[New Resource]: Support for AWS Backup "logically air-gapped vault"

[rymancl]

Description

Announcement from AWS: https://aws.amazon.com/about-aws/whats-new/2024/08/general-availability-aws-backup-logically-air-gapped-vault/

Dev Guide: https://docs.aws.amazon.com/aws-backup/latest/devguide/logicallyairgappedvault.html

Blog Post: https://aws.amazon.com/blogs/storage/building-cyber-resiliency-with-aws-backup-logically-air-gapped-vault/

Requested Resource(s) and/or Data Source(s)

• aws_lag_backup_vault
  • Note: Requesting this as a new resource/data-source as opposed to enhancement to aws_backup_vault as it uses a separate API to create. If you all disagree, feel free to alter.

Potential Terraform Configuration

resource "aws_lag_backup_vault" "example" {
  name = "example_lag_backup_vault"
}

References

AWS CLI [Create]: https://awscli.amazonaws.com/v2/documentation/api/latest/reference/backup/create-logically-air-gapped-backup-vault.html

Go SDK [Create]: https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/backup#Client.CreateLogicallyAirGappedBackupVault

Looks like there is no special API for [Delete] and it used the standard DeleteBackupVault: https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/backup#Client.DeleteBackupVault

Would you like to implement a fix?

No

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[aristosvo]

I would like to implement this. But hey, open to any kind of collaboration! 💪

• [x] I'll first investigate implementing it as a separate resource to validate its behavior, based on that I'll check whether it needs integration in the existing resource (probably not).
• [x] In my opinion, based on limited experience, this looks like a separate resource to me, mainly triggered by the fact that it is created by a separate API call.

~Update: Ran into an issue, VaultState is not exposed on Describe/List actions, just on CreateLogicallyAirGappedBackupVaultOutput. This makes implementation of this resource with the SDK at this moment in time impossible.~

~Update 2: Combined Go SDK fix branch and feature branch on the Terraform Provider are currently working, but are not releasable as such. The AWS SDK team has raised an internal issue towards Backup team.~