This module creates an AWS Lambda function that runs periodically and makes local
copies of snapshots of an Amazon Relational Database (RDS) database that were shared
from some external AWS account. This allows you to make backups of your RDS snapshots in a totally separate AWS
account.
Let's say you created an RDS snapshot in account 111111111111 encrypted with a KMS key and shared that snapshot with
account 222222222222. To be able to make a copy of that snapshot in account 222222222222 using this module, you must:
Give account 222222222222 access to the KMS key in account 111111111111, including the kms:CreateGrant permission.
If you're using the kms-master-key module
to manage your KMS keys, then in account 111111111111, you add the ARN of account 222222222222 to the
cmk_user_iam_arns variable:
In account 222222222222, you create another KMS key which can be used to re-encrypt the copied snapshot. You need
to give the Lambda function in this module permissions to use that key as follows:
# In account 222222222222module"kms_master_key" {
source = "git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-master-key?ref=<VERSION>"# (Other params omitted)
}
module"copy_snapshot" {
source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/lambda-copy-shared-snapshot?ref=<VERSION>"# Tell this copy snapshot module to use this key to encrypt the copied snapshot
kms_key_id = "${module.kms_master_key.key_arn}"# (Other params omitted)
}
# Giver the copy snapshot module permissions to use the KMS keyresource"aws_iam_role_policy""access_kms_master_key" {
name = "access-kms-master-key"
role = "${module.copy_snapshot.lambda_iam_role_id}"
policy = "${data.aws_iam_policy_document.access_kms_master_key.json}"
}
data"aws_iam_policy_document""access_kms_master_key" {
statement {
effect = "Allow"
actions = [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
]
resources = ["${module.kms_master_key.key_arn}"]
}
statement {
effect = "Allow"
resources = ["*"]
actions = [
"kms:CreateGrant",
"kms:ListGrants",
"kms:RevokeGrant"
]
condition {
test = "Bool"variable = "kms:GrantIsForAWSResource"
values = ["true"]
}
}
}
{"treedata":{"name":"root","toggled":true,"children":[{"name":".circleci","children":[{"name":"config.yml","path":".circleci/config.yml","sha":"5ca43f553aa780f1b002fd2d2fbb2e03e3e3d69c"},{"name":"post-upgrade-test-results.sh","path":".circleci/post-upgrade-test-results.sh","sha":"a4867e8fbdc334b7a90259568ee41ea577fbe764"},{"name":"set-upgrade-test-vars.sh","path":".circleci/set-upgrade-test-vars.sh","sha":"04ccab865d51c1169f7ae4648c38a3d98a9889ab"}]},{"name":".github","children":[{"name":"ISSUE_TEMPLATE","children":[{"name":"bug_report.md","path":".github/ISSUE_TEMPLATE/bug_report.md","sha":"d2e87e27c601e423865ed660ec697082470ca60f"},{"name":"feature_request.md","path":".github/ISSUE_TEMPLATE/feature_request.md","sha":"023a33099be2336476930c96e17ff1ba5dc55348"}]},{"name":"pull_request_template.md","path":".github/pull_request_template.md","sha":"6b100e40e323b5b07f40ed30616277c51c9f4b9e"}]},{"name":".gitignore","path":".gitignore","sha":"b647d70b39746f8ebc58bdb81766f30296fa1297"},{"name":".pre-commit-config.yaml","path":".pre-commit-config.yaml","sha":"d7a7dd3d641e0c3fabb4ab45a0976c0fa0b93fc0"},{"name":"CODEOWNERS","path":"CODEOWNERS","sha":"e281b9861bc3ad0446432b4156744923064b3b69"},{"name":"LICENSE.txt","path":"LICENSE.txt","sha":"b64f3d12153e88d892a7471c2c0254db4a072e34"},{"name":"README.adoc","path":"README.adoc","sha":"1737652cf1b9c4bee32f790eb2bcb28e8f221123"},{"name":"_docs","children":[{"name":"aurora-serverless.png","path":"_docs/aurora-serverless.png","sha":"5a53145be56705c76f7f7aa6a25aa0ddee78e4a3"},{"name":"aurora.png","path":"_docs/aurora.png","sha":"fc218831bfa34097a56f1b0e47fe05521bdb4a8a"},{"name":"backup-architecture.png","path":"_docs/backup-architecture.png","sha":"61b138cd6ad58c7a37fa1b37fef43c44a371a97c"},{"name":"data-backup-architecture.png","path":"_docs/data-backup-architecture.png","sha":"fcc7ce8753e28c19af87ea5cea96e6ded648d429"},{"name":"data-backup.png","path":"_docs/data-backup.png","sha":"116b10f231073f8c52255ca98e48cc228c48a2c3"},{"name":"mariadb.png","path":"_docs/mariadb.png","sha":"d540d3d3ff8797c4a4c3a62c65e7d3f63621568f"},{"name":"mysql.png","path":"_docs/mysql.png","sha":"73b55bd0d517dcba53c878712544abf96be3a66e"},{"name":"oracle.png","path":"_docs/oracle.png","sha":"b5f1ca801f5af4a30f1b812eea17cec516c1fe6c"},{"name":"postgresql.png","path":"_docs/postgresql.png","sha":"fd9c7ec282aef38a5813e8542d92227b96bd5be8"},{"name":"rds-architecture.png","path":"_docs/rds-architecture.png","sha":"8f2b1b5b4015a5777032c6aa64627ceee24330fc"},{"name":"redshift-architecture.png","path":"_docs/redshift-architecture.png","sha":"0ebffc1b1fbecdb0335a09c6bf7fe7c5f073d16e"},{"name":"redshift-icon.png","path":"_docs/redshift-icon.png","sha":"add0f05edb29726e62c784edf428eef60aed4d5f"},{"name":"sqlserver