azurermDataProtectionBackupInstancePostgresql
Manages a Backup Instance to back up PostgreSQL.
-> Note: Before using this resource, there are some prerequisite permissions for configure backup and restore. See more details from https://docs.microsoft.com/azure/backup/backup-azure-database-postgresql#prerequisite-permissions-for-configure-backup-and-restore.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example",
{
location: "West Europe",
name: "example",
}
);
const dataAzurermClientConfigCurrent =
new azurerm.dataAzurermClientConfig.DataAzurermClientConfig(
this,
"current",
{}
);
const azurermDataProtectionBackupVaultExample =
new azurerm.dataProtectionBackupVault.DataProtectionBackupVault(
this,
"example_2",
{
datastore_type: "VaultStore",
identity: [
{
type: "SystemAssigned",
},
],
location: azurermResourceGroupExample.location,
name: "example",
redundancy: "LocallyRedundant",
resource_group_name: azurermResourceGroupExample.name,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermDataProtectionBackupVaultExample.overrideLogicalId("example");
const azurermKeyVaultExample = new azurerm.keyVault.KeyVault(
this,
"example_3",
{
access_policy: [
{
key_permissions: ["Create", "Get"],
object_id: dataAzurermClientConfigCurrent.objectId,
secret_permissions: ["Set", "Get", "Delete", "Purge", "Recover"],
tenant_id: dataAzurermClientConfigCurrent.tenantId,
},
{
key_permissions: ["Create", "Get"],
object_id: `\${${azurermDataProtectionBackupVaultExample.identity}.0.principal_id}`,
secret_permissions: ["Set", "Get", "Delete", "Purge", "Recover"],
tenant_id: `\${${azurermDataProtectionBackupVaultExample.identity}.0.tenant_id}`,
},
],
location: azurermResourceGroupExample.location,
name: "example",
resource_group_name: azurermResourceGroupExample.name,
sku_name: "premium",
soft_delete_retention_days: 7,
tenant_id: dataAzurermClientConfigCurrent.tenantId,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermKeyVaultExample.overrideLogicalId("example");
const azurermPostgresqlServerExample =
new azurerm.postgresqlServer.PostgresqlServer(this, "example_4", {
administrator_login: "psqladmin",
administrator_login_password: "H@Sh1CoR3!",
auto_grow_enabled: true,
backup_retention_days: 7,
geo_redundant_backup_enabled: false,
location: azurermResourceGroupExample.location,
name: "example",
resource_group_name: azurermResourceGroupExample.name,
sku_name: "B_Gen5_2",
ssl_enforcement_enabled: true,
storage_mb: 5120,
version: "9.5",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermPostgresqlServerExample.overrideLogicalId("example");
const azurermRoleAssignmentExample = new azurerm.roleAssignment.RoleAssignment(
this,
"example_5",
{
principal_id: `\${${azurermDataProtectionBackupVaultExample.identity}.0.principal_id}`,
role_definition_name: "Reader",
scope: azurermPostgresqlServerExample.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermRoleAssignmentExample.overrideLogicalId("example");
const azurermDataProtectionBackupPolicyPostgresqlExample =
new azurerm.dataProtectionBackupPolicyPostgresql.DataProtectionBackupPolicyPostgresql(
this,
"example_6",
{
backup_repeating_time_intervals: ["R/2021-05-23T02:30:00+00:00/P1W"],
default_retention_duration: "P4M",
name: "example",
resource_group_name: azurermResourceGroupExample.name,
vault_name: azurermDataProtectionBackupVaultExample.name,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermDataProtectionBackupPolicyPostgresqlExample.overrideLogicalId("example");
const azurermPostgresqlDatabaseExample =
new azurerm.postgresqlDatabase.PostgresqlDatabase(this, "example_7", {
charset: "UTF8",
collation: "English_United States.1252",
name: "example",
resource_group_name: azurermResourceGroupExample.name,
server_name: azurermPostgresqlServerExample.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermPostgresqlDatabaseExample.overrideLogicalId("example");
const azurermPostgresqlFirewallRuleExample =
new azurerm.postgresqlFirewallRule.PostgresqlFirewallRule(this, "example_8", {
end_ip_address: "0.0.0.0",
name: "AllowAllWindowsAzureIps",
resource_group_name: azurermResourceGroupExample.name,
server_name: azurermPostgresqlServerExample.name,
start_ip_address: "0.0.0.0",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermPostgresqlFirewallRuleExample.overrideLogicalId("example");
const azurermKeyVaultSecretExample = new azurerm.keyVaultSecret.KeyVaultSecret(
this,
"example_9",
{
key_vault_id: azurermKeyVaultExample.id,
name: "example",
value: `Server=\${${azurermPostgresqlServerExample.name}}.postgres.database.azure.com;Database=\${${azurermPostgresqlDatabaseExample.name}};Port=5432;User Id=psqladmin@\${${azurermPostgresqlServerExample.name}};Password=H@Sh1CoR3!;Ssl Mode=Require;`,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermKeyVaultSecretExample.overrideLogicalId("example");
const azurermDataProtectionBackupInstancePostgresqlExample =
new azurerm.dataProtectionBackupInstancePostgresql.DataProtectionBackupInstancePostgresql(
this,
"example_10",
{
backup_policy_id: azurermDataProtectionBackupPolicyPostgresqlExample.id,
database_credential_key_vault_secret_id:
azurermKeyVaultSecretExample.versionlessId,
database_id: azurermPostgresqlDatabaseExample.id,
location: azurermResourceGroupExample.location,
name: "example",
vault_id: azurermDataProtectionBackupVaultExample.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermDataProtectionBackupInstancePostgresqlExample.overrideLogicalId(
"example"
);
Arguments Reference
The following arguments are supported:
-
name- (Required) The name which should be used for this Backup Instance PostgreSQL. Changing this forces a new Backup Instance PostgreSQL to be created. -
location- (Required) The location of the source database. Changing this forces a new Backup Instance PostgreSQL to be created. -
vaultId- (Required) The ID of the Backup Vault within which the PostgreSQL Backup Instance should exist. Changing this forces a new Backup Instance PostgreSQL to be created. -
databaseId- (Required) The ID of the source database. Changing this forces a new Backup Instance PostgreSQL to be created. -
backupPolicyId- (Required) The ID of the Backup Policy. -
databaseCredentialKeyVaultSecretId- (Optional) The ID or versionless ID of the key vault secret which stores the connection string of the database.
Attributes Reference
In addition to the Arguments listed above - the following Attributes are exported:
id- The ID of the Backup Instance PostgreSQL.
Timeouts
The timeouts block allows you to specify timeouts for certain actions:
create- (Defaults to 30 minutes) Used when creating the Backup Instance PostgreSQL.read- (Defaults to 5 minutes) Used when retrieving the Backup Instance PostgreSQL.update- (Defaults to 30 minutes) Used when updating the Backup Instance PostgreSQL.delete- (Defaults to 30 minutes) Used when deleting the Backup Instance PostgreSQL.
Import
Backup Instance PostgreSQL can be imported using the resourceId, e.g.