Add example usage and data recovery sections to README for Azure Storage Account module

README.md

@@ -30,6 +30,78 @@ This module creates an Azure Storage Account with the specified name, resource g
 
 Point-in-time restore requires `enable_blob_soft_delete = true`, `enable_blob_versioning = true`, and `enable_blob_change_feed = true`.
 
+## Example Usage
+
+Use this module to create a storage account with containers and enable Blob data protection features for short-term rollback and recovery.
+
+```hcl
+module "state_storage" {
+  source = "./modules/storage-account"
+
+  rg_name  = azurerm_resource_group.rg.name
+  location = azurerm_resource_group.rg.location
+
+  base_name = "sttfstate"
+
+  enable_blob_soft_delete                     = true
+  blob_soft_delete_retention_days             = 30
+  enable_container_soft_delete                = true
+  container_soft_delete_retention_days        = 30
+  enable_blob_versioning                      = true
+  enable_blob_change_feed                     = true
+  enable_point_in_time_restore_for_containers = true
+  point_in_time_restore_days                  = 14
+
+  containers = {
+    tfstate = {
+      name                  = "tfstate"
+      container_access_type = "private"
+    }
+  }
+}
+```
+
+This example provides quick rollback using storage-account level protection (`soft delete`, `versioning`, `change feed`, and `point-in-time restore`).
+
+## Data Recovery
+
+### Operational recovery (Azure Blobs)
+
+For Azure Blobs, this module enables the storage-account level protection features used for operational recovery: blob soft delete, container soft delete, blob versioning, change feed, and point-in-time restore. This is intended for short-term rollback and fast recovery after accidental delete, overwrite, or data corruption events.
+
+In this module, Azure Blobs operational recovery is configured through the Blob Data Protection inputs (`enable_blob_soft_delete`, `enable_blob_versioning`, `enable_blob_change_feed`, and `enable_point_in_time_restore_for_containers`) in the main storage-account example above.
+
+### Azure Backup recovery (vaulted)
+
+To add the vaulted recovery option, the `backup-vault` module is required.
+After creating the vault, configure Azure Backup (policy and backup instance) to protect the storage account for vaulted retention and restore workflows.
+
+```hcl
+module "state_storage" {
+  source = "./modules/storage-account"
+
+  rg_name  = azurerm_resource_group.rg.name
+  location = azurerm_resource_group.rg.location
+
+  base_name = "sttfstate"
+}
+
+module "backup_vault" {
+  source = "./modules/backup-vault"
+
+  rg_name  = azurerm_resource_group.rg.name
+  location = azurerm_resource_group.rg.location
+
+  base_name                    = "bkvault"
+  datastore_type               = "VaultStore"
+  redundancy                   = "GeoRedundant"
+  cross_region_restore_enabled = true
+  retention_duration_in_days   = 30
+  soft_delete                  = "On"
+  immutability                 = "Disabled"
+}
+```
+
 ## Outputs
 
 - `storage_account_id`: The ID of the created storage account.