From 593f97152c69cbcd1d6feb43a09c29e24174f30b Mon Sep 17 00:00:00 2001
From: briskt <3172830+briskt@users.noreply.github.com>
Date: Wed, 28 Aug 2024 21:40:02 +0800
Subject: [PATCH] update the aws backup module and add email subscription
 variable

---
 terraform/032-db-backup/README.md |  4 ++++
 terraform/032-db-backup/main.tf   | 17 +++++++++--------
 terraform/032-db-backup/vars.tf   | 12 +++++++++---
 3 files changed, 22 insertions(+), 11 deletions(-)

diff --git a/terraform/032-db-backup/README.md b/terraform/032-db-backup/README.md
index f5111c4..f2ae6b8 100644
--- a/terraform/032-db-backup/README.md
+++ b/terraform/032-db-backup/README.md
@@ -30,6 +30,10 @@ This module is used to run mysqldump and backup files to S3
  - `db_names` - List of database names to backup. Default: `["emailservice", "idbroker", "pwmanager", "ssp"]`
  - `memory` - Memory (RAM) resources to allot to each task instance
  - `service_mode` - Either `backup` or `restore`. Default: `backup`
+ - `enable_aws_backup` - Enable AWS Backup in addition to the scripted backup
+ - `aws_backup_schedule` - Schedule for AWS Backup. Default: `"0 14 * * ? *"`
+ - `aws_backup_notification_events` - List of events names to send to SNS. Default: `["BACKUP_JOB_FAILED"]`
+ - `backup_sns_email` - Email address for backup event SNS subscription. Default: `""` (disabled)
 
 ## Outputs
 
diff --git a/terraform/032-db-backup/main.tf b/terraform/032-db-backup/main.tf
index c780375..3ddcb60 100644
--- a/terraform/032-db-backup/main.tf
+++ b/terraform/032-db-backup/main.tf
@@ -207,14 +207,15 @@ module "aws_backup" {
   count = var.enable_aws_backup ? 1 : 0
 
   source  = "silinternational/backup/aws"
-  version = "0.1.0"
-
-  app_name            = var.idp_name
-  app_env             = var.app_env
-  source_arns         = [data.aws_db_instance.this.db_instance_arn]
-  backup_schedule     = "cron(${var.aws_backup_cron_schedule})"
-  notification_events = var.aws_backup_notification_events
-  sns_topic_name      = "${var.idp_name}-backup-vault-events"
+  version = "0.2.0"
+
+  app_name               = var.idp_name
+  app_env                = var.app_env
+  source_arns            = [data.aws_db_instance.this.db_instance_arn]
+  backup_schedule        = var.aws_backup_schedule
+  notification_events    = var.aws_backup_notification_events
+  sns_topic_name         = "${var.idp_name}-backup-vault-events"
+  sns_email_subscription = var.backup_sns_email
 }
 
 data "aws_db_instance" "this" {
diff --git a/terraform/032-db-backup/vars.tf b/terraform/032-db-backup/vars.tf
index 841f487..61977be 100644
--- a/terraform/032-db-backup/vars.tf
+++ b/terraform/032-db-backup/vars.tf
@@ -98,10 +98,10 @@ variable "enable_aws_backup" {
   default     = false
 }
 
-variable "aws_backup_cron_schedule" {
-  description = "cron-type schedule for AWS Backup"
+variable "aws_backup_schedule" {
+  description = "schedule for AWS Backup, in AWS Event Bridge format"
   type        = string
-  default     = "0 14 * * ? *" # Every day at 14:00 UTC, 12-hour offset from backup script
+  default     = "cron(0 14 * * ? *)" # Every day at 14:00 UTC, 12-hour offset from backup script
 }
 
 variable "aws_backup_notification_events" {
@@ -109,3 +109,9 @@ variable "aws_backup_notification_events" {
   type        = list(string)
   default     = ["BACKUP_JOB_FAILED"]
 }
+
+variable "backup_sns_email" {
+  description = "Optional: email address to receive backup event notifications"
+  type        = string
+  default     = ""
+}