Provides an AWS Backup Framework resource.
resource "aws_backup_framework" "Example" {
name = "exampleFramework"
description = "this is an example framework"
control {
name = "BACKUP_RECOVERY_POINT_MINIMUM_RETENTION_CHECK"
input_parameter {
name = "requiredRetentionDays"
value = "35"
}
}
control {
name = "BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECK"
input_parameter {
name = "requiredFrequencyUnit"
value = "hours"
}
input_parameter {
name = "requiredRetentionDays"
value = "35"
}
input_parameter {
name = "requiredFrequencyValue"
value = "1"
}
}
control {
name = "BACKUP_RECOVERY_POINT_ENCRYPTED"
}
control {
name = "BACKUP_RESOURCES_PROTECTED_BY_BACKUP_PLAN"
scope {
compliance_resource_types = [
"EBS"
]
}
}
control {
name = "BACKUP_RECOVERY_POINT_MANUAL_DELETION_DISABLED"
}
control {
name = "BACKUP_RESOURCES_PROTECTED_BY_BACKUP_VAULT_LOCK"
input_parameter {
name = "maxRetentionDays"
value = "100"
}
input_parameter {
name = "minRetentionDays"
value = "1"
}
scope {
compliance_resource_types = [
"EBS"
]
}
}
control {
name = "BACKUP_LAST_RECOVERY_POINT_CREATED"
input_parameter {
name = "recoveryPointAgeUnit"
value = "days"
}
input_parameter {
name = "recoveryPointAgeValue"
value = "1"
}
scope {
compliance_resource_types = [
"EBS"
]
}
}
tags = {
"Name" = "Example Framework"
}
}
This resource supports the following arguments:
control
- (Required) One or more control blocks that make up the framework. Each control in the list has a name, input parameters, and scope. Detailed below.description
- (Optional) The description of the framework with a maximum of 1,024 charactersname
- (Required) The unique name of the framework. The name must be between 1 and 256 characters, starting with a letter, and consisting of letters, numbers, and underscores.tags
- (Optional) Metadata that you can assign to help organize the frameworks you create. If configured with a provider default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.control
has the following attributes:
input_parameter
- (Optional) One or more input parameter blocks. An example of a control with two parameters is: "backup plan frequency is at least daily and the retention period is at least 1 year". The first parameter is daily. The second parameter is 1 year. Detailed below.name
- (Required) The name of a control. This name is between 1 and 256 characters.scope
- (Optional) The scope of a control. The control scope defines what the control will evaluate. Three examples of control scopes are: a specific backup plan, all backup plans with a specific tag, or all backup plans. Detailed below.input_parameter
has the following attributes:
name
- (Optional) The name of a parameter, for example, BackupPlanFrequency.value
- (Optional) The value of parameter, for example, hourly.scope
has the following attributes:
compliance_resource_ids
- (Optional) The ID of the only AWS resource that you want your control scope to contain. Minimum number of 1 item. Maximum number of 100 items.compliance_resource_types
- (Optional) Describes whether the control scope includes one or more types of resources, such as EFS or RDS.tags
- (Optional) The tag key-value pair applied to those AWS resources that you want to trigger an evaluation for a rule. A maximum of one key-value pair can be provided.This resource exports the following attributes in addition to the arguments above:
arn
- The ARN of the backup framework.creation_time
- The date and time that a framework is created, in Unix format and Coordinated Universal Time (UTC).deployment_status
- The deployment status of a framework. The statuses are: CREATE_IN_PROGRESS
| UPDATE_IN_PROGRESS
| DELETE_IN_PROGRESS
| COMPLETED
| FAILED
.id
- The id of the backup framework.status
- A framework consists of one or more controls. Each control governs a resource, such as backup plans, backup selections, backup vaults, or recovery points. You can also turn AWS Config recording on or off for each resource. For more information refer to the AWS documentation for Framework Statustags_all
- A map of tags assigned to the resource, including those inherited from the provider default_tags
configuration block.create
- (Default 2m
)update
- (Default 2m
)delete
- (Default 2m
)In Terraform v1.5.0 and later, use an import
block to import Backup Framework using the id
which corresponds to the name of the Backup Framework. For example:
import {
to = aws_backup_framework.test
id = "<id>"
}
Using terraform import
, import Backup Framework using the id
which corresponds to the name of the Backup Framework. For example:
% terraform import aws_backup_framework.test <id>