Skip to content

Latest commit

 

History

History
145 lines (122 loc) · 13.3 KB

README.md

File metadata and controls

145 lines (122 loc) · 13.3 KB

TERRAFORM-AWS-TFC-STATE-BACKUP

The solution backups all Terraform Cloud's workspaces' states in case of an accedential deletion.

Preqrequisites

  • AWS credentials
  • Terraform Cloud Token to allow to call the API

Features

  • fully automated
  • CRON expression allows individual time for backup
  • State backups of all Terraform Organizations' workspaces' are taken and stored in S3
  • Report is sent to provided email addresses via SNS
  • States may be replicated to another AWS account

Workflow

workflow

Example

An example can be found in ./examples.

Requirements

Name Version
aws >= 4.0.0

Providers

Name Version
archive 2.2.0
aws 4.12.1

Modules

No modules.

Resources

Name Type
aws_cloudwatch_event_rule.state_backup resource
aws_cloudwatch_event_target.sfn resource
aws_cloudwatch_log_group.this resource
aws_iam_policy.cw_role_policy resource
aws_iam_policy.kms resource
aws_iam_policy.replication resource
aws_iam_policy.replication_with_kms resource
aws_iam_policy.s3 resource
aws_iam_policy.sns resource
aws_iam_policy.step_function_policy resource
aws_iam_policy_attachment.cw_role resource
aws_iam_role.cw_role resource
aws_iam_role.replication resource
aws_iam_role.step_functions_role resource
aws_iam_role.this resource
aws_iam_role_policy_attachment.cw resource
aws_iam_role_policy_attachment.ec2 resource
aws_iam_role_policy_attachment.kms resource
aws_iam_role_policy_attachment.replication resource
aws_iam_role_policy_attachment.replication_with_kms resource
aws_iam_role_policy_attachment.s3 resource
aws_iam_role_policy_attachment.sns resource
aws_iam_role_policy_attachment.step_functions_role_attachment resource
aws_lambda_function.clean_up resource
aws_lambda_function.create_workspace_state_backup resource
aws_lambda_function.get_organizations resource
aws_lambda_function.get_workspaces resource
aws_lambda_function.handle_error resource
aws_lambda_function.prepare_organizations resource
aws_lambda_function.prepare_workspaces resource
aws_lambda_function.send_report resource
aws_lambda_layer_version.lambda_layer resource
aws_s3_bucket.temp resource
aws_s3_bucket.this resource
aws_s3_bucket_acl.temp resource
aws_s3_bucket_acl.this resource
aws_s3_bucket_lifecycle_configuration.this resource
aws_s3_bucket_policy.temp resource
aws_s3_bucket_policy.this resource
aws_s3_bucket_public_access_block.temp resource
aws_s3_bucket_public_access_block.this resource
aws_s3_bucket_replication_configuration.replication resource
aws_s3_bucket_server_side_encryption_configuration.temp resource
aws_s3_bucket_server_side_encryption_configuration.this resource
aws_s3_bucket_versioning.this resource
aws_security_group.lambda resource
aws_sfn_state_machine.state_machine resource
aws_sns_topic.report resource
aws_sns_topic_subscription.email resource
archive_file.clean_up data source
archive_file.create_workspace_state_backup data source
archive_file.get_organizations data source
archive_file.get_workspaces data source
archive_file.handle_error data source
archive_file.lambda_layer data source
archive_file.prepare_organizations data source
archive_file.prepare_workspaces data source
archive_file.send_report data source
aws_caller_identity.current data source
aws_iam_policy_document.cw_role_policy data source
aws_iam_policy_document.kms data source
aws_iam_policy_document.s3 data source
aws_iam_policy_document.sns data source
aws_iam_policy_document.step_functions_policy data source
aws_kms_alias.this data source
aws_vpc.this data source

Inputs

Name Description Type Default Required
aws_region AWS region string "eu-central-1" no
cw_cron_expression Cron job to schedule the state backup string "cron(0 23 * * ? *)" no
default_tags Tags to apply to all resources map(any) {} no
kms_destination_arn KMS key arn in for repilcation s3 destination string "" no
kms_key_alias KMS key alias string "" no
s3_destination_arn S3 destination arn for object replication string "" no
s3_force_destroy Force destruction of S3 bucket by emptying it bool false no
s3_versioning_is_enabled Enable/Disable versioning for s3 bool true no
sns_email_addresses List of email addresses to send reports to list(string) [] no
state_backup_retention_time Retention time in days for state backup number 30 no
subnet_ids List of subnet ids if creating vpc vonfig for lambdas list(string) [] no
tfc_ssl_verify Enable HTTPS bool true no
tfc_token Token for authenticating against Terraform Cloud string n/a yes
tfc_url URL of the Terraform host string "https://app.terraform.io" no
vpc_id VPC id if creating vpc config for lambdas string "" no

Outputs

Name Description
s3_bucket Name of the S3 bucket for state backups
s3_replication_role_arn Role ARN for object replication
sfn_state_machine_arn ARN of the sfn state machine
sns_topic_arn ARN of the sns topic