Add Recovery Services Vault module with VM backup policies and outputs

2026-03-01 21:17:57 +01:00
parent 1883aaa38d
commit fae7623813
5 changed files with 489 additions and 1 deletions
--- a/main.tf
+++ b/main.tf
@@ -0,0 +1,146 @@
+data "azurerm_client_config" "current" {}
+
+locals {
+  recovery_services_vault_name = (
+    var.name != null &&
+    trimspace(var.name) != "" ?
+    var.name :
+    "${coalesce(var.base_name, "")}${substr(md5("${data.azurerm_client_config.current.subscription_id}/${var.rg_name}/${coalesce(var.base_name, "")}"), 0, 6)}"
+  )
+
+  default_vm_backup_policies = {
+    default = {
+      name                           = "${local.recovery_services_vault_name}-vm-policy"
+      policy_type                    = "V2"
+      timezone                       = "UTC"
+      instant_restore_retention_days = 5
+      backup = {
+        frequency = "Daily"
+        time      = "23:00"
+      }
+      retention_daily = {
+        count = 30
+      }
+      retention_weekly  = null
+      retention_monthly = null
+      retention_yearly  = null
+    }
+  }
+
+  effective_vm_backup_policies = length(var.vm_backup_policies) > 0 ? {
+    for key, policy in var.vm_backup_policies : key => {
+      name                           = coalesce(try(policy.name, null), "${local.recovery_services_vault_name}-${key}-vm-policy")
+      policy_type                    = coalesce(try(policy.policy_type, null), "V2")
+      timezone                       = coalesce(try(policy.timezone, null), "UTC")
+      instant_restore_retention_days = try(policy.instant_restore_retention_days, null)
+      backup                         = policy.backup
+      retention_daily                = try(policy.retention_daily, null)
+      retention_weekly               = try(policy.retention_weekly, null)
+      retention_monthly              = try(policy.retention_monthly, null)
+      retention_yearly               = try(policy.retention_yearly, null)
+    }
+  } : (length(var.protected_vms) > 0 ? local.default_vm_backup_policies : {})
+
+  default_vm_backup_policy_key = contains(keys(local.effective_vm_backup_policies), "default") ? "default" : (
+    length(keys(local.effective_vm_backup_policies)) > 0 ? sort(keys(local.effective_vm_backup_policies))[0] : null
+  )
+}
+
+resource "azurerm_recovery_services_vault" "this" {
+  name                = local.recovery_services_vault_name
+  location            = var.location
+  resource_group_name = var.rg_name
+
+  sku                          = var.sku
+  storage_mode_type            = var.storage_mode_type
+  cross_region_restore_enabled = var.cross_region_restore_enabled
+  soft_delete_enabled          = var.soft_delete_enabled
+  public_network_access_enabled = var.public_network_access_enabled
+  immutability                 = var.immutability
+
+  dynamic "identity" {
+    for_each = var.identity == null ? [] : [var.identity]
+
+    content {
+      type         = identity.value.type
+      identity_ids = try(identity.value.identity_ids, null)
+    }
+  }
+
+  tags = var.tags
+}
+
+resource "azurerm_backup_policy_vm" "this" {
+  for_each = local.effective_vm_backup_policies
+
+  name                = each.value.name
+  resource_group_name = var.rg_name
+  recovery_vault_name = azurerm_recovery_services_vault.this.name
+
+  policy_type                    = each.value.policy_type
+  timezone                       = each.value.timezone
+  instant_restore_retention_days = each.value.instant_restore_retention_days
+
+  backup {
+    frequency     = each.value.backup.frequency
+    time          = each.value.backup.time
+    hour_interval = try(each.value.backup.hour_interval, null)
+    hour_duration = try(each.value.backup.hour_duration, null)
+    weekdays      = try(each.value.backup.weekdays, null)
+  }
+
+  dynamic "retention_daily" {
+    for_each = try(each.value.retention_daily, null) == null ? [] : [each.value.retention_daily]
+
+    content {
+      count = retention_daily.value.count
+    }
+  }
+
+  dynamic "retention_weekly" {
+    for_each = try(each.value.retention_weekly, null) == null ? [] : [each.value.retention_weekly]
+
+    content {
+      count    = retention_weekly.value.count
+      weekdays = retention_weekly.value.weekdays
+    }
+  }
+
+  dynamic "retention_monthly" {
+    for_each = try(each.value.retention_monthly, null) == null ? [] : [each.value.retention_monthly]
+
+    content {
+      count             = retention_monthly.value.count
+      weekdays          = try(retention_monthly.value.weekdays, null)
+      weeks             = try(retention_monthly.value.weeks, null)
+      days              = try(retention_monthly.value.days, null)
+      include_last_days = try(retention_monthly.value.include_last_days, null)
+    }
+  }
+
+  dynamic "retention_yearly" {
+    for_each = try(each.value.retention_yearly, null) == null ? [] : [each.value.retention_yearly]
+
+    content {
+      count             = retention_yearly.value.count
+      months            = retention_yearly.value.months
+      weekdays          = try(retention_yearly.value.weekdays, null)
+      weeks             = try(retention_yearly.value.weeks, null)
+      days              = try(retention_yearly.value.days, null)
+      include_last_days = try(retention_yearly.value.include_last_days, null)
+    }
+  }
+}
+
+resource "azurerm_backup_protected_vm" "this" {
+  for_each = var.protected_vms
+
+  resource_group_name = var.rg_name
+  recovery_vault_name = azurerm_recovery_services_vault.this.name
+  source_vm_id        = each.value.source_vm_id
+  backup_policy_id    = azurerm_backup_policy_vm.this[coalesce(try(each.value.backup_policy_key, null), local.default_vm_backup_policy_key)].id
+
+  include_disk_luns = try(each.value.include_disk_luns, null)
+  exclude_disk_luns = try(each.value.exclude_disk_luns, null)
+  protection_state  = try(each.value.protection_state, null)
+}