Microsoft.RecoveryServices vaults 2021-04-01

Bicep resource definition

The vaults resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.RecoveryServices/vaults resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.RecoveryServices/vaults@2021-04-01' = {
  etag: 'string'
  identity: {
    type: 'string'
    userAssignedIdentities: {
      {customized property}: {}
    }
  }
  location: 'string'
  name: 'string'
  properties: {
    encryption: {
      infrastructureEncryption: 'string'
      kekIdentity: {
        userAssignedIdentity: 'string'
        useSystemAssignedIdentity: bool
      }
      keyVaultProperties: {
        keyUri: 'string'
      }
    }
    moveDetails: {}
    upgradeDetails: {}
  }
  sku: {
    capacity: 'string'
    family: 'string'
    name: 'string'
    size: 'string'
    tier: 'string'
  }
  tags: {
    {customized property}: 'string'
  }
}

Property values

CmkKekIdentity

Name Description Value
userAssignedIdentity The user assigned identity to be used to grant permissions in case the type of identity used is UserAssigned string
useSystemAssignedIdentity Indicate that system assigned identity should be used. Mutually exclusive with 'userAssignedIdentity' field bool

CmkKeyVaultProperties

Name Description Value
keyUri The key uri of the Customer Managed Key string

IdentityData

Name Description Value
type The type of managed identity used. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user-assigned identities. The type 'None' will remove any identities. 'None'
'SystemAssigned'
'SystemAssigned, UserAssigned'
'UserAssigned' (required)
userAssignedIdentities The list of user-assigned identities associated with the resource. The user-assigned identity dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. IdentityDataUserAssignedIdentities

IdentityDataUserAssignedIdentities

Name Description Value

Microsoft.RecoveryServices/vaults

Name Description Value
etag Optional ETag. string
identity Identity for the resource. IdentityData
location Resource location. string (required)
name The resource name string (required)
properties Properties of the vault. VaultProperties
sku Identifies the unique system identifier for each Azure resource. Sku
tags Resource tags Dictionary of tag names and values. See Tags in templates

Sku

Name Description Value
capacity The sku capacity string
family The sku family string
name The Sku name. 'RS0'
'Standard' (required)
size The sku size string
tier The Sku tier. string

TrackedResourceTags

Name Description Value

UpgradeDetails

Name Description Value

UserIdentity

Name Description Value

VaultProperties

Name Description Value
encryption Customer Managed Key details of the resource. VaultPropertiesEncryption
moveDetails The details of the latest move operation performed on the Azure Resource VaultPropertiesMoveDetails
upgradeDetails Details for upgrading vault. UpgradeDetails

VaultPropertiesEncryption

Name Description Value
infrastructureEncryption Enabling/Disabling the Double Encryption state 'Disabled'
'Enabled'
kekIdentity The details of the identity used for CMK CmkKekIdentity
keyVaultProperties The properties of the Key Vault which hosts CMK CmkKeyVaultProperties

VaultPropertiesMoveDetails

Name Description Value

Quickstart samples

The following quickstart samples deploy this resource type.

Bicep File Description
Azure Backup for Workload in Azure Virtual Machines This template creates a Recovery Services Vault and a Workload specific Backup Policy. Registers VM with Backup service and Configures Protection
Backup existing File Share using Recovery Services (Daily) This template configures protection for an existing File Share present in an existing Storage Account. It creates a new or uses an existing Recovery Services Vault and Backup Policy based on the set parameter values.
Backup existing File Share using Recovery Services (hourly) This template configures protection with hourly frequency for an existing File Share present in an existing Storage Account. It creates a new or uses an existing Recovery Services Vault and Backup Policy based on the set parameter values.
Backup Resource Manager VMs using Recovery Services vault This template will use existing recovery services vault and existing backup policy, and configures backup of multiple Resource Manager VMs that belong to same resource group
Create a Recovery Services vault with advanced options This template creates a Recovery Services vault that will be used further for Backup and Site Recovery.
Create Daily Backup Policy for RS Vault to protect IaaSVMs This template creates Recovery service vault and a Daily Backup Policy that can be used to protect classic and ARM based IaaS VMs.
Create Recovery Services Vault and Enable Diagnostics This template creates a Recovery Services Vault and enables diagnostics for Azure Backup. This also deploys storage account and oms workspace.
Create Recovery Services Vault with backup policies This template creates a Recovery Services Vault with backup policies and configure optional features such system identity, backup storage type, cross region restore and diagnostics logs and a delete lock.
Create Recovery Services Vault with default options Simple template that creates a Recovery Services Vault.
Create Weekly Backup Policy for RS Vault to protect IaaSVMs This template creates Recovery service vault and a Daily Backup Policy that can be used to protect classic and ARM based IaaS VMs.
Deploy a Windows VM and enable backup using Azure Backup This template allows you to deploy a Windows VM and Recovery Services Vault configured with the DefaultPolicy for Protection.

