Terraform module that configures an AWS S3 archive target and adds that target to the Rubrik cluster. The following steps are completed by the module:
- Create a new AWS S3 Bucket
- Create a new user specific to Rubrik
- Create a new IAM Policy with the correct permissions and attached to the new user.
- Create a new KMS Key to use for encryption
- (optionally) Adds the S3 Bucket to the Rubrik cluster as an archival location
Here are some resources to get you started! If you find any challenges from this project are not properly documented or are unclear, please raise an issue and let us know! This is a fun, safe environment - don't worry if you're a GitHub newbie!
- Quick Start Guide
- Rubrik API Documentation
- Only required to run the sample workflow for adding the archival location to Rubrik
The following environment variables are used to authenticate to AWS and your Rubrik Cluster.
| Name | Description |
|---|---|
| AWS_ACCESS_KEY_ID | IAM Access Key with permissions to create CloudOut resources |
| AWS_SECRET_ACCESS_KEY | IAM Secret Key for the account above |
| rubrik_cdm_node_ip | IP Address of Rubrik CDM |
| rubrik_cdm_username | Rubrik CDM account with permissions to configure archive settings |
| rubrik_cdm_password | Password for Rubrik CDM account above |
module "rubrik_aws_cloudout" {
source = "rubrikinc/rubrik-s3-cloudout/aws"
aws_region = "us-east-1"
bucket_name = "rubrik-tf-module-bucket"
archive_name = "S3:ArchiveLocation"
}The following are the variables accepted by the module.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| aws_region | Region to create S3 bucket in | string | yes | |
| bucket_name | The name of the S3 bucket to use as an archive target. | string | yes | |
| archive_name | The name of the Rubrik archive location in the Rubrik GUI. | string | yes | |
| bucket_force_destroy | When true, indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. | bool | false | no |
| save_keys | When true, save a copy of created IAM Access and Secret keys in iam_keys.txt. | bool | false | no |
| storage_class | The storage class of the S3 Bucket. Valid choices are standard, standard_ia, and reduced_redundancy. | string | standard | no |
| iam_user_name | The name of the IAM User to create. | string | rubrik | no |
| iam_policy_name | The name of the IAM Policy configured with the correct CloudOut permissions. | string | rubrik-cloud-out | no |
| kms_key_alias | The alias for the KMS Key ID. | string | rubrik-cloud-out | no |
| timeout | The number of seconds to wait to establish a connection the Rubrik cluster before returning a timeout error. | int | 120 | no |
WARNING: The new IAM User Secret key is stored in plaintext in the terraform.tfstate file. Please ensure this file is stored properly. |
|---|
| WARNING: If saved, iam_keys.txt contains IAM keys stored in plaintext. Save the contents in a secure location and remove the file. |
|---|
The following are the variables printed by the module.
| Name | Description |
|---|---|
| aws_iam_user_name | The name of the AWS IAM User created. |
| aws_iam_access_key | The Access Key of the AWS IAM User that was created. |
| aws_iam_secret_key | The Secret Key of the AWS IAM User that was created. |
| aws_iam_policy | The name of the AWS Policy created for the IAM User. |
| aws_bucket | The AWS S3 bucket that was created. |
| aws_kms_key | The KMS Key ID of the KMS key that was created. |
| aws_region | The AWS region where the resources were created. |
There are a few services you'll need in order to get this project off the ground:
- Terraform v0.15.4 or greater
- Rubrik Provider for Terraform - provides Terraform functions for Rubrik
- Only required to run the sample workflow for adding the archival location to Rubrik
We glady welcome contributions from the community. From updating the documentation to adding more functions for Python, all ideas are welcome. Thank you in advance for all of your issues, pull requests, and comments! ⭐
We encourage all contributors to become members. We aim to grow an active, healthy community of contributors, reviewers, and code owners. Learn more in our Welcome to the Rubrik Build Community page.
We'd love to hear from you! Email us: build@rubrik.com