Microsoft.RecoveryServices vaults 2021-12-01
- Latest
- 2024-04-30-preview
- 2024-04-01
- 2024-02-01
- 2024-01-01
- 2023-08-01
- 2023-06-01
- 2023-04-01
- 2023-02-01
- 2023-01-01
- 2022-10-01
- 2022-09-30-preview
- 2022-09-10
- 2022-08-01
- 2022-05-01
- 2022-04-01
- 2022-03-01
- 2022-02-01
- 2022-01-31-preview
- 2022-01-01
- 2021-12-01
- 2021-11-01-preview
- 2021-08-01
- 2021-07-01
- 2021-06-01
- 2021-04-01
- 2021-03-01
- 2021-02-10
- 2021-01-01
- 2020-10-01
- 2020-02-02
- 2016-06-01
Bicep resource definition
The vaults resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.RecoveryServices/vaults resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.RecoveryServices/vaults@2021-12-01' = {
name: 'string'
location: 'string'
tags: {
tagName1: 'tagValue1'
tagName2: 'tagValue2'
}
sku: {
capacity: 'string'
family: 'string'
name: 'string'
size: 'string'
tier: 'string'
}
etag: 'string'
identity: {
type: 'string'
userAssignedIdentities: {
{customized property}: {}
}
}
properties: {
encryption: {
infrastructureEncryption: 'string'
kekIdentity: {
userAssignedIdentity: 'string'
useSystemAssignedIdentity: bool
}
keyVaultProperties: {
keyUri: 'string'
}
}
moveDetails: {}
upgradeDetails: {}
}
}
Property values
vaults
Name | Description | Value |
---|---|---|
name | The resource name | string (required) Character limit: 2-50 Valid characters: Alphanumerics and hyphens. Start with letter. |
location | Resource location. | string (required) |
tags | Resource tags. | Dictionary of tag names and values. See Tags in templates |
sku | Identifies the unique system identifier for each Azure resource. | Sku |
etag | Optional ETag. | string |
identity | Identity for the resource. | IdentityData |
properties | Properties of the vault. | VaultProperties |
IdentityData
Name | Description | Value |
---|---|---|
type | The type of managed identity used. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user-assigned identities. The type 'None' will remove any identities. | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' (required) |
userAssignedIdentities | The list of user-assigned identities associated with the resource. The user-assigned identity dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | IdentityDataUserAssignedIdentities |
IdentityDataUserAssignedIdentities
Name | Description | Value |
---|---|---|
{customized property} | UserIdentity |
UserIdentity
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
VaultProperties
Name | Description | Value |
---|---|---|
encryption | Customer Managed Key details of the resource. | VaultPropertiesEncryption |
moveDetails | The details of the latest move operation performed on the Azure Resource | VaultPropertiesMoveDetails |
upgradeDetails | Details for upgrading vault. | UpgradeDetails |
VaultPropertiesEncryption
Name | Description | Value |
---|---|---|
infrastructureEncryption | Enabling/Disabling the Double Encryption state | 'Disabled' 'Enabled' |
kekIdentity | The details of the identity used for CMK | CmkKekIdentity |
keyVaultProperties | The properties of the Key Vault which hosts CMK | CmkKeyVaultProperties |
CmkKekIdentity
Name | Description | Value |
---|---|---|
userAssignedIdentity | The user assigned identity to be used to grant permissions in case the type of identity used is UserAssigned | string |
useSystemAssignedIdentity | Indicate that system assigned identity should be used. Mutually exclusive with 'userAssignedIdentity' field | bool |
CmkKeyVaultProperties
Name | Description | Value |
---|---|---|
keyUri | The key uri of the Customer Managed Key | string |
VaultPropertiesMoveDetails
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
UpgradeDetails
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
Sku
Name | Description | Value |
---|---|---|
capacity | The sku capacity | string |
family | The sku family | string |
name | The Sku name. | 'RS0' 'Standard' (required) |
size | The sku size | string |
tier | The Sku tier. | string |
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
IBM Cloud Pak for Data on Azure |
This template deploys an Openshift cluster on Azure with all the required resources, infrastructure and then deploys IBM Cloud Pak for Data along with the add-ons that user chooses. |
Openshift Container Platform 4.3 |
Openshift Container Platform 4.3 |
Backup existing File Share using Recovery Services (Daily) |
This template configures protection for an existing File Share present in an existing Storage Account. It creates a new or uses an existing Recovery Services Vault and Backup Policy based on the set parameter values. |
Backup existing File Share using Recovery Services (hourly) |
This template configures protection with hourly frequency for an existing File Share present in an existing Storage Account. It creates a new or uses an existing Recovery Services Vault and Backup Policy based on the set parameter values. |
Backup Resource Manager VMs using Recovery Services vault |
This template will use existing recovery services vault and existing backup policy, and configures backup of multiple Resource Manager VMs that belong to same resource group |
Create Recovery Services Vault and Enable Diagnostics |
This template creates a Recovery Services Vault and enables diagnostics for Azure Backup. This also deploys storage account and oms workspace. |
Create Recovery Services Vault with backup policies |
This template creates a Recovery Services Vault with backup policies and configure optional features such system identity, backup storage type, cross region restore and diagnostics logs and a delete lock. |
Deploy a Windows VM and enable backup using Azure Backup |
This template allows you to deploy a Windows VM and Recovery Services Vault configured with the DefaultPolicy for Protection. |
Create Daily Backup Policy for RS Vault to protect IaaSVMs |
This template creates Recovery service vault and a Daily Backup Policy that can be used to protect classic and ARM based IaaS VMs. |
Create Recovery Services Vault with default options |
Simple template that creates a Recovery Services Vault. |
Create a Recovery Services vault with advanced options |
This template creates a Recovery Services vault that will be used further for Backup and Site Recovery. |
Azure Backup for Workload in Azure Virtual Machines |
This template creates a Recovery Services Vault and a Workload specific Backup Policy. Registers VM with Backup service and Configures Protection |
Create Weekly Backup Policy for RS Vault to protect IaaSVMs |
This template creates Recovery service vault and a Daily Backup Policy that can be used to protect classic and ARM based IaaS VMs. |
ARM template resource definition
The vaults resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.RecoveryServices/vaults resource, add the following JSON to your template.
