azurermRecoveryServicesVault
Manages a Recovery Services Vault.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example",
{
location: "West Europe",
name: "tfex-recovery_vault",
}
);
new azurerm.recoveryServicesVault.RecoveryServicesVault(this, "vault", {
location: azurermResourceGroupExample.location,
name: "example-recovery-vault",
resource_group_name: azurermResourceGroupExample.name,
sku: "Standard",
soft_delete_enabled: true,
});
Argument Reference
The following arguments are supported:
-
name
- (Required) Specifies the name of the Recovery Services Vault. Recovery Service Vault name must be 2 - 50 characters long, start with a letter, contain only letters, numbers and hyphens. Changing this forces a new resource to be created. -
resourceGroupName
- (Required) The name of the resource group in which to create the Recovery Services Vault. Changing this forces a new resource to be created. -
location
- (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. -
tags
- (Optional) A mapping of tags to assign to the resource. -
identity
- (Optional) Anidentity
block as defined below. -
sku
- (Required) Sets the vault's SKU. Possible values include:standard
,rs0
. -
publicNetworkAccessEnabled
- (Optional) Is it enabled to access the vault from public networks. Defaults totrue
. -
immutability
- (Optional) Immutability Settings of vault, possible values include:locked
,unlocked
anddisabled
. -
storageModeType
- (Optional) The storage type of the Recovery Services Vault. Possible values aregeoRedundant
,locallyRedundant
andzoneRedundant
. Defaults togeoRedundant
. -
crossRegionRestoreEnabled
- (Optional) Is cross region restore enabled for this Vault? Only can betrue
, whenstorageModeType
isgeoRedundant
. Defaults tofalse
.
-> Note: Once crossRegionRestoreEnabled
is set to true
, changing it back to false
forces a new Recovery Service Vault to be created.
-
softDeleteEnabled
- (Optional) Is soft delete enable for this Vault? Defaults totrue
. -
encryption
- (Optional) Anencryption
block as defined below. Required withidentity
.
!> Note: Once Encryption with your own key has been Enabled it's not possible to Disable it.
classicVmwareReplicationEnabled
- (Optional) Whether to enable the Classic experience for VMware replication. If set tofalse
VMware machines will be protected using the new stateless ASR replication appliance. Changing this forces a new resource to be created.
An identity
block supports the following:
-
type
- (Required) Specifies the type of Managed Service Identity that should be configured on this Recovery Services Vault. Possible values aresystemAssigned
,userAssigned
,systemAssigned,UserAssigned
(to enable both). -
identityIds
- (Optional) A list of User Assigned Managed Identity IDs to be assigned to this App Configuration.
\~> NOTE: identityIds
is required when type
is set to userAssigned
or systemAssigned,UserAssigned
.
An encryption
block supports the following:
-
keyId
- (Required) The Key Vault key id used to encrypt this vault. Key managed by Vault Managed Hardware Security Module is also supported. -
infrastructureEncryptionEnabled
- (Required) Enabling/Disabling the Double Encryption state. -
userAssignedIdentityId
- (Optional) Specifies the user assigned identity ID to be used. -
useSystemAssignedIdentity
- (Optional) Indicate that system assigned identity should be used or not. Defaults totrue
.
!> Note: useSystemAssignedIdentity
only be able to set to false
for new vaults. Any vaults containing existing items registered or attempted to be registered to it are not supported. Details can be found in the document
!> Note: Once infrastructureEncryptionEnabled
has been set it's not possible to change it.
Attributes Reference
The following attributes are exported:
-
id
- The ID of the Recovery Services Vault. -
identity
- Anidentity
block as defined below.
An identity
block exports the following:
-
principalId
- The Principal ID associated with this Managed Service Identity. -
tenantId
- The Tenant ID associated with this Managed Service Identity.
Timeouts
The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 2 hours) Used when creating the Recovery Services Vault.update
- (Defaults to 60 minutes) Used when updating the Recovery Services Vault.read
- (Defaults to 5 minutes) Used when retrieving the Recovery Services Vault.delete
- (Defaults to 30 minutes) Used when deleting the Recovery Services Vault.
Import
Recovery Services Vaults can be imported using the resourceId
, e.g.