slawek/terraform-azurerm-recovery-services-vault
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
terraform-azurerm-recovery-…/README.md

4.8 KiB
Raw Permalink Blame History

Azure Recovery Services Vault Module

Creates a Recovery Services Vault and can optionally configure VM backup policies and VM protection.

Usage scenarios

The recovery services vault may be used to protect the following Azure workloads:

  • Azure Virtual Machines: Policy-based backup and restore for IaaS VMs.
  • SQL Server in Azure VMs: Workload-aware database backup for SQL running inside Azure VMs.
  • SAP HANA in Azure VMs: Workload-aware backup for SAP HANA databases running in Azure VMs.
  • Azure Files: Share-level backup and restore for Azure file shares.
  • MARS agent workloads: File/folder and system-state backup from supported Windows servers/clients.
  • MABS / DPM-protected workloads: Backup streams managed through Azure Backup Server or System Center DPM.

Storage modes

LocallyRedundant stores backup data redundantly within a single region.

ZoneRedundant stores backup data across availability zones in the same region.

GeoRedundant replicates backup data to a paired region and enables cross-region restore when cross_region_restore_enabled is set to true.

Protecting Resources

This module can protect Recovery Services Vault workloads. Supported resource types in module status are listed below.

Implemented:

  • Azure Virtual Machines (azurerm_backup_policy_vm, azurerm_backup_protected_vm)

Not implemented yet:

  • SQL Server in Azure VMs (azurerm_backup_policy_vm_workload + protected workload resources)
  • SAP HANA in Azure VMs (azurerm_backup_policy_vm_workload + protected workload resources)

Azure Virtual Machines

Use vm_backup_policies to define one or more VM backup policy profiles, and protected_vms to map each VM to a selected policy via backup_policy_key.

For each protected VM, you can optionally set:

  • include_disk_luns to include only selected data disks
  • exclude_disk_luns to exclude selected data disks
  • protection_state to control protection state (Protected, BackupsSuspended, ProtectionStopped)

Module Inputs, Outputs, and Examples

Variables

  • rg_name: The name of the resource group where the Recovery Services Vault will be created.
  • location: The Azure region where the Recovery Services Vault will be created.
  • base_name: Optional base name used to generate a unique vault name when name is not set.
  • name: Optional explicit vault name. If omitted, the module generates a deterministic name from base_name.
  • sku: Vault SKU. Allowed values: Standard, RS0.
  • storage_mode_type: Backup storage redundancy type. Allowed values: GeoRedundant, LocallyRedundant, ZoneRedundant.
  • cross_region_restore_enabled: Enables cross-region restore. Can only be set to true when storage_mode_type = "GeoRedundant".
  • soft_delete_enabled: Enables soft delete in the Recovery Services Vault.
  • public_network_access_enabled: Enables public network access to the vault.
  • immutability: Immutability state. Allowed values: Disabled, Locked, Unlocked.
  • identity: Optional managed identity configuration object:
    • type: Identity type. Allowed values: SystemAssigned, UserAssigned, SystemAssigned, UserAssigned.
    • identity_ids: Optional list of user-assigned identity IDs (required when type includes UserAssigned).
  • tags: A map of tags to apply to the vault.
  • vm_backup_policies: Map of VM backup policy definitions.
  • protected_vms: Map of VMs to protect, including policy mapping via backup_policy_key.

Outputs

  • recovery_services_vault_id: The ID of the created Recovery Services Vault.
  • recovery_services_vault_name: The name of the created Recovery Services Vault.
  • recovery_services_vault_identity_principal_id: Principal ID of the assigned managed identity, if configured.
  • vm_backup_policy_ids: Map of VM backup policy IDs keyed by policy key.
  • protected_vm_backup_ids: Map of protected VM backup item IDs keyed by protected VM key.

Example Usage

module "recovery_services_vault" {
	source = "./modules/recovery-services-vault"

	rg_name  = azurerm_resource_group.rg.name
	location = azurerm_resource_group.rg.location

	base_name = "rsv"

	storage_mode_type = "LocallyRedundant"

	vm_backup_policies = {
		default = {
			backup = {
				frequency = "Daily"
				time      = "23:00"
			}
			retention_daily = {
				count = 30
			}
		}
	}

	protected_vms = {
		app = {
			source_vm_id      = azurerm_linux_virtual_machine.app.id
			backup_policy_key = "default"
		}
	}
}

References

Reference in New Issue View Git Blame Copy Permalink