azurermSiteRecoveryReplicatedVm

Manages a VM replicated using Azure Site Recovery (Azure to Azure only). A replicated VM keeps a copiously updated image of the VM in another region in order to be able to start the VM in that region in case of a disaster.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupPrimary = new azurerm.resourceGroup.ResourceGroup(
  this,
  "primary",
  {
    location: "West US",
    name: "tfex-replicated-vm-primary",
  }
);
const azurermResourceGroupSecondary = new azurerm.resourceGroup.ResourceGroup(
  this,
  "secondary",
  {
    location: "East US",
    name: "tfex-replicated-vm-secondary",
  }
);
const azurermStorageAccountPrimary = new azurerm.storageAccount.StorageAccount(
  this,
  "primary_2",
  {
    account_replication_type: "LRS",
    account_tier: "Standard",
    location: azurermResourceGroupPrimary.location,
    name: "primaryrecoverycache",
    resource_group_name: azurermResourceGroupPrimary.name,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageAccountPrimary.overrideLogicalId("primary");
const azurermVirtualNetworkPrimary = new azurerm.virtualNetwork.VirtualNetwork(
  this,
  "primary_3",
  {
    address_space: ["192.168.1.0/24"],
    location: azurermResourceGroupPrimary.location,
    name: "network1",
    resource_group_name: azurermResourceGroupPrimary.name,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualNetworkPrimary.overrideLogicalId("primary");
const azurermVirtualNetworkSecondary =
  new azurerm.virtualNetwork.VirtualNetwork(this, "secondary_4", {
    address_space: ["192.168.2.0/24"],
    location: azurermResourceGroupSecondary.location,
    name: "network2",
    resource_group_name: azurermResourceGroupSecondary.name,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualNetworkSecondary.overrideLogicalId("secondary");
const azurermPublicIpPrimary = new azurerm.publicIp.PublicIp(
  this,
  "primary_5",
  {
    allocation_method: "Static",
    location: azurermResourceGroupPrimary.location,
    name: "vm-public-ip-primary",
    resource_group_name: azurermResourceGroupPrimary.name,
    sku: "Basic",
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermPublicIpPrimary.overrideLogicalId("primary");
const azurermPublicIpSecondary = new azurerm.publicIp.PublicIp(
  this,
  "secondary_6",
  {
    allocation_method: "Static",
    location: azurermResourceGroupSecondary.location,
    name: "vm-public-ip-secondary",
    resource_group_name: azurermResourceGroupSecondary.name,
    sku: "Basic",
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermPublicIpSecondary.overrideLogicalId("secondary");
const azurermRecoveryServicesVaultVault =
  new azurerm.recoveryServicesVault.RecoveryServicesVault(this, "vault", {
    location: azurermResourceGroupSecondary.location,
    name: "example-recovery-vault",
    resource_group_name: azurermResourceGroupSecondary.name,
    sku: "Standard",
  });
const azurermSiteRecoveryFabricPrimary =
  new azurerm.siteRecoveryFabric.SiteRecoveryFabric(this, "primary_8", {
    location: azurermResourceGroupPrimary.location,
    name: "primary-fabric",
    recovery_vault_name: azurermRecoveryServicesVaultVault.name,
    resource_group_name: azurermResourceGroupSecondary.name,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSiteRecoveryFabricPrimary.overrideLogicalId("primary");
const azurermSiteRecoveryFabricSecondary =
  new azurerm.siteRecoveryFabric.SiteRecoveryFabric(this, "secondary_9", {
    location: azurermResourceGroupSecondary.location,
    name: "secondary-fabric",
    recovery_vault_name: azurermRecoveryServicesVaultVault.name,
    resource_group_name: azurermResourceGroupSecondary.name,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSiteRecoveryFabricSecondary.overrideLogicalId("secondary");
const azurermSiteRecoveryNetworkMappingNetworkMapping =
  new azurerm.siteRecoveryNetworkMapping.SiteRecoveryNetworkMapping(
    this,
    "network-mapping",
    {
      name: "network-mapping",
      recovery_vault_name: azurermRecoveryServicesVaultVault.name,
      resource_group_name: azurermResourceGroupSecondary.name,
      source_network_id: azurermVirtualNetworkPrimary.id,
      source_recovery_fabric_name: azurermSiteRecoveryFabricPrimary.name,
      target_network_id: azurermVirtualNetworkSecondary.id,
      target_recovery_fabric_name: azurermSiteRecoveryFabricSecondary.name,
    }
  );
const azurermSiteRecoveryProtectionContainerPrimary =
  new azurerm.siteRecoveryProtectionContainer.SiteRecoveryProtectionContainer(
    this,
    "primary_11",
    {
      name: "primary-protection-container",
      recovery_fabric_name: azurermSiteRecoveryFabricPrimary.name,
      recovery_vault_name: azurermRecoveryServicesVaultVault.name,
      resource_group_name: azurermResourceGroupSecondary.name,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSiteRecoveryProtectionContainerPrimary.overrideLogicalId("primary");
const azurermSiteRecoveryProtectionContainerSecondary =
  new azurerm.siteRecoveryProtectionContainer.SiteRecoveryProtectionContainer(
    this,
    "secondary_12",
    {
      name: "secondary-protection-container",
      recovery_fabric_name: azurermSiteRecoveryFabricSecondary.name,