{
"type": "Microsoft.RecoveryServices/vaults",
"apiVersion": "2021-12-01",
"name": "string",
"location": "string",
"tags": {
"tagName1": "tagValue1",
"tagName2": "tagValue2"
},
"sku": {
"capacity": "string",
"family": "string",
"name": "string",
"size": "string",
"tier": "string"
},
"etag": "string",
"identity": {
"type": "string",
"userAssignedIdentities": {
"{customized property}": {}
}
},
"properties": {
"encryption": {
"infrastructureEncryption": "string",
"kekIdentity": {
"userAssignedIdentity": "string",
"useSystemAssignedIdentity": "bool"
},
"keyVaultProperties": {
"keyUri": "string"
}
},
"moveDetails": {},
"upgradeDetails": {}
}
}
Property values
vaults
Name | Description | Value |
---|---|---|
type | The resource type | 'Microsoft.RecoveryServices/vaults' |
apiVersion | The resource api version | '2021-12-01' |
name | The resource name | string (required) Character limit: 2-50 Valid characters: Alphanumerics and hyphens. Start with letter. |
location | Resource location. | string (required) |
tags | Resource tags. | Dictionary of tag names and values. See Tags in templates |
sku | Identifies the unique system identifier for each Azure resource. | Sku |
etag | Optional ETag. | string |
identity | Identity for the resource. | IdentityData |
properties | Properties of the vault. | VaultProperties |
IdentityData
Name | Description | Value |
---|---|---|
type | The type of managed identity used. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user-assigned identities. The type 'None' will remove any identities. | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' (required) |
userAssignedIdentities | The list of user-assigned identities associated with the resource. The user-assigned identity dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | IdentityDataUserAssignedIdentities |
IdentityDataUserAssignedIdentities
Name | Description | Value |
---|---|---|
{customized property} | UserIdentity |
UserIdentity
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
VaultProperties
Name | Description | Value |
---|---|---|
encryption | Customer Managed Key details of the resource. | VaultPropertiesEncryption |
moveDetails | The details of the latest move operation performed on the Azure Resource | VaultPropertiesMoveDetails |
upgradeDetails | Details for upgrading vault. | UpgradeDetails |
VaultPropertiesEncryption
Name | Description | Value |
---|---|---|
infrastructureEncryption | Enabling/Disabling the Double Encryption state | 'Disabled' 'Enabled' |
kekIdentity | The details of the identity used for CMK | CmkKekIdentity |
keyVaultProperties | The properties of the Key Vault which hosts CMK | CmkKeyVaultProperties |
CmkKekIdentity
Name | Description | Value |
---|---|---|
userAssignedIdentity | The user assigned identity to be used to grant permissions in case the type of identity used is UserAssigned | string |
useSystemAssignedIdentity | Indicate that system assigned identity should be used. Mutually exclusive with 'userAssignedIdentity' field | bool |
CmkKeyVaultProperties
Name | Description | Value |
---|---|---|
keyUri | The key uri of the Customer Managed Key | string |
VaultPropertiesMoveDetails
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
UpgradeDetails
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
Sku
Name | Description | Value |
---|---|---|
capacity | The sku capacity | string |
family | The sku family | string |
name | The Sku name. | 'RS0' 'Standard' (required) |
size | The sku size | string |
tier | The Sku tier. | string |
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
IBM Cloud Pak for Data on Azure |
This template deploys an Openshift cluster on Azure with all the required resources, infrastructure and then deploys IBM Cloud Pak for Data along with the add-ons that user chooses. |
Openshift Container Platform 4.3 |
Openshift Container Platform 4.3 |
Backup existing File Share using Recovery Services (Daily) |
This template configures protection for an existing File Share present in an existing Storage Account. It creates a new or uses an existing Recovery Services Vault and Backup Policy based on the set parameter values. |
Backup existing File Share using Recovery Services (hourly) |
This template configures protection with hourly frequency for an existing File Share present in an existing Storage Account. It creates a new or uses an existing Recovery Services Vault and Backup Policy based on the set parameter values. |
Backup Resource Manager VMs using Recovery Services vault |
This template will use existing recovery services vault and existing backup policy, and configures backup of multiple Resource Manager VMs that belong to same resource group |
Create Recovery Services Vault and Enable Diagnostics |
This template creates a Recovery Services Vault and enables diagnostics for Azure Backup. This also deploys storage account and oms workspace. |
Create Recovery Services Vault with backup policies |
