From c33099fd97947c2172d0db09e5b20c851573d413 Mon Sep 17 00:00:00 2001 From: Slawomir Koszewski Date: Sun, 1 Mar 2026 10:57:51 +0100 Subject: [PATCH] Add example usage and data recovery sections to README for Azure Storage Account module --- README.md | 72 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) diff --git a/README.md b/README.md index e6e6d91..aff8b4f 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,78 @@ This module creates an Azure Storage Account with the specified name, resource g Point-in-time restore requires `enable_blob_soft_delete = true`, `enable_blob_versioning = true`, and `enable_blob_change_feed = true`. +## Example Usage + +Use this module to create a storage account with containers and enable Blob data protection features for short-term rollback and recovery. + +```hcl +module "state_storage" { + source = "./modules/storage-account" + + rg_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location + + base_name = "sttfstate" + + enable_blob_soft_delete = true + blob_soft_delete_retention_days = 30 + enable_container_soft_delete = true + container_soft_delete_retention_days = 30 + enable_blob_versioning = true + enable_blob_change_feed = true + enable_point_in_time_restore_for_containers = true + point_in_time_restore_days = 14 + + containers = { + tfstate = { + name = "tfstate" + container_access_type = "private" + } + } +} +``` + +This example provides quick rollback using storage-account level protection (`soft delete`, `versioning`, `change feed`, and `point-in-time restore`). + +## Data Recovery + +### Operational recovery (Azure Blobs) + +For Azure Blobs, this module enables the storage-account level protection features used for operational recovery: blob soft delete, container soft delete, blob versioning, change feed, and point-in-time restore. This is intended for short-term rollback and fast recovery after accidental delete, overwrite, or data corruption events. + +In this module, Azure Blobs operational recovery is configured through the Blob Data Protection inputs (`enable_blob_soft_delete`, `enable_blob_versioning`, `enable_blob_change_feed`, and `enable_point_in_time_restore_for_containers`) in the main storage-account example above. + +### Azure Backup recovery (vaulted) + +To add the vaulted recovery option, the `backup-vault` module is required. +After creating the vault, configure Azure Backup (policy and backup instance) to protect the storage account for vaulted retention and restore workflows. + +```hcl +module "state_storage" { + source = "./modules/storage-account" + + rg_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location + + base_name = "sttfstate" +} + +module "backup_vault" { + source = "./modules/backup-vault" + + rg_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location + + base_name = "bkvault" + datastore_type = "VaultStore" + redundancy = "GeoRedundant" + cross_region_restore_enabled = true + retention_duration_in_days = 30 + soft_delete = "On" + immutability = "Disabled" +} +``` + ## Outputs - `storage_account_id`: The ID of the created storage account.