Difference between revisions of "Terraform resource: aws dlm lifecycle policy"
Jump to navigation
Jump to search
| Line 3: | Line 3: | ||
<code>[[aws dlm create-lifecycle-policy]]</code> | <code>[[aws dlm create-lifecycle-policy]]</code> | ||
[[resource_types]] | [[resource_types]] | ||
| + | |||
| + | == Oficial examples == | ||
| + | <pre> | ||
| + | data "aws_iam_policy_document" "assume_role" { | ||
| + | statement { | ||
| + | effect = "Allow" | ||
| + | |||
| + | principals { | ||
| + | type = "Service" | ||
| + | identifiers = ["dlm.amazonaws.com"] | ||
| + | } | ||
| + | |||
| + | actions = ["sts:AssumeRole"] | ||
| + | } | ||
| + | } | ||
| + | |||
| + | resource "aws_iam_role" "dlm_lifecycle_role" { | ||
| + | name = "dlm-lifecycle-role" | ||
| + | assume_role_policy = data.aws_iam_policy_document.assume_role.json | ||
| + | } | ||
| + | |||
| + | data "aws_iam_policy_document" "dlm_lifecycle" { | ||
| + | statement { | ||
| + | effect = "Allow" | ||
| + | |||
| + | actions = [ | ||
| + | "ec2:CreateSnapshot", | ||
| + | "ec2:CreateSnapshots", | ||
| + | "ec2:DeleteSnapshot", | ||
| + | "ec2:DescribeInstances", | ||
| + | "ec2:DescribeVolumes", | ||
| + | "ec2:DescribeSnapshots", | ||
| + | ] | ||
| + | |||
| + | resources = ["*"] | ||
| + | } | ||
| + | |||
| + | statement { | ||
| + | effect = "Allow" | ||
| + | actions = ["ec2:CreateTags"] | ||
| + | resources = ["arn:aws:ec2:*::snapshot/*"] | ||
| + | } | ||
| + | } | ||
| + | |||
| + | resource "aws_iam_role_policy" "dlm_lifecycle" { | ||
| + | name = "dlm-lifecycle-policy" | ||
| + | role = aws_iam_role.dlm_lifecycle_role.id | ||
| + | policy = data.aws_iam_policy_document.dlm_lifecycle.json | ||
| + | } | ||
| + | |||
| + | resource "aws_dlm_lifecycle_policy" "example" { | ||
| + | description = "example DLM lifecycle policy" | ||
| + | execution_role_arn = aws_iam_role.dlm_lifecycle_role.arn | ||
| + | state = "ENABLED" | ||
| + | |||
| + | policy_details { | ||
| + | resource_types = ["VOLUME"] | ||
| + | |||
| + | schedule { | ||
| + | name = "2 weeks of daily snapshots" | ||
| + | |||
| + | create_rule { | ||
| + | interval = 24 | ||
| + | interval_unit = "HOURS" | ||
| + | times = ["23:45"] | ||
| + | } | ||
| + | |||
| + | retain_rule { | ||
| + | count = 14 | ||
| + | } | ||
| + | |||
| + | tags_to_add = { | ||
| + | SnapshotCreator = "DLM" | ||
| + | } | ||
| + | |||
| + | copy_tags = false | ||
| + | } | ||
| + | |||
| + | target_tags = { | ||
| + | Snapshot = "true" | ||
| + | } | ||
| + | } | ||
| + | } | ||
| + | </pre> | ||
== See also == | == See also == | ||
Revision as of 09:08, 4 September 2023
aws dlm create-lifecycle-policy
resource_types
Oficial examples
data "aws_iam_policy_document" "assume_role" {
statement {
effect = "Allow"
principals {
type = "Service"
identifiers = ["dlm.amazonaws.com"]
}
actions = ["sts:AssumeRole"]
}
}
resource "aws_iam_role" "dlm_lifecycle_role" {
name = "dlm-lifecycle-role"
assume_role_policy = data.aws_iam_policy_document.assume_role.json
}
data "aws_iam_policy_document" "dlm_lifecycle" {
statement {
effect = "Allow"
actions = [
"ec2:CreateSnapshot",
"ec2:CreateSnapshots",
"ec2:DeleteSnapshot",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeSnapshots",
]
resources = ["*"]
}
statement {
effect = "Allow"
actions = ["ec2:CreateTags"]
resources = ["arn:aws:ec2:*::snapshot/*"]
}
}
resource "aws_iam_role_policy" "dlm_lifecycle" {
name = "dlm-lifecycle-policy"
role = aws_iam_role.dlm_lifecycle_role.id
policy = data.aws_iam_policy_document.dlm_lifecycle.json
}
resource "aws_dlm_lifecycle_policy" "example" {
description = "example DLM lifecycle policy"
execution_role_arn = aws_iam_role.dlm_lifecycle_role.arn
state = "ENABLED"
policy_details {
resource_types = ["VOLUME"]
schedule {
name = "2 weeks of daily snapshots"
create_rule {
interval = 24
interval_unit = "HOURS"
times = ["23:45"]
}
retain_rule {
count = 14
}
tags_to_add = {
SnapshotCreator = "DLM"
}
copy_tags = false
}
target_tags = {
Snapshot = "true"
}
}
}
See also
- Terraform Amazon Data Lifecycle Manager:
aws dlm create-lifecycle-policy - Amazon Data Lifecycle Manager: [
aws dlm|get-lifecycle-policies|create-lifecycle-policy] - Terraform AWS: provider, resources, modules, data sources, VPC, IAM, Net, EC2, S3, Route53, ACM, CloudWatch, SES, RDS, ECS,
awscc, autoscaling, EKS
Advertising:
