enable taking snapshots automatically | bool |
true |
no |
| backup_interval | Interval for backups in hours. Default is 24. | number |
24 |
no |
| backup_schedule | Backup schedule in Cloudwatch Event cron format. Needs to run at least once for every Interval. The default value runs once every at 1AM UTC. More information: http://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ScheduledEvents.html | string |
"0 1 * * ? *" |
no |
| cross_account_copy | Enable copying snapshots across accounts. Set to FALSE if your source snapshosts are not on a different account. | bool |
true |
no |
| delete_old_snapshots | Set to true to enable deletion of snapshot based on RetentionDays. Set to false to disable. | bool |
true |
no |
| destination_account | Destination account with no dashes. | string |
"000000000000" |
no |
| instance_name_pattern | Python regex for matching cluster identifiers to backup. Use "ALL_INSTANCES" to back up every RDS instance in the region. | string |
"ALL_INSTANCES" |
no |
| is_source_account | Provisioning in source account? | bool |
true |
no |
| kms_key_destination | Set to the ARN for the KMS key in the destination region to re-encrypt encrypted snapshots. Leave None if you are not using encryption. | string |
"None" |
no |
| kms_key_source | Set to the ARN for the KMS key in the SOURCE region to re-encrypt encrypted snapshots. Leave None if you are not using encryption. | string |
"None" |
no |
| lambda_cw_log_retention | Number of days to retain logs from the lambda functions in CloudWatch Logs. | number |
7 |
no |
| log_level | Log level for Lambda functions (DEBUG, INFO, WARN, ERROR, CRITICAL are valid values). | string |
"ERROR" |
no |
| name | Name to be used on all resources | string |
n/a | yes |
| region | Name of region from the state machine | string |
"eu-central-1" |
no |
| region_dest | Destination region for snapshots. | string |
"eu-central-1" |
no |
| retention_days | Number of days to keep snapshots in retention before deleting them. | number |
28 |
no |
| share_snapshots | Set to true to enable sharing of snapshots based on destination_account and instance_name_pattern. Set to false to disable. | bool |
true |
no |
| snapshot_pattern | Python regex for matching instance names to backup. Use "ALL_SNAPSHOTS" to back up every RDS instance in the region. | string |
"ALL_SNAPSHOTS" |
no |
| source_region_override | Set to the region where your RDS instances run, only if such region does not support Step Functions. Leave as NO otherwise. | string |
"NO" |
no |
| tagged_instance | Set to TRUE to filter instances that have tag CopyDBSnapshot set to True. Set to FALSE to disable. | string |
"FALSE" |
no |
| tags | A mapping of tags to assign to the resource | map(string) |
{} |
no |
No outputs.
Module managed by Marcel Emmert.
Apache 2 Licensed. See LICENSE for full details.