      recovery_vault_name: azurermRecoveryServicesVaultVault.name,
      resource_group_name: azurermResourceGroupSecondary.name,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSiteRecoveryProtectionContainerSecondary.overrideLogicalId("secondary");
const azurermSiteRecoveryReplicationPolicyPolicy =
  new azurerm.siteRecoveryReplicationPolicy.SiteRecoveryReplicationPolicy(
    this,
    "policy",
    {
      application_consistent_snapshot_frequency_in_minutes: "${4 * 60}",
      name: "policy",
      recovery_point_retention_in_minutes: "${24 * 60}",
      recovery_vault_name: azurermRecoveryServicesVaultVault.name,
      resource_group_name: azurermResourceGroupSecondary.name,
    }
  );
const azurermSubnetPrimary = new azurerm.subnet.Subnet(this, "primary_14", {
  address_prefixes: ["192.168.1.0/24"],
  name: "network1-subnet",
  resource_group_name: azurermResourceGroupPrimary.name,
  virtual_network_name: azurermVirtualNetworkPrimary.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSubnetPrimary.overrideLogicalId("primary");
const azurermSubnetSecondary = new azurerm.subnet.Subnet(this, "secondary_15", {
  address_prefixes: ["192.168.2.0/24"],
  name: "network2-subnet",
  resource_group_name: azurermResourceGroupSecondary.name,
  virtual_network_name: azurermVirtualNetworkSecondary.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSubnetSecondary.overrideLogicalId("secondary");
const azurermNetworkInterfaceVm = new azurerm.networkInterface.NetworkInterface(
  this,
  "vm",
  {
    ip_configuration: [
      {
        name: "vm",
        private_ip_address_allocation: "Dynamic",
        public_ip_address_id: azurermPublicIpPrimary.id,
        subnet_id: azurermSubnetPrimary.id,
      },
    ],
    location: azurermResourceGroupPrimary.location,
    name: "vm-nic",
    resource_group_name: azurermResourceGroupPrimary.name,
  }
);
const azurermSiteRecoveryProtectionContainerMappingContainerMapping =
  new azurerm.siteRecoveryProtectionContainerMapping.SiteRecoveryProtectionContainerMapping(
    this,
    "container-mapping",
    {
      name: "container-mapping",
      recovery_fabric_name: azurermSiteRecoveryFabricPrimary.name,
      recovery_replication_policy_id:
        azurermSiteRecoveryReplicationPolicyPolicy.id,
      recovery_source_protection_container_name:
        azurermSiteRecoveryProtectionContainerPrimary.name,
      recovery_target_protection_container_id:
        azurermSiteRecoveryProtectionContainerSecondary.id,
      recovery_vault_name: azurermRecoveryServicesVaultVault.name,
      resource_group_name: azurermResourceGroupSecondary.name,
    }
  );
const azurermVirtualMachineVm = new azurerm.virtualMachine.VirtualMachine(
  this,
  "vm_18",
  {
    location: azurermResourceGroupPrimary.location,
    name: "vm",
    network_interface_ids: [azurermNetworkInterfaceVm.id],
    os_profile: [
      {
        admin_password: "test-pwd-123",
        admin_username: "test-admin-123",
        computer_name: "vm",
      },
    ],
    os_profile_linux_config: [
      {
        disable_password_authentication: false,
      },
    ],
    resource_group_name: azurermResourceGroupPrimary.name,
    storage_image_reference: [
      {
        offer: "CentOS",
        publisher: "OpenLogic",
        sku: "7.5",
        version: "latest",
      },
    ],
    storage_os_disk: [
      {
        caching: "ReadWrite",
        create_option: "FromImage",
        managed_disk_type: "Premium_LRS",
        name: "vm-os-disk",
        os_type: "Linux",
      },
    ],
    vm_size: "Standard_B1s",
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualMachineVm.overrideLogicalId("vm");
new azurerm.siteRecoveryReplicatedVm.SiteRecoveryReplicatedVm(
  this,
  "vm-replication",
  {
    depends_on: [
      `\${${azurermSiteRecoveryProtectionContainerMappingContainerMapping.fqn}}`,
      `\${${azurermSiteRecoveryNetworkMappingNetworkMapping.fqn}}`,
    ],
    managed_disk: [
      {
        disk_id: `\${${azurermVirtualMachineVm.storageOsDisk.fqn}[0].managed_disk_id}`,
        staging_storage_account_id: azurermStorageAccountPrimary.id,
        target_disk_type: "Premium_LRS",
        target_replica_disk_type: "Premium_LRS",
        target_resource_group_id: azurermResourceGroupSecondary.id,
      },
    ],
    name: "vm-replication",
    network_interface: [
      {
        recovery_public_ip_address_id: azurermPublicIpSecondary.id,
        source_network_interface_id: azurermNetworkInterfaceVm.id,
        target_subnet_name: azurermSubnetSecondary.name,
      },
    ],
    recovery_replication_policy_id:
      azurermSiteRecoveryReplicationPolicyPolicy.id,
    recovery_vault_name: azurermRecoveryServicesVaultVault.name,
    resource_group_name: azurermResourceGroupSecondary.name,
    source_recovery_fabric_name: azurermSiteRecoveryFabricPrimary.name,
    source_recovery_protection_container_name:
      azurermSiteRecoveryProtectionContainerPrimary.name,
    source_vm_id: azurermVirtualMachineVm.id,
    target_recovery_fabric_id: azurermSiteRecoveryFabricSecondary.id,
    target_recovery_protection_container_id:
      azurermSiteRecoveryProtectionContainerSecondary.id,
    target_resource_group_id: azurermResourceGroupSecondary.id,
  }
);

