[Improvement] * - Support to disable AWS Backup (widdix#339)

jennywong2129 · Aug 13, 2019 · e6d3049 · e6d3049
1 parent 0645bac
commit e6d3049
Show file tree

Hide file tree

Showing 6 changed files with 42 additions and 12 deletions.
diff --git a/jenkins/jenkins2-ha-agents.yaml b/jenkins/jenkins2-ha-agents.yaml
@@ -206,9 +206,9 @@ Parameters:
     Type: Number
     Default: 0
   EFSBackupRetentionPeriod:
-    Description: 'The number of days to keep backups of the EFS file system.'
+    Description: 'The number of days to keep backups of the EFS file system (set to 0 to disable).'
     Type: Number
-    MinValue: 1
+    MinValue: 0
     MaxValue: 35
     Default: 30
   EFSBackupScheduleExpression:
@@ -269,6 +269,7 @@ Conditions:
   HasNotEFSProvisionedThroughput: !Equals [!Ref EFSProvisionedThroughputInMibps, '0']
   HasAlertTopicAndEFSProvisionedThroughput: !And [!Condition HasAlertTopic, !Condition HasEFSProvisionedThroughput]
   HasAlertTopicAndNotEFSProvisionedThroughput: !And [!Condition HasAlertTopic, !Condition HasNotEFSProvisionedThroughput]
+  HasEFSBackupRetentionPeriod: !Not [!Equals [!Ref EFSBackupRetentionPeriod, 0]]
 Resources:
   MasterStorageSG:
     Type: 'AWS::EC2::SecurityGroup'
@@ -2221,11 +2222,13 @@ Resources:
       ThroughputInMibps: !Ref EFSProvisionedThroughputInMibps
       ServiceToken: !GetAtt 'LambdaFunction.Arn'
   BackupVault: # cannot be deleted with data
+    Condition: HasEFSBackupRetentionPeriod
     Type: 'AWS::Backup::BackupVault'
     Properties:
       BackupVaultName: !Ref 'AWS::StackName'
       Notifications: !If [HasAlertTopic, {BackupVaultEvents: [BACKUP_JOB_STARTED, BACKUP_JOB_COMPLETED, RESTORE_JOB_STARTED, RESTORE_JOB_COMPLETED, RECOVERY_POINT_MODIFIED], SNSTopicArn: {'Fn::ImportValue': !Sub '${ParentAlertStack}-TopicARN'}}, !Ref 'AWS::NoValue']
   BackupPlan:
+    Condition: HasEFSBackupRetentionPeriod
     Type: 'AWS::Backup::BackupPlan'
     Properties:
       BackupPlan:
@@ -2239,6 +2242,7 @@ Resources:
           StartWindowMinutes: 60
           TargetBackupVault: !Ref BackupVault
   BackupRole:
+    Condition: HasEFSBackupRetentionPeriod
     Type: 'AWS::IAM::Role'
     Properties:
       AssumeRolePolicyDocument:
@@ -2259,6 +2263,7 @@ Resources:
             - 'elasticfilesystem:DescribeTags'
             Resource: !Sub 'arn:${AWS::Partition}:elasticfilesystem:${AWS::Region}:${AWS::AccountId}:file-system/${MasterStorage}'
   BackupSelection:
+    Condition: HasEFSBackupRetentionPeriod
     Type: 'AWS::Backup::BackupSelection'
     Properties:
       BackupPlanId: !Ref BackupPlan