.png","path":"_docs/sqlserver.png","sha":"a800d188398262593f4f89f27c8f3ce2ce1e76a4"}]},{"name":"examples","children":[{"name":"aurora-global-cluster","children":[{"name":"README.md","path":"examples/aurora-global-cluster/README.md","sha":"5dcc5d206605d4e4a55bd1eed3137d589e1e025c"},{"name":"main.tf","path":"examples/aurora-global-cluster/main.tf","sha":"0f34da525a4456acb72060932adee97b24f47227"},{"name":"outputs.tf","path":"examples/aurora-global-cluster/outputs.tf","sha":"ad1a6164878d086b7aba2e2d6dcece92b57db2e6"},{"name":"variables.tf","path":"examples/aurora-global-cluster/variables.tf","sha":"621ea044d4e7a1d4df291ee6a316f249ea799dcd"}]},{"name":"aurora-managed-password","children":[{"name":"README.md","path":"examples/aurora-managed-password/README.md","sha":"73e4467497f792bfed61ffad3b0620fddabf6f18"},{"name":"main.tf","path":"examples/aurora-managed-password/main.tf","sha":"c94813d696eaf11bce0ffc0fa86465c21fac0076"},{"name":"outputs.tf","path":"examples/aurora-managed-password/outputs.tf","sha":"bfd599b111da577b696ef038c80466290644b890"},{"name":"variables.tf","path":"examples/aurora-managed-password/variables.tf","sha":"c2a0d5daafa62b1def1f88b1cbadafce32cc1e02"}]},{"name":"aurora-serverless-v2","children":[{"name":"README.md","path":"examples/aurora-serverless-v2/README.md","sha":"dfe32720e88f7f30a54ef676b00806caabb8bf6d"},{"name":"main.tf","path":"examples/aurora-serverless-v2/main.tf","sha":"4679d7ca9f662a66b2c67556a1154974c2f71328"},{"name":"outputs.tf","path":"examples/aurora-serverless-v2/outputs.tf","sha":"6a1d215eb6ada03646e810f7ef68802fad057bad"},{"name":"variables.tf","path":"examples/aurora-serverless-v2/variables.tf","sha":"88ef2e9f1c7bfcc77de324e1c426e6003d20f7a0"}]},{"name":"aurora-serverless","children":[{"name":"README.md","path":"examples/aurora-serverless/README.md","sha":"24a714baec84945056b7d3280952c446f5bd4506"},{"name":"main.tf","path":"examples/aurora-serverless/main.tf","sha":"0470cda0be2932f61e0faa1eb3300d8bf46aab5c"},{"name":"outputs.tf","path":"examples/aurora-serverless/outputs.tf","sha":"7da44a91e9ac6e14a5c7c144c60c5ad0ceb5ce1b"},{"name":"variables.tf","path":"examples/aurora-serverless/variables.tf","sha":"dfc3278b1b6dadc9a223bd22c21aca590ad025c0"}]},{"name":"aurora-with-cross-region-replica","children":[{"name":"README.md","path":"examples/aurora-with-cross-region-replica/README.md","sha":"fc875ed3aae9bdfb2eb361e6d6ea11d10373f22a"},{"name":"main.tf","path":"examples/aurora-with-cross-region-replica/main.tf","sha":"a268c95842f11be1ec8587181576c9a17a82ad0c"},{"name":"outputs.tf","path":"examples/aurora-with-cross-region-replica/outputs.tf","sha":"58a3862180d107c3d0501ec9b289b08ed09af3a8"},{"name":"variables.tf","path":"examples/aurora-with-cross-region-replica/variables.tf","sha":"2590a5418aa0cb3ea5c19935bf32a56150c9f41d"}]},{"name":"aurora","children":[{"name":"README.md","path":"examples/aurora/README.md","sha":"2074c75377de7708369a003aa74ba9cd78fcf56f"},{"name":"main.tf","path":"examples/aurora/main.tf","sha":"4e5f7ce0e8990259b428eb22c55e8bf85733924d"},{"name":"outputs.tf","path":"examples/aurora/outputs.tf","sha":"14ed19ce89fa6a6fd9037ed745ee9f43a47ca92e"},{"name":"variables.tf","path":"examples/aurora/variables.tf","sha":"41537cf52913f66379be347867d9fe6d1c0986dc"}]},{"name":"default-vault-plan-and-selection","children":[{"name":"README.md","path":"examples/default-vault-plan-and-selection/README.md","sha":"654dff28a302481e32e4a9985afd6fced0d55d7e"},{"name":"main.tf","path":"examples/default-vault-plan-and-selection/main.tf","sha":"1e412640d057652c6027cd84f9b688a1b9a21d84"},{"name":"variables.tf","path":"examples/default-vault-plan-and-selection/variables.tf","sha":"b41526930c798d19c4dd3d744a3ffcce4538535d"}]},{"name":"efs","children":[{"name":"README.md","path":"examples/efs/README.md","sha":"a0fb53395cdf99f122cea46e8174b2684fb0a363"},{"name":"main.tf","path":"examples/efs/main.tf","sha":"9d886f3ab8ddaea849cfe7c398d4d96bb9c0941b"},{"name":"outputs.tf","path":"examples/efs/outputs.tf","sha":"d724c2d6aadba89c8de9f07ca9a9696d32322c49"},{"name":"variables.tf","path":"examples/efs/variables.tf","sha":"3c49e13f2e303786c32ca45a0408a270b4a43bae"}]},{"name":"lambda-rds-snapshot-copy-shared-snapshot","children":[{"name":"README.md","path":"examples/lambda-rds-snapshot-copy-shared-snapshot/README.md","sha":"961e281f1fba921d5c3da95cc711375f42b8f227"},{"name":"main.tf","path":"examples/lambda-rds-snapshot-copy-shared-snapshot/main.tf","sha":"f7c0b7e2c6f31b116f82bb42aaba8bbbf768a549"},{"name":"outputs.tf","path":"examples/lambda-rds-snapshot-copy-shared-snapshot/outputs.tf","sha":"df649a61494bf66d985517f1ef620833619400e3"},{"name":"variables.tf","path":"examples/lambda-rds-snapshot-copy-shared-snapshot/variables.tf","sha":"886d7ba54db417aa553a40a64b3fe7494039a761"}]},{"name":"lambda-rds-snapshot-multiple-schedules","children":[{"name":"README.md","path":"examples/lambda-rds-snapshot-