Bicep Module Documentation
← Back to Overview
Module recovery-services-vault
recoveryServicesVault
| Property | Value | Description |
|---|---|---|
| general (required) | general | |
| skuName | 'RS0' 'Standard' |
Identifies the unique system identifier for each Azure resource. (default: standard) |
| identity | identity | |
| publicNetworkAccess | 'Disabled' 'Enabled' |
property to enable or disable resource provider inbound network traffic from public clients (default: Enabled) |
| immutabilitySettings | 'Disabled' 'Locked' 'Unlocked' |
Immutability Settings of a vault (default: Disabled) |
| softDeleteState | 'AlwaysON' 'Disabled' 'Enabled' |
State of soft-delete (default: Enabled) |
| softDeleteRetention | int | Soft-delete retention in days (default: 90) |
| azureMonitorAlertSettings | 'Disabled' 'Enabled' |
Settings for Azure Monitor based alerts (default: Disabled) |
| alertsForAllFailoverIssues | 'Disabled' 'Enabled' |
Settings for all failover issues alerts (default: Enabled) |
| alertsForAllReplicationIssues | 'Disabled' 'Enabled' |
Settings for all replication issues alerts (default: Enabled) |
| classicAlertsForCriticalOperations | 'Disabled' 'Enabled' |
Settings for classic alerts (default: Disabled) |
| classicEmailNotificationsForSiteRecovery | 'Disabled' 'Enabled' |
Settings for classic Site Recovery Notifications (default: Disabled) |
| privateLink | privateLink | Settings for the private endpoint and private link for this resource |
| backupPolicies | recoveryServicesVaultBackupPolicy[] | Backup policies |
| backupResourceConfig | backupResourceConfig | backupResourceConfig |
| redundancySettings | redundancySettings | redundancy Settings |
identity
| Property | Value | Description |
|---|---|---|
| type | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' |
The types of identities associated with this resource. (default: SystemAssigned) |
| userAssignedIdentities | string[] | Resource IDs of User Assigned Identities to associate with this resource |
recoveryServicesVaultBackupPolicy
| Property | Value | Description |
|---|---|---|
| function (required) | string | |
| backupManagementType (required) | backupManagementType | Set the object type |
| backupItems (required) | backupItems | Items to back up |
backupItems
| Property | Value | Description |
|---|---|---|
| vmIds | string[] | VMs to backup |
| azureFiles | backupAzureFilesShareNames[] | Azure File shares to backup |
backupAzureFilesShareNames
| Property | Value | Description |
|---|---|---|
| storageAccountId (required) | string | |
| shareNames (required) | string[] |
backupManagementType
Set the backupManagementType property to specify the type of object.
For AzureIaasVM, use:
| Property | Value | Description |
|---|---|---|
| backupManagementType (required) | 'AzureIaasVM' | |
| instantRPDetails | instantRPDetails | Details of the instant recovery points |
| instantRpRetentionRangeInDays (required) | int | Instant RP retention policy range in days |
| policyType (required) | 'V1' 'V2' |
Policy type (default: V2) |
| retentionPolicy (required) | backupRetentionPolicy | Retention policy with the details on backup copy retention ranges. |
| schedulePolicy (required) | backupSchedulePolicy | Backup schedule specified as part of backup policy. |
| tieringPolicy | object | Tiering policy to automatically move RPs to another tier. Key is Target Tier, defined in RecoveryPointTierType enum. Tiering policy specifies the criteria to move RP to the target tier. |
| timeZone (required) | 'Central European Standard Time' 'Eastern Standard Time' 'GMT Standard Time' 'Pacific Standard Time' 'Romance Standard Time' 'UTC' 'W. Europe Standard Time' |
TimeZone optional input as string. |
Set the backupManagementType property to specify the type of object.
For AzureSql, use:
| Property | Value | Description |
|---|---|---|
| backupManagementType (required) | 'AzureSql' | |
| retentionPolicy (required) | backupRetentionPolicy | Retention policy with the details on backup copy retention ranges. |
Set the backupManagementType property to specify the type of object.
