0

I Need some help in configuring AWS backup vaults in multiple AWS accounts using terraform. I'm able to create backup vaults in 2 accounts with specific plan and schedule. but i cant see the backedup data on the destination account. Here's the code which i'm using.

resource "aws_backup_vault" "backup-vault" {
  provider    = aws.source-account 
  name        = var.backup-vault-name
  kms_key_arn = aws_kms_key.backup-key.arn
}

resource "aws_backup_vault" "diff-account-vault" {
  provider = aws.crossbackup
  name = var.cross-account-vault-name
  kms_key_arn = aws_kms_key.backup-key.arn
}

resource "aws_backup_plan" "backup-plan" {
  name = var.backup-plan-name
  rule {
      rule_name = "some-rule"
      target_vault_name = aws_backup_vault.backup-vault.name
      schedule = "cron(0 17-23 * * ? *)"
      copy_action {
        destination_vault_arn = aws_backup_vault.diff-account-vault.arn
      }
  }
}

resource "aws_backup_selection" "tag" {
  name = "some-backup-selection-name"
  iam_role_arn = aws_iam_role.aws-backup-service-role.arn
  plan_id = aws_backup_plan.backup-plan.id

  selection_tag {
      type = var.selection-type
      key = var.key
      value = var.value
  }
}

resource "aws_backup_vault_policy" "organization-policy" {
  backup_vault_name = aws_backup_vault.diff-account-vault.name
  provider = aws.crossbackup
  
  policy = <<POLICY
{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Effect":"Allow",
      "Action":"backup:CopyIntoBackupVault",
      "Resource":"*",
        "Principal":"*",
        "Condition":{
          "StringEquals":{
             "aws:PrincipalOrgID":[
                "Organization-ID"
             ]
           }
         }
    }
   ]
}
POLICY
}
john
  • 1
  • 1

0 Answers0