multiple-schedules/README.md","sha":"63be84a5d148b9de4c27a20c533177bcccc55f5d"},{"name":"main.tf","path":"examples/lambda-rds-snapshot-multiple-schedules/main.tf","sha":"c6b5f9e28e96e70f6641b9bec3370c28fc36180d"},{"name":"outputs.tf","path":"examples/lambda-rds-snapshot-multiple-schedules/outputs.tf","sha":"7a8f966782c659d1568f35684197f232939ea9ec"},{"name":"variables.tf","path":"examples/lambda-rds-snapshot-multiple-schedules/variables.tf","sha":"f6ae16692c02a1ae6ed95d58e16bd3e02b98f703"}]},{"name":"lambda-rds-snapshot","children":[{"name":"README.md","path":"examples/lambda-rds-snapshot/README.md","sha":"74f8c4e97a22520769224a914da858687a3a7cee"},{"name":"main.tf","path":"examples/lambda-rds-snapshot/main.tf","sha":"f535f703c00d5443bac6826e515166cff7557ef0"},{"name":"outputs.tf","path":"examples/lambda-rds-snapshot/outputs.tf","sha":"443e3ba61050e5c35d29e2ee267775b273139dbf"},{"name":"variables.tf","path":"examples/lambda-rds-snapshot/variables.tf","sha":"b777711ea9860aa43f766a5e5edf8b817e994885"}]},{"name":"rds-bastion-host","children":[{"name":"README.md","path":"examples/rds-bastion-host/README.md","sha":"b578a092a3d357832bfb696400048bf58aac1c6a"},{"name":"main.tf","path":"examples/rds-bastion-host/main.tf","sha":"33f0ded5e8c862499b6620c3b4a8696623e17459"},{"name":"mysql-cli-install.sh","path":"examples/rds-bastion-host/mysql-cli-install.sh","sha":"b8761648380fb4e2411604cda72ec27119247d4c"},{"name":"outputs.tf","path":"examples/rds-bastion-host/outputs.tf","sha":"ed63b2572f3813bd183dc5c48d21ce606ac6392e"},{"name":"variables.tf","path":"examples/rds-bastion-host/variables.tf","sha":"4c69fde912b66da2989ad5eaf36de7d62db10c7c"}]},{"name":"rds-managed-password","children":[{"name":"README.md","path":"examples/rds-managed-password/README.md","sha":"528b187e88957a9c23c0e56627b08146359de968"},{"name":"main.tf","path":"examples/rds-managed-password/main.tf","sha":"69760f10fd324109321e535d25033df88b5a53ff"},{"name":"outputs.tf","path":"examples/rds-managed-password/outputs.tf","sha":"f4db34a971ad78b28f83666bf30985d698059e97"},{"name":"variables.tf","path":"examples/rds-managed-password/variables.tf","sha":"1e6a5d353aa666e1a0d1fabdc50236c7a825f6ab"}]},{"name":"rds-mariadb","children":[{"name":"README.md","path":"examples/rds-mariadb/README.md","sha":"049bd92e67b2b6405ef9bc5c0d9926ca207e7dbb"},{"name":"main.tf","path":"examples/rds-mariadb/main.tf","sha":"65889864272e1a8829b5f2bb830cfd91f5e63000"},{"name":"outputs.tf","path":"examples/rds-mariadb/outputs.tf","sha":"d373f3c1f773a1e8d579c3294488e2c7ccfed805"},{"name":"variables.tf","path":"examples/rds-mariadb/variables.tf","sha":"ed361337d097a2bcc4a9b2682e2e9b4d1074fde4"}]},{"name":"rds-mysql-with-cross-region-replica","children":[{"name":"README.md","path":"examples/rds-mysql-with-cross-region-replica/README.md","sha":"3df99ed94f0560ca426dec107f3c80e599d90b9d"},{"name":"main.tf","path":"examples/rds-mysql-with-cross-region-replica/main.tf","sha":"dbf407aa895616faf8f2f8e0f9d2d9c25686ab98"},{"name":"outputs.tf","path":"examples/rds-mysql-with-cross-region-replica/outputs.tf","sha":"acbae00ee749a1539ea50f529f14657226fa3cc2"},{"name":"variables.tf","path":"examples/rds-mysql-with-cross-region-replica/variables.tf","sha":"36b40138a7164361014465352c60d0fb02e7b84b"}]},{"name":"rds-mysql","children":[{"name":"README.md","path":"examples/rds-mysql/README.md","sha":"1c79d544ac1711ba0edc3ef1435ae14ed9584e4c"},{"name":"main.tf","path":"examples/rds-mysql/main.tf","sha":"82200a1b6790b057ed4315fa7c86621bad8430c3"},{"name":"outputs.tf","path":"examples/rds-mysql/outputs.tf","sha":"f4db34a971ad78b28f83666bf30985d698059e97"},{"name":"variables.tf","path":"examples/rds-mysql/variables.tf","sha":"5082fe4baadfe6f8590b4095db17f20c0ecbb635"}]},{"name":"rds-oracle","children":[{"name":"README.md","path":"examples/rds-oracle/README.md","sha":"2e2645f9078a7a13f74081d03f9bcc20b77d9f46"},{"name":"main.tf","path":"examples/rds-oracle/main.tf","sha":"35867dc7ac06bc7b0e925312d26f06216a64ab79"},{"name":"outputs.tf","path":"examples/rds-oracle/outputs.tf","sha":"c0f452528a4ac04d9f3fb842fb20a2c56fa698ab"},{"name":"variables.tf","path":"examples/rds-oracle/variables.tf","sha":"0a812bfa48159caedabfc0f3f0b1211a7b3211b8"}]},{"name":"rds-postgres","children":[{"name":"README.md","path":"examples/rds-postgres/README.md","sha":"15af33be939aee1629228ab8cad166c799f85068"},{"name":"main.tf","path":"examples/rds-postgres/main.tf","sha":"bda264c35162a6271d288a64d193b369d5b729ad"},{"name":"outputs.tf","path":"examples/rds-postgres/outputs.tf","sha":"905ba674ef6e4944bcdc21e6e789ac63f0cdc8ed"},{"name":"variables.tf","path":"examples/rds-postgres/variables.tf","sha":"c11f11b9a65ea65e4f33b04952a645222fa344d7"}]},{"name":"rds-proxy","children":[{"name":"README.md","path":"examples/rds-proxy/README.md","sha":"fb74051fa749cad1ffeee72a0a06ea83d6a61097"},{"name":"main.tf","path":"examples/rds-proxy/main.tf","sha":"313d