For AzureStorage, use:
| Property | Value | Description |
|---|---|---|
| backupManagementType (required) | 'AzureStorage' | |
| retentionPolicy (required) | backupRetentionPolicy | Retention policy with the details on backup copy retention ranges. |
| schedulePolicy (required) | backupSchedulePolicy | Backup schedule specified as part of backup policy. |
| timeZone (required) | 'Central European Standard Time' 'Eastern Standard Time' 'GMT Standard Time' 'Pacific Standard Time' 'Romance Standard Time' 'UTC' 'W. Europe Standard Time' |
TimeZone optional input as string. |
| workLoadType (required) | 'AzureFileShare' 'AzureSqlDb' 'Client' 'Exchange' 'FileFolder' 'GenericDataSource' 'Invalid' 'SAPAseDatabase' 'SAPHanaDBInstance' 'SAPHanaDatabase' 'SQLDB' 'SQLDataBase' 'Sharepoint' 'SystemState' 'VM' 'VMwareVM' |
Type of workload for the backup management |
Set the backupManagementType property to specify the type of object.
For AzureWorkload, use:
| Property | Value | Description |
|---|---|---|
| backupManagementType (required) | 'AzureWorkload' | |
| settings (required) | settings | Common settings for the backup management |
| subProtectionPolicy (required) | subProtectionPolicy[] | List of sub-protection policies which includes schedule and retention |
| workLoadType (required) | 'AzureFileShare' 'AzureSqlDb' 'Client' 'Exchange' 'FileFolder' 'GenericDataSource' 'Invalid' 'SAPAseDatabase' 'SAPHanaDBInstance' 'SAPHanaDatabase' 'SQLDB' 'SQLDataBase' 'Sharepoint' 'SystemState' 'VM' 'VMwareVM' |
Type of workload for the backup management |
Set the backupManagementType property to specify the type of object.
For GenericProtectionPolicy, use:
| Property | Value | Description |
|---|---|---|
| backupManagementType (required) | 'GenericProtectionPolicy' | |
| fabricName (required) | string | Name of this policys fabric. |
| subProtectionPolicy (required) | subProtectionPolicy[] | List of sub-protection policies which includes schedule and retention |
| timeZone (required) | 'Central European Standard Time' 'Eastern Standard Time' 'GMT Standard Time' 'Pacific Standard Time' 'Romance Standard Time' 'UTC' 'W. Europe Standard Time' |
TimeZone optional input as string. |
Set the backupManagementType property to specify the type of object.
For MAB, use:
| Property | Value | Description |
|---|---|---|
| backupManagementType (required) | 'MAB' | |
| retentionPolicy (required) | backupRetentionPolicy | Retention policy with the details on backup copy retention ranges. |
| schedulePolicy (required) | backupSchedulePolicy | Backup schedule specified as part of backup policy. |
instantRPDetails
| Property | Value | Description |
|---|---|---|
| azureBackupRGNamePrefix (required) | string | |
| azureBackupRGNameSuffix | string |
settings
| Property | Value | Description |
|---|---|---|
| isCompression | bool | Workload compression flag. This has been added so that isSqlCompression will be deprecated once clients upgrade to consider this flag. |
| issqlcompression | bool | SQL compression flag |
| timeZone (required) | 'Central European Standard Time' 'Eastern Standard Time' 'GMT Standard Time' 'Pacific Standard Time' 'Romance Standard Time' 'UTC' 'W. Europe Standard Time' |
TimeZone optional input as string. |
subProtectionPolicy
| Property | Value | Description |
|---|---|---|
| policyType (required) | 'CopyOnlyFull' 'Differential' 'Full' 'Incremental' 'Invalid' 'Log' 'SnapshotCopyOnlyFull' 'SnapshotFull' |
Type of backup policy type |
| retentionPolicy (required) | backupRetentionPolicy | Retention policy with the details on backup copy retention ranges. |
| schedulePolicy (required) | backupSchedulePolicy | Backup schedule specified as part of backup policy. |
| tieringPolicy | object | Tiering policy to automatically move RPs to another tier. Key is Target Tier, defined in RecoveryPointTierType enum. Tiering policy specifies the criteria to move RP to the target tier. |
backupRetentionPolicy
Set the retentionPolicyType property to specify the type of object.