This template creates a Recovery Services Vault with backup policies and configure optional features such system identity, backup storage type, cross region restore and diagnostics logs and a delete lock. |
Deploy a Windows VM and enable backup using Azure Backup |
This template allows you to deploy a Windows VM and Recovery Services Vault configured with the DefaultPolicy for Protection. |
Create Daily Backup Policy for RS Vault to protect IaaSVMs |
This template creates Recovery service vault and a Daily Backup Policy that can be used to protect classic and ARM based IaaS VMs. |
Create Recovery Services Vault with default options |
Simple template that creates a Recovery Services Vault. |
Create a Recovery Services vault with advanced options |
This template creates a Recovery Services vault that will be used further for Backup and Site Recovery. |
Azure Backup for Workload in Azure Virtual Machines |
This template creates a Recovery Services Vault and a Workload specific Backup Policy. Registers VM with Backup service and Configures Protection |
Create Weekly Backup Policy for RS Vault to protect IaaSVMs |
This template creates Recovery service vault and a Daily Backup Policy that can be used to protect classic and ARM based IaaS VMs. |
Terraform (AzAPI provider) resource definition
The vaults resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.RecoveryServices/vaults resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.RecoveryServices/vaults@2021-12-01"
name = "string"
location = "string"
parent_id = "string"
tags = {
tagName1 = "tagValue1"
tagName2 = "tagValue2"
}
identity {
type = "string"
identity_ids = []
}
body = jsonencode({
properties = {
encryption = {
infrastructureEncryption = "string"
kekIdentity = {
userAssignedIdentity = "string"
useSystemAssignedIdentity = bool
}
keyVaultProperties = {
keyUri = "string"
}
}
moveDetails = {}
upgradeDetails = {}
}
sku = {
capacity = "string"
family = "string"
name = "string"
size = "string"
tier = "string"
}
etag = "string"
})
}
Property values
vaults
Name | Description | Value |
---|---|---|
type | The resource type | "Microsoft.RecoveryServices/vaults@2021-12-01" |
name | The resource name | string (required) Character limit: 2-50 Valid characters: Alphanumerics and hyphens. Start with letter. |
location | Resource location. | string (required) |
parent_id | To deploy to a resource group, use the ID of that resource group. | string (required) |
tags | Resource tags. | Dictionary of tag names and values. |
sku | Identifies the unique system identifier for each Azure resource. | Sku |
etag | Optional ETag. | string |
identity | Identity for the resource. | IdentityData |
properties | Properties of the vault. | VaultProperties |
IdentityData
Name | Description | Value |
---|---|---|
type | The type of managed identity used. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user-assigned identities. The type 'None' will remove any identities. | "SystemAssigned" "SystemAssigned, UserAssigned" "UserAssigned" (required) |
identity_ids | The list of user-assigned identities associated with the resource. The user-assigned identity dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | Array of user identity IDs. |
IdentityDataUserAssignedIdentities
Name | Description | Value |
---|---|---|
{customized property} | UserIdentity |
UserIdentity
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
VaultProperties
Name | Description | Value |
---|---|---|
encryption | Customer Managed Key details of the resource. | VaultPropertiesEncryption |
moveDetails | The details of the latest move operation performed on the Azure Resource | VaultPropertiesMoveDetails |
upgradeDetails | Details for upgrading vault. | UpgradeDetails |
VaultPropertiesEncryption
Name | Description | Value |
---|---|---|
infrastructureEncryption | Enabling/Disabling the Double Encryption state | "Disabled" "Enabled" |
kekIdentity | The details of the identity used for CMK | CmkKekIdentity |
keyVaultProperties | The properties of the Key Vault which hosts CMK | CmkKeyVaultProperties |
CmkKekIdentity
Name | Description | Value |
---|---|---|
userAssignedIdentity | The user assigned identity to be used to grant permissions in case the type of identity used is UserAssigned | string |
useSystemAssignedIdentity | Indicate that system assigned identity should be used. Mutually exclusive with 'userAssignedIdentity' field | bool |
CmkKeyVaultProperties
Name | Description | Value |
---|---|---|
keyUri | The key uri of the Customer Managed Key | string |
VaultPropertiesMoveDetails
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
UpgradeDetails
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
Sku
Name | Description | Value |
---|---|---|
capacity | The sku capacity | string |
family | The sku family | string |
name | The Sku name. | "RS0" "Standard" (required) |
size | The sku size | string |
tier | The Sku tier. | string |