Backup data protection instance of PostgreSQL database-CodePudding

We have a requirement to create a azurerm_postgresql_server along with database using automation process [terraform]. i have used bellow metnioned script to create server and database. But i am not sure how can we integrate this with Backup protection. Can any one help us on this.

resource "azurerm_postgresql_server" "example" {
   name                   = "${var.name_prefix}-server"
  location            = azurerm_resource_group.default.location
  resource_group_name = azurerm_resource_group.default.name
  sku_name = "GP_Gen5_4"
  storage_mb                   = 5120
  backup_retention_days        = 30
  geo_redundant_backup_enabled = true
  auto_grow_enabled            = true
  administrator_login          = "*****"
  administrator_login_password = "*****"
  version                      = "11"
  public_network_access_enabled    = false
  ssl_enforcement_enabled      = true
  ssl_minimal_tls_version_enforced = "TLS1_2"

  lifecycle {
    ignore_changes = [
      threat_detection_policy
    ]
  }
}

//Backup Code logic -Ingegration
//KeyVault
data "azurerm_client_config" "current" {}

resource "azurerm_postgresql_database" "example" {
  name                   = "${var.name_prefix}-db"
  resource_group_name = azurerm_resource_group.default.name
  server_name         = azurerm_postgresql_server.example.name
  charset             = "UTF8"
  collation           = "English_United States.1252"
}

Let me know if any further information requires on this. Appreciated your help!

Backup for PostgreSQL Database.

CodePudding user response：

Here is the code snippet to implement the database backup

Step1: copy the below code in main tf file.

resource "random_pet" "rg-name" {
  prefix = var.name_prefix
}
resource "azurerm_resource_group" "default" {
  name     = random_pet.rg-name.id
  location = var.location
}
resource "azurerm_virtual_network" "default" {
  name                = "${var.name_prefix}-vnet"
  location            = azurerm_resource_group.default.location
  resource_group_name = azurerm_resource_group.default.name
  address_space       = ["10.0.0.0/16"]
}

resource "azurerm_subnet" "default" {
  name                 = "${var.name_prefix}-subnet"
  virtual_network_name = azurerm_virtual_network.default.name
  resource_group_name  = azurerm_resource_group.default.name
  address_prefixes     = ["10.0.2.0/24"]
  service_endpoints    = ["Microsoft.Storage"]

  delegation {
    name = "fs"

    service_delegation {
      name = "Microsoft.DBforPostgreSQL/flexibleServers"

      actions = [
        "Microsoft.Network/virtualNetworks/subnets/join/action",
      ]
    }
  }
}

# resource "azurerm_subnet_network_security_group_association" "default" {
#   subnet_id                 = azurerm_subnet.default.id
#   network_security_group_id = azurerm_network_security_group.default.id
# }

resource "azurerm_postgresql_server" "example" {
   name                   = "${var.name_prefix}-server"
  location            = azurerm_resource_group.default.location
  resource_group_name = azurerm_resource_group.default.name

  sku_name = "GP_Gen5_4"

  storage_mb                   = 5120
  backup_retention_days        = 30
  geo_redundant_backup_enabled = true
  auto_grow_enabled            = true

  administrator_login          = "dbadmin"
  administrator_login_password = "Devpostdb2"
  version                      = "11"
  public_network_access_enabled    = false
  ssl_enforcement_enabled      = true
  ssl_minimal_tls_version_enforced = "TLS1_2"

  lifecycle {
    ignore_changes = [
      threat_detection_policy
    ]
  }
}

//Backup Code logic -Ingegration

data "azurerm_client_config" "current" {}

resource "azurerm_postgresql_database" "example" {
  name                   = "${var.name_prefix}-db"
  resource_group_name = azurerm_resource_group.default.name
  server_name         = azurerm_postgresql_server.example.name
  charset             = "UTF8"
  collation           = "English_United States.1252"
}

resource "azurerm_data_protection_backup_policy_postgresql" "example" {
  name                            = "backupexample"
  resource_group_name             = azurerm_resource_group.default.name
  vault_name                      = azurerm_data_protection_backup_vault.example.name
  backup_repeating_time_intervals = ["R/2021-05-23T02:30:00 00:00/P1W"]
  default_retention_duration      = "P4M"
}
resource "azurerm_role_assignment" "example" {
  scope                = azurerm_postgresql_server.example.id
  role_definition_name = "Reader"
  principal_id         = azurerm_data_protection_backup_vault.example.identity.0.principal_id
}
resource "azurerm_data_protection_backup_instance_postgresql" "example" {
  name                                    = "probackupexample"
  location                                = azurerm_resource_group.default.location
  vault_id                                = azurerm_data_protection_backup_vault.example.id
  database_id                             = azurerm_postgresql_database.example.id
  backup_policy_id                        = azurerm_data_protection_backup_policy_postgresql.example.id
//  database_credential_key_vault_secret_id = azurerm_key_vault_secret.example.versionless_id
}

Step2: Update the content on variable tf file as bellow

variable "location" {
  type        = string
  description = "location"
  default ="West Europe"
}

variable "name_prefix" {
  default = "postgressqldemo"
  description="Prefix of the resource name"
}
variable "dbuser"{
default="dbadmin"
description = "username"
}

variable "dbpasswrod"{
default="******"
description = "password"
}

Step3: run below commands

terraform plan 
terraform apply -auto-approve

NOTE: **User should require 'Microsoft.Authorization/roleAssignments/write' permissions to be granted on subscription. **