Describe the Bug
The IAM role uses the AWSBackupServiceRolePolicyForBackup policy, this policy does not contain the necessary permissions to back up s3 buckets.
A different built-in AWSBackupServiceRolePolicyForS3Backup policy should be used for s3 backups.
https://github.com/cloudposse/terraform-aws-backup/blob/v1/main.tf#L129
Expected Behavior
The created IAM role also contains arn policies
policy_arn = “arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForS3Backup”
Steps to Reproduce
module "aws_backup" {
source = "cloudposse/backup/aws"
version = "1.0.1"
name = "backup"
plan_name_suffix = "backup-plan"
vault_enabled = true
iam_role_enabled = true
plan_enabled = true
backup_resources = [
arn:aws:s3:::bucket-1,
arn:aws:s3:::bucket-2,
arn:aws:s3:::bucket-3
]
rules = [
{
name = "backup-rule"
schedule = "cron(0 6 * * ? *)"
lifecycle = { delete_after = 7 }
}
]
}Screenshots
Environment
- OS: OSX
- Version: 14.5
- Module version: 1.0.1
- Terraform version: 1.9.3
Additional Context
No response
Describe the Bug
The IAM role uses the
AWSBackupServiceRolePolicyForBackuppolicy, this policy does not contain the necessary permissions to back up s3 buckets.A different built-in
AWSBackupServiceRolePolicyForS3Backuppolicy should be used for s3 backups.https://github.com/cloudposse/terraform-aws-backup/blob/v1/main.tf#L129
Expected Behavior
The created IAM role also contains arn policies
policy_arn = “arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForS3Backup”Steps to Reproduce
Screenshots
Environment
Additional Context
No response