hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.

https://registry.terraform.io/providers/hashicorp/aws

Mozilla Public License 2.0

9.74k stars 9.1k forks source link

[New Resource]: Enable Cross-Account Monitoring in AWS Backup #34972

Open blueelvis opened 9 months ago

blueelvis commented 9 months ago

Description

I cannot find a way to enable/disable the following highlighted setting via any of the Terraform resources. Backup Policies & Cross-account backup can be enabled using Terraform but not the Cross-account monitoring option as highlighted below -

Requested Resource(s) and/or Data Source(s)

aws_backup_cross_account_monitoring

Potential Terraform Configuration

No response

References

https://docs.aws.amazon.com/aws-backup/latest/devguide/manage-cross-account.html#enable-cross-account

Would you like to implement a fix?

None

github-actions[bot] commented 9 months ago

Community Note

Voting for Prioritization

Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
Please see our prioritization guide for information on how we prioritize.
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

If you are interested in working on this issue, please leave a comment.
If this would be your first contribution, please review the contribution guide.

justinretzolk commented 8 months ago

Hey @blueelvis 👋 Thank you for taking the time to raise this! I took a look around and wasn't able to find an API for this setting. I may have overlooked something, so I'm going to leave this open as a new resource request until someone else is able to look at it. In the meantime, it doesn't look like it's possible to manage this setting with Terraform.

cspring86 commented 6 months ago

The calls you're looking for are aws.organizations.enable-aws-service-access and the corresponding aws.organizations.disable-aws-service-access

Examples:

aws organizations enable-aws-service-access \
    --service-principal "backup.amazonaws.com"

aws organizations disable-aws-service-access \
    --service-principal "backup.amazonaws.com"

tyrken commented 2 weeks ago

Is this not covered by existing aws_organizations_organization resource and adding "backup.amazonaws.com" to the list provided to aws_service_access_principals ?