Creating Snanpshot using Terraform

yagnik-e2m · February 7, 2025, 6:19pm

Hello,

Snapshot is not creating using below code. Kindly check and let me know is there any issue on this,

# Create IAM role for DLM
resource "aws_iam_role" "dlm_lifecycle_role" {
  name = "dlm-lifecycle-role"

  # Define the assume role policy for the IAM role
  assume_role_policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = "sts:AssumeRole"  # Allows the DLM service to assume this role
        Effect = "Allow"
        Principal = {
          Service = "dlm.amazonaws.com"  # DLM service principal
        }
      }
    ]
  })
}

# Attach policy to the IAM role
resource "aws_iam_role_policy" "dlm_lifecycle_policy" {
  name = "dlm-lifecycle-policy"
  role = aws_iam_role.dlm_lifecycle_role.id  # Associate policy with the IAM role

  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Effect = "Allow"
        Action = [
          "ec2:CreateSnapshot",    # Allows creation of EBS snapshots
          "ec2:CreateSnapshots",
          "ec2:DeleteSnapshot",    # Allows deletion of snapshots
          "ec2:DescribeVolumes",   # Allows listing of available volumes
          "ec2:DescribeSnapshots"  # Allows listing of existing snapshots
        ]
        Resource = "*"  # Grants permissions on all resources (modify if needed)
      },
      {
        Effect = "Allow"
        Action = [
          "ec2:CreateTags"  # Allows tagging of created snapshots
        ]
        Resource = [
          "arn:aws:ec2:*::snapshot/*",  # Grants permission to tag snapshots
          "arn:aws:ec2:*::volume/*"     # Grants permission to tag volumes
        ]
      }
    ]
  })
}

# Create DLM lifecycle policy for Saturday at 5:40 PM UTC
resource "aws_dlm_lifecycle_policy" "saturday_snapshot_policy" {
  description        = "Saturday snapshot policy for specified volumes"
  execution_role_arn = aws_iam_role.dlm_lifecycle_role.arn  # Use the IAM role created above
  state             = "ENABLED"  # Enable the lifecycle policy

  policy_details {
    resource_types = ["VOLUME"]  # Apply policy to EC2 volumes

    schedule {
      name = "Saturday-Weekly-Snapshots"  # Name of the backup schedule

      create_rule {
        times           = ["17:59"]  # Define backup execution time in UTC
        cron_expression = "cron(59 17 ? * 7 *)"  # AWS cron expression for every Saturday at 17:40 UTC
      }

      retain_rule {
        count = 5  # Keep last 5 snapshots to avoid unnecessary storage costs
      }

      tags_to_add = {
        Name            = "Shared-inhouse-Backup"  # Assign a name tag to snapshots
        SnapshotCreator = "DLM"  # Identify snapshots created by DLM
        CreatedOn       = "$$timestamp$$"  # Store the creation timestamp
      }

      copy_tags = true  # Copy volume tags to the created snapshots
    }

    target_tags = {
      Name = "wplift-dev-01"  # Match the volume tag to target the correct volume
    }
  }

  tags = {
    Name = "Saturday-Weekly-Backup-Policy"  # Name tag for the lifecycle policy
  }
}

claytonsilva · February 8, 2025, 1:48am

Your cron expression may not work… try this:

cron(40 17 * * 6)

claytonsilva · February 8, 2025, 1:48am

Can you share the response when you create this?

yagnik-e2m · February 8, 2025, 4:23pm

Thanks for the response @claytonsilva. But, I fixed it by set cron (39 11 ? * SAT *)

Topic		Replies	Views
Create ec2 with snapshot Terraform	2	5204	January 10, 2020
Fail to create a cross_region_copy_rule for DLP Terraform	0	447	October 27, 2022
Iamrole creation in AWS account using terraform via iam user AWS	4	119	October 19, 2024
FirehoseDestination - Could not assume IAM role Terraform	1	1478	January 20, 2022
I want to Add my Existing AWS IAM role for Ec2 instance AWS	4	1254	August 9, 2024

Creating Snanpshot using Terraform

Related topics