diff --git a/jenkins/jenkins2-ha.yaml b/jenkins/jenkins2-ha.yaml
@@ -146,9 +146,9 @@ Parameters:
     Type: Number
     Default: 0
   EFSBackupRetentionPeriod:
-    Description: 'The number of days to keep backups of the EFS file system.'
+    Description: 'The number of days to keep backups of the EFS file system (set to 0 to disable).'
     Type: Number
-    MinValue: 1
+    MinValue: 0
     MaxValue: 35
     Default: 30
   EFSBackupScheduleExpression:
@@ -208,6 +208,7 @@ Conditions:
   HasNotEFSProvisionedThroughput: !Equals [!Ref EFSProvisionedThroughputInMibps, '0']
   HasAlertTopicAndEFSProvisionedThroughput: !And [!Condition HasAlertTopic, !Condition HasEFSProvisionedThroughput]
   HasAlertTopicAndNotEFSProvisionedThroughput: !And [!Condition HasAlertTopic, !Condition HasNotEFSProvisionedThroughput]
+  HasEFSBackupRetentionPeriod: !Not [!Equals [!Ref EFSBackupRetentionPeriod, 0]]
 Resources:
   MasterStorageSG:
     Type: 'AWS::EC2::SecurityGroup'
@@ -1040,11 +1041,13 @@ Resources:
       ThroughputInMibps: !Ref EFSProvisionedThroughputInMibps
       ServiceToken: !GetAtt 'LambdaFunction.Arn'
   BackupVault: # cannot be deleted with data
+    Condition: HasEFSBackupRetentionPeriod
     Type: 'AWS::Backup::BackupVault'
     Properties:
       BackupVaultName: !Ref 'AWS::StackName'
       Notifications: !If [HasAlertTopic, {BackupVaultEvents: [BACKUP_JOB_STARTED, BACKUP_JOB_COMPLETED, RESTORE_JOB_STARTED, RESTORE_JOB_COMPLETED, RECOVERY_POINT_MODIFIED], SNSTopicArn: {'Fn::ImportValue': !Sub '${ParentAlertStack}-TopicARN'}}, !Ref 'AWS::NoValue']
   BackupPlan:
+    Condition: HasEFSBackupRetentionPeriod
     Type: 'AWS::Backup::BackupPlan'
     Properties:
       BackupPlan:
@@ -1058,6 +1061,7 @@ Resources:
           StartWindowMinutes: 60
           TargetBackupVault: !Ref BackupVault
   BackupRole:
+    Condition: HasEFSBackupRetentionPeriod
     Type: 'AWS::IAM::Role'
     Properties:
       AssumeRolePolicyDocument:
@@ -1078,6 +1082,7 @@ Resources:
             - 'elasticfilesystem:DescribeTags'
             Resource: !Sub 'arn:${AWS::Partition}:elasticfilesystem:${AWS::Region}:${AWS::AccountId}:file-system/${MasterStorage}'
   BackupSelection:
+    Condition: HasEFSBackupRetentionPeriod
     Type: 'AWS::Backup::BackupSelection'
     Properties:
       BackupPlanId: !Ref BackupPlan

diff --git a/state/dynamodb.yaml b/state/dynamodb.yaml
@@ -115,9 +115,9 @@ Parameters:
     Default: DISABLED
     AllowedValues: [DISABLED, KEYS_ONLY, NEW_IMAGE, OLD_IMAGE, NEW_AND_OLD_IMAGES]
   BackupRetentionPeriod:
-    Description: 'The number of days to keep backups of the table.'
+    Description: 'The number of days to keep backups of the table (set to 0 to disable).'
     Type: Number
-    MinValue: 1
+    MinValue: 0
     MaxValue: 35
     Default: 30
   BackupScheduleExpression:
@@ -137,6 +137,7 @@ Conditions:
   HasBillingAndScalingModeProvisioned: !Equals [!Ref BillingAndScalingMode, PROVISIONED]
   HasTimeToLiveAttributeName: !Not [!Equals [!Ref TimeToLiveAttributeName, '']]
   HasStream: !Not [!Equals [!Ref StreamViewType, 'DISABLED']]
+  HasBackupRetentionPeriod: !Not [!Equals [!Ref BackupRetentionPeriod, 0]]
 Resources:
   Table:
     Type: 'AWS::DynamoDB::Table'
@@ -334,11 +335,13 @@ Resources:
       OKActions:
       - {'Fn::ImportValue': !Sub '${ParentAlertStack}-TopicARN'}
   BackupVault: # cannot be deleted with data
+    Condition: HasBackupRetentionPeriod
     Type: 'AWS::Backup::BackupVault'
     Properties:
       BackupVaultName: !Ref 'AWS::StackName'
       Notifications: !If [HasAlertTopic, {BackupVaultEvents: [BACKUP_JOB_STARTED, BACKUP_JOB_COMPLETED, RESTORE_JOB_STARTED, RESTORE_JOB_COMPLETED, RECOVERY_POINT_MODIFIED], SNSTopicArn: {'Fn::ImportValue': !Sub '${ParentAlertStack}-TopicARN'}}, !Ref 'AWS::NoValue']
   BackupPlan:
+    Condition: HasBackupRetentionPeriod
     Type: 'AWS::Backup::BackupPlan'
     Properties:
       BackupPlan:
@@ -352,6 +355,7 @@ Resources:
           StartWindowMinutes: 60
           TargetBackupVault: !Ref BackupVault
   BackupRole:
+    Condition: HasBackupRetentionPeriod
     Type: 'AWS::IAM::Role'
     Properties:
       AssumeRolePolicyDocument:
@@ -377,6 +381,7 @@ Resources:
             - 'dynamodb:DeleteBackup'
             Resource: !Sub '${Table.Arn}/backup/*'
   BackupSelection:
+    Condition: HasBackupRetentionPeriod
     Type: 'AWS::Backup::BackupSelection'
     Properties:
       BackupPlanId: !Ref BackupPlan

