Difference between revisions of "Terraform resource: aws dlm lifecycle policy"
Jump to navigation
Jump to search
| Line 5: | Line 5: | ||
== Oficial examples == | == Oficial examples == | ||
| − | + | ||
| − | data "aws_iam_policy_document" "assume_role" { | + | data "aws_iam_policy_document" "assume_role" { |
statement { | statement { | ||
effect = "Allow" | effect = "Allow" | ||
| Line 17: | Line 17: | ||
actions = ["sts:AssumeRole"] | actions = ["sts:AssumeRole"] | ||
} | } | ||
| − | } | + | } |
| − | resource "aws_iam_role" "dlm_lifecycle_role" { | + | resource "aws_iam_role" "dlm_lifecycle_role" { |
name = "dlm-lifecycle-role" | name = "dlm-lifecycle-role" | ||
assume_role_policy = data.aws_iam_policy_document.assume_role.json | assume_role_policy = data.aws_iam_policy_document.assume_role.json | ||
| − | } | + | } |
| − | data "aws_iam_policy_document" "dlm_lifecycle" { | + | data "aws_iam_policy_document" "dlm_lifecycle" { |
statement { | statement { | ||
effect = "Allow" | effect = "Allow" | ||
| Line 45: | Line 45: | ||
resources = ["arn:aws:ec2:*::snapshot/*"] | resources = ["arn:aws:ec2:*::snapshot/*"] | ||
} | } | ||
| − | } | + | } |
| − | resource "aws_iam_role_policy" "dlm_lifecycle" { | + | resource "aws_iam_role_policy" "dlm_lifecycle" { |
name = "dlm-lifecycle-policy" | name = "dlm-lifecycle-policy" | ||
role = aws_iam_role.dlm_lifecycle_role.id | role = aws_iam_role.dlm_lifecycle_role.id | ||
policy = data.aws_iam_policy_document.dlm_lifecycle.json | policy = data.aws_iam_policy_document.dlm_lifecycle.json | ||
| − | } | + | } |
| − | + | ||
| − | resource "aws_dlm_lifecycle_policy" "example" { | + | resource "aws_dlm_lifecycle_policy" "example" { |
description = "example DLM lifecycle policy" | description = "example DLM lifecycle policy" | ||
execution_role_arn = aws_iam_role.dlm_lifecycle_role.arn | execution_role_arn = aws_iam_role.dlm_lifecycle_role.arn | ||
state = "ENABLED" | state = "ENABLED" | ||
| − | + | ||
policy_details { | policy_details { | ||
resource_types = ["VOLUME"] | resource_types = ["VOLUME"] | ||
| − | + | ||
schedule { | schedule { | ||
name = "2 weeks of daily snapshots" | name = "2 weeks of daily snapshots" | ||
| − | + | ||
create_rule { | create_rule { | ||
interval = 24 | interval = 24 | ||
| Line 69: | Line 69: | ||
times = ["23:45"] | times = ["23:45"] | ||
} | } | ||
| − | + | ||
retain_rule { | retain_rule { | ||
count = 14 | count = 14 | ||
} | } | ||
| − | + | ||
tags_to_add = { | tags_to_add = { | ||
SnapshotCreator = "DLM" | SnapshotCreator = "DLM" | ||
} | } | ||
| − | + | ||
copy_tags = false | copy_tags = false | ||
} | } | ||
| − | + | ||
target_tags = { | target_tags = { | ||
Snapshot = "true" | Snapshot = "true" | ||
} | } | ||
} | } | ||
| − | } | + | } |
| − | |||
== See also == | == See also == | ||
Revision as of 09:09, 4 September 2023
aws dlm create-lifecycle-policy
resource_types
Oficial examples
data "aws_iam_policy_document" "assume_role" {
statement {
effect = "Allow"
principals {
type = "Service"
identifiers = ["dlm.amazonaws.com"]
}
actions = ["sts:AssumeRole"] } }
resource "aws_iam_role" "dlm_lifecycle_role" {
name = "dlm-lifecycle-role"
assume_role_policy = data.aws_iam_policy_document.assume_role.json
}
data "aws_iam_policy_document" "dlm_lifecycle" {
statement {
effect = "Allow"
actions = [
"ec2:CreateSnapshot",
"ec2:CreateSnapshots",
"ec2:DeleteSnapshot",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeSnapshots",
]
resources = ["*"] }
statement {
effect = "Allow"
actions = ["ec2:CreateTags"]
resources = ["arn:aws:ec2:*::snapshot/*"]
}
}
resource "aws_iam_role_policy" "dlm_lifecycle" {
name = "dlm-lifecycle-policy"
role = aws_iam_role.dlm_lifecycle_role.id
policy = data.aws_iam_policy_document.dlm_lifecycle.json
}
resource "aws_dlm_lifecycle_policy" "example" {
description = "example DLM lifecycle policy"
execution_role_arn = aws_iam_role.dlm_lifecycle_role.arn
state = "ENABLED"
policy_details {
resource_types = ["VOLUME"]
schedule {
name = "2 weeks of daily snapshots"
create_rule {
interval = 24
interval_unit = "HOURS"
times = ["23:45"]
}
retain_rule {
count = 14
}
tags_to_add = {
SnapshotCreator = "DLM"
}
copy_tags = false
}
target_tags = {
Snapshot = "true"
}
}
}
See also
- Terraform Amazon Data Lifecycle Manager:
aws dlm create-lifecycle-policy - Amazon Data Lifecycle Manager: [
aws dlm|get-lifecycle-policies|create-lifecycle-policy] - Terraform AWS: provider, resources, modules, data sources, VPC, IAM, Net, EC2, S3, Route53, ACM, CloudWatch, SES, RDS, ECS,
awscc, autoscaling, EKS
Advertising:
