|
| 1 | +--- |
| 2 | +title: 'Quickstart: Back up a virtual machine in Azure with Terraform' |
| 3 | +description: In this quickstart, you learn how to configure Azure Backup to run a backup on demand by creating and configuring an Azure Windows virtual machine, virtual network, subnet, public IP, network security group, network interface, storage account, Backup recovery services vault, and Backup policy. |
| 4 | +ms.topic: quickstart |
| 5 | +ms.date: 04/03/2025 |
| 6 | +ms.custom: devx-track-terraform |
| 7 | +ms.service: windows |
| 8 | +author: jyothisuri |
| 9 | +ms.author: jsuri |
| 10 | +#customer intent: As a Terraform user, I want to see how to configure Azure Backup to run a backup on demand by creating and configuring an Azure virtual network, subnet, public IP, network security group, network interface, storage account, Backup recovery services vault, and Backup policy. |
| 11 | +content_well_notification: |
| 12 | + - AI-contribution |
| 13 | +--- |
| 14 | + |
| 15 | +# Quickstart: Back up a virtual machine in Azure with Terraform |
| 16 | + |
| 17 | +In this quickstart, you create an Azure Windows virtual machine (VM) and associated resources using Terraform. An Azure Windows VM is a scalable computing resource that Azure provides. It's an on-demand, virtualized Windows server in the Azure cloud. You can use it to deploy, test, and run applications, among other things. In addition to the VM, this code also creates a virtual network, subnet, public IP, network security group, network interface, storage account, Azure Backup recovery services vault, and Backup policy. |
| 18 | + |
| 19 | +[!INCLUDE [About Terraform](~/azure-dev-docs-pr/articles/terraform/includes/abstract.md)] |
| 20 | + |
| 21 | +In this article, you learn how to: |
| 22 | +> [!div class="checklist"] |
| 23 | +> * Create an Azure resource group with a unique name. |
| 24 | +> * Create a virtual network with a unique name and a specified address space. |
| 25 | +> * Create a subnet within the virtual network with a unique name and a specified address prefix. |
| 26 | +> * Create a public IP address with a unique name. |
| 27 | +> * Create a network security group with two security rules for remote desk protocol and web traffic. |
| 28 | +> * Create a network interface with a unique name, and attach it to the subnet and public IP address. |
| 29 | +> * Associate the network security group with the network interface. |
| 30 | +> * Generate a random ID for a unique storage account name, and insert a storage account for boot diagnostics. |
| 31 | +> * Create a Windows VM with a unique name, and generate a random password for the VM. |
| 32 | +> * Create a Backup recovery services vault with a unique name. |
| 33 | +> * Create a Backup policy for the VM with daily frequency and a retention period of seven days. |
| 34 | +> * Protect the VM with the created Backup policy. |
| 35 | +
|
| 36 | +## Prerequisites |
| 37 | + |
| 38 | +- Create an Azure account with an active subscription. You can [create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). |
| 39 | +- [Install and configure Terraform](/azure/developer/terraform/quickstart-configure). |
| 40 | + |
| 41 | +## Implement the Terraform code |
| 42 | + |
| 43 | +The sample code for this article is located in the [Azure Terraform GitHub repo](https://github.com/Azure/terraform/tree/master/quickstart/101-backup-vm). You can view the log file containing the [test results from current and previous versions of Terraform](https://github.com/Azure/terraform/tree/master/quickstart/101-backup-vm/TestRecord.md). See more [articles and sample code showing how to use Terraform to manage Azure resources](/azure/terraform). |
| 44 | + |
| 45 | +1. Create a directory in which to test and run the sample Terraform code, and make it the current directory. |
| 46 | + |
| 47 | +1. Create a file named `main.tf`, and insert the following code: |
| 48 | + :::code language="Terraform" source="~/terraform_samples/quickstart/101-backup-vm/main.tf"::: |
| 49 | + |