Argument Reference

The following arguments are supported:

name - (Required) The name of the replication for the replicated VM. Changing this forces a new resource to be created.
resourceGroupName - (Required) Name of the resource group where the vault that should be updated is located. Changing this forces a new resource to be created.
recoveryVaultName - (Required) The name of the vault that should be updated. Changing this forces a new resource to be created.
recoveryReplicationPolicyId - (Required) Id of the policy to use for this replicated vm. Changing this forces a new resource to be created.
sourceRecoveryFabricName - (Required) Name of fabric that should contain this replication. Changing this forces a new resource to be created.
sourceVmId - (Required) Id of the VM to replicate Changing this forces a new resource to be created.
sourceRecoveryProtectionContainerName - (Required) Name of the protection container to use. Changing this forces a new resource to be created.
targetResourceGroupId - (Required) Id of resource group where the VM should be created when a failover is done. Changing this forces a new resource to be created.
targetRecoveryFabricId - (Required) Id of fabric where the VM replication should be handled when a failover is done. Changing this forces a new resource to be created.
targetRecoveryProtectionContainerId - (Required) Id of protection container where the VM replication should be created when a failover is done. Changing this forces a new resource to be created.
targetAvailabilitySetId - (Optional) Id of availability set that the new VM should belong to when a failover is done.
targetZone - (Optional) Specifies the Availability Zone where the Failover VM should exist. Changing this forces a new resource to be created.
managedDisk - (Optional) One or more managedDisk block as defined below. Changing this forces a new resource to be created.
unmanagedDisk - (Optional) One or more unmanagedDisk block. Changing this forces a new resource to be created.
targetEdgeZone - (Optional) Specifies the Edge Zone within the Azure Region where this Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
targetProximityPlacementGroupId - (Optional) Id of Proximity Placement Group the new VM should belong to when a failover is done.
targetBootDiagnosticStorageAccountId - (Optional) Id of the storage account which the new VM should used for boot diagnostic when a failover is done.
targetCapacityReservationGroupId - (Optional) Id of the Capacity reservation group where the new VM should belong to when a failover is done.
targetVirtualMachineScaleSetId - (Optional) Id of the Virtual Machine Scale Set which the new Vm should belong to when a failover is done.
targetNetworkId - (Optional) Network to use when a failover is done (recommended to set if any network_interface is configured for failover).
testNetworkId - (Optional) Network to use when a test failover is done.
networkInterface - (Optional) One or more networkInterface block as defined below.

*

multiVmGroupName - (Optional) Name of group in which all machines will replicate together and have shared crash consistent and app-consistent recovery points when failed over.

A managedDisk block supports the following:

diskId - (Required) Id of disk that should be replicated. Changing this forces a new resource to be created.
stagingStorageAccountId - (Required) Storage account that should be used for caching. Changing this forces a new resource to be created.
targetResourceGroupId - (Required) Resource group disk should belong to when a failover is done. Changing this forces a new resource to be created.
targetDiskType - (Required) What type should the disk be when a failover is done. Possible values are standardLrs, premiumLrs, standardSsdLrs and ultraSsdLrs. Changing this forces a new resource to be created.
targetReplicaDiskType - (Required) What type should the disk be that holds the replication data. Possible values are standardLrs, premiumLrs, standardSsdLrs and ultraSsdLrs. Changing this forces a new resource to be created.
targetDiskEncryptionSetId - (Optional) The Disk Encryption Set that the Managed Disk will be associated with. Changing this forces a new resource to be created.

-> NOTE: Creating replicated vm with targetDiskEncryptionSetId wil take more time (up to 5 hours), please extend the timeout for create.

targetDiskEncryption - (Optional) A targetDiskEncryption block as defined below.

A unmanagedDisk block supports the following:

diskUri - (Required) Id of disk that should be replicated.
stagingStorageAccountId - (Required) Storage account that should be used for caching.
targetStorageAccountId - (Required) Storage account disk should belong to when a failover is done.

A networkInterface block supports the following:

sourceNetworkInterfaceId - (Optional) (Required if the network_interface block is specified) Id source network interface.
targetStaticIp - (Optional) Static IP to assign when a failover is done.
targetSubnetName - (Optional) Name of the subnet to to use when a failover is done.
recoveryPublicIpAddressId - (Optional) Id of the public IP object to use when a failover is done.
failoverTestStaticIp - (Optional) Static IP to assign when a test failover is done.
failoverTestSubnetName - (Optional) Name of the subnet to to use when a test failover is done.
failoverTestPublicIpAddressId - (Optional) Id of the public IP object to use when a test failover is done.

The targetDiskEncryption block supports:

diskEncryptionKey - (Required) A diskEncryptionKey block as defined below.
keyEncryptionKey - (Optional) A keyEncryptionKey block as defined below.

The diskEncryptionKey block supports:

secretUrl - (Required) The URL to the Key Vault Secret used as the Disk Encryption Key that the Managed Disk will be associated with. This can be found as id on the azurermKeyVaultSecret resource. Changing this forces a new resource to be created.
vaultId - (Required) The ID of the Key Vault. This can be found as id on the azurermKeyVault resource. Changing this forces a new resource to be created.

The keyEncryptionKey block supports:

keyUrl - (Required) The URL to the Key Vault Key used as the Key Encryption Key that the Managed Disk will be associated with. This can be found as id on the azurermKeyVaultKey resource. Changing this forces a new resource to be created.
vaultId - (Required) The ID of the Key Vault. This can be found as id on the azurermKeyVault resource. Changing this forces a new resource to be created.

Attributes Reference

In addition to the arguments above, the following attributes are exported:

id - The ID of the Site Recovery Replicated VM.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

create - (Defaults to 3 hours) Used when creating the Site Recovery Replicated VM.
update - (Defaults to 80 minutes) Used when updating the Site Recovery Replicated VM.
read - (Defaults to 5 minutes) Used when retrieving the Site Recovery Replicated VM.
delete - (Defaults to 80 minutes) Used when deleting the Site Recovery Replicated VM.

Import

Site Recovery Replicated VM's can be imported using the resourceId, e.g.

terraform import azurerm_site_recovery_replicated_vm.vmreplication /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resource-group-name/providers/Microsoft.RecoveryServices/vaults/recovery-vault-name/replicationFabrics/fabric-name/replicationProtectionContainers/protection-container-name/replicationProtectedItems/vm-replication-name