Skip to content

backup-infrastructure

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

backup-infrastructure

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
modules/aws-backup-destination
modules/aws-backup-destination
 
 
prod
prod
 
 
test
test
 
 
README.md
README.md
 
 

README.md

NRLF Backup Infrastructure

This directory contains AWS backup terraform resources which are global to a given account.

Each subdirectory corresponds to each AWS account (prod and test).

Backup infrastructure should be deployed manually and not be run as part of CI.

Table of Contents

  1. Prerequisites
  2. Initialise shell environment
  3. Deploy backup resources
  4. Tear down backup resources

Prerequisites

Before deploying the NRLF backup infrastructure, you will need:

  • An AWS backup account that have already been bootstrapped, as described in bootstrap/README.md. This is a one-time account setup step.

Deploy backup resources

To deploy the backup resources, first login to the AWS mgmt account on the CLI.

Then, initialise the terraform backup workspace. For the test account:

$ cd test
$ terraform init && ( \
    terraform workspace new test || \
    terraform workspace select test )

If you want to apply changes to prod, use the prod directory and the backup-infra-prod terraform workspace.

Once you have your workspace set, you can plan your changes with:

$ terraform plan \
    -var 'source_account_id=SOURCE_ACCOUNT_ID" \
    -var 'assume_account=AWS_ACCOUNT_ID' \
    -var 'assume_role=terraform'

Replacing SOURCE_ACCOUNT with the account id that will be sending backups to the backup account and AWS_ACCOUNT_ID with the AWS account id of your backup account.

Once you're happy with your planned changes, you can apply them with:

$ terraform apply \
    -var 'source_account_id=SOURCE_ACCOUNT_ID" \
    -var 'assume_account=AWS_ACCOUNT_ID' \
    -var 'assume_role=terraform'

Replacing SOURCE_ACCOUNT with the account id that will be sending backups to the backup account and AWS_ACCOUNT_ID with the AWS account id of your backup account.

Tear down backup resources

WARNING - This action will destroy all backup resources from the AWS account. This should only be done if you are sure that this is safe and are sure that you are signed into the correct AWS account.

To tear down backup resources, first login to the AWS mgmt account on the CLI.

Then, initialise your terraform workspace. For the test account:

$ cd test
$ terraform init && ( \
    terraform workspace new test || \
    terraform workspace select test )

If you want to destroy resources in prod, use the prod directory and the backup-infra-prod terraform workspace.

And then, to tear down:

$ terraform destroy \
    -var 'source_account_id=SOURCE_ACCOUNT_ID" \
    -var 'assume_account=AWS_ACCOUNT_ID' \
    -var 'assume_role=terraform'

Replacing SOURCE_ACCOUNT with the account id that will be sending backups to the backup account and AWS_ACCOUNT_ID with the AWS account id of your backup account.