docs/resource/aws_backup_selection: Expand example documentation to s…

…how IAM Role creation and show using resource ARNs The support for wildcard resource selection does not work in all AWS Regions while ARN support is consistent. Reference: #9269
hashicorp · Jul 10, 2019 · b97d5e7 · b97d5e7
1 parent 3cea315
commit b97d5e7
Showing 1 changed file with 53 additions and 3 deletions.
diff --git a/website/docs/r/backup_selection.html.markdown b/website/docs/r/backup_selection.html.markdown
@@ -12,21 +12,71 @@ Manages selection conditions for AWS Backup plan resources.
 
 ## Example Usage
 
+### IAM Role
+
+-> For more information about creating and managing IAM Roles for backups and restores, see the [AWS Backup Developer Guide](https://docs.aws.amazon.com/aws-backup/latest/devguide/iam-service-roles.html).
+
+The below example creates an IAM role with the default managed IAM Policy for allowing AWS Backup to create backups.
+
 ```hcl
+resource "aws_iam_role" "example" {
+  name               = "example"
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": ["sts:AssumeRole"],
+      "Effect": "allow",
+      "Principal": {
+        "Service": ["backup.amazonaws.com"]
+      }
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "example" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup"
+  role       = "${aws_iam_role.example.name}"
+}
+
 resource "aws_backup_selection" "example" {
-  plan_id = "${aws_backup_plan.example.id}"
+  # ... other configuration ...
+
+  iam_role_arn = "${aws_iam_role.example.arn}"
+}
+```
+
+### Selecting Backups By Tag
 
+```hcl
+resource "aws_backup_selection" "example" {
+  iam_role_arn = "${aws_iam_role.example.arn}"
   name         = "tf_example_backup_selection"
-  iam_role_arn = "arn:aws:iam::123456789012:role/service-role/AWSBackupDefaultServiceRole"
+  plan_id      = "${aws_backup_plan.example.id}"
 
   selection_tag {
     type  = "STRINGEQUALS"
     key   = "foo"
     value = "bar"
   }
+}
+```
+
+### Selecting Backups By Resource
+
+```hcl
+resource "aws_backup_selection" "example" {
+  iam_role_arn = "${aws_iam_role.example.arn}"
+  name         = "tf_example_backup_selection"
+  plan_id      = "${aws_backup_plan.example.id}"
 
   resources = [
-    "arn:aws:ec2:us-east-1:123456789012:volume/",
+    "${aws_db_instance.example.arn}",
+    "${aws_ebs_volume.example.arn}",
+    "${aws_efs_file_system.example.arn}",
   ]
 }
 ```