AWS Backup support RDS resource in aws_backup_selection #9269
Comments
estevens88
added
the
enhancement
github-actions
bot
added
the
needs-triage
aeschright
added
service/backup
|
This is supported :) If it's not working for you can you include your provider version (run Here's an example of a working configuration I'm using: resource "aws_backup_selection" "db" {
name = "db"
plan_id = "${aws_backup_plan.db.id}"
iam_role_arn = "${data.aws_iam_role.aws_backup_role.arn}"
resources = ["${aws_db_instance.main.arn}"]
}The format of an RDS ARN is eg.: In the example you've included it looks like your database identifier may be missing from the final portion of that ARN. |
…how IAM Role creation and show using resource ARNs The support for wildcard resource selection does not work in all AWS Regions while ARN support is consistent. Reference: #9269
bflad
added
documentation
|
Hi @estevens88 👋 Thank you for submitting this. There is some inconsistency in the AWS Backup API across AWS regions for support of wildcard resource patterns, outside the control of the Terraform For example, I was able to use a "wildcard" pattern for EFS in us-east-2, e.g. ending with Your safest bet here will likely be to only use ARNs for resource selection (as @tdmalone is alluding to above, thanks!) or switch to tag selection. I have submitted #9298 to update the documentation to show only ARN usage with the If you would like to provide direct feedback to the AWS Backup service team about the lack of clarity in the AWS Backup API Reference, please feel free to click the Feedback button in the bottom right hand corner of that documentation page. 👍 |
|
Thanks @bflad for the quick response. The inconsistency was what I was noticing too. I can use specific rds instances but was not able to use the wildcard pattern with RDS. I have a case raised with AWS and hopefully that will help move this forward. |
|
Great to hear! Hopefully we can gain some better insight into the expected behavior. |
* resource/aws_backup_selection: Retry creation for IAM eventual consistency error Reference: #9297 Output from acceptance testing (failure present on master): ``` --- FAIL: TestAccAwsBackupSelection_withResources (12.00s) testing.go:568: Step 0 error: errors during apply: Error: error creating Backup Selection: InvalidParameterValueException: Invalid ARN: arn:aws:elasticfilesystem:us-west-2:--OMITTED--:file-system/. Specified resource is not supported status code: 400, request id: 2f845d03-51d3-48df-b853-46c077f85780 on /var/folders/v0/_d108fkx1pbbg4_sh864_7740000gn/T/tf-test308326165/main.tf line 22: (source code not available) --- PASS: TestAccAwsBackupSelection_disappears (17.20s) --- PASS: TestAccAwsBackupSelection_basic (18.44s) --- PASS: TestAccAwsBackupSelection_withTags (18.47s) --- PASS: TestAccAwsBackupSelection_updateTag (28.73s) ``` * tests/resource/aws_backup_selection: Remove wildcard usage in withResources acceptance test The usage of wildcards differs between AWS Regions while ARNs are supported everywhere. Previously from acceptance testing: ``` --- FAIL: TestAccAwsBackupSelection_withResources (12.00s) testing.go:568: Step 0 error: errors during apply: Error: error creating Backup Selection: InvalidParameterValueException: Invalid ARN: arn:aws:elasticfilesystem:us-west-2:--OMITTED--:file-system/. Specified resource is not supported ``` Output from acceptance testing: ``` --- PASS: TestAccAwsBackupSelection_withResources (29.35s) ``` * docs/resource/aws_backup_selection: Expand example documentation to show IAM Role creation and show using resource ARNs The support for wildcard resource selection does not work in all AWS Regions while ARN support is consistent. Reference: #9269
|
The documentation enhancement has been merged and will be released with version 2.19.0 of the Terraform AWS provider. |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
ghost
locked and limited conversation to collaborators
Community Note
Description
Please add in the ability to specify rds instances as resources in the aws_backup_selection. I have tried using the arn pattern (arn:aws:rds:us-east-1:${data.aws_caller_identity.current.account_id}:db:) and it does not look like this is supported. However, it is for volume and EFS.
New or Affected Resource(s)
References
The text was updated successfully, but these errors were encountered: