Policy Setting: AWS > Backup > Stack > Source
Policies
This policy setting is dependent on the following policy types:
Source
resource "turbot_policy_setting" "aws_backup_stack_source" { resource = turbot_policy_pack.main.id type = "tmod:@turbot/aws-backup#/policy/types/backupStackSource" template_input = <<-EOT { account { id: get(path: "Id") } } EOT template = <<-EOT | resource "aws_backup_vault" "vault" { name = "guardrails-backup-vault" tags = { turbot_version = "v5" } } resource "aws_backup_plan" "guardrails_ebs_backups" { name = "guardrails-backup-plan" rule { # The time allowed for the job to start, any longer and it will be cancelled. start_window = 480 # The amount of time allowed for the backup to complete, before it is cancelled. completion_window = 10080 # rule_name = "guardrails-ebs-backups-rule" schedule = "cron(0 5 ? * * *)" target_vault_name = aws_backup_vault.vault.name lifecycle { delete_after = 1 } } } resource "aws_backup_selection" "ebs_resource_assignment" { iam_role_arn = "arn:aws:iam::{{ $.account.id }}:role/turbot/core/guardrails_backup_service_role" name = "guardrails-ebs-resource-assignment" plan_id = aws_backup_plan.guardrails_ebs_backups.id resources = ["arn:aws:ec2:*:*:volume/*"] } EOT # value = "[]" # To decommission the backup vault, uncomment this line and comment out the template and template_input.}