For Each Loops and Terraform Locals - Efficiently Configuring Backup Policies for Azure Recovery Services Vault terraform module

394
4 min to read

Azure Recovery Services Vault is a powerful tool for managing and protecting your data in the cloud. It provides a secure, scalable, and robust solution for backing up and restoring your infrastructure. However, configuring backup policies for multiple resources can be time-consuming and prone to error. In this blog post, we will explore how to efficiently configure backup policies for Azure Recovery Services Vault using for each loops and Terraform locals.

Why Use Locals Instead of Variables.tf?

In Terraform, locals are a powerful way to define and reuse values across multiple resources. Unlike variables.tf, locals are not defined at the module level and are not exposed to the outside world. This makes them ideal for defining complex objects, like backup policies, that are used by multiple resources within the same module. By using locals, we can avoid defining the same backup policy multiple times and simplify our configuration management.

Defining Backup Policies Using For-Each Loops and Locals

In this section, we will show you how to define backup policies for multiple resources using for-each loops and locals in Terraform. We will also demonstrate how to configure the backup policy retention periods for each resource which we successfule completed in the previous article.

locals {
  backup_policies = {
    hourly_backup_policy = {
      frequency = "Hourly"
      interval  = 4
      daily     = 35
      weekly    = 90
      monthly   = 365
      yearly    = 3650
    }
    daily_backup_policy = {
      frequency = "Daily"
      interval  = 1
      daily     = 14
      weekly    = 30
      monthly   = 90
      yearly    = 2555
    }
    weekly_backup_policy = {
      frequency = "Weekly"
      interval  = 1
      daily     = 7
      weekly    = 14
      monthly   = 60
      yearly    = 365
    }
  }

  backup_targets = {
    file_shares = [
      {
        name       = "examplefileshare1"
        account_id = azurerm_storage_account.example1.id
      },
      {
        name       = "examplefileshare2"
        account_id = azurerm_storage_account.example2.id
      },
      {
        name       = "examplefileshare3"
        account_id = azurerm_storage_account.example3.id
      }
    ]
  }
}

In the locals block, we define the backup policies using a map with each policy's name as the key and a map of its attributes as the value. We also define the backup targets using another map with a list of file shares as the value. Each file share is defined as a map with its name and associated storage account ID. Next, we define the azurerm_backup_policy_file_share resource and use the for_each loop to iterate through the backup_targets map, creating a backup policy for each file share:

resource "azurerm_backup_policy_file_share" "example" {
  for_each               = { for t in local.backup_targets.file_shares : t.name => t }
  name                   = each.value.name
  recovery_vault_name    = azurerm_recovery_services_vault.example.name
  resource_group_name    = azurerm_recovery_services_vault.example.resource_group_name
  backup_management_type = "AzureStorage"
  backup {
    frequency         = local.backup_policies.hourly_backup_policy.frequency
    time              = "12:00"
    retention_daily   = local.backup_policies.hourly_backup_policy.retention_daily
    retention_weekly  = local.backup_policies.hourly_backup_policy.retention_weekly
    retention_monthly = local.backup_policies.hourly_backup_policy.retention_monthly
    retention_yearly  = local.backup_policies.hourly_backup_policy.retention_yearly
  }

  source_data_shares {
    storage_account_id = each.value.account_id
    data_share_name    = each.value.name
  }
}

Conclusion

In this blog post, we explored how to use for-each loops and Terraform locals to efficiently configure backup policies for Azure Recovery Services Vault. This approach simplifies configuration management and reduces the potential for human error, making it a powerful tool for managing and protecting your data in the cloud.

Using locals instead of variables.tf provides an additional layer of security, ensuring that complex objects like backup policies are not exposed to the outside world. This also allows us to simplify our configuration management and avoid defining the same backup policy multiple times.

By leveraging for each loops and Terraform's powerful local variables, we can easily manage backup policies for multiple resources in a scalable and flexible manner. This approach enables us to efficiently configure backup policies while maintaining the scalability and flexibility required for modern cloud infrastructure.

In conclusion, by using for-each loops and locals in Terraform, we can easily configure backup policies for multiple resources with Azure Recovery Services Vault. This approach streamlines configuration management and ensures scalability and flexibility for modern cloud infrastructure, making it an essential tool for data protection and management in the cloud.

About me

Azure Cloud Solutions Engineer with a passion for cloud automation, DevOps, Kubernetes , monitoring, identity management (IAM), cloud security and O365. Working with Azure, Amazon AWS, System Center, OMS/Log Analytics and related cloud services and software.

My certifications
Recent articles
Azure Bicep Parameters: Enhancing Infrastructure as Code
Azure Bicep Parameters: Enhancing Infrastructure as Code
Lists vs Maps in Terraform Variables
Lists vs Maps in Terraform Variables
Terraform Workspaces and Local Variables
Terraform Workspaces and Local Variables
Optimizing Azure Blob Storage: Cold Storage policy with Terraform
Optimizing Azure Blob Storage: Cold Storage policy with Terraform
Topics
Tags