diff --git a/modules/azure-sa-backup/.terraform-docs.yml b/modules/azure-sa-backup/.terraform-docs.yml
new file mode 100644
index 000000000..3a69365ff
--- /dev/null
+++ b/modules/azure-sa-backup/.terraform-docs.yml
@@ -0,0 +1,48 @@
+formatter: "markdown"
+
+version: ""
+
+header-from: docs/header.md
+footer-from: docs/footer.md
+
+recursive:
+ enabled: false
+ path: modules
+ include-main: true
+
+sections:
+ hide: []
+ show: []
+
+content: ""
+
+output:
+ file: "README.md"
+ mode: inject
+ template: |-
+
+ {{ .Content }}
+
+
+output-values:
+ enabled: false
+ from: ""
+
+sort:
+ enabled: true
+ by: name
+
+settings:
+ anchor: true
+ color: true
+ default: true
+ description: false
+ escape: true
+ hide-empty: false
+ html: true
+ indent: 2
+ lockfile: true
+ read-comments: true
+ required: true
+ sensitive: true
+ type: true
diff --git a/modules/azure-sa-backup/README.md b/modules/azure-sa-backup/README.md
index 27ca69088..6268bfc5e 100644
--- a/modules/azure-sa-backup/README.md
+++ b/modules/azure-sa-backup/README.md
@@ -1,48 +1,18 @@
-## Requirements
-
-| Name | Version |
-|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.7.0 |
-| [azurerm](#requirement\_azurerm) | ~> 4.6.0 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| [azurerm](#provider\_azurerm) | ~> 4.6.0 |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [azurerm_backup_container_storage_account.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/backup_container_storage_account) | resource |
-| [azurerm_backup_policy_file_share.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/backup_policy_file_share) | resource |
-| [azurerm_backup_protected_file_share.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/backup_protected_file_share) | resource |
-| [azurerm_data_protection_backup_instance_blob_storage.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_protection_backup_instance_blob_storage) | resource |
-| [azurerm_data_protection_backup_policy_blob_storage.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_protection_backup_policy_blob_storage) | resource |
-| [azurerm_data_protection_backup_vault.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_protection_backup_vault) | resource |
-| [azurerm_recovery_services_vault.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/recovery_services_vault) | resource |
-| [azurerm_role_assignment.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
-| [azurerm_resource_group.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| [backup\_blob](#input\_backup\_blob) | Specifies the backup configuration for the storage blob | object({
vault_name = string
datastore_type = string
redundancy = string
identity_type = optional(string)
role_assignment = string
instance_blob_name = string
storage_account_container_names = optional(list(string))
policy = object({
name = string
backup_repeating_time_intervals = optional(list(string))
operational_default_retention_duration = optional(string)
retention_rule = optional(list(object({
name = string
duration = string
criteria = object({
absolute_criteria = optional(string)
days_of_month = optional(list(number))
days_of_week = optional(list(string))
months_of_year = optional(list(string))
scheduled_backup_times = optional(list(string))
weeks_of_month = optional(list(string))
})
life_cycle = object({
data_store_type = string
duration = string
})
priority = number
})))
time_zone = optional(string)
vault_default_retention_duration = optional(string)
retention_duration = optional(string)
})
}) | `null` | no |
-| [backup\_resource\_group\_name](#input\_backup\_resource\_group\_name) | The name for the resource group for the backups | `string` | n/a | yes |
-| [backup\_share](#input\_backup\_share) | Specifies the backup configuration for the storage share | object({
policy_name = string
recovery_services_vault_name = string
sku = string
soft_delete_enabled = optional(bool)
storage_mode_type = optional(string, "GeoRedundant")
cross_region_restore_enabled = optional(bool)
source_file_share_name = list(string)
identity = optional(object({
type = optional(string, "SystemAssigned")
identity_ids = optional(list(string), [])
}))
encryption = optional(object({
key_id = optional(string, null)
