CCM-7890 Backup Module Refactor

Author: aidenvaines-cgi

infrastructure/modules/aws-backup-source/README.md

@@ -15,7 +15,7 @@ See [terraform-aws-backup](https://github.com/NHSDigital/terraform-aws-backup.gi
 | <a name="input_backup_plan_config"></a> [backup\_plan\_config](#input\_backup\_plan\_config) | Configuration for backup plans | <pre>object({<br>    selection_tag             = string<br>    compliance_resource_types = list(string)<br>    rules = list(object({<br>      name                     = string<br>      schedule                 = string<br>      enable_continuous_backup = optional(bool)<br>      lifecycle = object({<br>        delete_after       = optional(number)<br>        cold_storage_after = optional(number)<br>      })<br>      copy_action = optional(object({<br>        delete_after = optional(number)<br>      }))<br>    }))<br>  })</pre> | <pre>{<br>  "compliance_resource_types": [<br>    "S3"<br>  ],<br>  "rules": [<br>    {<br>      "copy_action": {<br>        "delete_after": 365<br>      },<br>      "lifecycle": {<br>        "delete_after": 35<br>      },<br>      "name": "daily_kept_5_weeks",<br>      "schedule": "cron(0 0 * * ? *)"<br>    },<br>    {<br>      "copy_action": {<br>        "delete_after": 365<br>      },<br>      "lifecycle": {<br>        "delete_after": 90<br>      },<br>      "name": "weekly_kept_3_months",<br>      "schedule": "cron(0 1 ? * SUN *)"<br>    },<br>    {<br>      "copy_action": {<br>        "delete_after": 365<br>      },<br>      "lifecycle": {<br>        "cold_storage_after": 30,<br>        "delete_after": 2555<br>      },<br>      "name": "monthly_kept_7_years",<br>      "schedule": "cron(0 2 1  * ? *)"<br>    },<br>    {<br>      "copy_action": {<br>        "delete_after": 365<br>      },<br>      "enable_continuous_backup": true,<br>      "lifecycle": {<br>        "delete_after": 35<br>      },<br>      "name": "point_in_time_recovery",<br>      "schedule": "cron(0 5 * * ? *)"<br>    }<br>  ],<br>  "selection_tag": "BackupLocal"<br>}</pre> | no |
 | <a name="input_backup_plan_config_dynamodb"></a> [backup\_plan\_config\_dynamodb](#input\_backup\_plan\_config\_dynamodb) | Configuration for backup plans with dynamodb | <pre>object({<br>    enable                    = bool<br>    selection_tag             = string<br>    compliance_resource_types = list(string)<br>    rules = optional(list(object({<br>      name                     = string<br>      schedule                 = string<br>      enable_continuous_backup = optional(bool)<br>      lifecycle = object({<br>        delete_after       = number<br>        cold_storage_after = optional(number)<br>      })<br>      copy_action = optional(object({<br>        delete_after = optional(number)<br>      }))<br>    })))<br>  })</pre> | <pre>{<br>  "compliance_resource_types": [<br>    "DynamoDB"<br>  ],<br>  "enable": true,<br>  "rules": [<br>    {<br>      "copy_action": {<br>        "delete_after": 365<br>      },<br>      "lifecycle": {<br>        "delete_after": 35<br>      },<br>      "name": "dynamodb_daily_kept_5_weeks",<br>      "schedule": "cron(0 0 * * ? *)"<br>    },<br>    {<br>      "copy_action": {<br>        "delete_after": 365<br>      },<br>      "lifecycle": {<br>        "delete_after": 90<br>      },<br>      "name": "dynamodb_weekly_kept_3_months",<br>      "schedule": "cron(0 1 ? * SUN *)"<br>    },<br>    {<br>      "copy_action": {<br>        "delete_after": 365<br>      },<br>      "lifecycle": {<br>        "cold_storage_after": 30,<br>        "delete_after": 2555<br>      },<br>      "name": "dynamodb_monthly_kept_7_years",<br>      "schedule": "cron(0 2 1  * ? *)"<br>    }<br>  ],<br>  "selection_tag": "BackupDynamoDB"<br>}</pre> | no |
 | <a name="input_notification_kms_key"></a> [bootstrap\_kms\_key\_arn](#input\_bootstrap\_kms\_key\_arn) | The ARN of the bootstrap KMS key used for encryption at rest of the SNS topic. | `string` | n/a | yes |
-| <a name="input_environment_name"></a> [environment\_name](#input\_environment\_name) | The name of the environment where AWS Backup is configured. | `string` | n/a | yes |
+| <a name="input_environment"></a> [environment\_name](#input\_environment\_name) | The name of the environment where AWS Backup is configured. | `string` | n/a | yes |
 | <a name="input_notifications_target_email_address"></a> [notifications\_target\_email\_address](#input\_notifications\_target\_email\_address) | The email address to which backup notifications will be sent via SNS. | `string` | `""` | no |
 | <a name="input_project_name"></a> [project\_name](#input\_project\_name) | The name of the project this relates to. | `string` | n/a | yes |
 | <a name="input_reports_bucket"></a> [reports\_bucket](#input\_reports\_bucket) | Bucket to drop backup reports into | `string` | n/a | yes |
@@ -33,7 +33,7 @@ See [terraform-aws-backup](https://github.com/NHSDigital/terraform-aws-backup.gi
 module "test_aws_backup" {
   source = "./modules/aws-backup"
 