ARM template resource definition

The vaults resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.RecoveryServices/vaults resource, add the following JSON to your template.

{
  "type": "Microsoft.RecoveryServices/vaults",
  "apiVersion": "2021-04-01",
  "name": "string",
  "etag": "string",
  "identity": {
    "type": "string",
    "userAssignedIdentities": {
      "{customized property}": {
      }
    }
  },
  "location": "string",
  "properties": {
    "encryption": {
      "infrastructureEncryption": "string",
      "kekIdentity": {
        "userAssignedIdentity": "string",
        "useSystemAssignedIdentity": "bool"
      },
      "keyVaultProperties": {
        "keyUri": "string"
      }
    },
    "moveDetails": {
    },
    "upgradeDetails": {
    }
  },
  "sku": {
    "capacity": "string",
    "family": "string",
    "name": "string",
    "size": "string",
    "tier": "string"
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property values

CmkKekIdentity

Name Description Value
userAssignedIdentity The user assigned identity to be used to grant permissions in case the type of identity used is UserAssigned string
useSystemAssignedIdentity Indicate that system assigned identity should be used. Mutually exclusive with 'userAssignedIdentity' field bool

CmkKeyVaultProperties

Name Description Value
keyUri The key uri of the Customer Managed Key string

IdentityData

Name Description Value
type The type of managed identity used. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user-assigned identities. The type 'None' will remove any identities. 'None'
'SystemAssigned'
'SystemAssigned, UserAssigned'
'UserAssigned' (required)
userAssignedIdentities The list of user-assigned identities associated with the resource. The user-assigned identity dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. IdentityDataUserAssignedIdentities

IdentityDataUserAssignedIdentities

Name Description Value

Microsoft.RecoveryServices/vaults

Name Description Value
apiVersion The api version '2021-04-01'
etag Optional ETag. string
identity Identity for the resource. IdentityData
location Resource location. string (required)
name The resource name string (required)
properties Properties of the vault. VaultProperties
sku Identifies the unique system identifier for each Azure resource. Sku
tags Resource tags Dictionary of tag names and values. See Tags in templates
type The resource type 'Microsoft.RecoveryServices/vaults'

Sku

Name Description Value
capacity The sku capacity string
family The sku family string
name The Sku name. 'RS0'
'Standard' (required)
size The sku size string
tier The Sku tier. string

TrackedResourceTags

Name Description Value

UpgradeDetails

Name Description Value

UserIdentity

Name Description Value

VaultProperties

Name Description Value
encryption Customer Managed Key details of the resource. VaultPropertiesEncryption
moveDetails The details of the latest move operation performed on the Azure Resource VaultPropertiesMoveDetails
upgradeDetails Details for upgrading vault. UpgradeDetails

VaultPropertiesEncryption

Name Description Value
infrastructureEncryption Enabling/Disabling the Double Encryption state 'Disabled'
'Enabled'
kekIdentity The details of the identity used for CMK CmkKekIdentity
keyVaultProperties The properties of the Key Vault which hosts CMK CmkKeyVaultProperties

VaultPropertiesMoveDetails

Name Description Value

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Azure Backup for Workload in Azure Virtual Machines

Deploy to Azure
This template creates a Recovery Services Vault and a Workload specific Backup Policy. Registers VM with Backup service and Configures Protection
Backup existing File Share using Recovery Services (Daily)

Deploy to Azure
This template configures protection for an existing File Share present in an existing Storage Account. It creates a new or uses an existing Recovery Services Vault and Backup Policy based on the set parameter values.
Backup existing File Share using Recovery Services (hourly)

Deploy to Azure
This template configures protection with hourly frequency for an existing File Share present in an existing Storage Account. It creates a new or uses an existing Recovery Services Vault and Backup Policy based on the set parameter values.
Backup Resource Manager VMs using Recovery Services vault

Deploy to Azure
This template will use existing recovery services vault and existing backup policy, and configures backup of multiple Resource Manager VMs that belong to same resource group
Create a Recovery Services vault with advanced options

