aws-velero

AWS Velero

This terraform module provides an easy way to generate Velero required cloud resources (S3 and IAM) to backup Kubernetes objects and trigger volume snapshots.

Requirements

Name	Version
terraform	0.15.4
aws	3.37.0

Providers

Name	Version
aws	3.37.0

Resources

Name	Type
aws_iam_access_key.velero_backup	resource
aws_iam_policy.velero_backup	resource
aws_iam_policy_attachment.velero_backup	resource
aws_iam_role.velero_backup	resource
aws_iam_role_policy_attachment.velero_backup	resource
aws_iam_user.velero_backup_user	resource
aws_s3_bucket.backup_bucket	resource
aws_caller_identity.current	data source

Inputs

Name	Description	Type	Default	Required
backup_bucket_name	Backup Bucket Name	string	n/a	yes
oidc_provider_url	URL of OIDC issuer discovery document	string	""	no
tags	Custom tags to apply to resources	map(string)	{}	no

Outputs

Name	Description
backup_storage_location	Velero Cloud BackupStorageLocation CRD
cloud_credentials	Velero required file with credentials
service_account	Velero ServiceAccount
volume_snapshot_location	Velero Cloud VolumeSnapshotLocation CRD

Usage

module "velero" {
  source             = "../vendor/modules/aws-velero"
  backup_bucket_name = "my-cluster-staging-velero"
  tags               = {
    "my-key": "my-value"
  }
}

To use IAM Roles for Service Accounts (IRSA):

data "aws_eks_cluster" "this" {
  name = "my-cluster-staging"
}

module "velero" {
  source             = "../vendor/modules/aws-velero"
  backup_bucket_name = "my-cluster-staging-velero"
  oidc_provider_url  = replace(data.aws_eks_cluster.this.identity.0.oidc.0.issuer, "https://", "")
  tags               = {
    "my-key": "my-value"
  }
}

For more information about IAM Roles for Service Accounts to inject AWS credentials inside Velero's pods, click here