如何在 Terraform 中使用 AWS Backup 在不同区域创建文件库?

How do I use AWS Backup in Terraform to create a vault in a different region?

我正在实施一个解决方案来使用 AWS Backup 备份我的 Oracle RDS 数据库。我想在我当前的区域有一个保险库,在不同的区域有一个备份保险库。作为 Terraform 的新手,我不太确定如何完成此操作。我会在不同区域添加另一个 AWS 提供商吗?下面是我的一些代码供参考:

providers.tf:

# Configure the AWS Provider

provider "aws" {
  profile = "sandbox"
  region  = var.primary_region # resolves to us-east-1
  alias   = "primary"
  allowed_account_ids = [
    var.account_id
  ]
}

------------------------------------------------------

backups.tf:

resource "aws_backup_region_settings" "test" {
  resource_type_opt_in_preference = {
    "RDS" = true
  }
}

resource "aws_backup_vault" "test" {
  name        = "backup_vault"
  kms_key_arn = aws_kms_key.sensitive.arn
}

# Would like this to be created in us-west-2:

resource "aws_backup_vault" "test_destination" {
  name        = backup_destination_vault"
  kms_key_arn = aws_kms_key.sensitive.arn
}

resource "aws_backup_plan" "backup" {
  name = "oasis-backup-plan"

  rule {
    rule_name         = "backup"
    target_vault_name = aws_backup_vault.backup.name
    schedule          = "cron(0 12-20 * * ? *)"

    copy_action {
      destination_vault_arn = aws_backup_vault.backup_destination.arn
    }
  }
}

resource "aws_iam_role" "backup" {
  name               = "backup_role"
  assume_role_policy = <<POLICY
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": ["sts:AssumeRole"],
      "Effect": "allow",
      "Principal": {
        "Service": ["backup.amazonaws.com"]
      }
    }
  ]
}
POLICY
}

resource "aws_iam_role_policy_attachment" "backup" {
  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup"
  role       = aws_iam_role.backup.name
}

resource "aws_backup_selection" "backup" {
  iam_role_arn = aws_iam_role.backup.arn
  name         = "backup_selection"
  plan_id      = aws_backup_plan.backup.id

  resources = [
    aws_db_instance.oasis.arn
    data.aws_db_instance.backup.db_instance_arn  # My Oracle DB, already existing
  ]
}

我知道 AWS Backup 在 AWS Organizations 中得到了很大的利用;尽管我们正在为我们的众多帐户使用该模式,但我正在努力避免在这一点上涉及那种级别的控制;我只是在做一个 POC,试图为正在进行的 DR 区域制定一个合理的备份计划。

因此,为了做您想做的事,您需要使用 terraform 的一项功能,该功能允许您配置多个提供商:

https://www.terraform.io/docs/language/providers/configuration.html

配置完后,您可以指定要配置第二个保管库时要使用的提供程序,一切都应该正常运行。