andresriancho / aws-backup Goto Github PK

context.get_remaining_time_in_millis() (documentation here can be used to get the remaining time in ms for the current context.

In some cases where there are MANY resources I found that the lambda function times out. Sadly this was found manually via CloudWatch Events logs. I would like to see these errors being reported to the admins.

Have the possibility to notify sysadmins of any untagged resource or error (see #1) using slack webhook.

In 3ca7f20 I explain one of the most annoying limitations of the AWS Backup service: it will only backup resources in the region where the backup plan was created, if you want to backup resources in 5 regions, you'll need to duplicate all the configuration for each region.

The problem I've found is that running these won't work:

terraform plan -var profile=awsbackup -var region=us-east-1
terraform apply -var profile=awsbackup -var region=us-east-1
...
terraform plan -var profile=awsbackup -var region=us-west-2
terraform apply -var profile=awsbackup -var region=us-west-2

Because the solution uses IAM resources which are global, thus on the second call to apply terraform will find the already existing user and exit. There are ways around it, but it would be nice to provide the users with an easy to use solution like:

terraform apply -var profile=awsbackup -var region=global
terraform apply -var profile=awsbackup -var region=us-east-1,us-west-2

The first command would deploy all global resources, the second will deploy the solution to the command separated regions.

Implement multiple regions

SES secrets

Error: error reading Secrets Manager Secret Version: AccessDeniedException: Access to KMS is not allowed
	status code: 400, request id: 4ff6091e-fc13-4e0c-8805-24820cb106f6

  on ses.tf line 41, in resource "aws_secretsmanager_secret_version" "ses_smtp_user":
  41: resource "aws_secretsmanager_secret_version" "ses_smtp_user" {

Right now the whole thing is broken:

resource "aws_lambda_function" "backup_auto_tagging" {
  filename = "lambda_functions/backup_auto_tagging.zip"
  function_name = "backup_auto_tagging"
  role = aws_iam_role.iam_role_lambda_backup_auto_tagging.arn
  handler = "lambda.handler"
  source_code_hash = filebase64sha256("lambda_functions/backup_auto_tagging.zip")

lambda_functions directory doesn't exist

backup_auto_tagging.zip doesn't exist

The current implementation completely ignores errors during the backup creation. As a sysadmin I would like to receive a notification when a backup fails, so that I can investigate what went wrong and potentially trigger it manually.

Do I need to perform pagination in any of these functions?

• tag_rds,
• tag_ebs,
• tag_efs,
• tag_dynamodb