67294ad0935849a863238071e17c0ead5d35"},{"name":"outputs.tf","path":"examples/rds-proxy/outputs.tf","sha":"ee2b6baaec21d2f6da66e8ca0b5e488e976cb838"},{"name":"variables.tf","path":"examples/rds-proxy/variables.tf","sha":"2020671d6fdc9dc802dab4da663a6493671fa152"}]},{"name":"rds-sqlserver","children":[{"name":"README.md","path":"examples/rds-sqlserver/README.md","sha":"3b2919cc48b03ad5ec113e25767d431f202026f9"},{"name":"main.tf","path":"examples/rds-sqlserver/main.tf","sha":"246913b7cbd047ca778264bd3bcc66636dffccc4"},{"name":"outputs.tf","path":"examples/rds-sqlserver/outputs.tf","sha":"070fea4677bad6fb5be0200a05360da70d171c2f"},{"name":"variables.tf","path":"examples/rds-sqlserver/variables.tf","sha":"5964c13126c3b9d28c84e5466dd361997f83c213"}]},{"name":"rds-with-replicas","children":[{"name":"README.md","path":"examples/rds-with-replicas/README.md","sha":"b92f42c362ed4d25c0144378b7acaa0600e30a12"},{"name":"main.tf","path":"examples/rds-with-replicas/main.tf","sha":"e3672e8eff11dbd1cac7f8a2328497c941db53f0"},{"name":"outputs.tf","path":"examples/rds-with-replicas/outputs.tf","sha":"991d5436a635194fec1ad1476eb7be6616032c7a"},{"name":"variables.tf","path":"examples/rds-with-replicas/variables.tf","sha":"97ec2c17dd836540e94bfd0b4863a6e67ffc6f30"}]},{"name":"redshift-serverless","children":[{"name":"README.md","path":"examples/redshift-serverless/README.md","sha":"743e0fec9c6d6109a74ac024d5eb84be2ee671e3"},{"name":"main.tf","path":"examples/redshift-serverless/main.tf","sha":"109fa74f5f74963c62240671d75227d419bb15c2"},{"name":"outputs.tf","path":"examples/redshift-serverless/outputs.tf","sha":"fc94fb51c8c1a060c4fdf0f446f0954fca641a78"},{"name":"variables.tf","path":"examples/redshift-serverless/variables.tf","sha":"bda1638f8565a402e4815b55d90f677d6fa04503"}]},{"name":"redshift","children":[{"name":"README.md","path":"examples/redshift/README.md","sha":"d10ff00e5c64f98d5600f88f1cf8e5c9d5dfdb21"},{"name":"main.tf","path":"examples/redshift/main.tf","sha":"eab2e4c82f17b68c647c22a1bf4729c91d19a6e8"},{"name":"outputs.tf","path":"examples/redshift/outputs.tf","sha":"779c37290dc1c986bfd8d629cc9b2ba1d98c68aa"},{"name":"variables.tf","path":"examples/redshift/variables.tf","sha":"e89ac7c94a3aa6fd900dc5a31a17923c84091fab"}]},{"name":"vault-locks","children":[{"name":"README.md","path":"examples/vault-locks/README.md","sha":"7a49496e40c5bc5c8d2f1cacc23573e2d50ccc94"},{"name":"main.tf","path":"examples/vault-locks/main.tf","sha":"cf8fa5277588ba392aad028d6d9c41e7adffe002"},{"name":"outputs.tf","path":"examples/vault-locks/outputs.tf","sha":"dd9af28381868df768797dad02f01224c08bc0a1"},{"name":"variables.tf","path":"examples/vault-locks/variables.tf","sha":"c10e2df32d32c72fcd591b75bb9cc4d1ae7a0eb0"}]},{"name":"vault-notifications","children":[{"name":"README.md","path":"examples/vault-notifications/README.md","sha":"0cb4cfa60f1f9da100d2e9c3320deb1bae4ace6f"},{"name":"main.tf","path":"examples/vault-notifications/main.tf","sha":"aa411a330556da72e241b28611bd61f8e2d9e79f"},{"name":"outputs.tf","path":"examples/vault-notifications/outputs.tf","sha":"dd9af28381868df768797dad02f01224c08bc0a1"},{"name":"variables.tf","path":"examples/vault-notifications/variables.tf","sha":"c10e2df32d32c72fcd591b75bb9cc4d1ae7a0eb0"}]},{"name":"vault-plan-and-selection","children":[{"name":"README.md","path":"examples/vault-plan-and-selection/README.md","sha":"fe4c265fd82bc2159aa713b31eb7eefe9c43803b"},{"name":"main.tf","path":"examples/vault-plan-and-selection/main.tf","sha":"c96da877bf9592d08db4fdb33b8f820fe519ac0b"},{"name":"outputs.tf","path":"examples/vault-plan-and-selection/outputs.tf","sha":"dd9af28381868df768797dad02f01224c08bc0a1"},{"name":"variables.tf","path":"examples/vault-plan-and-selection/variables.tf","sha":"c10e2df32d32c72fcd591b75bb9cc4d1ae7a0eb0"}]},{"name":"vault-recovery-points","children":[{"name":"README.md","path":"examples/vault-recovery-points/README.md","sha":"175e9a8c304f9e04a0735289c0c9abfaa4c1a595"},{"name":"main.tf","path":"examples/vault-recovery-points/main.tf","sha":"9d0c888cf1052fa4019e648b2c8449a335a03227"},{"name":"outputs.tf","path":"examples/vault-recovery-points/outputs.tf","sha":"b39a216ef2dfa3a71a2aca8d34a78843d459a4bd"},{"name":"variables.tf","path":"examples/vault-recovery-points/variables.tf","sha":"c10e2df32d32c72fcd591b75bb9cc4d1ae7a0eb0"}]},{"name":"vault-with-custom-policy","children":[{"name":"README.md","path":"examples/vault-with-custom-policy/README.md","sha":"4d18ebcfb7c7f6e9f1f80c39569f731bcca376b9"},{"name":"main.tf","path":"examples/vault-with-custom-policy/main.tf","sha":"256d8dac161b18f9d6278efe2a0c637b8d0f4603"},{"name":"outputs.tf","path":"examples/vault-with-custom-policy/outputs.tf","sha":"dd9af28381868df768797dad02f01224c08bc0a1"},{"name":"variables.tf","path":"examples/vault-with-custom-policy/variables.tf","sha":"6c5bab480dd2fd4cb575f0387cc70038660255d1"}]}]},{"name":"modules","children