My terraform config:
########################
Storage(s) to backup
########################
data “azurerm_storage_account” “blob_storages” {
for_each = toset(var.storages)
name = each.key
resource_group_name = var.rg_name
}
Save each name, id pair into a map
locals {
storages = { for storage in data.azurerm_storage_account.blob_storages : storage.name => storage.id }
}
########################
Backup Vault
########################
resource “azurerm_data_protection_backup_vault” “backup_vault” {
name = var.backup_vault_name
resource_group_name = var.rg_name
location = var.rg_location
datastore_type = “VaultStore”
redundancy = var.redundancy
identity {
type = “SystemAssigned”
}
}
########################
####### Role ##########
########################
resource “azurerm_role_assignment” “roles” {
for_each = local.storages
scope = each.value
role_definition_name = var.role_definition
principal_id = azurerm_data_protection_backup_vault.backup_vault.identity[0].principal_id
}
########################
Backup Policy
########################
resource “azurerm_data_protection_backup_policy_blob_storage” “backup_policy” {
name = var.policy_name
vault_id = azurerm_data_protection_backup_vault.backup_vault.id
retention_duration = var.retention_duration
}
########################
Backup instance
########################
resource “azurerm_data_protection_backup_instance_blob_storage” “backup_instance” {
for_each = local.storages
name = “instance-${each.key}”
vault_id = azurerm_data_protection_backup_vault.backup_vault.id
location = var.rg_location
storage_account_id = each.value
backup_policy_id = azurerm_data_protection_backup_policy_blob_storage.backup_policy.id
}
Terraform apply output:
Plan: 4 to add, 0 to change, 0 to destroy.
module.backup-vault.azurerm_data_protection_backup_policy_blob_storage.backup_policy: Creating…
module.azure_search_service.azurerm_search_service.azure_search_service: Creating…
module.backup-vault.azurerm_data_protection_backup_policy_blob_storage.backup_policy: Creation complete after 1s [id=/subscriptions/60f99a7f-9b01-48cf-96e2-002210ca10cc/resourceGroups/rg-desarrollo-banca-empresas/providers/Microsoft.DataProtection/backupVaults/bv-develop-business-banking/backupPolicies/policy-desarrollo-storage]
module.backup-vault.azurerm_data_protection_backup_instance_blob_storage.backup_instance[“stdevbusinessbankingpa01”]: Creating…
module.backup-vault.azurerm_data_protection_backup_instance_blob_storage.backup_instance[“stdevelopbancaempresa”]: Creating…
module.azure_search_service.azurerm_search_service.azure_search_service: Creation complete after 7s [id=/subscriptions/60f99a7f-9b01-48cf-96e2-002210ca10cc/resourceGroups/rg-desarrollo-banca-empresas/providers/Microsoft.Search/searchServices/search-develop-business-banking]
╷
│ Error: creating/updating DataProtection BackupInstance (“Backup Instance: (Name "instance-stdevbusinessbankingpa01" / Backup Vault Name "bv-develop-business-banking" / Resource Group "rg-desarrollo-banca-empresas")”): dataprotection.BackupInstancesClient#CreateOrUpdate: Failure sending request: StatusCode=0 – Original Error: Code=“BMSUserErrorInvalidInput” Message=“Input provided for the call is invalid” AdditionalInfo=[{“info”:{“code”:“BMSUserErrorInvalidInput”,“details”:null,“innerError”:null,“isRetryable”:false,“isUserError”:false,“message”:“Input provided for the call is invalid”,“properties”:{“ActivityId”:“a1283948-6810-4662-ac9f-a5010024e1da”},“recommendedAction”:[“Please check the required inputs”],“target”:“”},“type”:“UserFacingError”}]
│
│ with module.backup-vault.azurerm_data_protection_backup_instance_blob_storage.backup_instance[“stdevbusinessbankingpa01”],
│ on .terraform/modules/backup-vault/terraform/azurerm/backupvault/main.tf line 56, in resource “azurerm_data_protection_backup_instance_blob_storage” “backup_instance”:
│ 56: resource “azurerm_data_protection_backup_instance_blob_storage” “backup_instance” {
│
╵
╷
│ Error: creating/updating DataProtection BackupInstance (“Backup Instance: (Name "instance-stdevelopbancaempresa" / Backup Vault Name "bv-develop-business-banking" / Resource Group "rg-desarrollo-banca-empresas")”): dataprotection.BackupInstancesClient#CreateOrUpdate: Failure sending request: StatusCode=0 – Original Error: Code=“BMSUserErrorInvalidInput” Message=“Input provided for the call is invalid” AdditionalInfo=[{“info”:{“code”:“BMSUserErrorInvalidInput”,“details”:null,“innerError”:null,“isRetryable”:false,“isUserError”:false,“message”:“Input provided for the call is invalid”,“properties”:{“ActivityId”:“9704e318-5e0c-49cc-aa72-2e72a2c6b67d”},“recommendedAction”:[“Please check the required inputs”],“target”:“”},“type”:“UserFacingError”}]
│
│ with module.backup-vault.azurerm_data_protection_backup_instance_blob_storage.backup_instance[“stdevelopbancaempresa”],
│ on .terraform/modules/backup-vault/terraform/azurerm/backupvault/main.tf line 56, in resource “azurerm_data_protection_backup_instance_blob_storage” “backup_instance”:
│ 56: resource “azurerm_data_protection_backup_instance_blob_storage” “backup_instance” {
│
╵
I already tried with a depends_on statement for each role assignment, with no success.