AWS Resilience Hub Application

AWS Resilience Hub is a new AWS service designed to help you define, track, and manage the resilience of your applications.
AWS Resilience Hub lets you define your RTO and RPO objectives for each of your applications. Then it assesses your application’s configuration to ensure it meets your requirements. It provides actionable recommendations and a resilience score to help you track your application’s resiliency progress over time. This Terraform module contains AWS Resilience Hub resources.

The resources that make up the application tracked by AWS Resilience Hub must be managed in a tfstate file that exists in S3. This is a requirement of the service. As such, the argument s3_state_file_url is required and must point to the tfstate file where the resources are managed. If possible, our recommendation is to maintain your application deployment in the same root module as the Resilience Hub app definition deployment. See our basic example.

The app-components variable is an object list composed of the following schema:

list(object({
    app_component_name = string
    app_component_type = string
    resources = list(object({
      resource_name            = string
      resource_type            = string
      resource_identifier      = string
      resource_identifier_type = string
      resource_region          = string
    }))
  }))

A single app-component is composed of:

• app_component_name - a unique name for each app-component
• app_component_type - one of the supported app-component types, as listed in https://docs.aws.amazon.com/resilience-hub/latest/userguide/AppComponent.grouping.html
• resources - the list of resources to that are assessed together

Please refer to https://docs.aws.amazon.com/resilience-hub/latest/userguide/AppComponent.grouping.html for more details.

A single resources is composed of:

• resource_name - a unique name for each resource
• resource_type - one of the supported resource types, as listed in https://docs.aws.amazon.com/resilience-hub/latest/userguide/AppComponent.grouping.html
• resource_identifier - either an ARN or identifier, depends on the actual resources (some AWS resources don't support ARN, refer to docs)
• resource_identifier_type - either Native or Arn, should correspond with resource_identifier
• resource_region - the AWS region where the resource is deployed

Requirements

Name	Version
terraform	>= 0.14.0
aws	>= 3.72.0
awscc	>= 0.21.0
random	>= 3.0.0

Providers

Name	Version
aws	>= 3.72.0
awscc	>= 0.21.0
random	>= 3.0.0

Modules

No modules.

Resources

Name	Type
aws_iam_policy.additional_invoker_role_permissions	resource
aws_iam_policy.resilience_hub_full_access_policy	resource
aws_iam_role.resilience_hub_assessment_role	resource
aws_iam_role_policy_attachment.resilience_hub_additional_access_attachment	resource
aws_iam_role_policy_attachment.resilience_hub_assessment_attachment	resource
aws_iam_role_policy_attachment.resilience_hub_full_access_attachment	resource
awscc_resiliencehub_app.app	resource
awscc_resiliencehub_resiliency_policy.policy	resource
random_id.session	resource

Inputs

Name	Description	Type	Default	Required
app_components	The application's app-components, including its resources	list(object({ app_component_name = string app_component_type = string resources = list(object({ resource_name = string resource_type = string resource_identifier = string resource_identifier_type = string resource_region = string })) }))	n/a	yes
app_name	The Application's name	string	n/a	yes
arh_role_name	Defines the role to be used by Resilience Hub	string	n/a	yes
rpo	RPO across all failure metrics	number	n/a	yes
rto	RTO across all failure metrics	number	n/a	yes
s3_bucket_name	S3 bucket name containing the statefile	string	n/a	yes
s3_bucket_region	S3 bucket region containing the statefile	string	n/a	yes
s3_state_file_path	S3 bucket path containing the statefile, e.g - path/to/statefile.tf	string	n/a	yes

Outputs

Name	Description
app_id	The application created
policy_id	The policy created