refactor README.md to reorganize variables, outputs, and references for clarity

2026-03-01 11:36:36 +01:00
parent 5898aa087c
commit c155829fac
1 changed files with 31 additions and 29 deletions
--- a/README.md
+++ b/README.md
@@ -2,7 +2,28 @@
 This module creates an Azure Data Protection Backup Vault with the specified name, resource group, and location.
-## Variables
+## Usage scenarios
 - **Operational recovery**: Use Backup Vault to manage operational recovery workflows; exact datastore behavior is workload-specific. Example services/use cases: **AKS** (cluster state + PV snapshots), **Azure Blobs** (operational protection where data stays in the source account and backup policy also governs vaulted retention), and **Azure Files** (snapshot-based fast restore patterns).
 - **Long-term retention**: Use `VaultStore` for policy-based offsite retention and stronger isolation from production data. Example services/use cases: **Azure Blobs**, **Azure Files (vaulted backup)**, **Azure Database for PostgreSQL**, and **AKS** (vault-tier retention rules).
 - **Regional resiliency**: Use `VaultStore` with `redundancy = "GeoRedundant"` and `cross_region_restore_enabled = true` for paired-region restore scenarios. Example services/use cases: **AKS** and other vault-tier backup configurations where cross-region restore is supported.
 - **Compliance and low-cost cold retention**: Use `ArchiveStore` where supported for long-term retention with lower storage cost and slower retrieval. Example services/use cases: **Azure VMs**, **SQL Server in Azure VMs**, and **SAP HANA in Azure VMs** (subject to archive eligibility rules).
 > Compatibility differs by workload, region, and policy settings. Always confirm current support in the relevant Azure Backup support matrix before rollout.
 ## Datastore types
 **OperationalStore** is the operational tier designed for faster recovery and short-to-medium retention windows. In Microsoft Learn examples (for example AKS), this tier keeps backup data within your tenant and is typically used for frequent restore points and day-to-day recovery operations.
 **VaultStore** is the vault-standard tier for offsite, policy-driven retention in Backup vault storage. It is commonly used when you want stronger isolation from production resources, longer retention than operational snapshots, and optional cross-region restore when combined with geo-redundant vault settings.
 **ArchiveStore** represents archive-style retention for infrequently accessed backup data and cost-optimized long-term preservation. Microsoft Learn notes that archive usage is workload-dependent and comes with constraints (such as eligibility and rehydration/restore behavior), so it is best suited for compliance-heavy scenarios rather than frequent restores.
 **SnapshotStore** is a legacy/compatibility datastore value that appears in provider schemas and older patterns. For newer Azure Backup workflows, Microsoft guidance and examples more often emphasize `OperationalStore` and `VaultStore`, with `OperationalStore` generally preferred over snapshot-style behavior for active operational protection.
 ## Module Inputs, Outputs, and Examples
 ### Variables
 - `rg_name`: The name of the resource group where the backup vault will be created.
 - `location`: The Azure region where the backup vault will be created.
@@ -19,40 +40,14 @@ This module creates an Azure Data Protection Backup Vault with the specified nam
 	- `identity_ids`: Optional list of user-assigned identity IDs (required when `type = "UserAssigned"`).
 - `tags`: A map of tags to apply to the backup vault.
-## Usage scenarios
+### Outputs
 - **Operational recovery**: Use Backup Vault to manage operational recovery workflows; exact datastore behavior is workload-specific. Example services/use cases: **AKS** (cluster state + PV snapshots), **Azure Blobs** (operational protection where data stays in the source account and backup policy also governs vaulted retention), and **Azure Files** (snapshot-based fast restore patterns).
 - **Long-term retention**: Use `VaultStore` for policy-based offsite retention and stronger isolation from production data. Example services/use cases: **Azure Blobs**, **Azure Files (vaulted backup)**, **Azure Database for PostgreSQL**, and **AKS** (vault-tier retention rules).
 - **Regional resiliency**: Use `VaultStore` with `redundancy = "GeoRedundant"` and `cross_region_restore_enabled = true` for paired-region restore scenarios. Example services/use cases: **AKS** and other vault-tier backup configurations where cross-region restore is supported.
 - **Compliance and low-cost cold retention**: Use `ArchiveStore` where supported for long-term retention with lower storage cost and slower retrieval. Example services/use cases: **Azure VMs**, **SQL Server in Azure VMs**, and **SAP HANA in Azure VMs** (subject to archive eligibility rules).
 > Compatibility differs by workload, region, and policy settings. Always confirm current support in the relevant Azure Backup support matrix before rollout.
 ## Datastore types (concise)
 **OperationalStore** is the operational tier designed for faster recovery and short-to-medium retention windows. In Microsoft Learn examples (for example AKS), this tier keeps backup data within your tenant and is typically used for frequent restore points and day-to-day recovery operations.
 **VaultStore** is the vault-standard tier for offsite, policy-driven retention in Backup vault storage. It is commonly used when you want stronger isolation from production resources, longer retention than operational snapshots, and optional cross-region restore when combined with geo-redundant vault settings.
 **ArchiveStore** represents archive-style retention for infrequently accessed backup data and cost-optimized long-term preservation. Microsoft Learn notes that archive usage is workload-dependent and comes with constraints (such as eligibility and rehydration/restore behavior), so it is best suited for compliance-heavy scenarios rather than frequent restores.
 **SnapshotStore** is a legacy/compatibility datastore value that appears in provider schemas and older patterns. For newer Azure Backup workflows, Microsoft guidance and examples more often emphasize `OperationalStore` and `VaultStore`, with `OperationalStore` generally preferred over snapshot-style behavior for active operational protection.
 ## References (Microsoft Learn)
 - [Overview of Azure Blob backup](https://learn.microsoft.com/azure/backup/blob-backup-overview)
 - [What is Azure Kubernetes Service backup?](https://learn.microsoft.com/azure/backup/azure-kubernetes-service-backup-overview#which-backup-storage-tier-does-aks-backup-support)
 - [Overview of Archive tier in Azure Backup](https://learn.microsoft.com/azure/backup/archive-tier-support)
 - [About Azure Files backup](https://learn.microsoft.com/azure/backup/azure-file-share-backup-overview)
 ## Outputs
 - `backup_vault_id`: The ID of the created backup vault.
 - `backup_vault_name`: The name of the created backup vault.
 - `backup_vault_identity_principal_id`: Principal ID of the assigned managed identity, if configured.
 - `backup_vault_identity_tenant_id`: Tenant ID of the assigned managed identity, if configured.
-## Example Usage
+### Example Usage
 ```hcl
 module "backup_vault" {
@@ -74,3 +69,10 @@ module "backup_vault" {
 	}
 }
 ```
 ## References
 - [Overview of Azure Blob backup](https://learn.microsoft.com/azure/backup/blob-backup-overview)
 - [What is Azure Kubernetes Service backup?](https://learn.microsoft.com/azure/backup/azure-kubernetes-service-backup-overview#which-backup-storage-tier-does-aks-backup-support)
 - [Overview of Archive tier in Azure Backup](https://learn.microsoft.com/azure/backup/archive-tier-support)
 - [About Azure Files backup](https://learn.microsoft.com/azure/backup/azure-file-share-backup-overview)