":[{"name":"aurora","children":[{"name":"CHANGELOG.md","path":"modules/aurora/CHANGELOG.md","sha":"edb61e795e7a06a86ef050003b1ec5e15bbe1573"},{"name":"README.md","path":"modules/aurora/README.md","sha":"f6f7d1ea0827f47f218d76d28e29c7a166c3b92d"},{"name":"main.tf","path":"modules/aurora/main.tf","sha":"0101ca13ac4b993df89b077749cf884a18ece537"},{"name":"outputs.tf","path":"modules/aurora/outputs.tf","sha":"b770f1c7761a2f916cd1db4b5f95edf687c54b29"},{"name":"variables.tf","path":"modules/aurora/variables.tf","sha":"497bf42a0a5202a28d8445ce2831ffb1729c95fa"}]},{"name":"backup-plan","children":[{"name":"CHANGELOG.md","path":"modules/backup-plan/CHANGELOG.md","sha":"6621cc172ff50a2d87c9329cbedd005e14c4e8b6"},{"name":"README.md","path":"modules/backup-plan/README.md","sha":"bbfdb5f91ff5c469e755ba5dacac21b80e01c175"},{"name":"core-concepts.md","path":"modules/backup-plan/core-concepts.md","sha":"f72addac44723e0037bdb5d4f4c4f253454fa0dc"},{"name":"main.tf","path":"modules/backup-plan/main.tf","sha":"92aa713814c80606c342bb2b7357609f6d00173e"},{"name":"outputs.tf","path":"modules/backup-plan/outputs.tf","sha":"7baaa43ded4ab3597ce120c202611ca7d1379a0b"},{"name":"variables.tf","path":"modules/backup-plan/variables.tf","sha":"a5bb4d9e5177649f5c041c2ba9cb88925176e713"}]},{"name":"backup-vault","children":[{"name":"CHANGELOG.md","path":"modules/backup-vault/CHANGELOG.md","sha":"02932598418284ac50b8beee7fa517df9e021e98"},{"name":"README.md","path":"modules/backup-vault/README.md","sha":"9b4fb120d06fb5008825052f9263cd85814bc9ab"},{"name":"core-concepts.md","path":"modules/backup-vault/core-concepts.md","sha":"f72addac44723e0037bdb5d4f4c4f253454fa0dc"},{"name":"main.tf","path":"modules/backup-vault/main.tf","sha":"dd18144cae13c0c12d882372528ca30e55702c68"},{"name":"outputs.tf","path":"modules/backup-vault/outputs.tf","sha":"6f9126dc37e7ffabb067ecc02fd9614d32be8c03"},{"name":"variables.tf","path":"modules/backup-vault/variables.tf","sha":"ab63764d5d40263d3514cd832fe0a3b013ff9f6d"}]},{"name":"efs","children":[{"name":"CHANGELOG.md","path":"modules/efs/CHANGELOG.md","sha":"d7e35c2c120bc59a25aa2eb76463592a3e266dfd"},{"name":"README.adoc","path":"modules/efs/README.adoc","sha":"1b13e1f238d444728b6b81a67e4b38c78d33a1ba"},{"name":"main.tf","path":"modules/efs/main.tf","sha":"e55834ba3a5c22242567c3ff503bdab2e4f390df"},{"name":"outputs.tf","path":"modules/efs/outputs.tf","sha":"b505b3d3c4ade32e06286ebea60be1a5f67ce77a"},{"name":"variables.tf","path":"modules/efs/variables.tf","sha":"b5a0571a2ff59a95f3510b7658d23330ce4721dd"}]},{"name":"lambda-cleanup-snapshots","children":[{"name":"CHANGELOG.md","path":"modules/lambda-cleanup-snapshots/CHANGELOG.md","sha":"e8f52ab10e0d2b87a0af852b7854e26bd7090cb2"},{"name":"README.md","path":"modules/lambda-cleanup-snapshots/README.md","sha":"0117ca051d45f2b9f1e21263b7d44b4814b16b76"},{"name":"cleanup-rds-snapshots","children":[{"name":"index.py","path":"modules/lambda-cleanup-snapshots/cleanup-rds-snapshots/index.py","sha":"9e651d2d57310054e21d891aec481d02c9d79489"}]},{"name":"main.tf","path":"modules/lambda-cleanup-snapshots/main.tf","sha":"34caa43428eb9f019b096143a84576b170daf8c4"},{"name":"outputs.tf","path":"modules/lambda-cleanup-snapshots/outputs.tf","sha":"a99c0265d859dd0c87a6eba62aaf2b013e224873"},{"name":"variables.tf","path":"modules/lambda-cleanup-snapshots/variables.tf","sha":"6a8d68f55cf51d75ec84caed75ebcb2ea25a5dab"}]},{"name":"lambda-copy-shared-snapshot","children":[{"name":"CHANGELOG.md","path":"modules/lambda-copy-shared-snapshot/CHANGELOG.md","sha":"c945d0ac200367c96e05b3b8e896430ed9c1bd42"},{"name":"README.md","path":"modules/lambda-copy-shared-snapshot/README.md","sha":"6fc6ed6b551a35d7f0cb49667c1087eeea22a9b9","toggled":true},{"name":"copy-shared-rds-snapshot","children":[{"name":"index.py","path":"modules/lambda-copy-shared-snapshot/copy-shared-rds-snapshot/index.py","sha":"6b1a0331ee9ffc57c95e0923a4b1db46dec0b2c5"}]},{"name":"main.tf","path":"modules/lambda-copy-shared-snapshot/main.tf","sha":"103cfd59868c0c0684fd33bd0c0814508ce8e75c"},{"name":"outputs.tf","path":"modules/lambda-copy-shared-snapshot/outputs.tf","sha":"f4833d96fa6d47190b9d2c3af243142aefc59d59"},{"name":"variables.tf","path":"modules/lambda-copy-shared-snapshot/variables.tf","sha":"d2256cb15149dbbcfc3593312e532e1a3323b22d"}],"toggled":true},{"name":"lambda-create-snapshot","children":[{"name":"CHANGELOG.md","path":"modules/lambda-create-snapshot/CHANGELOG.md","sha":"f5fc10292bd8fc57a57106c6dfd449aea484077c"},{"name":"README.adoc","path":"modules/lambda-create-snapshot/README.adoc","sha":"88e7a3ccbb2e2bcdede5916267d02eaf3608a538"},{"name":"core-concepts.md","path":"modules/lambda-create-snapshot/core-concepts.md","sha":"61bd0892c5597716e19cc5ed7d7a2b5533cbe1a4"},{"name":"create-rds-snapshot","children":[{"name":"index.py","path":"modules/lambda-create-snapshot/create-rds-snapshot/index.py","sha":"16bc7d1b67dcee20