2

Does terraform support aws backup feature for to restore the image from vault (https://www.terraform.io/docs/providers/aws/r/backup_plan.html )?

As I read the document I can see that it does support creating of backup plan, assigning resources and policy, creating vault but doesnot support restore of an image or ebs volume

How do i add the restore block in my terraform template

Rahul Gaitonde
  • 23
  • 1
  • 6

1 Answers1

5

Terraform's execution model is designed for translating declarative descriptions of an intended state into imperative actions to reach that state automatically, and so its model doesn't really support "exceptional" processes like restoring backups.

However, you can develop a process for restoring backups alongside Terraform whereby the main restore action is done using the AWS Console, AWS CLI, or API in your own automation, and then you inform Terraform after the fact that it should use the restored object via its state manipulation commands.

For example, if you have an EBS volume managed by Terraform using an aws_ebs_volume resource, you might also use Terraform to configure an AWS Backup plan for that volume, and then backups will be created automatically as per your plan.

In the exceptional situation where your existing volume is lost or corrupted and you want to restore the backup, the person responding to the incident can follow the following process:

  • Create an AWS Backup restore job either using the AWS Console, the AWS CLI, or some software of your own design using the AWS Backup API.
  • Once the backup job is complete, consult the CreatedResourceARN to find the id if the new object that was created by restoring the backup. In the case of an EBS volume, this will be the final part of the after the :volume/ separator.

  • Tell Terraform to "forget" the existing EBS volume object that is now destroyed or damaged:

    terraform state rm aws_ebs_volume.example

  • Tell Terraform to import the object created by restoring the backup as the new remote object associated with the Terraform resource:

    terraform import aws_ebs_volume.example vol-049df61146c4d7901

  • If your old EBS volume is still present but corrupted or otherwise damaged, the final step would be to locate and manually destroy the remant of it, because Terraform is no longer managing it and therefore it would otherwise be left in place forever.

After this process is complete, Terraform will consider the new object to be the one managed by that resource, and you can use Terraform as normal with that resource moving forward. The same principle applies to any of the object types supported by AWS Backup, as long as they have a resource type in the AWS provider that supports terraform import.

Martin Atkins
  • 62,420
  • 8
  • 120
  • 138
  • A quick question regarding the original question, why not going the way of "fetching" the backup with data resource to our TF code and referencing it in our RDS module for example ? Thats also declarative and something I do in similar situations – Eyal Solomon Apr 18 '22 at 10:23
  • You can write a declarative description of an RDS instance whose initial content is a backup, but a typical Terraform configuration for an RDS instance would not _typically_ be written in that way because until the instance has been created once there would not be a snapshot to restore from yet. I was intending this answer as a way to restore from a backup in a situation where a configuration was not explicitly written to restore from a backup, since I would not expect to modify an existing Terraform module in order to perform an exceptional operation like this. – Martin Atkins Apr 20 '22 at 00:46