Add backup and eventbridge

Co-authored-by: Ezequiel Bellver <ebellver@itba.edu.ar>

terraform/modules/backup/main.tf

@@ -0,0 +1,34 @@
+# ------------------------------------------------------------------------------
+# Amazon Backup
+# ------------------------------------------------------------------------------
+
+resource "aws_backup_vault" "this" {
+  name = var.vault_name
+}
+
+resource "aws_backup_plan" "this" {
+  name = var.plan_name
+
+  dynamic "rule" {
+    for_each = var.rules
+    
+    content {
+      rule_name                = lookup(rule.value, "name", null)
+      target_vault_name        = lookup(rule.value, "target_vault_name", null)
+      schedule                 = lookup(rule.value, "schedule", null)
+      start_window             = lookup(rule.value, "start_window", null)
+      completion_window        = lookup(rule.value, "completion_window", null)
+      enable_continuous_backup = lookup(rule.value, "enable_continuous_backup", null)
+
+      dynamic "lifecycle" {
+        for_each = length(lookup(rule.value, "lifecycle", {})) == 0 ? [] : [lookup(rule.value, "lifecycle", {})]
+        content {
+          cold_storage_after = lookup(lifecycle.value, "cold_storage_after", 0)
+          delete_after       = lookup(lifecycle.value, "delete_after", 90)
+        }
+      }
+    }
+  }
+
+  depends_on = [aws_backup_vault.this]
+}

terraform/modules/backup/variables.tf

@@ -0,0 +1,92 @@
+# ------------------------------------------------------------------------------
+# Amazon Backup variables
+# ------------------------------------------------------------------------------
+
+variable "vault_name" {
+  description = "Name of the backup vault to create. If not given, AWS use default"
+  type        = string
+  default     = null
+}
+
+variable "plan_name" {
+  description = "The display name of a backup plan"
+  type        = string
+}
+
+variable "rule_name" {
+  description = "An display name for a backup rule"
+  type        = string
+  default     = null
+}
+
+variable "rule_schedule" {
+  description = "A CRON expression specifying when AWS Backup initiates a backup job"
+  type        = string
+  default     = null
+}
+
+variable "rule_start_window" {
+  description = "The amount of time in minutes before beginning a backup"
+  type        = number
+  default     = null
+}
+
+variable "rule_completion_window" {
+  description = "The amount of time AWS Backup attempts a backup before canceling the job and returning an error"
+  type        = number
+  default     = null
+}
+
+# variable "rule_recovery_point_tags" {
+#   description = "Metadata that you can assign to help organize the resources that you create"
+#   type        = map(string)
+#   default     = {}
+# }
+
+variable "rule_lifecycle_cold_storage_after" {
+  description = "Specifies the number of days after creation that a recovery point is moved to cold storage"
+  type        = number
+  default     = null
+}
+
+variable "rule_lifecycle_delete_after" {
+  description = "Specifies the number of days after creation that a recovery point is deleted. Must be 90 days greater than `cold_storage_after`"
+  type        = number
+  default     = null
+}
+
+# variable "rule_copy_action_lifecycle" {
+#   description = "The lifecycle defines when a protected resource is copied over to a backup vault and when it expires."
+#   type        = map(any)
+#   default     = {}
+# }
+
+# variable "rule_copy_action_destination_vault_arn" {
+#   description = "An Amazon Resource Name (ARN) that uniquely identifies the destination backup vault for the copied backup."
+#   type        = string
+#   default     = null
+# }
+
+variable "rule_enable_continuous_backup" {
+  description = "Enable continuous backups for supported resources."
+  type        = bool
+  default     = false
+}
+
+variable "rules" {
+  description = "A list of rule maps"
+  type        = any
+  default     = []
+}
+
+variable "selections" {
+  description = "A list of selction maps"
+  type        = any
+  default     = []
+}
+
+variable "tags" {
+  description = "A mapping of tags to assign to the resource"
+  type        = map(string)
+  default     = {}
+}

terraform/modules/backup/versions.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = "1.3.4"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.10.0"
+    }
+  }
+}

terraform/modules/eventbridge/main.tf

@@ -0,0 +1,3 @@
+# ------------------------------------------------------------------------------
+# Amazon EventBridge
+# ------------------------------------------------------------------------------

terraform/modules/eventbridge/variables.tf

@@ -0,0 +1,9 @@
+# ------------------------------------------------------------------------------
+# Amazon EventBridge variables
+# ------------------------------------------------------------------------------
+
+variable "tags" {
+  description = "A mapping of tags to assign to the resource"
+  type        = map(string)
+  default     = {}
+}

terraform/modules/eventbridge/versions.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = "1.3.4"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.10.0"
+    }
+  }
+}

terraform/organization/backup.tf

@@ -0,0 +1,32 @@
+module "backup" {
+  source = "../modules/backup"
+
+  providers = {
+    aws = aws.aws
+  }
+
+  vault_name = "dynamodb-backup-vault"
+  plan_name  = "dynamodb-backup-plan"
+
+  rules = [
+    {
+      name                     = "dynamodb-backup-rule"
+      schedule                 = "cron(0 12 * * ? *)"
+      target_vault_name        = "dynamodb-backup-vault"
+      start_window             = 120
+      completion_window        = 360
+      enable_continuous_backup = true
+      lifecycle = {
+        cold_storage_after = 0
+        delete_after       = 30
+      },
+    }
+  ]
+
+  selections = [
+    {
+      name      = "selection"
+      resources = ["arn:aws:dynamodb:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:table/${module.dynamodb.name}"]
+    }
+  ]
+}