577808cdbf39b1938972c5cb"}]},{"name":"main.tf","path":"modules/lambda-create-snapshot/main.tf","sha":"5c98fb40d6b445f1b20c088e048a7b4362848022"},{"name":"outputs.tf","path":"modules/lambda-create-snapshot/outputs.tf","sha":"a0f5ffafa8ef11d00b72f1858b81e182ab2471dd"},{"name":"variables.tf","path":"modules/lambda-create-snapshot/variables.tf","sha":"f18942d85d2e7c5dc4c629b1503a1c32a52e4b56"}]},{"name":"lambda-share-snapshot","children":[{"name":"CHANGELOG.md","path":"modules/lambda-share-snapshot/CHANGELOG.md","sha":"19c11b32649f128566b5656c3e21fbb921fc5ee1"},{"name":"README.md","path":"modules/lambda-share-snapshot/README.md","sha":"9006e578e4c850804ddccdc2de9fbc733fb46e29"},{"name":"main.tf","path":"modules/lambda-share-snapshot/main.tf","sha":"479fe250283479a6b6111c74a8db19c43d83d2d3"},{"name":"outputs.tf","path":"modules/lambda-share-snapshot/outputs.tf","sha":"c0d2854f967a6c963662c660d6ae96d8cabe471a"},{"name":"share-rds-snapshot","children":[{"name":"index.py","path":"modules/lambda-share-snapshot/share-rds-snapshot/index.py","sha":"b4e784ff72172d1f3e84f0f97a48fdf60405ed27"}]},{"name":"variables.tf","path":"modules/lambda-share-snapshot/variables.tf","sha":"683571dbf98c2fb4f8077e7adadcb4df4241b9b4"}]},{"name":"rds-proxy","children":[{"name":"README.md","path":"modules/rds-proxy/README.md","sha":"6ce47c19bc6743931bb2a9bc4b572373ab81e35a"},{"name":"main.tf","path":"modules/rds-proxy/main.tf","sha":"ccb0e086589f14382b03b5289fc9b41cf3f3220f"},{"name":"outputs.tf","path":"modules/rds-proxy/outputs.tf","sha":"08ce8176157e53bb23e5f5ae8d76f8b4310dccda"},{"name":"variables.tf","path":"modules/rds-proxy/variables.tf","sha":"5388980f03bcd8be74f82527cba6348bd0ab907d"}]},{"name":"rds-replicas","children":[{"name":"README.md","path":"modules/rds-replicas/README.md","sha":"29800af570eedf9c0240f01342a5fdd1ac706fef"},{"name":"main.tf","path":"modules/rds-replicas/main.tf","sha":"91a134d6d4fd6cac369a89a8036329feee7215b4"},{"name":"outputs.tf","path":"modules/rds-replicas/outputs.tf","sha":"30703bf2512308c29289a912ef93f51b7887e299"},{"name":"variables.tf","path":"modules/rds-replicas/variables.tf","sha":"149c3b2c548b7a152525e45e4474bd525626d38b"}]},{"name":"rds","children":[{"name":"CHANGELOG.md","path":"modules/rds/CHANGELOG.md","sha":"2b56736f5478e2056d04aad4a9e520d757f1405a"},{"name":"README.md","path":"modules/rds/README.md","sha":"b8df0b9d969db6f10480fcf1fb83755e6c40750d"},{"name":"main.tf","path":"modules/rds/main.tf","sha":"b8ed5db0c417fe5069738163034264c36e1525f0"},{"name":"outputs.tf","path":"modules/rds/outputs.tf","sha":"3cf359f44b2fc3d968a457f7057f77b70a9a1b91"},{"name":"variables.tf","path":"modules/rds/variables.tf","sha":"8edc0e544569205acaecfa674abb9642fd51c095"}]},{"name":"redshift","children":[{"name":"CHANGELOG.md","path":"modules/redshift/CHANGELOG.md","sha":"474edd1fabb97de31f22e241624232a52033f136"},{"name":"README.md","path":"modules/redshift/README.md","sha":"28eae0bd40d06491c7f27c54f2e33e49c3941649"},{"name":"main.tf","path":"modules/redshift/main.tf","sha":"ba582bd91ae8f5c0e59361dad5ca4d5f5b63133e"},{"name":"outputs.tf","path":"modules/redshift/outputs.tf","sha":"8503fdcfb8e92f535148b9be6ffe3567be38e170"},{"name":"variables.tf","path":"modules/redshift/variables.tf","sha":"5834686fb499e3b5c57eac33b999c04f2e50aa1f"}]}],"toggled":true},{"name":"terraform-cloud-enterprise-private-module-registry-placeholder.tf","path":"terraform-cloud-enterprise-private-module-registry-placeholder.tf","sha":"ae586c0fe830819580e1009d41a9074f16e65bed"},{"name":"test","children":[{"name":"README.md","path":"test/README.md","sha":"289d0c06b582828ff762304cc907d80e889c19d7"},{"name":"backup_test_helpers.go","path":"test/backup_test_helpers.go","sha":"51bdc48c508abbae30da4079e7a4e58318afa268"},{"name":"db_util.go","path":"test/db_util.go","sha":"8caa917a2446fa22a60d6374d6a1673ecbec57fb"},{"name":"example_aurora_global_test.go","path":"test/example_aurora_global_test.go","sha":"64132fba5356b47ef10d984bb1135e446ca88d05"},{"name":"example_aurora_test.go","path":"test/example_aurora_test.go","sha":"d4a789a352557c190ce07748971e9a46f60cdf4b"},{"name":"example_aurora_with_cross_region_replica_test.go","path":"test/example_aurora_with_cross_region_replica_test.go","sha":"6db2b52b8fcf914a1faf6ef93085406dd08dc981"},{"name":"example_backup_default_vault_and_plan_test.go","path":"test/example_backup_default_vault_and_plan_test.go","sha":"9087e372b53c9dff14c03b5334dae7237e77ed69"},{"name":"example_backup_recovery_point_test.go","path":"test/example_backup_recovery_point_test.go","sha":"944035130d5cc776f5a2c6846684fc286fef62ab"},{"name":"example_backup_vault_and_plan_test.go","path":"test/example_backup_vault_and_plan_test.go","sha":"95a7d67ebd962cc7ac85e5fce1e2a119373a48b3"},{"name":"example_backup_vault_notifications_test.go","path":"test/example_backup_vault_notifications_test.go","sha":"742b1a01da35a48cacf0dcc448428d811c520e62"},{"name