infrastructure_encryption_enabled = optional(bool, false)
user_assigned_identity_id = optional(string, null)
use_system_assigned_identity = optional(bool, false)
}))
timezone = optional(string)
backup = object({
frequency = string
time = string
})
retention_daily = object({
count = number
})
retention_weekly = optional(object({
count = number
weekdays = optional(list(string), ["Sunday"])
}))
retention_monthly = optional(object({
count = number
weekdays = optional(list(string), ["Sunday"])
weeks = optional(list(string), ["First"])
days = optional(list(number))
}))
retention_yearly = optional(object({
count = number
months = optional(list(string), ["January"])
weekdays = optional(list(string), ["Sunday"])
weeks = optional(list(string), ["First"])
days = optional(list(number))
}))
}) | `null` | no |
-| [lifecycle\_policy\_rule](#input\_lifecycle\_policy\_rule) | n/a | list(object({
name = string
enabled = bool
filters = object({
prefix_match = list(string)
blob_types = list(string)
})
actions = object({
base_blob = object({ delete_after_days_since_creation_greater_than = number })
snapshot = object({ delete_after_days_since_creation_greater_than = number })
version = object({ delete_after_days_since_creation = number })
})
})) | `null` | no |
-| [storage\_account\_id](#input\_storage\_account\_id) | The ID of the storage account | `string` | n/a | yes |
-| [tags](#input\_tags) | Tags to apply to resources | `map(string)` | `{}` | no |
-| [tags\_from\_rg
+
+# Azure Storage Account Backup Terraform Module
+## Overview
-## Outputs
+This Terraform module allows you to configure backup for Azure Storage Accounts, supporting both file shares and blob storage, with advanced retention and policy options.
-No outputs.
+## Main features
+- Configure backup for file shares and blob storage.
+- Support for Recovery Services Vault and Data Protection Vault.
+- Advanced retention, scheduling, and policy configuration.
+- Flexible tagging and resource group selection.
+- Realistic configuration example.
-## Example
+## Complete usage example
```yaml
values:
@@ -119,3 +89,90 @@ No outputs.
vault_default_retention_duration: "P30D"
retention_duration: "P30D"
```
+
+## Notes
+- The `backup_share` and `backup_blob` blocks allow for advanced backup and retention configuration.
+- You can use tags and inherit them from the resource group.
+- Supports both Recovery Services Vault and Data Protection Vault for different backup scenarios.
+
+## File structure
+
+```
+.
+├── main.tf
+├── variables.tf
+├── outputs.tf
+├── blobs.tf
+├── shares.tf
+├── locals.tf
+├── README.md
+├── CHANGELOG.md
+└── docs/
+ ├── header.md
+ └── footer.md
+```
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [terraform](#requirement\_terraform) | >= 1.7.0 |
+| [azurerm](#requirement\_azurerm) | ~> 4.6.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [azurerm](#provider\_azurerm) | ~> 4.6.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_backup_container_storage_account.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/backup_container_storage_account) | resource |
+| [azurerm_backup_policy_file_share.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/backup_policy_file_share) | resource |
+| [azurerm_backup_protected_file_share.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/backup_protected_file_share) | resource |
+| [azurerm_data_protection_backup_instance_blob_storage.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_protection_backup_instance_blob_storage) | resource |
+| [azurerm_data_protection_backup_policy_blob_storage.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_protection_backup_policy_blob_storage) | resource |
+| [azurerm_data_protection_backup_vault.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_protection_backup_vault) | resource |
+| [azurerm_recovery_services_vault.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/recovery_services_vault) | resource |
+| [azurerm_role_assignment.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
+| [azurerm_resource_group.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [backup\_blob](#input\_backup\_blob) | Specifies the backup configuration for the storage blob | object({
vault_name = string
datastore_type = string
redundancy = string
