🎉 first commit

.gitignore

@@ -0,0 +1,5 @@
+.terraform
+.terraform.lock.hcl
+terraform.tfstate*
+test.sh
+testing.tfvars

README.md

@@ -0,0 +1,42 @@
+# terraform-aws-snapshot-dlm
+
+## overview
+a simple module to dlm lifycle to take ebs snapshot from instances or volumes
+
+## Usage
+see examples in example folder
+```tf
+module "daily" {
+  source   = "../../"
+  dlm_name = "daily-snapshot"
+  schedules = {
+    "daily" = {
+      name            = "daily"
+      create_interval = 24
+      create_time     = "21:00" #utc time
+      copy_tags       = true
+      retain_count    = 1
+      extra_tags_to_add = {
+        "test" = "true"
+      }
+    }
+  }
+  target_tags = {
+    "enable_snapshot" = "true"
+  }
+}
+```
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| create_iam | if create dlm iam role or not | `bool` | true | yes |
+| role_name | if create_iam is true, role name is required | `string` | "dlm-lifecycle-role" | yes |
+| role_arn | if create_iam is false, role arn is required | `string` | false | yes |
+| dlm_name | a name for dlm policy | `string` | false | yes |
+| dlm_desc | a description for dlm policy | `string` | "ebs snapshot lifecycle policy" | no |
+| state | Whether the lifecycle policy should be ENABLED or DISABLED | `string` | "ENABLED" | no |
+| target_tags | a tags map, if matched snapshot will be created | `map` | {} | yes |
+| schedules | a map, maxium 4 schedules can be created | `map` | {} | yes |
+| resource_type| a type be targeted by the lifecycle policy. either INSTANCE or VOLUME | `string` | "INSTANCE" | no |
+| policy_tags| extra tags to add to policy resource | `map` | {} | no |

example/daily/main.tf

@@ -0,0 +1,27 @@
+module "daily" {
+  source   = "../../"
+  dlm_name = "daily-snapshot"
+  schedules = {
+    "daily" = {
+      name            = "daily-21"
+      create_interval = 24
+      create_time     = "21:00" #utc time
+      copy_tags       = true
+      retain_count    = 1
+      extra_tags_to_add = {
+        "test" = "true"
+      }
+    }
+    "daily2" = {
+      name              = "daily-9"
+      create_interval   = 24
+      create_time       = "09:00" #utc time
+      copy_tags         = true
+      retain_count      = 1
+      extra_tags_to_add = {}
+    }
+  }
+  target_tags = {
+    "enable_snapshot" = "true"
+  }
+}

example/daily/provider.tf

@@ -0,0 +1,3 @@
+provider "aws" {
+
+}

example/daily/version.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~>4.8"
+    }
+
+  }
+  required_version = "1.1.7"
+}

main.tf

@@ -0,0 +1,94 @@
+data "aws_iam_policy_document" "assume-role-policy" {
+  count = var.create_iam ? 1 : 0
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["dlm.amazonaws.com"]
+    }
+  }
+}
+resource "aws_iam_role" "this" {
+  count              = var.create_iam ? 1 : 0
+  name               = var.role_name
+  assume_role_policy = data.aws_iam_policy_document.assume-role-policy[count.index].json
+}
+
+locals {
+  role_arn = var.create_iam ? aws_iam_role.this[0].arn : var.role_arn
+}
+
+data "aws_iam_policy_document" "role-policy" {
+  count = var.create_iam ? 1 : 0
+  statement {
+    sid = "ec2snapshotvolume"
+    actions = [
+      "ec2:CreateSnapshot",
+      "ec2:CreateSnapshots",
+      "ec2:DeleteSnapshot",
+      "ec2:DescribeInstances",
+      "ec2:DescribeVolumes",
+      "ec2:DescribeSnapshots"
+    ]
+    resources = [
+      "*"
+    ]
+  }
+  statement {
+    sid = "createtags"
+    actions = [
+      "ec2:CreateTags"
+    ]
+    resources = [
+      "arn:aws:ec2:*::snapshot/*"
+    ]
+  }
+}
+resource "aws_iam_role_policy" "this" {
+  count = var.create_iam ? 1 : 0
+  name  = format("%s-%s", var.role_name, "dlm-lifecycle-policy")
+  role  = aws_iam_role.this[count.index].id
+
+  policy = data.aws_iam_policy_document.role-policy[count.index].json
+}
+
+resource "aws_dlm_lifecycle_policy" "this" {
+  description        = var.dlm_desc
+  execution_role_arn = local.role_arn
+  state              = var.state
+
+  policy_details {
+    resource_types = [var.resource_type]
+
+    dynamic "schedule" {
+      for_each = var.schedules
+
+      content {
+        name = schedule.value["name"]
+
+        create_rule {
+          interval      = schedule.value["create_interval"]
+          interval_unit = "HOURS"
+          times         = [schedule.value["create_time"]]
+        }
+
+        retain_rule {
+          count = schedule.value["retain_count"]
+        }
+
+        tags_to_add = merge({
+          provisioner = "DLM"
+        }, schedule.value["extra_tags_to_add"])
+
+        copy_tags = schedule.value["copy_tags"]
+
+      }
+
+    }
+    target_tags = var.target_tags
+  }
+  tags = merge({
+    Name = var.dlm_name
+  }, var.policy_tags)
+}

variable.tf

@@ -0,0 +1,52 @@
+variable "create_iam" {
+  type        = bool
+  description = "if true will create dlm iam role"
+  default     = true
+}
+
+variable "role_arn" {
+  type        = string
+  description = "the iam role arn used for dlm"
+  default     = ""
+}
+variable "role_name" {
+  type        = string
+  description = "if create_iam, use the role_name"
+  default     = "dlm-lifecycle-role"
+}
+
+variable "target_tags" {
+  description = "if tags matched, will do the snapshot"
+  default     = {}
+}
+variable "dlm_name" {
+  description = "the policy name"
+  type        = string
+}
+
+variable "dlm_desc" {
+  description = "the policy description"
+  type        = string
+  default     = "ebs snapshot lifecycle policy"
+}
+variable "state" {
+  description = "Whether the lifecycle policy should be ENABLED or DISABLED"
+  type        = string
+  default     = "ENABLED"
+}
+
+variable "schedules" {
+  description = "schedule rules"
+  default     = {}
+}
+
+variable "policy_tags" {
+  description = "extra tags config for dlm policy"
+  default     = {}
+}
+
+variable "resource_type" {
+  description = "a type be targeted by the lifecycle policy. either INSTANCE or VOLUME"
+  default     = "INSTANCE"
+  type        = string
+}

version.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">=3.67"
+    }
+  }
+  required_version = ">= 0.13"
+}