Skip to content

azurermRecoveryServicesVault

Manages a Recovery Services Vault.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "tfex-recovery_vault",
  }
);
new azurerm.recoveryServicesVault.RecoveryServicesVault(this, "vault", {
  location: azurermResourceGroupExample.location,
  name: "example-recovery-vault",
  resource_group_name: azurermResourceGroupExample.name,
  sku: "Standard",
  soft_delete_enabled: true,
});

Argument Reference

The following arguments are supported:

  • name - (Required) Specifies the name of the Recovery Services Vault. Recovery Service Vault name must be 2 - 50 characters long, start with a letter, contain only letters, numbers and hyphens. Changing this forces a new resource to be created.

  • resourceGroupName - (Required) The name of the resource group in which to create the Recovery Services Vault. Changing this forces a new resource to be created.

  • location - (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.

  • tags - (Optional) A mapping of tags to assign to the resource.

  • identity - (Optional) An identity block as defined below.

  • sku - (Required) Sets the vault's SKU. Possible values include: standard, rs0.

  • publicNetworkAccessEnabled - (Optional) Is it enabled to access the vault from public networks. Defaults to true.

  • immutability - (Optional) Immutability Settings of vault, possible values include: locked, unlocked and disabled.

  • storageModeType - (Optional) The storage type of the Recovery Services Vault. Possible values are geoRedundant, locallyRedundant and zoneRedundant. Defaults to geoRedundant.

  • crossRegionRestoreEnabled - (Optional) Is cross region restore enabled for this Vault? Only can be true, when storageModeType is geoRedundant. Defaults to false.

-> Note: Once crossRegionRestoreEnabled is set to true, changing it back to false forces a new Recovery Service Vault to be created.

  • softDeleteEnabled - (Optional) Is soft delete enable for this Vault? Defaults to true.

  • encryption - (Optional) An encryption block as defined below. Required with identity.

!> Note: Once Encryption with your own key has been Enabled it's not possible to Disable it.

  • classicVmwareReplicationEnabled - (Optional) Whether to enable the Classic experience for VMware replication. If set to false VMware machines will be protected using the new stateless ASR replication appliance. Changing this forces a new resource to be created.

An identity block supports the following:

  • type - (Required) Specifies the type of Managed Service Identity that should be configured on this Recovery Services Vault. Possible values are systemAssigned, userAssigned, systemAssigned,UserAssigned (to enable both).

  • identityIds - (Optional) A list of User Assigned Managed Identity IDs to be assigned to this App Configuration.

\~> NOTE: identityIds is required when type is set to userAssigned or systemAssigned,UserAssigned.

An encryption block supports the following:

  • keyId - (Required) The Key Vault key id used to encrypt this vault. Key managed by Vault Managed Hardware Security Module is also supported.

  • infrastructureEncryptionEnabled - (Required) Enabling/Disabling the Double Encryption state.

  • userAssignedIdentityId - (Optional) Specifies the user assigned identity ID to be used.

  • useSystemAssignedIdentity - (Optional) Indicate that system assigned identity should be used or not. Defaults to true.

!> Note: useSystemAssignedIdentity only be able to set to false for new vaults. Any vaults containing existing items registered or attempted to be registered to it are not supported. Details can be found in the document

!> Note: Once infrastructureEncryptionEnabled has been set it's not possible to change it.

Attributes Reference

The following attributes are exported:

  • id - The ID of the Recovery Services Vault.

  • identity - An identity block as defined below.

An identity block exports the following:

  • principalId - The Principal ID associated with this Managed Service Identity.

  • tenantId - The Tenant ID associated with this Managed Service Identity.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 2 hours) Used when creating the Recovery Services Vault.
  • update - (Defaults to 60 minutes) Used when updating the Recovery Services Vault.
  • read - (Defaults to 5 minutes) Used when retrieving the Recovery Services Vault.
  • delete - (Defaults to 30 minutes) Used when deleting the Recovery Services Vault.

Import

Recovery Services Vaults can be imported using the resourceId, e.g.

terraform import azurerm_recovery_services_vault.vault1 /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.RecoveryServices/vaults/vault1