Resource: awsBackupVaultPolicy
Provides an AWS Backup vault policy resource.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsBackupVaultExample = new aws.backupVault.BackupVault(this, "example", {
name: "example",
});
const dataAwsIamPolicyDocumentExample =
new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(this, "example_1", {
statement: [
{
actions: [
"backup:DescribeBackupVault",
"backup:DeleteBackupVault",
"backup:PutBackupVaultAccessPolicy",
"backup:DeleteBackupVaultAccessPolicy",
"backup:GetBackupVaultAccessPolicy",
"backup:StartBackupJob",
"backup:GetBackupVaultNotifications",
"backup:PutBackupVaultNotifications",
],
effect: "Allow",
principals: [
{
identifiers: ["*"],
type: "AWS",
},
],
resources: [awsBackupVaultExample.arn],
},
],
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAwsIamPolicyDocumentExample.overrideLogicalId("example");
const awsBackupVaultPolicyExample = new aws.backupVaultPolicy.BackupVaultPolicy(
this,
"example_2",
{
backupVaultName: awsBackupVaultExample.name,
policy: dataAwsIamPolicyDocumentExample.json,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsBackupVaultPolicyExample.overrideLogicalId("example");
Argument Reference
The following arguments are supported:
backupVaultName- (Required) Name of the backup vault to add policy for.policy- (Required) The backup vault access policy document in JSON format.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id- The name of the vault.backupVaultArn- The ARN of the vault.
Import
Backup vault policy can be imported using the name, e.g.,