Microsoft.RecoveryServices vaults 2021-03-01

Bicep resource definition

The vaults resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.RecoveryServices/vaults resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.RecoveryServices/vaults@2021-03-01' = {
  name: 'string'
  location: 'string'
  tags: {
    tagName1: 'tagValue1'
    tagName2: 'tagValue2'
  }
  sku: {
    name: 'string'
    tier: 'string'
  }
  etag: 'string'
  identity: {
    type: 'string'
    userAssignedIdentities: {
      {customized property}: {}
    }
  }
  properties: {
    encryption: {
      infrastructureEncryption: 'string'
      kekIdentity: {
        userAssignedIdentity: 'string'
        useSystemAssignedIdentity: bool
      }
      keyVaultProperties: {
        keyUri: 'string'
      }
    }
    upgradeDetails: {}
  }
}

Property values

vaults

Name Description Value
name The resource name string (required)

Character limit: 2-50

Valid characters:
Alphanumerics and hyphens.

Start with letter.
location Resource location. string (required)
tags Resource tags. Dictionary of tag names and values. See Tags in templates
sku Identifies the unique system identifier for each Azure resource. Sku
etag Optional ETag. string
identity Identity for the resource. IdentityData
properties Properties of the vault. VaultProperties

IdentityData

Name Description Value
type The type of managed identity used. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user-assigned identities. The type 'None' will remove any identities. 'None'
'SystemAssigned'
'SystemAssigned, UserAssigned'
'UserAssigned' (required)
userAssignedIdentities The list of user-assigned identities associated with the resource. The user-assigned identity dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. IdentityDataUserAssignedIdentities

IdentityDataUserAssignedIdentities

Name Description Value
{customized property} UserIdentity

UserIdentity

This object doesn't contain any properties to set during deployment. All properties are ReadOnly.

VaultProperties

Name Description Value
encryption Customer Managed Key details of the resource. VaultPropertiesEncryption
upgradeDetails Details for upgrading vault. UpgradeDetails

VaultPropertiesEncryption

Name Description Value
infrastructureEncryption Enabling/Disabling the Double Encryption state 'Disabled'
'Enabled'
kekIdentity The details of the identity used for CMK CmkKekIdentity
keyVaultProperties The properties of the Key Vault which hosts CMK CmkKeyVaultProperties

CmkKekIdentity

Name Description Value
userAssignedIdentity The user assigned identity to be used to grant permissions in case the type of identity used is UserAssigned string
useSystemAssignedIdentity Indicate that system assigned identity should be used. Mutually exclusive with 'userAssignedIdentity' field bool

CmkKeyVaultProperties

Name Description Value
keyUri The key uri of the Customer Managed Key string

UpgradeDetails

This object doesn't contain any properties to set during deployment. All properties are ReadOnly.

Sku

Name Description Value
name The Sku name. 'RS0'
'Standard' (required)
tier The Sku tier. string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
IBM Cloud Pak for Data on Azure

Deploy to Azure
This template deploys an Openshift cluster on Azure with all the required resources, infrastructure and then deploys IBM Cloud Pak for Data along with the add-ons that user chooses.
Openshift Container Platform 4.3

Deploy to Azure
Openshift Container Platform 4.3
Backup existing File Share using Recovery Services (Daily)

Deploy to Azure
This template configures protection for an existing File Share present in an existing Storage Account. It creates a new or uses an existing Recovery Services Vault and Backup Policy based on the set parameter values.
Backup existing File Share using Recovery Services (hourly)

Deploy to Azure
This template configures protection with hourly frequency for an existing File Share present in an existing Storage Account. It creates a new or uses an existing Recovery Services Vault and Backup Policy based on the set parameter values.
Backup Resource Manager VMs using Recovery Services vault

Deploy to Azure
This template will use existing recovery services vault and existing backup policy, and configures backup of multiple Resource Manager VMs that belong to same resource group
Create Recovery Services Vault and Enable Diagnostics

Deploy to Azure
This template creates a Recovery Services Vault and enables diagnostics for Azure Backup. This also deploys storage account and oms workspace.
Create Recovery Services Vault with backup policies

Deploy to Azure
This template creates a Recovery Services Vault with backup policies and configure optional features such system identity, backup storage type, cross region restore and diagnostics logs and a delete lock.
Deploy a Windows VM and enable backup using Azure Backup

Deploy to Azure
This template allows you to deploy a Windows VM and Recovery Services Vault configured with the DefaultPolicy for Protection.
Create Daily Backup Policy for RS Vault to protect IaaSVMs