identity_type = optional(string)
role_assignment = string
instance_blob_name = string
storage_account_container_names = optional(list(string))
policy = object({
name = string
backup_repeating_time_intervals = optional(list(string))
operational_default_retention_duration = optional(string)
retention_rule = optional(list(object({
name = string
duration = string
criteria = object({
absolute_criteria = optional(string)
days_of_month = optional(list(number))
days_of_week = optional(list(string))
months_of_year = optional(list(string))
scheduled_backup_times = optional(list(string))
weeks_of_month = optional(list(string))
})
life_cycle = object({
data_store_type = string
duration = string
})
priority = number
})))
time_zone = optional(string)
vault_default_retention_duration = optional(string)
retention_duration = optional(string)
})
}) | `null` | no |
+| [backup\_resource\_group\_name](#input\_backup\_resource\_group\_name) | The name for the resource group for the backups | `string` | n/a | yes |
+| [backup\_share](#input\_backup\_share) | Specifies the backup configuration for the storage share | object({
policy_name = string
recovery_services_vault_name = string
sku = string
soft_delete_enabled = optional(bool)
storage_mode_type = optional(string, "GeoRedundant")
cross_region_restore_enabled = optional(bool)
source_file_share_name = list(string)
identity = optional(object({
type = optional(string, "SystemAssigned")
identity_ids = optional(list(string), [])
}))
encryption = optional(object({
key_id = optional(string, null)
infrastructure_encryption_enabled = optional(bool, false)
user_assigned_identity_id = optional(string, null)
use_system_assigned_identity = optional(bool, false)
}))
timezone = optional(string)
backup = object({
frequency = string
time = string
})
retention_daily = object({
count = number
})
retention_weekly = optional(object({
count = number
weekdays = optional(list(string), ["Sunday"])
}))
retention_monthly = optional(object({
count = number
weekdays = optional(list(string), ["Sunday"])
weeks = optional(list(string), ["First"])
days = optional(list(number))
}))
retention_yearly = optional(object({
count = number
months = optional(list(string), ["January"])
weekdays = optional(list(string), ["Sunday"])
weeks = optional(list(string), ["First"])
days = optional(list(number))
}))
}) | `null` | no |
+| [lifecycle\_policy\_rule](#input\_lifecycle\_policy\_rule) | n/a | list(object({
name = string
enabled = bool
filters = object({
prefix_match = list(string)
blob_types = list(string)
})
actions = object({
base_blob = object({ delete_after_days_since_creation_greater_than = number })
snapshot = object({ delete_after_days_since_creation_greater_than = number })
version = object({ delete_after_days_since_creation = number })
})
})) | `null` | no |
+| [storage\_account\_id](#input\_storage\_account\_id) | The ID of the storage account | `string` | n/a | yes |
+| [tags](#input\_tags) | Tags to apply to resources | `map(string)` | `{}` | no |
+| [tags\_from\_rg](#input\_tags\_from\_rg) | Use resource group tags as base for module tags | `bool` | `false` | no |
+
+## Outputs
+
+No outputs.
+
+## Examples
+
+For detailed examples, refer to the [module examples](https://github.com/prefapp/tfm/tree/main/modules/azure-sa-backup/_examples):
+
+- [basic](https://github.com/prefapp/tfm/tree/main/modules/azure-sa-backup/_examples/basic) - Backup configuration for file shares and blobs with daily policies.
+
+## Resources and support
+
+- [Official Azure Backup documentation](https://learn.microsoft.com/en-us/azure/backup/)
+- [Terraform reference for azurerm\_backup\_container\_storage\_account](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/backup_container_storage_account)
+- [Terraform reference for azurerm\_data\_protection\_backup\_policy\_blob\_storage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_protection_backup_policy_blob_storage)
+- [Terraform reference for azurerm\_backup\_policy\_file\_share](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/backup_policy_file_share)
+
+## Support
+
+For issues, questions, or contributions related to this module, please visit the [repository's issue tracker](https://github.com/prefapp/tfm/issues).