For SimpleRetentionPolicy, use:
| Property | Value | Description |
|---|---|---|
| retentionPolicyType (required) | 'SimpleRetentionPolicy' | |
| retentionDuration (required) | backupRetentionDuration | Retention duration of the protection policy. |
Set the retentionPolicyType property to specify the type of object.
For LongTermRetentionPolicy, use:
| Property | Value | Description |
|---|---|---|
| retentionPolicyType (required) | 'LongTermRetentionPolicy' | |
| dailySchedule (required) | dailySchedule | |
| weeklySchedule | weeklySchedule | Weekly retention schedule of the protection policy. |
| monthlySchedule | monthlySchedule | Monthly retention schedule of the protection policy. |
| yearlySchedule | yearlySchedule | Yearly retention schedule of the protection policy. |
dailySchedule
| Property | Value | Description |
|---|---|---|
| scheduleRunTimes (required) | string[] | List of times of day this schedule has to be run. |
weeklySchedule
| Property | Value | Description |
|---|---|---|
| daysOfTheWeek (required) | Array containing any of: 'Friday' 'Monday' 'Saturday' 'Sunday' 'Thursday' 'Tuesday' 'Wednesday' |
List of days of week for weekly retention policy.String array containing any of: Friday, Monday, Saturday, Sunday, Thursday, Tuesday, Wednesday |
| retentionDuration (required) | backupRetentionDuration | Retention duration of retention Policy. |
| retentionTimes (required) | string[] | Retention times of retention policy. (example: 2020-01-01T19:30:00.000Z) |
retentionScheduleWeekly
| Property | Value | Description |
|---|---|---|
| daysOfTheWeek (required) | Array containing any of: 'Friday' 'Monday' 'Saturday' 'Sunday' 'Thursday' 'Tuesday' 'Wednesday' |
List of days of week for weekly retention policy.String array containing any of: Friday, Monday, Saturday, Sunday, Thursday, Tuesday, Wednesday |
| weeksOfTheMonth (required) | Array containing any of: 'First' 'Fourth' 'Last' 'Second' 'Third' |
List of weeks of month.String array containing any of: First, Fourth, Last, Second, Third |
monthlySchedule
| Property | Value | Description |
|---|---|---|
| retentionDuration (required) | backupRetentionDuration | Retention duration of retention Policy. |
| retentionScheduleDaily | backupDaysOfTheMonth[] | Daily retention format for monthly retention policy. |
| retentionScheduleFormatType (required) | 'Daily' 'Weekly' |
Retention schedule format type for monthly retention policy. |
| retentionScheduleWeekly | retentionScheduleWeekly | Weekly retention format for monthly retention policy. |
| retentionTimes (required) | string[] | Retention times of retention policy. (example: 2020-01-01T19:30:00.000Z) |
retentionScheduleDaily
| Property | Value | Description |
|---|---|---|
| daysOfTheMonth (required) | backupDaysOfTheMonth[] |
yearlySchedule
| Property | Value | Description |
|---|---|---|
| monthsOfYear (required) | Array containing any of: 'April' 'August' 'December' 'February' 'January' 'July' 'June' 'March' 'May' 'November' 'October' 'September' |
List of months of year of yearly retention policy.String array containing any of: April, August, December, February, January, July, June, March, May, November, October, September |
| retentionDuration (required) | backupRetentionDuration | Retention duration of retention Policy. |
| retentionScheduleDaily | retentionScheduleDaily | Daily retention format for yearly retention policy. |
| retentionScheduleFormatType (required) | 'Daily' 'Weekly' |
Retention schedule format for yearly retention policy. |
| retentionScheduleWeekly | retentionScheduleWeekly | Weekly retention format for yearly retention policy. |
| retentionTimes (required) | string[] | Retention times of retention policy. (example: 2020-01-01T19:30:00.000Z) |
backupRetentionDuration
| Property | Value | Description |
|---|---|---|
| count (required) | int | Count of duration types. Retention duration is obtained by the counting the duration type Count times. |
| durationType (required) | 'Days' 'Months' 'Weeks' 'Years' |
Retention duration type of retention policy. |
backupDaysOfTheMonth
| Property | Value | Description |
|---|---|---|
| date (required) | int | Date of the month |
| isLast | bool | Whether Date is last date of month |
backupSchedulePolicy
Set the schedulePolicyType property to specify the type of object.