":"example_backup_vault_with_custom_policy_test.go","path":"test/example_backup_vault_with_custom_policy_test.go","sha":"6568822143bc0b99c0dcfc1af50fae8bfdbd9a56"},{"name":"example_efs_test.go","path":"test/example_efs_test.go","sha":"c721f5e694ccddefb9debf245cd6bbca0e36b2a7"},{"name":"example_lambda_rds_snapshot_create_resources_test.go","path":"test/example_lambda_rds_snapshot_create_resources_test.go","sha":"f16395c838019af3e574cd5476856e1b12ad562f"},{"name":"example_lambda_rds_snapshot_multiple_schedules_test.go","path":"test/example_lambda_rds_snapshot_multiple_schedules_test.go","sha":"0962d6149bdcf92151f1257fbb96217f1e8d0d60"},{"name":"example_lambda_rds_snapshot_test.go","path":"test/example_lambda_rds_snapshot_test.go","sha":"8df8dcaf23bc4d48c2fabc8f804d10632fc708f4"},{"name":"example_rds_mariadb_test.go","path":"test/example_rds_mariadb_test.go","sha":"506f01aca258a083a0d54395c7c6fda0d257a48c"},{"name":"example_rds_mysql_test.go","path":"test/example_rds_mysql_test.go","sha":"0ad8f776093364cf47d3db027d4ead24f8de4ccb"},{"name":"example_rds_mysql_with_cross_region_replica_test.go","path":"test/example_rds_mysql_with_cross_region_replica_test.go","sha":"e12392ecc36bda3afa4d6339e0d0ba490efdd7b8"},{"name":"example_rds_oracle_test.go","path":"test/example_rds_oracle_test.go","sha":"f19ca0c2cbc09e5672c8a1baedf07ed4aa1a650f"},{"name":"example_rds_postgres_test.go","path":"test/example_rds_postgres_test.go","sha":"344434b159383692ddd58d849b9e5d59ca7ba896"},{"name":"example_rds_proxy_test.go","path":"test/example_rds_proxy_test.go","sha":"87c2e10701105a974315be338499daa674f0adc6"},{"name":"example_rds_sqlserver_test.go","path":"test/example_rds_sqlserver_test.go","sha":"b3ac12a562ed1653d212f4598fe9097ccd2f82c6"},{"name":"example_rds_with_replicas_test.go","path":"test/example_rds_with_replicas_test.go","sha":"907ddf0ee34979924ff73737e8930faf286f65a8"},{"name":"example_redshift_test.go","path":"test/example_redshift_test.go","sha":"616087f8f54f096f4265dc5402b220b723e692e3"},{"name":"go.mod","path":"test/go.mod","sha":"4b01cc0cc7564e428160f71495aeccf241e53510"},{"name":"go.sum","path":"test/go.sum","sha":"91411b1fbb236ff9db8a8a2011adac4154cfde77"},{"name":"rds_connection.go","path":"test/rds_connection.go","sha":"8a68b6b92234300849ee6a1fcda63b68dc7835b5"},{"name":"upgrades","children":[{"name":"upgrade_test.go","path":"test/upgrades/upgrade_test.go","sha":"6db1e947ac470e48dbc5f137454d7a470cd7a68e"}]},{"name":"util.go","path":"test/util.go","sha":"10791215b62782aca1e500f11ccf1f931ccf7342"},{"name":"validation","children":[{"name":"validate_all_modules_and_examples_test.go","path":"test/validation/validate_all_modules_and_examples_test.go","sha":"74c928d0cbc2914e5cd708277bd857cb2375b660"}]}]}]},"detailsContent":"<h1 class=\"preview__body--title\" id=\"copy-snapshot-lambda-module\">Copy Snapshot Lambda Module</h1><div class=\"preview__body--border\"></div><p>This module creates an <a href=\"https://aws.amazon.com/lambda/\" class=\"preview__body--description--blue\" target=\"_blank\">AWS Lambda</a> function that runs periodically and makes local\ncopies of snapshots of an <a href=\"https://aws.amazon.com/rds/\" class=\"preview__body--description--blue\" target=\"_blank\">Amazon Relational Database (RDS)</a> database that were shared\nfrom some external AWS account. This allows you to make backups of your RDS snapshots in a totally separate AWS\naccount.</p>\n<p>Note that to use this module, you must have access to the Gruntwork <a href=\"/repos/terraform-aws-ci\" class=\"preview__body--description--blue\">Continuous Delivery Infrastructure Package\n(terraform-aws-ci)</a>. If you need access, email support@gruntwork.io.</p>\n<h2 class=\"preview__body--subtitle\" id=\"how-do-you-use-this-module\">How do you use this module?</h2>\n<p>See the <a href=\"/repos/v0.31.4/module-data-storage/examples/lambda-rds-snapshot\" class=\"preview__body--description--blue\">lambda-rds-snapshot example</a> for sample code.</p>\n<p>If you are using this function to copy snapshots to another AWS account, you may also want to look at the\n<a href=\"/repos/v0.31.4/module-data-storage/modules/lambda-create-snapshot\" class=\"preview__body--description--blue\">lambda-create-snapshot</a> and\n<a href=\"/repos/v0.31.4/module-data-storage/modules/lambda-share-snapshot\" class=\"preview__body--description--blue\">lambda-share-snapshot</a> modules.</p>\n<h2 class=\"preview__body--subtitle\" id=\"how-do-you-copy-an-encrypted-snapshot\">How do you copy an encrypted snapshot?</h2>\n<p>Let's say you created an RDS snapshot in account 111111111111 encrypted with a KMS key and shared that snapshot with\naccount 222222222222. To be able to make a copy of that snapshot in account 222222222222 using this module, you must:</p>\n<ol>\n<li>\n<p>Give account 222222222222 access to the KMS key in account 111111111111, including the <code>kms:CreateGrant</code> permission.