+
\ No newline at end of file
diff --git a/modules/azure-sa-backup/_examples/basic/main.tf b/modules/azure-sa-backup/_examples/basic/main.tf
new file mode 100644
index 000000000..2f9860c44
--- /dev/null
+++ b/modules/azure-sa-backup/_examples/basic/main.tf
@@ -0,0 +1,50 @@
+// Basic example: configure backup for Azure Storage Account (file shares + blobs)
+
+module "azure_sa_backup" {
+ source = "../../"
+
+ backup_resource_group_name = "example-backup-rg"
+ storage_account_id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-rg/providers/Microsoft.Storage/storageAccounts/examplestorage"
+
+ backup_share = {
+ policy_name = "daily-backup-policy"
+ recovery_services_vault_name = "example-backup-vault"
+ sku = "Standard"
+ soft_delete_enabled = true
+ storage_mode_type = "GeoRedundant"
+ cross_region_restore_enabled = true
+ source_file_share_name = ["datadir"]
+ timezone = "UTC"
+ backup = {
+ frequency = "Daily"
+ time = "02:00"
+ }
+ retention_daily = {
+ count = 7
+ }
+ }
+
+ backup_blob = {
+ vault_name = "example-backup-vault"
+ datastore_type = "AzureBlob"
+ redundancy = "GeoRedundant"
+ role_assignment = "Storage Blob Data Reader"
+ instance_blob_name = "datadir"
+ storage_account_container_names = ["blob1"]
+ policy = {
+ name = "blob-policy"
+ backup_repeating_time_intervals = ["R/2024-09-01T02:00:00+00:00/P1D"]
+ operational_default_retention_duration = "P7D"
+ retention_rule = []
+ time_zone = "UTC"
+ vault_default_retention_duration = "P30D"
+ retention_duration = "P30D"
+ }
+ }
+
+ lifecycle_policy_rule = []
+
+ tags = {
+ environment = "dev"
+ }
+}
diff --git a/modules/azure-sa-backup/_examples/basic/values.yaml b/modules/azure-sa-backup/_examples/basic/values.yaml
new file mode 100644
index 000000000..bde20b26a
--- /dev/null
+++ b/modules/azure-sa-backup/_examples/basic/values.yaml
@@ -0,0 +1,43 @@
+# Basic example values for azure-sa-backup module
+
+backup_resource_group_name: example-backup-rg
+storage_account_id: /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-rg/providers/Microsoft.Storage/storageAccounts/examplestorage
+
+backup_share:
+ policy_name: daily-backup-policy
+ recovery_services_vault_name: example-backup-vault
+ sku: Standard
+ soft_delete_enabled: true
+ storage_mode_type: GeoRedundant
+ cross_region_restore_enabled: true
+ source_file_share_name:
+ - datadir
+ timezone: UTC
+ backup:
+ frequency: Daily
+ time: "02:00"
+ retention_daily:
+ count: 7
+
+backup_blob:
+ vault_name: example-backup-vault
+ datastore_type: AzureBlob
+ redundancy: GeoRedundant
+ role_assignment: Storage Blob Data Reader
+ instance_blob_name: datadir
+ storage_account_container_names:
+ - blob1
+ policy:
+ name: blob-policy
+ backup_repeating_time_intervals:
+ - R/2024-09-01T02:00:00+00:00/P1D
+ operational_default_retention_duration: P7D
+ retention_rule: []
+ time_zone: UTC
+ vault_default_retention_duration: P30D
+ retention_duration: P30D
+
+lifecycle_policy_rule: []
+
+tags:
+ environment: dev
\ No newline at end of file
diff --git a/modules/azure-sa-backup/docs/footer.md b/modules/azure-sa-backup/docs/footer.md
new file mode 100644
index 000000000..9a4efc825
--- /dev/null
+++ b/modules/azure-sa-backup/docs/footer.md
@@ -0,0 +1,16 @@
+## Examples
+
+For detailed examples, refer to the [module examples](https://github.com/prefapp/tfm/tree/main/modules/azure-sa-backup/_examples):
+
+- [basic](https://github.com/prefapp/tfm/tree/main/modules/azure-sa-backup/_examples/basic) - Backup configuration for file shares and blobs with daily policies.
