Merge pull request #37 from lgallard/fix/recovery_point_tags

Fix/recovery point tags

CHANGELOG.md

@@ -1,3 +1,16 @@
+## 0.11.5 (May 5, 2021)
+
+FIXES:
+
+* Fix recovery_point_tags default value
+* Update minimum AWS provider version to 3.20.0
+* Remove know issues note in README
+* Remove bash script to remove / destroy the resouses due to old reported issue
+
+ENHANCEMENTS:
+
+* Add notifications only on failed jobs example (thanks @iainelder)
+
 ## 0.11.4 (April 10, 2021)
 
 FIXES:

README.md

@@ -108,13 +108,13 @@ module "aws_backup_example" {
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 2.58.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.20.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 2.58.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.20.0 |
 
 ## Modules
 
@@ -146,7 +146,7 @@ No modules.
 | <a name="input_plan_name"></a> [plan\_name](#input\_plan\_name) | The display name of a backup plan | `string` | n/a | yes |
 | <a name="input_rule_completion_window"></a> [rule\_completion\_window](#input\_rule\_completion\_window) | The amount of time AWS Backup attempts a backup before canceling the job and returning an error | `number` | `null` | no |
 | <a name="input_rule_copy_action_destination_vault_arn"></a> [rule\_copy\_action\_destination\_vault\_arn](#input\_rule\_copy\_action\_destination\_vault\_arn) | An Amazon Resource Name (ARN) that uniquely identifies the destination backup vault for the copied backup. | `string` | `null` | no |
-| <a name="input_rule_copy_action_lifecycle"></a> [rule\_copy\_action\_lifecycle](#input\_rule\_copy\_action\_lifecycle) | The lifecycle defines when a protected resource is copied over to a backup vault and when it expires. | `map` | `{}` | no |
+| <a name="input_rule_copy_action_lifecycle"></a> [rule\_copy\_action\_lifecycle](#input\_rule\_copy\_action\_lifecycle) | The lifecycle defines when a protected resource is copied over to a backup vault and when it expires. | `map(any)` | `{}` | no |
 | <a name="input_rule_enable_continuous_backup"></a> [rule\_enable\_continuous\_backup](#input\_rule\_enable\_continuous\_backup) | Enable continuous backups for supported resources. | `bool` | `false` | no |
 | <a name="input_rule_lifecycle_cold_storage_after"></a> [rule\_lifecycle\_cold\_storage\_after](#input\_rule\_lifecycle\_cold\_storage\_after) | Specifies the number of days after creation that a recovery point is moved to cold storage | `number` | `null` | no |
 | <a name="input_rule_lifecycle_delete_after"></a> [rule\_lifecycle\_delete\_after](#input\_rule\_lifecycle\_delete\_after) | Specifies the number of days after creation that a recovery point is deleted. Must be 90 days greater than `cold_storage_after` | `number` | `null` | no |
@@ -156,8 +156,8 @@ No modules.
 | <a name="input_rule_start_window"></a> [rule\_start\_window](#input\_rule\_start\_window) | The amount of time in minutes before beginning a backup | `number` | `null` | no |
 | <a name="input_rules"></a> [rules](#input\_rules) | A list of rule maps | `any` | `[]` | no |
 | <a name="input_selection_name"></a> [selection\_name](#input\_selection\_name) | The display name of a resource selection document | `string` | `null` | no |
-| <a name="input_selection_resources"></a> [selection\_resources](#input\_selection\_resources) | An array of strings that either contain Amazon Resource Names (ARNs) or match patterns of resources to assign to a backup plan | `list` | `[]` | no |
-| <a name="input_selection_tags"></a> [selection\_tags](#input\_selection\_tags) | List of tags for `selection_name` var, when using variable definition. | `list` | `[]` | no |
+| <a name="input_selection_resources"></a> [selection\_resources](#input\_selection\_resources) | An array of strings that either contain Amazon Resource Names (ARNs) or match patterns of resources to assign to a backup plan | `list(any)` | `[]` | no |
+| <a name="input_selection_tags"></a> [selection\_tags](#input\_selection\_tags) | List of tags for `selection_name` var, when using variable definition. | `list(any)` | `[]` | no |
 | <a name="input_selections"></a> [selections](#input\_selections) | A list of selction maps | `any` | `[]` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A mapping of tags to assign to the resource | `map(string)` | `{}` | no |
 | <a name="input_vault_kms_key_arn"></a> [vault\_kms\_key\_arn](#input\_vault\_kms\_key\_arn) | The server-side encryption key that is used to protect your backups | `string` | `null` | no |

examples/notifications_only_on_failed_jobs/README.md

@@ -0,0 +1,43 @@
+#  Notifications only on failed jobs
+
+This is an example snippet based on the support article that explains how to do it in the AWS console
+
+[How can I get notifications for AWS Backup jobs that failed?](https://aws.amazon.com/es/premiumsupport/knowledge-center/aws-backup-failed-job-notification/)
+
+
+
+```hcl
+module "backup" {
+  source = "lgallard/backup/aws"
+
+  [...]
+
+  # Only notify on failed jobs.
+  # https://aws.amazon.com/es/premiumsupport/knowledge-center/aws-backup-failed-job-notification/
+  notifications = {
+    sns_topic_arn = aws_sns_topic.backup_vault_notifications.arn,
+    backup_vault_events = ["BACKUP_JOB_COMPLETED"]
+  }
+}
+
+resource "aws_sns_topic" "backup_vault_notifications" {
+  name = "backup_notifications"
+}
+
+resource "aws_sns_topic_subscription" "devops_subscription" {
+  endpoint = var.backup_notification_address
+  protocol = "email-json"
+  topic_arn = aws_sns_topic.backup_vault_notifications.arn
+  filter_policy = jsonencode(
+    {
+      "State" = [
+        {
+          "anything-but" = "COMPLETED"
+        }
+      ]
+    }
+  )
+}
+```
+
+Thanks @iainelder for this example!

main.tf

@@ -21,7 +21,7 @@ resource "aws_backup_plan" "ab_plan" {
       start_window             = lookup(rule.value, "start_window", null)
       completion_window        = lookup(rule.value, "completion_window", null)
       enable_continuous_backup = lookup(rule.value, "enable_continuous_backup", null)
-      recovery_point_tags      = length(lookup(rule.value, "recovery_point_tags")) == 0 ? var.tags : lookup(rule.value, "recovery_point_tags")
+      recovery_point_tags      = length(lookup(rule.value, "recovery_point_tags", {})) == 0 ? var.tags : lookup(rule.value, "recovery_point_tags")
 
       # Lifecycle
       dynamic "lifecycle" {

variables.tf

@@ -74,7 +74,7 @@ variable "rule_lifecycle_delete_after" {
 # Rule copy action
 variable "rule_copy_action_lifecycle" {
   description = "The lifecycle defines when a protected resource is copied over to a backup vault and when it expires."
-  type        = map
+  type        = map(any)
   default     = {}
 }
 
@@ -107,13 +107,13 @@ variable "selection_name" {
 
 variable "selection_resources" {
   description = "An array of strings that either contain Amazon Resource Names (ARNs) or match patterns of resources to assign to a backup plan"
-  type        = list
+  type        = list(any)
   default     = []
 }
 
 variable "selection_tags" {
   description = "List of tags for `selection_name` var, when using variable definition."
-  type        = list
+  type        = list(any)
   default     = []
 }
 

versions.tf

@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12"
 
   required_providers {
-    aws = ">= 2.58.0"
+    aws = ">= 3.20.0"
   }
 }