Deploy to Azure
This template creates a Recovery Services vault that will be used further for Backup and Site Recovery.
Create Daily Backup Policy for RS Vault to protect IaaSVMs

Deploy to Azure
This template creates Recovery service vault and a Daily Backup Policy that can be used to protect classic and ARM based IaaS VMs.
Create Recovery Services Vault and Enable Diagnostics

Deploy to Azure
This template creates a Recovery Services Vault and enables diagnostics for Azure Backup. This also deploys storage account and oms workspace.
Create Recovery Services Vault with backup policies

Deploy to Azure
This template creates a Recovery Services Vault with backup policies and configure optional features such system identity, backup storage type, cross region restore and diagnostics logs and a delete lock.
Create Recovery Services Vault with default options

Deploy to Azure
Simple template that creates a Recovery Services Vault.
Create Weekly Backup Policy for RS Vault to protect IaaSVMs

Deploy to Azure
This template creates Recovery service vault and a Daily Backup Policy that can be used to protect classic and ARM based IaaS VMs.
Deploy a Windows VM and enable backup using Azure Backup

Deploy to Azure
This template allows you to deploy a Windows VM and Recovery Services Vault configured with the DefaultPolicy for Protection.
IBM Cloud Pak for Data on Azure

Deploy to Azure
This template deploys an Openshift cluster on Azure with all the required resources, infrastructure and then deploys IBM Cloud Pak for Data along with the add-ons that user chooses.
Openshift Container Platform 4.3

Deploy to Azure
Openshift Container Platform 4.3

Terraform (AzAPI provider) resource definition

The vaults resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.RecoveryServices/vaults resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.RecoveryServices/vaults@2021-04-01"
  name = "string"
  etag = "string"
  identity = {
    type = "string"
    userAssignedIdentities = {
      {customized property} = {
      }
    }
  }
  location = "string"
  sku = {
    capacity = "string"
    family = "string"
    name = "string"
    size = "string"
    tier = "string"
  }
  tags = {
    {customized property} = "string"
  }
  body = jsonencode({
    properties = {
      encryption = {
        infrastructureEncryption = "string"
        kekIdentity = {
          userAssignedIdentity = "string"
          useSystemAssignedIdentity = bool
        }
        keyVaultProperties = {
          keyUri = "string"
        }
      }
      moveDetails = {
      }
      upgradeDetails = {
      }
    }
  })
}

Property values

CmkKekIdentity

Name Description Value
userAssignedIdentity The user assigned identity to be used to grant permissions in case the type of identity used is UserAssigned string
useSystemAssignedIdentity Indicate that system assigned identity should be used. Mutually exclusive with 'userAssignedIdentity' field bool

CmkKeyVaultProperties

Name Description Value
keyUri The key uri of the Customer Managed Key string

IdentityData

Name Description Value
type The type of managed identity used. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user-assigned identities. The type 'None' will remove any identities. 'None'
'SystemAssigned'
'SystemAssigned, UserAssigned'
'UserAssigned' (required)
userAssignedIdentities The list of user-assigned identities associated with the resource. The user-assigned identity dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. IdentityDataUserAssignedIdentities

IdentityDataUserAssignedIdentities

Name Description Value

Microsoft.RecoveryServices/vaults

Name Description Value
etag Optional ETag. string
identity Identity for the resource. IdentityData
location Resource location. string (required)
name The resource name string (required)
properties Properties of the vault. VaultProperties
sku Identifies the unique system identifier for each Azure resource. Sku
tags Resource tags Dictionary of tag names and values.
type The resource type "Microsoft.RecoveryServices/vaults@2021-04-01"

Sku

Name Description Value
capacity The sku capacity string
family The sku family string
name The Sku name. 'RS0'
'Standard' (required)
size The sku size string
tier The Sku tier. string

TrackedResourceTags

Name Description Value

UpgradeDetails

Name Description Value

UserIdentity

Name Description Value

VaultProperties

Name Description Value
encryption Customer Managed Key details of the resource. VaultPropertiesEncryption
moveDetails The details of the latest move operation performed on the Azure Resource VaultPropertiesMoveDetails
upgradeDetails Details for upgrading vault. UpgradeDetails

VaultPropertiesEncryption

Name Description Value
infrastructureEncryption Enabling/Disabling the Double Encryption state 'Disabled'
'Enabled'
kekIdentity The details of the identity used for CMK CmkKekIdentity
keyVaultProperties The properties of the Key Vault which hosts CMK CmkKeyVaultProperties

VaultPropertiesMoveDetails

Name Description Value