For LogSchedulePolicy, use:
| Property | Value | Description |
|---|---|---|
| schedulePolicyType (required) | 'LogSchedulePolicy' | |
| scheduleFrequencyInMins (required) | int | Frequency of the log schedule operation of this policy in minutes. |
Set the schedulePolicyType property to specify the type of object.
For LongTermSchedulePolicy, use:
| Property | Value | Description |
|---|---|---|
| schedulePolicyType (required) | 'LongTermSchedulePolicy' |
Set the schedulePolicyType property to specify the type of object.
For SimpleSchedulePolicy, use:
| Property | Value | Description |
|---|---|---|
| schedulePolicyType (required) | 'SimpleSchedulePolicy' | |
| hourlySchedule | hourlySchedule | Hourly Schedule of this Policy |
| scheduleRunDays | Array containing any of: 'Friday' 'Monday' 'Saturday' 'Sunday' 'Thursday' 'Tuesday' 'Wednesday' |
List of days of week this schedule has to be run. |
| scheduleRunFrequency (required) | 'Daily' 'Hourly' 'Weekly' |
Frequency of the schedule operation of this policy. |
| scheduleRunTimes (required) | string[] | List of times of day this schedule has to be run. |
| scheduleWeeklyFrequency | int | At every number weeks this schedule has to be run. |
Set the schedulePolicyType property to specify the type of object.
For SimpleSchedulePolicyV2, use:
| Property | Value | Description |
|---|---|---|
| schedulePolicyType (required) | 'SimpleSchedulePolicyV2' | |
| dailySchedule | dailySchedule | |
| hourlySchedule | hourlySchedule | |
| weeklySchedule | weeklySchedule | |
| scheduleRunFrequency (required) | 'Daily' 'Hourly' 'Weekly' |
Frequency of the schedule operation of this policy. |
hourlySchedule
| Property | Value | Description |
|---|---|---|
| interval (required) | '12' '4' '6' '8' |
Interval at which backup needs to be triggered. For hourly the value can be 4/6/8/12 |
| scheduleWindowDuration (required) | int | To specify duration of the backup window |
| scheduleWindowStartTime (required) | string | To specify start time of the backup window |
backupResourceConfig
| Property | Value | Description |
|---|---|---|
| crossRegionRestoreFlag | bool | Opt in details of Cross Region Restore feature. |
| dedupState | 'Disabled' 'Enabled' 'Invalid' |
Vault Dedup state |
| storageModelType | 'GeoRedundant' 'Invalid' 'LocallyRedundant' 'ReadAccessGeoZoneRedundant' 'ZoneRedundant' |
Storage type |
| storageType | 'GeoRedundant' 'Invalid' 'LocallyRedundant' 'ReadAccessGeoZoneRedundant' 'ZoneRedundant' |
Storage type. |
| storageTypeState | 'Invalid' 'Locked' 'Unlocked' |
Locked or Unlocked. Once a machine is registered against a resource, the storageTypeState is always Locked. |
| xcoolState | 'Disabled' 'Enabled' 'Invalid' |
Vault x-cool state |
redundancySettings
| Property | Value | Description |
|---|---|---|
| crossRegionRestore | 'Disabled' 'Enabled' |
Flag to show if Cross Region Restore is enabled on the Vault or not |
| standardTierStorageRedundancy | 'GeoRedundant' 'Invalid' 'LocallyRedundant' 'ZoneRedundant' |
The storage redundancy setting of a vault |
naming
| Property | Value | Description |
|---|---|---|
| forceFunctionAsFullName | bool | Use the function value as the full name of the resource |
| abbreviation | string | Override the abbreviation of this resource with this parameter |
| environment | string | The resource environment (for example: dev, tst, acc, prd) |
| location | string | The resource location (for example: weu, we, westeurope) |
| customer | string | The name of the customer |
| delimiter | string | The delimiter between resources (default: -) |
| nameFormat | Array containing any of: 'abbreviation' 'customer' 'environment' 'function' 'location' 'param1' 'param2' 'param3' 'useCaseName' |
The order of the array defines the order of elements in the naming scheme |
| param1 | string | Extra parameter self defined |
| param2 | string | Extra parameter self defined |
| param3 | string | Extra parameter self defined |