diff --git a/vpc/vpc-vpn-bastion.yaml b/vpc/vpc-vpn-bastion.yaml
@@ -113,9 +113,9 @@ Parameters:
     Type: Number
     Default: 0
   EFSBackupRetentionPeriod:
-    Description: 'The number of days to keep backups of the EFS file system.'
+    Description: 'The number of days to keep backups of the EFS file system (set to 0 to disable).'
     Type: Number
-    MinValue: 1
+    MinValue: 0
     MaxValue: 35
     Default: 30
   EFSBackupScheduleExpression:
@@ -169,6 +169,7 @@ Conditions:
   HasNotEFSProvisionedThroughput: !Equals [!Ref EFSProvisionedThroughputInMibps, '0']
   HasAlertTopicAndEFSProvisionedThroughput: !And [!Condition HasAlertTopic, !Condition HasEFSProvisionedThroughput]
   HasAlertTopicAndNotEFSProvisionedThroughput: !And [!Condition HasAlertTopic, !Condition HasNotEFSProvisionedThroughput]
+  HasEFSBackupRetentionPeriod: !Not [!Equals [!Ref EFSBackupRetentionPeriod, 0]]
 Resources:
   StorageSG:
     Type: 'AWS::EC2::SecurityGroup'
@@ -873,11 +874,13 @@ Resources:
       ThroughputInMibps: !Ref EFSProvisionedThroughputInMibps
       ServiceToken: !GetAtt 'LambdaFunction.Arn'
   BackupVault: # cannot be deleted with data
+    Condition: HasEFSBackupRetentionPeriod
     Type: 'AWS::Backup::BackupVault'
     Properties:
       BackupVaultName: !Ref 'AWS::StackName'
       Notifications: !If [HasAlertTopic, {BackupVaultEvents: [BACKUP_JOB_STARTED, BACKUP_JOB_COMPLETED, RESTORE_JOB_STARTED, RESTORE_JOB_COMPLETED, RECOVERY_POINT_MODIFIED], SNSTopicArn: {'Fn::ImportValue': !Sub '${ParentAlertStack}-TopicARN'}}, !Ref 'AWS::NoValue']
   BackupPlan:
+    Condition: HasEFSBackupRetentionPeriod
     Type: 'AWS::Backup::BackupPlan'
     Properties:
       BackupPlan:
@@ -891,6 +894,7 @@ Resources:
           StartWindowMinutes: 60
           TargetBackupVault: !Ref BackupVault
   BackupRole:
+    Condition: HasEFSBackupRetentionPeriod
     Type: 'AWS::IAM::Role'
     Properties:
       AssumeRolePolicyDocument:
@@ -911,6 +915,7 @@ Resources:
             - 'elasticfilesystem:DescribeTags'
             Resource: !Sub 'arn:${AWS::Partition}:elasticfilesystem:${AWS::Region}:${AWS::AccountId}:file-system/${Storage}'
   BackupSelection:
+    Condition: HasEFSBackupRetentionPeriod
     Type: 'AWS::Backup::BackupSelection'
     Properties:
       BackupPlanId: !Ref BackupPlan