| 50 | +1. Create a file named `outputs.tf`, and insert the following code: |
| 51 | + :::code language="Terraform" source="~/terraform_samples/quickstart/101-backup-vm/outputs.tf"::: |
| 52 | + |
| 53 | +1. Create a file named `providers.tf`, and insert the following code: |
| 54 | + :::code language="Terraform" source="~/terraform_samples/quickstart/101-backup-vm/providers.tf"::: |
| 55 | + |
| 56 | +1. Create a file named `variables.tf`, and insert the following code: |
| 57 | + :::code language="Terraform" source="~/terraform_samples/quickstart/101-backup-vm/variables.tf"::: |
| 58 | + |
| 59 | +> [!IMPORTANT] |
| 60 | +> If you're using the 4.x azurerm provider, you must [explicitly specify the Azure subscription ID](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/4.0-upgrade-guide#specifying-subscription-id-is-now-mandatory) to authenticate to Azure before running the Terraform commands. |
| 61 | +> |
| 62 | +> One way to specify the Azure subscription ID without putting it in the `providers` block is to specify the subscription ID in an environment variable named `ARM_SUBSCRIPTION_ID`. |
| 63 | +> |
| 64 | +> For more information, see the [Azure provider reference documentation](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs#argument-reference). |
| 65 | +
|
| 66 | +## Initialize Terraform |
| 67 | + |
| 68 | +[!INCLUDE [terraform-init.md](~/azure-dev-docs-pr/articles/terraform/includes/terraform-init.md)] |
| 69 | + |
| 70 | +## Create a Terraform execution plan |
| 71 | + |
| 72 | +[!INCLUDE [terraform-plan.md](~/azure-dev-docs-pr/articles/terraform/includes/terraform-plan.md)] |
| 73 | + |
| 74 | +## Apply a Terraform execution plan |
| 75 | + |
| 76 | +[!INCLUDE [terraform-apply-plan.md](~/azure-dev-docs-pr/articles/terraform/includes/terraform-apply-plan.md)] |
| 77 | + |
| 78 | +## Verify the results |
| 79 | + |
| 80 | +1. Get the Azure resource group name. |
| 81 | + |
| 82 | + ```console |
| 83 | + resource_group_name = $(terraform outout -raw azurerm_resource_group_name) |
| 84 | + ``` |
| 85 | + |
| 86 | +1. Get the Backup recovery services vault name. |
| 87 | + |
| 88 | + ```console |
| 89 | + recovery_services_vault_name = $(terraform output -raw azurerm_recovery_services_vault_name) |
| 90 | + ``` |
| 91 | + |
| 92 | +1. Get the Windows VM name. |
| 93 | + |
| 94 | + ```console |
| 95 | + windows_virtual_machine_name = $(terraform output -raw azurerm_windows_virtual_machine_name) |
| 96 | + ``` |
| 97 | + |
| 98 | +1. Run [`az backup protection backup-now`](/cli/azure/backup/protection#az-backup-protection-backup-now) to start a backup job. |
| 99 | + |
| 100 | + ```azurecli |
| 101 | + az backup protection backup-now --resource-group $resource_group_name \ |
| 102 | + --vault-name $recovery_services_vault_name \ |
| 103 | + --container-name $windows_virtual_machine_name \ |
| 104 | + --item-name $windows_virtual_machine_name \ |
| 105 | + --backup-management-type AzureIaaSVM |
| 106 | + ``` |
| 107 | + |
| 108 | +1. Run [`az backup job list`](/cli/azure/backup/job#az-backup-job-list) to monitor the backup job. When the *Status* of the backup job reports *Completed*, your VM is protected with Backup recovery services and has a full recovery point stored. |
| 109 | + |
| 110 | + ```azurecli |
| 111 | + az backup job list --resource-group $resource_group_name \ |
| 112 | + --vault-name $recovery_services_vault_name \ |
| 113 | + --output table |
| 114 | + ``` |
| 115 | + |
| 116 | +## Clean up resources |
| 117 | + |
| 118 | +[!INCLUDE [terraform-plan-destroy.md](~/azure-dev-docs-pr/articles/terraform/includes/terraform-plan-destroy.md)] |
| 119 | + |
| 120 | +## Troubleshoot Terraform on Azure |
| 121 | + |
| 122 | +[Troubleshoot common problems when using Terraform on Azure](/azure/developer/terraform/troubleshoot). |
| 123 | + |
| 124 | +## Next steps |
| 125 | + |
| 126 | +> [!div class="nextstepaction"] |
| 127 | +> [See more articles about Azure Windows VMs](/search/?terms=Azure%20windows%20virtual%20machine%20and%20terraform). |
0 commit comments