117 lines
4.8 KiB
Markdown
117 lines
4.8 KiB
Markdown
# Azure Recovery Services Vault Module
|
|
|
|
Creates a Recovery Services Vault and can optionally configure VM backup policies and VM protection.
|
|
|
|
## Usage scenarios
|
|
|
|
The recovery services vault may be used to protect the following Azure workloads:
|
|
|
|
- **Azure Virtual Machines**: Policy-based backup and restore for IaaS VMs.
|
|
- **SQL Server in Azure VMs**: Workload-aware database backup for SQL running inside Azure VMs.
|
|
- **SAP HANA in Azure VMs**: Workload-aware backup for SAP HANA databases running in Azure VMs.
|
|
- **Azure Files**: Share-level backup and restore for Azure file shares.
|
|
- **MARS agent workloads**: File/folder and system-state backup from supported Windows servers/clients.
|
|
- **MABS / DPM-protected workloads**: Backup streams managed through Azure Backup Server or System Center DPM.
|
|
|
|
## Storage modes
|
|
|
|
`LocallyRedundant` stores backup data redundantly within a single region.
|
|
|
|
`ZoneRedundant` stores backup data across availability zones in the same region.
|
|
|
|
`GeoRedundant` replicates backup data to a paired region and enables cross-region restore when `cross_region_restore_enabled` is set to `true`.
|
|
|
|
## Protecting Resources
|
|
|
|
This module can protect Recovery Services Vault workloads. Supported resource types in module status are listed below.
|
|
|
|
Implemented:
|
|
|
|
- Azure Virtual Machines (`azurerm_backup_policy_vm`, `azurerm_backup_protected_vm`)
|
|
|
|
Not implemented yet:
|
|
|
|
- SQL Server in Azure VMs (`azurerm_backup_policy_vm_workload` + protected workload resources)
|
|
- SAP HANA in Azure VMs (`azurerm_backup_policy_vm_workload` + protected workload resources)
|
|
|
|
### Azure Virtual Machines
|
|
|
|
Use `vm_backup_policies` to define one or more VM backup policy profiles, and `protected_vms` to map each VM to a selected policy via `backup_policy_key`.
|
|
|
|
For each protected VM, you can optionally set:
|
|
|
|
- `include_disk_luns` to include only selected data disks
|
|
- `exclude_disk_luns` to exclude selected data disks
|
|
- `protection_state` to control protection state (`Protected`, `BackupsSuspended`, `ProtectionStopped`)
|
|
|
|
## Module Inputs, Outputs, and Examples
|
|
|
|
### Variables
|
|
|
|
- `rg_name`: The name of the resource group where the Recovery Services Vault will be created.
|
|
- `location`: The Azure region where the Recovery Services Vault will be created.
|
|
- `base_name`: Optional base name used to generate a unique vault name when `name` is not set.
|
|
- `name`: Optional explicit vault name. If omitted, the module generates a deterministic name from `base_name`.
|
|
- `sku`: Vault SKU. Allowed values: `Standard`, `RS0`.
|
|
- `storage_mode_type`: Backup storage redundancy type. Allowed values: `GeoRedundant`, `LocallyRedundant`, `ZoneRedundant`.
|
|
- `cross_region_restore_enabled`: Enables cross-region restore. Can only be set to `true` when `storage_mode_type = "GeoRedundant"`.
|
|
- `soft_delete_enabled`: Enables soft delete in the Recovery Services Vault.
|
|
- `public_network_access_enabled`: Enables public network access to the vault.
|
|
- `immutability`: Immutability state. Allowed values: `Disabled`, `Locked`, `Unlocked`.
|
|
- `identity`: Optional managed identity configuration object:
|
|
- `type`: Identity type. Allowed values: `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned`.
|
|
- `identity_ids`: Optional list of user-assigned identity IDs (required when `type` includes `UserAssigned`).
|
|
- `tags`: A map of tags to apply to the vault.
|
|
- `vm_backup_policies`: Map of VM backup policy definitions.
|
|
- `protected_vms`: Map of VMs to protect, including policy mapping via `backup_policy_key`.
|
|
|
|
### Outputs
|
|
|
|
- `recovery_services_vault_id`: The ID of the created Recovery Services Vault.
|
|
- `recovery_services_vault_name`: The name of the created Recovery Services Vault.
|
|
- `recovery_services_vault_identity_principal_id`: Principal ID of the assigned managed identity, if configured.
|
|
- `vm_backup_policy_ids`: Map of VM backup policy IDs keyed by policy key.
|
|
- `protected_vm_backup_ids`: Map of protected VM backup item IDs keyed by protected VM key.
|
|
|
|
### Example Usage
|
|
|
|
```hcl
|
|
module "recovery_services_vault" {
|
|
source = "./modules/recovery-services-vault"
|
|
|
|
rg_name = azurerm_resource_group.rg.name
|
|
location = azurerm_resource_group.rg.location
|
|
|
|
base_name = "rsv"
|
|
|
|
storage_mode_type = "LocallyRedundant"
|
|
|
|
vm_backup_policies = {
|
|
default = {
|
|
backup = {
|
|
frequency = "Daily"
|
|
time = "23:00"
|
|
}
|
|
retention_daily = {
|
|
count = 30
|
|
}
|
|
}
|
|
}
|
|
|
|
protected_vms = {
|
|
app = {
|
|
source_vm_id = azurerm_linux_virtual_machine.app.id
|
|
backup_policy_key = "default"
|
|
}
|
|
}
|
|
}
|
|
```
|
|
|
|
## References
|
|
|
|
- [Recovery Services vaults overview](https://learn.microsoft.com/azure/backup/backup-azure-recovery-services-vault-overview)
|
|
- [Back up Azure VMs in a Recovery Services vault](https://learn.microsoft.com/azure/backup/backup-azure-arm-vms-prepare)
|
|
- [Azure Backup FAQ: vault support matrix](https://learn.microsoft.com/azure/backup/backup-azure-backup-faq#what-are-the-various-vaults-supported-for-backup-and-restore)
|
|
|
|
|