Add another backup vault (#1179)

* Add another backup vault
dfds · Oct 24, 2023 · dce05c3 · dce05c3
1 parent c6e54dc
commit dce05c3
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 2 deletions.
diff --git a/_sub/security/aws-backup/main.tf b/_sub/security/aws-backup/main.tf
@@ -14,6 +14,11 @@ resource "aws_backup_vault" "this" {
   tags        = var.tags
 }
 
+resource "aws_backup_vault" "vault" {
+  name        = var.new_vault_name
+  tags        = var.tags
+}
+
 resource "aws_kms_key" "this" {
   count               = var.deploy_kms_key ? 1 : 0
   description         = "KMS key for backup encryption"
@@ -84,7 +89,7 @@ resource "aws_backup_plan" "this" {
 
     content {
       rule_name                = rule.value.name
-      target_vault_name        = aws_backup_vault.this.name
+      target_vault_name        = aws_backup_vault.vault.name
       schedule                 = lookup(rule.value, "schedule", null)
       enable_continuous_backup = lookup(rule.value, "enable_continuous_backup", false)
       start_window             = lookup(rule.value, "start_window", null)

diff --git a/_sub/security/aws-backup/vars.tf b/_sub/security/aws-backup/vars.tf
@@ -1,6 +1,13 @@
+# TODO: This variable needs to be renamed to `vault_name` after we remove the vault we created initially.
+variable "new_vault_name" {
+  type        = string
+  description = "The name of the vault."
+  default     = null
+}
+
 variable "vault_name" {
   type        = string
-  description = "The name of the Vault."
+  description = "The name of the vault we created initially. This vault will eventually be removed."
   default     = null
 }
 

diff --git a/security/org-account-context/main.tf b/security/org-account-context/main.tf
@@ -319,6 +319,7 @@ module "backup_eu_central_1" {
   resource_type_management_preference      = var.aws_backup_resource_type_management_preference
 
   vault_name     = var.aws_backup_vault_name
+  new_vault_name = var.aws_backup_vault_name_new
   deploy_kms_key = local.deploy_kms_key
   kms_key_admins = local.kms_key_admins
   backup_plans   = var.aws_backup_plans
@@ -337,6 +338,7 @@ module "backup_eu_west_1" {
   resource_type_management_preference      = var.aws_backup_resource_type_management_preference
 
   vault_name     = var.aws_backup_vault_name
+  new_vault_name = var.aws_backup_vault_name_new
   deploy_kms_key = local.deploy_kms_key
   kms_key_admins = local.kms_key_admins
   backup_plans   = var.aws_backup_plans

diff --git a/security/org-account-context/vars.tf b/security/org-account-context/vars.tf
@@ -219,11 +219,18 @@ variable "aws_backup_resource_type_management_preference" {
 }
 
 variable "aws_backup_vault_name" {
+  type = string
+  description = "Name of the AWS Backup vault. This is the name of the vault we created initially and will be removed eventually."
+  default = null
+}
+
+variable "aws_backup_vault_name_new" {
   type = string
   description = "Name of the AWS Backup vault"
   default = null
 }
 
+
 variable "aws_backup_plans" {
   type = list(object({
     plan_name = string