amazon-web-servicesyamlconditional-statementsaws-cloudformationaws-backup

Cloud Formation conditional resource property AWS Backup Resource

Working with Cloud Formation template for AWS Backup and trying to make my backup plan flexible

BackupPlanProd:
Type: "AWS::Backup::BackupPlan"
Properties:
  BackupPlan:
    BackupPlanName: !Sub 'BACKUP-PLAN-PROD-${AWS::StackName}'
    AdvancedBackupSettings:
    - ResourceType: EC2
      BackupOptions: 
        WindowsVSS: !Ref VSSConsistent
    BackupPlanRule:
      - RuleName: !Sub Daily-${DailyBackupsRetentionProd}d-retention
        TargetBackupVault: !Ref BackupVaultProd
        ScheduleExpression: "cron(0 4 ? * 2,3,4,6,1,5 *)"
        StartWindowMinutes: 60
        Lifecycle: 
          DeleteAfterDays: !Ref DailyBackupsRetentionProd
        CopyActions:
          - DestinationBackupVaultArn: !If 
            - HasDisasterRecoveryDailyProd
            - !If
              - HasDisasterRecoveryCrossAccount
              - !Sub 'arn:aws:backup:${DisasterRecoveryRegion}:${DisasterRecoveryAccountId}:backup-vault:Default'
              - !Sub 'arn:aws:backup:${DisasterRecoveryRegion}:${AWS::AccountId}:backup-vault:Default'
            - !Ref "AWS::NoValue"
            Lifecycle:
              DeleteAfterDays: !If [HasDisasterRecoveryDailyProd, !Ref DisasterRecoveryDailyBackupsRetentionProd, !Ref "AWS::NoValue"]

Here is a problem with Property "CopyActions" where "DestinationBackupVaultArn" is a Required property according to documentation and using AWS::NoValue is not acceptable in this case will result in error:

Properties validation failed for resource BackupPlanProd with message: #/BackupPlan/BackupPlanRule/0/CopyActions/0: required key [DestinationBackupVaultArn] not found

Is there any workaround to make a property "CopyActions" conditional in this case without duplicating the whole resource in the template? e.g. If I don`t want to enable backups replication depends to my conditions.

Thanks :)

Solution

  • Put your If one level higher, so that entire CopyActions gets removed if your condition is not satisfied.

    Properties:
  BackupPlan:
    BackupPlanName: !Sub 'BACKUP-PLAN-PROD-${AWS::StackName}'
    AdvancedBackupSettings:
    - ResourceType: EC2
      BackupOptions: 
        WindowsVSS: !Ref VSSConsistent
    BackupPlanRule:
      - RuleName: !Sub Daily-${DailyBackupsRetentionProd}d-retention
        TargetBackupVault: !Ref BackupVaultProd
        ScheduleExpression: "cron(0 4 ? * 2,3,4,6,1,5 *)"
        StartWindowMinutes: 60
        Lifecycle: 
          DeleteAfterDays: !Ref DailyBackupsRetentionProd
        CopyActions: !If
          - HasDisasterRecoveryDailyProd
          - - DestinationBackupVaultArn
              # 
              # other properties    
              # 
              Lifecycle:
                DeleteAfterDays: !If [HasDisasterRecoveryDailyProd, !Ref DisasterRecoveryDailyBackupsRetentionProd, !Ref "AWS::NoValue"]
          - !Ref "AWS::NoValue"