+
+## Resources and support
+
+- [Official Azure Backup documentation](https://learn.microsoft.com/en-us/azure/backup/)
+- [Terraform reference for azurerm_backup_container_storage_account](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/backup_container_storage_account)
+- [Terraform reference for azurerm_data_protection_backup_policy_blob_storage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_protection_backup_policy_blob_storage)
+- [Terraform reference for azurerm_backup_policy_file_share](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/backup_policy_file_share)
+
+## Support
+
+For issues, questions, or contributions related to this module, please visit the [repository's issue tracker](https://github.com/prefapp/tfm/issues).
\ No newline at end of file
diff --git a/modules/azure-sa-backup/docs/header.md b/modules/azure-sa-backup/docs/header.md
new file mode 100644
index 000000000..59bc4b2df
--- /dev/null
+++ b/modules/azure-sa-backup/docs/header.md
@@ -0,0 +1,113 @@
+# Azure Storage Account Backup Terraform Module
+
+## Overview
+
+This Terraform module allows you to configure backup for Azure Storage Accounts, supporting both file shares and blob storage, with advanced retention and policy options.
+
+## Main features
+- Configure backup for file shares and blob storage.
+- Support for Recovery Services Vault and Data Protection Vault.
+- Advanced retention, scheduling, and policy configuration.
+- Flexible tagging and resource group selection.
+- Realistic configuration example.
+
+## Complete usage example
+
+```yaml
+ values:
+ tags_from_rg: true
+ # General values
+ backup_resource_group_name: "backup-test-rg"
+ storage_account_id: "/subscriptions/xxx/resourceGroups/xxx/providers/Microsoft.Storage/storageAccounts/xxx" # can use refs ${{tfworkspace:claim-name:outputs.id}}
+
+ # Backup share values
+ backup_share:
+ policy_name: "daily-backup-policy"
+ recovery_services_vault_name: "test-vault"
+ sku: "Standard"
+ soft_delete_enabled: true
+ storage_mode_type: "GeoRedundant"
+ cross_region_restore_enabled: true
+ source_file_share_name:
+ - "datadir"
+ identity:
+ type: "SystemAssigned"
+ timezone: "UTC"
+ backup:
+ frequency: "Daily"
+ time: "02:00"
+ retention_daily:
+ count: 7
+ retention_weekly:
+ count: 4
+ weekdays:
+ - "Sunday"
+ retention_monthly:
+ count: 12
+ weekdays:
+ - "Sunday"
+ weeks:
+ - "First"
+ retention_yearly:
+ count: 5
+ weekdays:
+ - "Sunday"
+ weeks:
+ - "First"
+ months:
+ - "January"
+
+ # Backup blob values
+ backup_blob:
+ vault_name: "test-vault"
+ datastore_type: "AzureBlob"
+ redundancy: "GeoRedundant"
+ identity_type: "SystemAssigned"
+ instance_blob_name: "datadir"
+ storage_account_container_names:
+ - "blob1"
+ - "blob2"
+ role_assignment: "StorageBlobDataContributor"
+ policy:
+ name: "daily-blob-backup-policy"
+ vault_id: "/subscriptions/xxx/resourceGroups/xxx/providers/Microsoft.RecoveryServices/vaults/test-vault"
+ backup_repeating_time_intervals:
+ - "R/2023-01-01T02:00:00Z/P1D"
+ operational_default_retention_duration: "P30D"
+ retention_rule:
+ - name: "daily-retention"
+ duration: "P30D"
+ criteria:
+ days_of_week:
+ - "Sunday"
+ life_cycle:
+ data_store_type: "VaultStore"
+ duration: "P30D"
+ priority: 1
+ time_zone: "UTC"
+ vault_default_retention_duration: "P30D"
+ retention_duration: "P30D"
+```
+
+
+## Notes
+- The `backup_share` and `backup_blob` blocks allow for advanced backup and retention configuration.
+- You can use tags and inherit them from the resource group.
+- Supports both Recovery Services Vault and Data Protection Vault for different backup scenarios.
+
+## File structure
+
+```
+.
+├── main.tf
+├── variables.tf
+├── outputs.tf
+├── blobs.tf
+├── shares.tf
+├── locals.tf
+├── README.md
+├── CHANGELOG.md
+└── docs/
+ ├── header.md
+ └── footer.md
+```
\ No newline at end of file