Deploy to Azure
This template creates Recovery service vault and a Daily Backup Policy that can be used to protect classic and ARM based IaaS VMs.
Create Recovery Services Vault with default options

Deploy to Azure
Simple template that creates a Recovery Services Vault.
Create a Recovery Services vault with advanced options

Deploy to Azure
This template creates a Recovery Services vault that will be used further for Backup and Site Recovery.
Azure Backup for Workload in Azure Virtual Machines

Deploy to Azure
This template creates a Recovery Services Vault and a Workload specific Backup Policy. Registers VM with Backup service and Configures Protection
Create Weekly Backup Policy for RS Vault to protect IaaSVMs

Deploy to Azure
This template creates Recovery service vault and a Daily Backup Policy that can be used to protect classic and ARM based IaaS VMs.

ARM template resource definition

The vaults resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.RecoveryServices/vaults resource, add the following JSON to your template.

{
  "type": "Microsoft.RecoveryServices/vaults",
  "apiVersion": "2021-03-01",
  "name": "string",
  "location": "string",
  "tags": {
    "tagName1": "tagValue1",
    "tagName2": "tagValue2"
  },
  "sku": {
    "name": "string",
    "tier": "string"
  },
  "etag": "string",
  "identity": {
    "type": "string",
    "userAssignedIdentities": {
      "{customized property}": {}
    }
  },
  "properties": {
    "encryption": {
      "infrastructureEncryption": "string",
      "kekIdentity": {
        "userAssignedIdentity": "string",
        "useSystemAssignedIdentity": "bool"
      },
      "keyVaultProperties": {
        "keyUri": "string"
      }
    },
    "upgradeDetails": {}
  }
}

Property values

vaults

Name Description Value
type The resource type 'Microsoft.RecoveryServices/vaults'
apiVersion The resource api version '2021-03-01'
name The resource name string (required)

Character limit: 2-50

Valid characters:
Alphanumerics and hyphens.

Start with letter.
location Resource location. string (required)
tags Resource tags. Dictionary of tag names and values. See Tags in templates
sku Identifies the unique system identifier for each Azure resource. Sku
etag Optional ETag. string
identity Identity for the resource. IdentityData
properties Properties of the vault. VaultProperties

IdentityData

Name Description Value
type The type of managed identity used. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user-assigned identities. The type 'None' will remove any identities. 'None'
'SystemAssigned'
'SystemAssigned, UserAssigned'
'UserAssigned' (required)
userAssignedIdentities The list of user-assigned identities associated with the resource. The user-assigned identity dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. IdentityDataUserAssignedIdentities

IdentityDataUserAssignedIdentities

Name Description Value
{customized property} UserIdentity

UserIdentity

This object doesn't contain any properties to set during deployment. All properties are ReadOnly.

VaultProperties

Name Description Value
encryption Customer Managed Key details of the resource. VaultPropertiesEncryption
upgradeDetails Details for upgrading vault. UpgradeDetails

VaultPropertiesEncryption

Name Description Value
infrastructureEncryption Enabling/Disabling the Double Encryption state 'Disabled'
'Enabled'
kekIdentity The details of the identity used for CMK CmkKekIdentity
keyVaultProperties The properties of the Key Vault which hosts CMK CmkKeyVaultProperties

CmkKekIdentity

Name Description Value
userAssignedIdentity The user assigned identity to be used to grant permissions in case the type of identity used is UserAssigned string
useSystemAssignedIdentity Indicate that system assigned identity should be used. Mutually exclusive with 'userAssignedIdentity' field bool

CmkKeyVaultProperties

Name Description Value
keyUri The key uri of the Customer Managed Key string

UpgradeDetails

This object doesn't contain any properties to set during deployment. All properties are ReadOnly.

Sku

Name Description Value
name The Sku name. 'RS0'
'Standard' (required)
tier The Sku tier. string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
IBM Cloud Pak for Data on Azure

Deploy to Azure
This template deploys an Openshift cluster on Azure with all the required resources, infrastructure and then deploys IBM Cloud Pak for Data along with the add-ons that user chooses.
Openshift Container Platform 4.3

Deploy to Azure
Openshift Container Platform 4.3
Backup existing File Share using Recovery Services (Daily)

Deploy to Azure
This template configures protection for an existing File Share present in an existing Storage Account. It creates a new or uses an existing Recovery Services Vault and Backup Policy based on the set parameter values.
Backup existing File Share using Recovery Services (hourly)

Deploy to Azure
This template configures protection with hourly frequency for an existing File Share present in an existing Storage Account. It creates a new or uses an existing Recovery Services Vault and Backup Policy based on the set parameter values.
Backup Resource Manager VMs using Recovery Services vault

