Creates an AWS Lambda function to clean up manual RDS snapshots on a scheduled interval using truss-aws-tools.
Creates the following resources:
- IAM role for Lambda function find and delete expired RDS snapshots for a defined RDS instance.
- CloudWatch Event to trigger Lambda function on a schedule.
- AWS Lambda function to actually delete excess manual RDS snapshots.
module "rds-snapshot-cleaner" {
source = "trussworks/rds-snapshot-cleaner/aws"
version = "1.0.0"
cleaner_db_instance_identifier = "app-staging"
cleaner_dry_run = "false"
cleaner_max_db_snapshot_count = "50"
cleaner_retention_days = "30"
cloudwatch_logs_retention_days = "90"
environment = "staging"
interval_minutes = "5"
s3_bucket = "lambda-builds-us-east-1"
version_to_deploy = "2.6"
}| Name | Version |
|---|---|
| terraform | >= 1.0 |
| aws | >= 3.0 |
| Name | Version |
|---|---|
| aws | >= 3.0 |
No modules.
| Name | Type |
|---|---|
| aws_cloudwatch_event_rule.main | resource |
| aws_cloudwatch_event_target.main | resource |
| aws_cloudwatch_log_group.main | resource |
| aws_iam_role.main | resource |
| aws_iam_role_policy.main | resource |
| aws_lambda_function.main | resource |
| aws_lambda_permission.main | resource |
| aws_caller_identity.current | data source |
| aws_iam_policy_document.assume_role | data source |
| aws_iam_policy_document.main | data source |
| aws_partition.current | data source |
| aws_region.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cleaner_db_instance_identifier | The RDS database instance identifier. | string |
n/a | yes |
| cleaner_dry_run | Don't make any changes and log what would have happened. | string |
n/a | yes |
| cleaner_max_db_snapshot_count | The maximum number of manual snapshots allowed. This takes precedence over -retention-days. | string |
"" |
no |
| cleaner_retention_days | The maximum retention age in days. | string |
n/a | yes |
| cloudwatch_kms_key_arn | ARN of the Cloudwatch KMS key used for encrypting Cloudwatch log groups. | string |
"" |
no |
| cloudwatch_logs_retention_days | Number of days to keep logs in AWS CloudWatch. | string |
90 |
no |
| environment | Environment tag, e.g prod. | any |
n/a | yes |
| interval_minutes | How often to run the Lambda function in minutes. | string |
5 |
no |
| kms_key_arn | ARN of the KMS key used for encrypting environment variables. | string |
"" |
no |
| s3_bucket | The name of the S3 bucket used to store the Lambda builds. | string |
n/a | yes |
| version_to_deploy | The version the Lambda function to deploy. | string |
n/a | yes |
No outputs.