-  environment_name      = "environment_name"
+  environment      = "environment"
   notification_kms_key = kms_key[0].arn
   project_name          = "testproject"
   reports_bucket        = "compliance-reports"

infrastructure/modules/aws-backup-source/backup_framework_dynamodb.tf

@@ -2,16 +2,16 @@ resource "aws_backup_framework" "dynamodb" {
   count = var.backup_plan_config_dynamodb.enable ? 1 : 0
 
   # must be underscores instead of dashes
-  name        = replace("${local.resource_name_prefix}-dynamodb-framework", "-", "_")
-  description = "${var.project_name} DynamoDB Backup Framework"
+  name        = replace("${local.csi}-dynamodb-framework", "-", "_")
+  description = "${var.project} DynamoDB Backup Framework"
 
   # Evaluates if recovery points are encrypted.
   control {
     name = "BACKUP_RECOVERY_POINT_ENCRYPTED"
 
     scope {
       tags = {
-        Environment = var.environment_name
+        Environment = var.environment
       }
     }
   }
@@ -22,7 +22,7 @@ resource "aws_backup_framework" "dynamodb" {
 
     scope {
       tags = {
-        Environment = var.environment_name
+        Environment = var.environment
       }
     }
 
@@ -38,7 +38,7 @@ resource "aws_backup_framework" "dynamodb" {
 
     scope {
       tags = {
-        Environment = var.environment_name
+        Environment = var.environment
       }
     }
 
@@ -54,7 +54,7 @@ resource "aws_backup_framework" "dynamodb" {
 
     scope {
       tags = {
-        Environment = var.environment_name
+        Environment = var.environment
       }
     }
 

infrastructure/modules/aws-backup-source/backup_framework_s3.tf

@@ -2,16 +2,16 @@ resource "aws_backup_framework" "s3" {
   count = var.backup_plan_config_s3.enable ? 1 : 0
 
   # must be underscores instead of dashes
-  name        = replace("${local.resource_name_prefix}-framework", "-", "_")
-  description = "${var.project_name} Backup Framework"
+  name        = replace("${local.csi}-framework", "-", "_")
+  description = "${var.project} Backup Framework"
 