\nIf you're using the <a href=\"/repos/terraform-aws-security/modules/kms-master-key\" class=\"preview__body--description--blue\">kms-master-key module</a>\nto manage your KMS keys, then in account 111111111111, you add the ARN of account 222222222222 to the\n<code>cmk_user_iam_arns</code> variable:</p>\n<pre><span class=\"hljs-comment\"># In account 111111111111</span>\n\n<span class=\"hljs-keyword\">module</span> <span class=\"hljs-string\">\"kms_master_key\"</span> {\n source = <span class=\"hljs-string\">\"git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-master-key?ref=<VERSION>\"</span>\n\n cmk_user_iam_arns = [<span class=\"hljs-string\">\"`arn:aws:iam::222222222222:root`\"</span>]\n\n <span class=\"hljs-comment\"># (Other params omitted)</span>\n}\n</pre>\n</li>\n<li>\n<p>In account 222222222222, you create another KMS key which can be used to re-encrypt the copied snapshot. You need\nto give the Lambda function in this module permissions to use that key as follows:</p>\n<pre><span class=\"hljs-comment\"># In account 222222222222</span>\n\n<span class=\"hljs-keyword\">module</span> <span class=\"hljs-string\">\"kms_master_key\"</span> {\n source = <span class=\"hljs-string\">\"git::git@github.com:gruntwork-io/terraform-aws-security.git//modules/kms-master-key?ref=<VERSION>\"</span>\n\n <span class=\"hljs-comment\"># (Other params omitted)</span>\n}\n\n<span class=\"hljs-keyword\">module</span> <span class=\"hljs-string\">\"copy_snapshot\"</span> {\n source = <span class=\"hljs-string\">\"git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/lambda-copy-shared-snapshot?ref=<VERSION>\"</span>\n\n <span class=\"hljs-comment\"># Tell this copy snapshot module to use this key to encrypt the copied snapshot</span>\n kms_key_id = <span class=\"hljs-string\">\"<span class=\"hljs-variable\">${module.kms_master_key.key_arn}</span>\"</span>\n\n <span class=\"hljs-comment\"># (Other params omitted)</span>\n}\n\n<span class=\"hljs-comment\"># Giver the copy snapshot module permissions to use the KMS key</span>\n<span class=\"hljs-keyword\">resource</span> <span class=\"hljs-string\">\"aws_iam_role_policy\"</span> <span class=\"hljs-string\">\"access_kms_master_key\"</span> {\n name = <span class=\"hljs-string\">\"access-kms-master-key\"</span>\n role = <span class=\"hljs-string\">\"<span class=\"hljs-variable\">${module.copy_snapshot.lambda_iam_role_id}</span>\"</span>\n policy = <span class=\"hljs-string\">\"<span class=\"hljs-variable\">${data.aws_iam_policy_document.access_kms_master_key.json}</span>\"</span>\n}\n\n<span class=\"hljs-keyword\">data</span> <span class=\"hljs-string\">\"aws_iam_policy_document\"</span> <span class=\"hljs-string\">\"access_kms_master_key\"</span> {\n statement {\n effect = <span class=\"hljs-string\">\"Allow\"</span>\n actions = [\n <span class=\"hljs-string\">\"kms:Encrypt\"</span>,\n <span class=\"hljs-string\">\"kms:Decrypt\"</span>,\n <span class=\"hljs-string\">\"kms:ReEncrypt*\"</span>,\n <span class=\"hljs-string\">\"kms:GenerateDataKey*\"</span>,\n <span class=\"hljs-string\">\"kms:DescribeKey\"</span>\n ]\n resources = [<span class=\"hljs-string\">\"<span class=\"hljs-variable\">${module.kms_master_key.key_arn}</span>\"</span>]\n }\n\n statement {\n effect = <span class=\"hljs-string\">\"Allow\"</span>\n resources = [<span class=\"hljs-string\">\"*\"</span>]\n actions = [\n <span class=\"hljs-string\">\"kms:CreateGrant\"</span>,\n <span class=\"hljs-string\">\"kms:ListGrants\"</span>,\n <span class=\"hljs-string\">\"kms:RevokeGrant\"</span>\n ]\n condition {\n test = <span class=\"hljs-string\">\"Bool\"</span>\n <span class=\"hljs-keyword\">variable</span> = <span class=\"hljs-string\">\"kms:GrantIsForAWSResource\"</span>\n values = [<span class=\"hljs-string\">\"true\"</span>]\n }\n }\n}\n</pre>\n</li>\n</ol>\n<h2 class=\"preview__body--subtitle\" id=\"background-info\">Background info</h2>\n<p>For more info on how to backup RDS snapshots to a separate AWS account, check out the <a href=\"/repos/v0.31.4/module-data-storage/modules/lambda-create-snapshot\" class=\"preview__body--description--blue\">lambda-create-snapshot module\ndocumentation</a>.</p>\n","repoName":"module-data-storage","repoRef":"v0.30.0","serviceDescriptor":{"serviceName":"RDS","serviceRepoName":"module-data-storage","serviceRepoOrg":"gruntwork-io","serviceMainReadmePath":"/modules/rds/foo","cloudProviders":["aws"],"description":"Terraform code and scripts for deploying data-storage resources (e.g. databases, cache) in AWS","imageUrl":"amazon_rds.png","licenseType":"subscriber","technologies":["Terraform","Bash"],"compliance":[],"tags":[""],"noDisplayInUI":true},"serviceCategoryName":"Database","fileName":"README.md","filePath":"/modules/lambda-copy-shared-snapshot","title":"Repo Browser: RDS","description":"Browse the repos in the Gruntwork Infrastructure as Code Library."}