diff --git a/wordpress/wordpress-ha-aurora.yaml b/wordpress/wordpress-ha-aurora.yaml
@@ -146,9 +146,9 @@ Parameters:
     Type: Number
     Default: 0
   EFSBackupRetentionPeriod:
-    Description: 'The number of days to keep backups of the EFS file system.'
+    Description: 'The number of days to keep backups of the EFS file system (set to 0 to disable).'
     Type: Number
-    MinValue: 1
+    MinValue: 0
     MaxValue: 35
     Default: 30
   EFSBackupScheduleExpression:
@@ -231,6 +231,7 @@ Conditions:
   HasAlertTopicAndEFSProvisionedThroughput: !And [!Condition HasAlertTopic, !Condition HasEFSProvisionedThroughput]
   HasAlertTopicAndNotEFSProvisionedThroughput: !And [!Condition HasAlertTopic, !Condition HasNotEFSProvisionedThroughput]
   HasManagedPolicyArns: !Not [!Equals [!Ref ManagedPolicyArns, '']]
+  HasEFSBackupRetentionPeriod: !Not [!Equals [!Ref EFSBackupRetentionPeriod, 0]]
 Resources:
   WebServerLogs:
     Type: 'AWS::Logs::LogGroup'
@@ -1310,11 +1311,13 @@ Resources:
           SslSupportMethod: 'sni-only'
           MinimumProtocolVersion: TLSv1
   BackupVault: # cannot be deleted with data
+    Condition: HasEFSBackupRetentionPeriod
     Type: 'AWS::Backup::BackupVault'
     Properties:
       BackupVaultName: !Ref 'AWS::StackName'
       Notifications: !If [HasAlertTopic, {BackupVaultEvents: [BACKUP_JOB_STARTED, BACKUP_JOB_COMPLETED, RESTORE_JOB_STARTED, RESTORE_JOB_COMPLETED, RECOVERY_POINT_MODIFIED], SNSTopicArn: {'Fn::ImportValue': !Sub '${ParentAlertStack}-TopicARN'}}, !Ref 'AWS::NoValue']
   BackupPlan:
+    Condition: HasEFSBackupRetentionPeriod
     Type: 'AWS::Backup::BackupPlan'
     Properties:
       BackupPlan:
@@ -1328,6 +1331,7 @@ Resources:
           StartWindowMinutes: 60
           TargetBackupVault: !Ref BackupVault
   BackupRole:
+    Condition: HasEFSBackupRetentionPeriod
     Type: 'AWS::IAM::Role'
     Properties:
       AssumeRolePolicyDocument:
@@ -1348,6 +1352,7 @@ Resources:
             - 'elasticfilesystem:DescribeTags'
             Resource: !Sub 'arn:${AWS::Partition}:elasticfilesystem:${AWS::Region}:${AWS::AccountId}:file-system/${EFSFileSystem}'
   BackupSelection:
+    Condition: HasEFSBackupRetentionPeriod
     Type: 'AWS::Backup::BackupSelection'
     Properties:
       BackupPlanId: !Ref BackupPlan

diff --git a/wordpress/wordpress-ha.yaml b/wordpress/wordpress-ha.yaml
@@ -146,9 +146,9 @@ Parameters:
     Type: Number
     Default: 0
   EFSBackupRetentionPeriod:
-    Description: 'The number of days to keep backups of the EFS file system.'
+    Description: 'The number of days to keep backups of the EFS file system (set to 0 to disable).'
     Type: Number
-    MinValue: 1
+    MinValue: 0
     MaxValue: 35
     Default: 30
   EFSBackupScheduleExpression:
@@ -231,6 +231,7 @@ Conditions:
   HasAlertTopicAndEFSProvisionedThroughput: !And [!Condition HasAlertTopic, !Condition HasEFSProvisionedThroughput]
   HasAlertTopicAndNotEFSProvisionedThroughput: !And [!Condition HasAlertTopic, !Condition HasNotEFSProvisionedThroughput]
   HasManagedPolicyArns: !Not [!Equals [!Ref ManagedPolicyArns, '']]
+  HasEFSBackupRetentionPeriod: !Not [!Equals [!Ref EFSBackupRetentionPeriod, 0]]
 Resources:
   WebServerLogs:
     Type: 'AWS::Logs::LogGroup'
@@ -1286,11 +1287,13 @@ Resources:
           SslSupportMethod: 'sni-only'
           MinimumProtocolVersion: TLSv1
   BackupVault: # cannot be deleted with data
+    Condition: HasEFSBackupRetentionPeriod
     Type: 'AWS::Backup::BackupVault'
     Properties:
       BackupVaultName: !Ref 'AWS::StackName'
       Notifications: !If [HasAlertTopic, {BackupVaultEvents: [BACKUP_JOB_STARTED, BACKUP_JOB_COMPLETED, RESTORE_JOB_STARTED, RESTORE_JOB_COMPLETED, RECOVERY_POINT_MODIFIED], SNSTopicArn: {'Fn::ImportValue': !Sub '${ParentAlertStack}-TopicARN'}}, !Ref 'AWS::NoValue']
   BackupPlan:
+    Condition: HasEFSBackupRetentionPeriod
     Type: 'AWS::Backup::BackupPlan'
     Properties:
       BackupPlan:
@@ -1304,6 +1307,7 @@ Resources:
           StartWindowMinutes: 60
           TargetBackupVault: !Ref BackupVault
   BackupRole:
+    Condition: HasEFSBackupRetentionPeriod
     Type: 'AWS::IAM::Role'
     Properties:
       AssumeRolePolicyDocument:
@@ -1324,6 +1328,7 @@ Resources:
             - 'elasticfilesystem:DescribeTags'
             Resource: !Sub 'arn:${AWS::Partition}:elasticfilesystem:${AWS::Region}:${AWS::AccountId}:file-system/${EFSFileSystem}'
   BackupSelection:
+    Condition: HasEFSBackupRetentionPeriod
     Type: 'AWS::Backup::BackupSelection'
     Properties:
       BackupPlanId: !Ref BackupPlan