   # Evaluates if recovery points are encrypted.
   control {
     name = "BACKUP_RECOVERY_POINT_ENCRYPTED"
 
     scope {
       tags = {
-        Environment = var.environment_name
+        Environment = var.environment
       }
     }
   }
@@ -22,7 +22,7 @@ resource "aws_backup_framework" "s3" {
 
     scope {
       tags = {
-        Environment = var.environment_name
+        Environment = var.environment
       }
     }
 
@@ -38,7 +38,7 @@ resource "aws_backup_framework" "s3" {
 
     scope {
       tags = {
-        Environment = var.environment_name
+        Environment = var.environment
       }
     }
 
@@ -54,7 +54,7 @@ resource "aws_backup_framework" "s3" {
 
     scope {
       tags = {
-        Environment = var.environment_name
+        Environment = var.environment
       }
     }
 

infrastructure/modules/aws-backup-source/backup_plan_dynamodb.tf

@@ -2,7 +2,7 @@
 resource "aws_backup_plan" "dynamodb" {
   count = var.backup_plan_config_dynamodb.enable ? 1 : 0
 
-  name  = "${local.resource_name_prefix}-dynamodb-plan"
+  name  = "${local.csi}-dynamodb"
 
   dynamic "rule" {
     for_each = var.backup_plan_config_dynamodb.rules

infrastructure/modules/aws-backup-source/backup_plan_s3.tf

@@ -1,7 +1,7 @@
 resource "aws_backup_plan" "s3" {
   count = var.backup_plan_config_s3.enable ? 1 : 0
 
-  name = "${local.resource_name_prefix}-plan"
+  name = "${local.csi}-s3"
 
   dynamic "rule" {
     for_each = var.backup_plan_config_s3.rules

infrastructure/modules/aws-backup-source/backup_report_plan_backup_jobs.tf

@@ -1,6 +1,6 @@
 # Create the reports
 resource "aws_backup_report_plan" "backup_jobs" {
-  name        = "backup_jobs"
+  name        = "${local.csi_underscore}_backup_jobs"
   description = "Report for showing whether backups ran successfully in the last 24 hours"
 
   report_delivery_channel {

infrastructure/modules/aws-backup-source/backup_report_plan_backup_restore_testing_jobs.tf

@@ -1,6 +1,6 @@
 # Create the restore testing completion reports
 resource "aws_backup_report_plan" "backup_restore_testing_jobs" {
-  name        = "backup_restore_testing_jobs"
+  name        = "${local.csi_underscore}_backup_restore_testing_jobs"
   description = "Report for showing whether backup restore test ran successfully in the last 24 hours"
 
   report_delivery_channel {

infrastructure/modules/aws-backup-source/backup_report_plan_copy_jobs.tf

@@ -1,7 +1,7 @@
 resource "aws_backup_report_plan" "copy_jobs" {
   count       = var.backup_copy_vault_arn != "" && var.backup_copy_vault_account_id != "" ? 1 : 0
 
-  name        = "copy_jobs"
+  name        = "${local.csi_underscore}_copy_jobs"
   description = "Report for showing whether copies ran successfully in the last 24 hours"
 
   report_delivery_channel {

infrastructure/modules/aws-backup-source/backup_report_plan_resource_compliance.tf

@@ -1,5 +1,5 @@
 resource "aws_backup_report_plan" "resource_compliance" {
-  name        = "resource_compliance"
+  name        = "${local.csi_underscore}_resource_compliance"
   description = "Report for showing whether resources are compliant with the framework"
 
   report_delivery_channel {

infrastructure/modules/aws-backup-source/backup_restore_testing_plan.tf

@@ -1,5 +1,5 @@
 resource "awscc_backup_restore_testing_plan" "main" {
-  restore_testing_plan_name = local.resource_name_prefix
+  restore_testing_plan_name = local.csi_underscore
   schedule_expression       = var.restore_testing_plan_scheduled_expression
   start_window_hours        = var.restore_testing_plan_start_window
   recovery_point_selection = {