Difference between revisions of "Terraform resource: aws dlm lifecycle policy"
Jump to navigation
Jump to search
(6 intermediate revisions by the same user not shown) | |||
Line 3: | Line 3: | ||
<code>[[aws dlm create-lifecycle-policy]]</code> | <code>[[aws dlm create-lifecycle-policy]]</code> | ||
[[resource_types]] | [[resource_types]] | ||
+ | [[retain_rule]] | ||
+ | [[target_tags]] | ||
== Oficial examples == | == Oficial examples == | ||
− | + | ||
− | data "aws_iam_policy_document" "assume_role" { | + | data "aws_iam_policy_document" "assume_role" { |
statement { | statement { | ||
effect = "Allow" | effect = "Allow" | ||
− | + | ||
principals { | principals { | ||
type = "Service" | type = "Service" | ||
identifiers = ["dlm.amazonaws.com"] | identifiers = ["dlm.amazonaws.com"] | ||
} | } | ||
− | + | ||
actions = ["sts:AssumeRole"] | actions = ["sts:AssumeRole"] | ||
} | } | ||
− | } | + | } |
− | + | ||
− | resource "aws_iam_role" "dlm_lifecycle_role" { | + | resource "aws_iam_role" "dlm_lifecycle_role" { |
name = "dlm-lifecycle-role" | name = "dlm-lifecycle-role" | ||
assume_role_policy = data.aws_iam_policy_document.assume_role.json | assume_role_policy = data.aws_iam_policy_document.assume_role.json | ||
− | } | + | } |
− | + | ||
− | data "aws_iam_policy_document" "dlm_lifecycle" { | + | data "aws_iam_policy_document" "dlm_lifecycle" { |
statement { | statement { | ||
effect = "Allow" | effect = "Allow" | ||
− | + | ||
actions = [ | actions = [ | ||
"ec2:CreateSnapshot", | "ec2:CreateSnapshot", | ||
Line 36: | Line 38: | ||
"ec2:DescribeSnapshots", | "ec2:DescribeSnapshots", | ||
] | ] | ||
− | + | ||
resources = ["*"] | resources = ["*"] | ||
} | } | ||
− | + | ||
statement { | statement { | ||
effect = "Allow" | effect = "Allow" | ||
Line 45: | Line 47: | ||
resources = ["arn:aws:ec2:*::snapshot/*"] | resources = ["arn:aws:ec2:*::snapshot/*"] | ||
} | } | ||
− | } | + | } |
− | + | ||
− | resource "aws_iam_role_policy" "dlm_lifecycle" { | + | resource "aws_iam_role_policy" "dlm_lifecycle" { |
name = "dlm-lifecycle-policy" | name = "dlm-lifecycle-policy" | ||
role = aws_iam_role.dlm_lifecycle_role.id | role = aws_iam_role.dlm_lifecycle_role.id | ||
policy = data.aws_iam_policy_document.dlm_lifecycle.json | policy = data.aws_iam_policy_document.dlm_lifecycle.json | ||
− | } | + | } |
− | + | ||
− | resource "aws_dlm_lifecycle_policy" "example" { | + | resource "aws_dlm_lifecycle_policy" "example" { |
description = "example DLM lifecycle policy" | description = "example DLM lifecycle policy" | ||
execution_role_arn = aws_iam_role.dlm_lifecycle_role.arn | execution_role_arn = aws_iam_role.dlm_lifecycle_role.arn | ||
state = "ENABLED" | state = "ENABLED" | ||
− | + | ||
policy_details { | policy_details { | ||
resource_types = ["VOLUME"] | resource_types = ["VOLUME"] | ||
− | + | ||
schedule { | schedule { | ||
name = "2 weeks of daily snapshots" | name = "2 weeks of daily snapshots" | ||
− | + | ||
create_rule { | create_rule { | ||
interval = 24 | interval = 24 | ||
Line 69: | Line 71: | ||
times = ["23:45"] | times = ["23:45"] | ||
} | } | ||
− | + | ||
retain_rule { | retain_rule { | ||
count = 14 | count = 14 | ||
} | } | ||
− | + | ||
tags_to_add = { | tags_to_add = { | ||
SnapshotCreator = "DLM" | SnapshotCreator = "DLM" | ||
} | } | ||
− | + | ||
copy_tags = false | copy_tags = false | ||
} | } | ||
− | + | ||
target_tags = { | target_tags = { | ||
Snapshot = "true" | Snapshot = "true" | ||
} | } | ||
} | } | ||
− | } | + | } |
− | + | ||
+ | == Related == | ||
+ | * [[aws_ebs_snapshot]] | ||
+ | * [[Amazon EBS Snapshots Archive]] | ||
== See also == | == See also == |
Latest revision as of 09:25, 4 September 2023
aws dlm create-lifecycle-policy
resource_types retain_rule target_tags
Oficial examples[edit]
data "aws_iam_policy_document" "assume_role" { statement { effect = "Allow" principals { type = "Service" identifiers = ["dlm.amazonaws.com"] } actions = ["sts:AssumeRole"] } } resource "aws_iam_role" "dlm_lifecycle_role" { name = "dlm-lifecycle-role" assume_role_policy = data.aws_iam_policy_document.assume_role.json } data "aws_iam_policy_document" "dlm_lifecycle" { statement { effect = "Allow" actions = [ "ec2:CreateSnapshot", "ec2:CreateSnapshots", "ec2:DeleteSnapshot", "ec2:DescribeInstances", "ec2:DescribeVolumes", "ec2:DescribeSnapshots", ] resources = ["*"] } statement { effect = "Allow" actions = ["ec2:CreateTags"] resources = ["arn:aws:ec2:*::snapshot/*"] } } resource "aws_iam_role_policy" "dlm_lifecycle" { name = "dlm-lifecycle-policy" role = aws_iam_role.dlm_lifecycle_role.id policy = data.aws_iam_policy_document.dlm_lifecycle.json } resource "aws_dlm_lifecycle_policy" "example" { description = "example DLM lifecycle policy" execution_role_arn = aws_iam_role.dlm_lifecycle_role.arn state = "ENABLED" policy_details { resource_types = ["VOLUME"] schedule { name = "2 weeks of daily snapshots" create_rule { interval = 24 interval_unit = "HOURS" times = ["23:45"] } retain_rule { count = 14 } tags_to_add = { SnapshotCreator = "DLM" } copy_tags = false } target_tags = { Snapshot = "true" } } }
Related[edit]
See also[edit]
- Terraform Amazon Data Lifecycle Manager:
aws dlm create-lifecycle-policy
- Amazon Data Lifecycle Manager: [
aws dlm
|get-lifecycle-policies
|create-lifecycle-policy
] - Terraform AWS: provider, resources, modules, data sources, VPC, IAM, Net, EC2, S3, Route53, ACM, CloudWatch, SES, RDS, ECS,
awscc, autoscaling, EKS
Advertising: