Common Azure terraform module to create an Azure Site Recovery configuration with its cache Storage Account.
Resource naming is based on the Microsoft CAF naming convention best practices. Legacy naming is available by setting the parameter use_caf_naming to false.
We rely on the official Terraform Azure CAF naming provider to generate resource names.
| Module version | Terraform version | OpenTofu version | AzureRM version |
|---|---|---|---|
| >= 8.x.x | Unverified | 1.8.x | >= 4.0 |
| >= 7.x.x | 1.3.x | >= 3.0 | |
| >= 6.x.x | 1.x | >= 3.0 | |
| >= 5.x.x | 0.15.x | >= 2.0 | |
| >= 4.x.x | 0.13.x / 0.14.x | >= 2.0 | |
| >= 3.x.x | 0.12.x | >= 2.0 | |
| >= 2.x.x | 0.12.x | < 2.0 | |
| < 2.x.x | 0.11.x | < 2.0 |
If you want to contribute to this repository, feel free to use our pre-commit git hook configuration which will help you automatically update and format some files for you by enforcing our Terraform code module best-practices.
More details are available in the CONTRIBUTING.md file.
This module is optimized to work with the Claranet terraform-wrapper tool
which set some terraform variables in the environment needed by this module.
More details about variables set by the terraform-wrapper available in the documentation.
module "rg" {
source = "claranet/rg/azurerm"
version = "x.x.x"
client_name = var.client_name
location = var.location
environment = var.environment
stack = var.stack
}
module "primary_location" {
source = "claranet/regions/azurerm"
version = "x.x.x"
azure_region = "fr-central"
}
module "secondary_location" {
source = "claranet/regions/azurerm"
version = "x.x.x"
azure_region = "fr-south"
}
module "vnet" {
source = "claranet/vnet/azurerm"
version = "x.x.x"
client_name = var.client_name
environment = var.environment
stack = var.stack
resource_group_name = module.rg.resource_group_name
location = module.secondary_location.location
location_short = module.secondary_location.location_short
vnet_cidr = ["172.16.2.0/24"]
}
module "subnet" {
source = "claranet/subnet/azurerm"
version = "x.x.x"
client_name = var.client_name
environment = var.environment
stack = var.stack
resource_group_name = module.rg.resource_group_name
location_short = module.secondary_location.location_short
virtual_network_name = module.vnet.virtual_network_name
subnet_cidr_list = ["172.16.2.0/24"]
}
data "azapi_resource" "vms_infos" {
name = "vm01"
parent_id = "/subscriptions/xxxx-yyyyyy-aaaaaa-zzzzzzz-tttttttt/resourceGroups/rg-primary-region-vm01"
type = "Microsoft.Compute/virtualMachines@2022-08-01"
response_export_values = ["name", "id", "properties.storageProfile.osDisk.managedDisk", "properties.storageProfile.dataDisks", "properties.networkProfile.networkInterfaces"]
}
module "run" {
source = "claranet/run/azurerm"
version = "x.x.x"
client_name = var.client_name
location = module.secondary_location.location
location_short = module.secondary_location.location_short
environment = var.environment
stack = var.stack
resource_group_name = module.rg.resource_group_name
monitoring_function_splunk_token = "xxxxxx"
monitoring_function_metrics_extra_dimensions = {
env = var.environment
sfx_monitored = "true"
}
backup_vm_enabled = true
backup_postgresql_enabled = true
update_center_enabled = true
extra_tags = {
foo = "bar"
}
}
module "site_recovery" {
source = "claranet/site-recovery/azurerm"
version = "x.x.x"
client_name = var.client_name
environment = var.environment
stack = var.stack
location = module.secondary_location.location
resource_group_name = module.rg.resource_group_name
primary_location = module.primary_location.location
primary_location_short = module.primary_location.location_short
logs_destinations_ids = [
module.run.log_analytics_workspace_id,
module.run.logs_storage_account_id
]
cache_storage_resource_group_name = "rg-cache-storage"
replicated_vms = {
vm01 = {
vm_id = jsondecode(data.azapi_resource.vms_infos.output).id
target_resource_group_id = module.rg.resource_group_name
target_network_id = module.subnet.subnet_id
managed_disks = [
{
disk_id = jsondecode(data.azapi_resource.vms_infos.output).properties.storageProfile.osDisk.managedDisk.id
disk_type = jsondecode(data.azapi_resource.vms_infos.output).properties.storageProfile.osDisk.managedDisk.storageAccountType
}
]
network_interfaces = [
{
network_interface_id = jsondecode(data.azapi_resource.vms_infos.output).properties.networkProfile.networkInterfaces[0].id
target_subnet_name = module.subnet.subnet_id
target_static_ip = "172.16.2.10"
}
]
}
}
replication_policy = {
name = "replipol-01"
}
}| Name | Version |
|---|---|
| azapi | ~> 1.0, < 1.13 |
| azurecaf | ~> 1.1 |
| azurerm | ~> 3.114 |
| Name | Source | Version |
|---|---|---|
| cache_storage_account | claranet/storage-account/azurerm | ~> 7.14.0 |
| diagnostics_recovery_vault | claranet/diagnostic-settings/azurerm | ~> 7.0.0 |
| Name | Type |
|---|---|
| azurerm_recovery_services_vault.asr_vault | resource |
| azurerm_site_recovery_fabric.primary | resource |
| azurerm_site_recovery_fabric.secondary | resource |
| azurerm_site_recovery_network_mapping.network_mapping | resource |
| azurerm_site_recovery_protection_container.primary | resource |
| azurerm_site_recovery_protection_container.secondary | resource |
| azurerm_site_recovery_protection_container_mapping.container_mapping | resource |
| azurerm_site_recovery_replicated_vm.vm_replication | resource |
| azurerm_site_recovery_replication_policy.policy | resource |
| azapi_resource.nic_interfaces | data source |
| azurecaf_name.primary_srf | data source |
| azurecaf_name.primary_srpc | data source |
| azurecaf_name.rsv | data source |
| azurecaf_name.secondary_srf | data source |
| azurecaf_name.secondary_srpc | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cache_storage_account_custom_diagnostic_settings_name | Custom name of the diagnostics settings of the cache storage account, name will be 'default' if not set. | string |
"default" |
no |
| cache_storage_account_logs_categories | Log categories to send to destinations. | list(string) |
null |
no |
| cache_storage_account_logs_destinations_ids | List of destination resources IDs for logs diagnostic destination for the cache Storage Account. Can be Storage Account, Log Analytics Workspace and Event Hub. No more than one of each can be set.If you want to specify an Azure EventHub to send logs and metrics to, you need to provide a formatted string with both the EventHub Namespace authorization send ID and the EventHub name (name of the queue to use in the Namespace) separated by the ` |
` character. | list(string) |
[] |
| cache_storage_account_logs_metrics_categories | Metrics categories to send to destinations. | list(string) |
null |
no |
| cache_storage_advanced_threat_protection_enabled | Boolean flag which controls if advanced threat protection is enabled, see documentation for more information. | bool |
true |
no |
| cache_storage_allowed_cidrs | List of public IPs allowed to access to the cache Storage Account. | list(string) |
[] |
no |
| cache_storage_allowed_subnet_ids | List of subnet IDs allowed to access to the cache Storage Account. All subnets of replicated VMs are dynamically fetched. | list(string) |
[] |
no |
| cache_storage_custom_name | Custom name for cache Storage Account. | string |
null |
no |
| cache_storage_resource_group_name | Resource Group name in which to deploy the cache Storage Account. | string |
n/a | yes |
| client_name | Client name/account used in naming. | string |
n/a | yes |
| default_tags_enabled | Option to enable or disable default tags. | bool |
true |
no |
| environment | Project environment. | string |
n/a | yes |
| extra_tags | Additional tags to associate with your Azure Storage Account. | map(string) |
{} |
no |
| location | Azure region to use. | string |
n/a | yes |
| logs_destinations_ids | List of destination resources IDs for logs diagnostic destination. Can be Storage Account, Log Analytics Workspace and Event Hub. No more than one of each can be set.If you want to specify an Azure EventHub to send logs and metrics to, you need to provide a formatted string with both the EventHub Namespace authorization send ID and the EventHub name (name of the queue to use in the Namespace) separated by the ` |
` character. | list(string) |
n/a |
| name_prefix | Optional prefix for the generated name. | string |
"" |
no |
| name_suffix | Optional suffix for the generated name. | string |
"" |
no |
| network_mapping | Virtual Network mapping as { "source VNet ID" => "destination VNet ID" }. |
map(string) |
{} |
no |
| primary_location | Location of source resources to be replicated. | string |
n/a | yes |
| primary_location_short | Short name of the source location. | string |
n/a | yes |
| primary_site_recovery_fabric_custom_name | Custom name for Primary Azure Site Recovery Fabric. | string |
"" |
no |
| primary_site_recovery_protection_container_custom_name | Custom name for Primary Azure Site Recovery Protection Container. | string |
"" |
no |
| recovery_vault_custom_name | Custom name for Azure Recovery Vault. | string |
"" |
no |
| recovery_vault_logs_destinations_ids | List of destination resources IDs for logs diagnostic destination for the Recovery Vault. Can be Storage Account, Log Analytics Workspace and Event Hub. No more than one of each can be set.If you want to specify an Azure EventHub to send logs and metrics to, you need to provide a formatted string with both the EventHub Namespace authorization send ID and the EventHub name (name of the queue to use in the Namespace) separated by the ` |
` character. | list(string) |
[] |
| replicated_vms | Map of VMs to replicate with Azure Site Recovery. VM Name is expected as a key. | map( |
n/a | yes |
| replication_policy | Site recovery replication policy. | object({ |
n/a | yes |
| resource_group_name | Resource group name | string |
n/a | yes |
| secondary_site_recovery_fabric_custom_name | Custom name for Secondary Azure Site Recovery Fabric. | string |
"" |
no |
| secondary_site_recovery_protection_container_custom_name | Custom name for Secondary Azure Site Recovery Protection Container. | string |
"" |
no |
| stack | Project stack name. | string |
n/a | yes |
| use_caf_naming | Use the Azure CAF naming provider to generate default resource name. custom_rg_name override this if set. Legacy default name is used if this is set to false. |
bool |
true |
no |
| Name | Description |
|---|---|
| cache_storage_account | Cache Storage Account. |
| primary_fabric | Fabric of the source resources. Primary region. |
| recovery_vault | Azure Recovery Services Vault. |
| replicated_vms | Replicated virtual machines. |
| replication_policy | Replication policy. |
| secondary_fabric | Fabric of the replicated resources. Secondary region. |
Azure Site Recovery documentation: learn.microsoft.com/en-us/azure/site-recovery/site-recovery-overview