Deploy to Azure
This template will use existing recovery services vault and existing backup policy, and configures backup of multiple Resource Manager VMs that belong to same resource group
Create Recovery Services Vault and Enable Diagnostics

Deploy to Azure
This template creates a Recovery Services Vault and enables diagnostics for Azure Backup. This also deploys storage account and oms workspace.
Create Recovery Services Vault with backup policies

Deploy to Azure
This template creates a Recovery Services Vault with backup policies and configure optional features such system identity, backup storage type, cross region restore and diagnostics logs and a delete lock.
Deploy a Windows VM and enable backup using Azure Backup

Deploy to Azure
This template allows you to deploy a Windows VM and Recovery Services Vault configured with the DefaultPolicy for Protection.
Create Daily Backup Policy for RS Vault to protect IaaSVMs

Deploy to Azure
This template creates Recovery service vault and a Daily Backup Policy that can be used to protect classic and ARM based IaaS VMs.
Create Recovery Services Vault with default options

Deploy to Azure
Simple template that creates a Recovery Services Vault.
Create a Recovery Services vault with advanced options

Deploy to Azure
This template creates a Recovery Services vault that will be used further for Backup and Site Recovery.
Azure Backup for Workload in Azure Virtual Machines

Deploy to Azure
This template creates a Recovery Services Vault and a Workload specific Backup Policy. Registers VM with Backup service and Configures Protection
Create Weekly Backup Policy for RS Vault to protect IaaSVMs

Deploy to Azure
This template creates Recovery service vault and a Daily Backup Policy that can be used to protect classic and ARM based IaaS VMs.

Terraform (AzAPI provider) resource definition

The vaults resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.RecoveryServices/vaults resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.RecoveryServices/vaults@2021-03-01"
  name = "string"
  location = "string"
  parent_id = "string"
  tags = {
    tagName1 = "tagValue1"
    tagName2 = "tagValue2"
  }
  identity {
    type = "string"
    identity_ids = []
  }
  body = jsonencode({
    properties = {
      encryption = {
        infrastructureEncryption = "string"
        kekIdentity = {
          userAssignedIdentity = "string"
          useSystemAssignedIdentity = bool
        }
        keyVaultProperties = {
          keyUri = "string"
        }
      }
      upgradeDetails = {}
    }
    sku = {
      name = "string"
      tier = "string"
    }
    etag = "string"
  })
}

Property values

vaults

Name Description Value
type The resource type "Microsoft.RecoveryServices/vaults@2021-03-01"
name The resource name string (required)

Character limit: 2-50

Valid characters:
Alphanumerics and hyphens.

Start with letter.
location Resource location. string (required)
parent_id To deploy to a resource group, use the ID of that resource group. string (required)
tags Resource tags. Dictionary of tag names and values.
sku Identifies the unique system identifier for each Azure resource. Sku
etag Optional ETag. string
identity Identity for the resource. IdentityData
properties Properties of the vault. VaultProperties

IdentityData

Name Description Value
type The type of managed identity used. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user-assigned identities. The type 'None' will remove any identities. "SystemAssigned"
"SystemAssigned, UserAssigned"
"UserAssigned" (required)
identity_ids The list of user-assigned identities associated with the resource. The user-assigned identity dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. Array of user identity IDs.

IdentityDataUserAssignedIdentities

Name Description Value
{customized property} UserIdentity

UserIdentity

This object doesn't contain any properties to set during deployment. All properties are ReadOnly.

VaultProperties

Name Description Value
encryption Customer Managed Key details of the resource. VaultPropertiesEncryption
upgradeDetails Details for upgrading vault. UpgradeDetails

VaultPropertiesEncryption

Name Description Value
infrastructureEncryption Enabling/Disabling the Double Encryption state "Disabled"
"Enabled"
kekIdentity The details of the identity used for CMK CmkKekIdentity
keyVaultProperties The properties of the Key Vault which hosts CMK CmkKeyVaultProperties

CmkKekIdentity

Name Description Value
userAssignedIdentity The user assigned identity to be used to grant permissions in case the type of identity used is UserAssigned string
useSystemAssignedIdentity Indicate that system assigned identity should be used. Mutually exclusive with 'userAssignedIdentity' field bool

CmkKeyVaultProperties

Name Description Value
keyUri The key uri of the Customer Managed Key string

UpgradeDetails

This object doesn't contain any properties to set during deployment. All properties are ReadOnly.

Sku

Name Description Value
name The Sku name. "RS0"
"Standard" (required)
tier The Sku tier. string