| function (required) | string | Function of the resource [can be app, db, security,...] |
| useCaseName | string | Name of the use case [can be hub, spoke,...] |
| suffix | string | Suffix for the resource, if empty non will be appended, otherwise will be added to the end [can be index, ...] |
| forceDefaultNaming | bool | Force the CAF naming instead of default company naming |
resourceLock
| Property | Value | Description |
|---|---|---|
| name | string | Character limit: 1-90. Valid characters: Alphanumerics, periods, underscores, hyphens, and parenthesis. Can't end in period. |
| level (required) | 'CanNotDelete' 'ReadOnly' |
The level of the lock. Possible values are: CanNotDelete and ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it. Read-Only locks must be commented to be able to deploy again |
| notes | string | Notes about the lock. Maximum of 512 characters. |
| owners | resourceLockOwner[] | The owners of the lock |
resourceLockOwner
| Property | Value | Description |
|---|---|---|
| applicationId (required) | string | The application ID of the lock owner. |
roleAssignment
| Property | Value | Description |
|---|---|---|
| principalId (required) | string | The principal ID |
| roleDefinitionId (required) | string | The role definition ID, data file can be used for this |
| condition | string | Condition on the role assignment |
| conditionVersion | string | Version of the condition. Currently the only accepted value is "2.0" |
| delegatedManagedIdentityResourceId | string | Id of the delegated managed identity resource |
| description | string | Description of role assignment |
general
| Property | Value | Description |
|---|---|---|
| tags | object | Tags of the resource [hashtable] |
| location (required) | string | Location of the resource |
| naming (required) | naming | Naming module of the resource |
| resourceGroupName (required) | string | Name of the resource group where the resource should be located |
| sharedNaming (required) | naming | Reference to the default naming |
| roleAssignments | roleAssignment[] | Role assignments on the resource |
| resourceLocks | resourceLock[] | Resource Locks on the resource |
privateLink
| Property | Value | Description |
|---|---|---|
| pepNaming | naming | Name of the private endpoint |
| nicNaming | naming | Name of the network interface of the private endpoint |
| privateLinkNaming | naming | Name of the private link connection |
| subnets (required) | subnets[] | Id of the subnets and optionally the name of the resourcegroup in which the private endpoint should be created |
| dnsZoneIds (required) | string[] | List of DNS zone ids that need to be linked |
subnets
| Property | Value | Description |
|---|---|---|
| resourceGroupName | string | Resourcegroup (default: resourcegroup defined here => resourceGroup of pep resource => resourceGroup of subnet) |
| id (required) | string | Id of the subnet |
| location | string | Location if Vnet is in different location |
Changelog
7.2.0 (2025-10-07)
Features
- add new monitoring parameters and enable defaults
7.1.0 (2025-10-06)
Features
- update resource api versions
7.0.2 (2025-09-24)
Bug Fixes
- remove deployment name + cleanup
7.0.1 (2025-06-02)
Bug Fixes
- correct type v2 policy scheduleRunTimes to string array
7.0.0 (2025-05-16)
⚠ BREAKING CHANGES
- resolve issue with run frequency on v2 policies
Bug Fixes
- resolve issue with run frequency on v2 policies
6.1.1 (2025-04-11)
Bug Fixes
- naming connected resources when forceFunctionAsFullName or forceDefaultNaming is true
6.1.0 (2025-03-26)
Features
- add resourceName output
6.0.0 (2025-03-17)
⚠ BREAKING CHANGES
- remove role-assignment principalType parameter
Features
- remove role-assignment principalType parameter
5.0.0 (2025-01-03)
⚠ BREAKING CHANGES
- use new toObject function for UserAssignedIdentities. Only breaking when using managed identities.
Features
- use new toObject function for UserAssignedIdentities. Only breaking when using managed identities.