From 5b57135168d47f442c35b28136168f46c125d3eb Mon Sep 17 00:00:00 2001
From: Kegan Maher <kegan@compiler.la>
Date: Wed, 7 Feb 2024 23:44:10 -0800
Subject: [PATCH] feat(terraform): define storage recovery vault and policy

the vault is where backups are stored
the policy defines the frequency and retention of backups

these are linked to the storage account via azurerm_backup_container_storage_account
---
 terraform/storage.tf | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/terraform/storage.tf b/terraform/storage.tf
index b69c44159..891187e04 100644
--- a/terraform/storage.tf
+++ b/terraform/storage.tf
@@ -23,6 +23,45 @@ resource "azurerm_storage_account" "main" {
   }
 }
 
+resource "azurerm_recovery_services_vault" "main" {
+  name                = "rsvcdtcalitp${lower(local.env_letter)}001"
+  location            = data.azurerm_resource_group.main.location
+  resource_group_name = data.azurerm_resource_group.main.name
+  sku                 = "Standard"
+  soft_delete_enabled = true
+
+  lifecycle {
+    ignore_changes = [tags]
+  }
+}
+
+resource "azurerm_backup_container_storage_account" "main" {
+  resource_group_name = data.azurerm_resource_group.main.name
+  recovery_vault_name = azurerm_recovery_services_vault.main.name
+  storage_account_id  = azurerm_storage_account.main.id
+}
+
+resource "azurerm_backup_policy_file_share" "policy" {
+  name                = "${azurerm_storage_account.main.name}-backup-policy"
+  resource_group_name = data.azurerm_resource_group.main.name
+  recovery_vault_name = azurerm_recovery_services_vault.main.name
+  timezone            = "UTC"
+
+  backup {
+    frequency = "Daily"
+    time      = "14:00"
+  }
+
+  retention_daily {
+    count = 1
+  }
+
+  retention_weekly {
+    count    = 5
+    weekdays = ["Monday", "Tuesday", "Wednesday", "Thursday", "Friday"]
+  }
+}
+
 resource "azurerm_storage_share" "data" {
   name                 = "benefits-data"
   storage_account_name = azurerm_storage_account.main.name