Forked from quiver/cloudformation-template-for-aws-backup-thin-backups.yaml
Last active
November 13, 2019 13:50
-
-
Save giuliocalzolari/dbf261d7fb0b3773320893d643d3a558 to your computer and use it in GitHub Desktop.
CloudFormation template to configure thin backup rules for AWS Backup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
AWSTemplateFormatVersion: '2010-09-09' | |
Description: Create AWS Backup Vault, Backup Plan and Backup Selection | |
Parameters: | |
# Backup | |
CreateNewBackupVault: | |
Type: String | |
AllowedValues: | |
- true | |
- false | |
BackupVaultName: | |
Type: String | |
BackupPlanName: | |
Type: String | |
Description: AWS Backup name for BackupPlan | |
BackupSelectionName: | |
Type: String | |
Description: AWS Backup name for BackupSelection | |
# Backup Rules | |
BackupPolicy: | |
Type: String | |
Description: AWS Backup frequency choose between backup once, twice, thrice or four times a day | |
AllowedValues: | |
- BackupOnceDaily | |
- BackupTwiceDaily | |
- BackupThriceDaily | |
- BackupFourTimesDaily | |
BackupDefaultRole: | |
Type: String | |
Description: IAM service role for the BackupSelection | |
DeleteAfterDays: | |
Type: Number | |
Description: Number of days before the backup will be deleted | |
# Tags | |
Team: | |
Type: String | |
Description: Team name that own's the backup, this will be use for tag | |
Email: | |
Type: String | |
Description: Team email address | |
Conditions: | |
CreateNewVault: !Equals [ !Ref CreateNewBackupVault, "true" ] | |
OnceDaily: !Equals [ !Ref BackupPolicy, "BackupOnceDaily" ] | |
TwiceDaily: !Equals [ !Ref BackupPolicy, "BackupTwiceDaily" ] | |
ThriceDaily: !Equals [ !Ref BackupPolicy, "BackupThriceDaily" ] | |
FourTimesDaily: !Equals [ !Ref BackupPolicy, "BackupFourTimesDaily" ] | |
Resources: | |
StorageBackupVault: | |
Type: AWS::Backup::BackupVault | |
Condition: CreateNewVault | |
Properties: | |
BackupVaultName: !Ref BackupVaultName | |
BackupVaultTags: { | |
"Team": !Ref Team, | |
"Email": !Ref Email | |
} | |
StorageBackupPlan: | |
Type: AWS::Backup::BackupPlan | |
Properties: | |
BackupPlan: | |
BackupPlanName: !Ref BackupPlanName | |
BackupPlanRule: | |
- | |
RuleName: !Ref BackupPolicy | |
TargetBackupVault: !If [ CreateNewVault, !Ref StorageBackupVault, !Ref BackupVaultName ] | |
ScheduleExpression: | |
!If | |
[ OnceDaily, "cron(0 1 * * ? *)", | |
!If | |
[ TwiceDaily, "cron(0 0/12 * * ? *)", | |
!If | |
[ ThriceDaily, "cron(0 0/8 * * ? *)", "cron(0 0/6 * * ? *)" ] | |
] | |
] | |
Lifecycle: { | |
DeleteAfterDays: !Ref DeleteAfterDays | |
} | |
RecoveryPointTags: { | |
"Team": !Ref Team, | |
"Email": !Ref Email | |
} | |
BackupPlanTags: { | |
"Team": !Ref Team, | |
"Email": !Ref Email | |
} | |
StorageBackupSelectionByTags: | |
Type: AWS::Backup::BackupSelection | |
DependsOn: StorageBackupPlan | |
Properties: | |
BackupSelection: | |
SelectionName: !Ref BackupSelectionName | |
IamRoleArn: !Ref BackupDefaultRole | |
ListOfTags: | |
- | |
ConditionType: "STRINGEQUALS" | |
ConditionKey: "Backup" | |
ConditionValue: !Ref BackupSelectionName | |
BackupPlanId: !Ref StorageBackupPlan | |
Outputs: | |
BackupSelectionName: | |
Description: Tag:Value you need to put on your resource along with the Tag:Key Backup | |
Value: !Ref BackupSelectionName | |
BackupSelectionId: | |
Description: Backup Selection ID | |
Value: !Ref StorageBackupSelectionByTags | |
BackupVaultArn: | |
Description: Backup Vault ARN | |
Condition: CreateNewVault | |
Value: !GetAtt StorageBackupVault.BackupVaultArn | |
BackupPlanArn: | |
Description: BackupPlan Arn | |
Value: !GetAtt StorageBackupPlan.BackupPlanArn | |
BackupPlanId: | |
Description: BackupPlan ID | |
Value: !Ref StorageBackupPlan | |
BackupPlanVersionId: | |
Description: BackupPlan Version ID | |
Value: !GetAtt StorageBackupPlan.VersionId |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AWSTemplateFormatVersion: "2010-09-09" | |
Description: "Backup Plan template for thin backups" | |
Resources: | |
BackupVaultWithThinBackups: | |
Type: "AWS::Backup::BackupVault" | |
Properties: | |
BackupVaultName: "BackupVaultWithThinBackups" | |
BackupPlanWithThinBackups: | |
Type: "AWS::Backup::BackupPlan" | |
Properties: | |
BackupPlan: | |
BackupPlanName: "BackupPlanWithThinBackups" | |
BackupPlanRule: | |
- | |
RuleName: "RuleForDailyBackups" | |
TargetBackupVault: !Ref BackupVaultWithThinBackups | |
ScheduleExpression: "cron(0 5 ? * * *)" | |
Lifecycle: | |
DeleteAfterDays: 7 | |
- | |
RuleName: "RuleForWeeklyBackups" | |
TargetBackupVault: !Ref BackupVaultWithThinBackups | |
ScheduleExpression: "cron(0 5 ? * 1 *)" | |
Lifecycle: | |
DeleteAfterDays: 28 | |
- | |
RuleName: "RuleForMonthlyBackups" | |
TargetBackupVault: !Ref BackupVaultWithThinBackups | |
ScheduleExpression: "cron(0 5 1 * ? *)" | |
Lifecycle: | |
DeleteAfterDays: 90 | |
DependsOn: BackupVaultWithThinBackups | |
TagBasedBackupSelection: | |
Type: "AWS::Backup::BackupSelection" | |
Properties: | |
BackupSelection: | |
SelectionName: "TagBasedBackupSelection" | |
IamRoleArn: !Sub "arn:aws:iam::${AWS::AccountId}:role/service-role/AWSBackupDefaultServiceRole" | |
ListOfTags: | |
- | |
ConditionType: "STRINGEQUALS" | |
ConditionKey: "backup" | |
ConditionValue: "thinbackup" | |
BackupPlanId: !Ref BackupPlanWithThinBackups | |
DependsOn: BackupPlanWithThinBackups | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment