aws_dlm_lifecycle_policy support for AMI policies

[evandam]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Following https://aws.amazon.com/about-aws/whats-new/2020/11/ami-lifecycle-management-available-data-lifecycle-manager/, it would be great to support creating policies to manage AMI lifecycles.

I believe this would look like allowing resource_types = ["AMI"] in addition to "VOLUME".

New or Affected Resource(s)

• aws_dlm_lifecycle_policy

Potential Terraform Configuration

resource "aws_dlm_lifecycle_policy" "my_lifecycle_policy" {
  description        = "my_lifecycle_policy"
  execution_role_arn = aws_iam_role.dlm_lifecycle_role.arn
  state              = "ENABLED"

  policy_details {
    resource_types = "AMI"

    schedule {
      name = "daily"

      create_rule {
        interval      = 24
        interval_unit = "HOURS"
      }

      retain_rule {
        count = 3
      }
    }

    target_tags = {
      "role"    = "base"
    }
  }
}

References

• https://aws.amazon.com/about-aws/whats-new/2020/11/ami-lifecycle-management-available-data-lifecycle-manager/

[bacoboy-doordash]

Looks like I'm in need of this. Any kind souls out there up for a little ❤️ on this enhancement?

[jlmoody]

Looks like we got it for free at some point with the AWS SDK. Simply use: resource_types = "INSTANCE"

[brian-hogan-vgh]

Using resource_types="INSTANCE" doesn't create an AMI as described in the article linked in the issue description. It just specifies that your tags are on the EC2 Instance instead of the EBS Volume, and you want to snapshot all EBS Volumes associated with those tagged EC2 Instances. Similar to selecting this in the AWS console:

That will still only snapshot the EBS volumes associated with the EC2 instance. It doesn't create an AMI.

What's described in the article linked in the issue description is the ability to create EBS backed AMIs through a lifecycle management policy. Here is the selection in the console:

[jlmoody]

@brian-hogan-vgh Thanks, for the correction. Digging deeper today...

[bacoboy-doordash]

Anything come of this exploration @jlmoody ?

[fdamstra]

I'm also interested in how this exploration went and/or what the blockers are toward implementation. Using AMIs would really ease restoration of an instance with multiple volumes.

[lifeofguenter]

Did some digging. This is not resource_type but instead policy_type, see: https://docs.aws.amazon.com/dlm/latest/APIReference/API_PolicyDetails.html

Specify EBS_SNAPSHOT_MANAGEMENT to create a lifecycle policy that manages the lifecycle of Amazon EBS snapshots. Specify IMAGE_MANAGEMENT to create a lifecycle policy that manages the lifecycle of EBS-backed AMIs.

However, this is a field currently not supported by the resource: https://github.com/hashicorp/terraform-provider-aws/blob/main/aws/resource_aws_dlm_lifecycle_policy.go

As such it is currently defaulting to EBS_SNAPSHOT_MANAGEMENT (and thus working as is).

So:

• policy_type needs to be added as a field (which should by default not set anything, as is currently the case)
• might have to test out if there are other options missing - have only briefly checked

[giobaldac]

I too need this feature in order to use EBS-backed AMI policy and policy type Instance and a backup interval that's not limited to 24 hours at most. Thanks

[larkingb]

It would be great if this could be implemented

[github-actions]

This functionality has been released in v4.9.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.