快速入门：使用 Terraform 模板为 Azure Database for PostgreSQL 灵活服务器配置备份

本快速入门介绍如何使用 Terraform 模板为 Azure Database for PostgreSQL 灵活服务器配置备份。

Azure Backup允许使用多个客户端（如 Azure portal、PowerShell、CLI、Azure Resource Manager、Bicep 等）备份 Azure PostgreSQL 灵活服务器。

先决条件

在为 Azure Database for PostgreSQL 灵活服务器配置备份之前，请确保满足以下先决条件：

需要具有活动订阅的Azure帐户。如果没有帐户，请创建一个用于试用的帐户。
Install 并配置 Terraform。
登录 Azure 帐户并验证到 Azure。

注释

Terraform 仅支持使用Azure CLI对Azure进行身份验证。不支持使用Azure PowerShell进行身份验证。因此，尽管可以在执行 Terraform 工作时使用 Azure PowerShell 模块，但首先需要对 Azure 进行身份验证。

实现 PostgreSQL 灵活服务器备份配置的 Terraform 代码

创建用于测试示例 Terraform 代码的目录，并将其设为当前目录。

创建名为 providers.tf 的文件并插入下列代码：

terraform {
  required_providers {
    azurerm = {
      source = "hashicorp/azurerm"
      version = "3.99.0"
    }
  }
}

provider "azurerm" {
   features {}
   subscription_id   = "<azure_subscription_id>"
   tenant_id = "<azure_subscription_tenant_id>"
}

创建名为 main.tf 的文件并插入下列代码：


# Step 1: Create the Backup Vault
resource "azurerm_data_protection_backup_vault" "backup_vault" {
  name                = var.backup_vault_name
  resource_group_name = var.backup_vault_resource_group
  location            = var.region

  identity {
    type = "SystemAssigned"
  }

  storage_settings {
    datastore_type = "VaultStore"
    type           = "LocallyRedundant"
  }
}

# Step 2: Create Backup Policy for PostgreSQL
resource "azurerm_data_protection_backup_policy" "postgresql_backup_policy" {
  name                = var.policy_name
  resource_group_name = var.backup_vault_resource_group
  vault_name          = azurerm_data_protection_backup_vault.backup_vault.name

  rule {
    name = "BackupSchedule"

    backup_parameters {
      object_type = "AzureBackupParams"
    }

    trigger {
      schedule {
        recurrence_rule {
          frequency = "Weekly"
          interval  = var.backup_schedule_frequency
        }
      }
    }

    data_store {
      datastore_type = "VaultStore"
    }
  }

  retention_rule {
    name       = "RetentionRule"
    is_default = true

    lifecycle {
      delete_after {
        object_type = "AbsoluteDeleteOption"
        duration    = format("P%dM", var.retention_duration_in_months)
      }
    }
  }

  depends_on = [
    azurerm_data_protection_backup_vault.backup_vault
  ]
}

# Step 3: Role Assignment for PostgreSQL Flexible Server Long Term Retention Backup Role
data "azurerm_postgresql_flexible_server" "postgresql_server" {
  name                = var.postgresql_server_name
  resource_group_name = var.postgresql_resource_group
}

resource "azurerm_role_assignment" "backup_role" {
  principal_id         = azurerm_data_protection_backup_vault.backup_vault.identity[0].principal_id
  role_definition_name = "PostgreSQL Flexible Server Long Term Retention Backup Role"
  scope                = data.azurerm_postgresql_flexible_server.PostgreSQL_server.id

  depends_on = [
    azurerm_data_protection_backup_policy.postgresql_backup_policy
  ]
}

# Step 4: Role Assignment for Reader on Resource Group
data "azurerm_resource_group" "postgresql_resource_group" {
  name = var.postgresql_resource_group
}

resource "azurerm_role_assignment" "reader_role" {
  principal_id         = azurerm_data_protection_backup_vault.backup_vault.identity[0].principal_id
  role_definition_name = "Reader"
  scope                = data.azurerm_resource_group.postgresql_resource_group.id

  depends_on = [
    azurerm_role_assignment.backup_role
  ]
}

# Step 5: Create Backup Instance for PostgreSQL
resource "azurerm_data_protection_backup_instance" "postgresql_backup_instance" {
  name                = "PostgreSQLBackupInstance"
  resource_group_name = var.backup_vault_resource_group
  vault_name          = azurerm_data_protection_backup_vault.backup_vault.name
  location            = var.region

  datasource {
    object_type     = "Datasource"
    datasource_type = "AzureDatabaseForPostgreSQLFlexibleServer"
    resource_id     = data.azurerm_PostgreSQL_flexible_server.postgresql_server.id
  }

  policy_id = azurerm_data_protection_backup_policy.postgresql_backup_policy.id

  depends_on = [
    azurerm_role_assignment.reader_role
  ]
}

创建名为 variables.tf 的文件并插入下列代码：


variable "backup_vault_name" {
      type        = string
      default     = "BackupVaultTF"
      description = "Name of the Backup Vault"
}
variable "backup_vault_resource_group" {
      type        = string
      default     = "Contoso_TF_RG"
      description = "Name of the resource group to which backup vault belongs to"
}

variable "postgresql_server_name" {
      type        = string
      default     = "Contoso_PostgreSQL_TF"
      description = "Name of the PostgreSQL server"
}

variable "postgresql_resource_group" {
      type        = string
      default     = "Contoso_TF_RG"
      description = "Name of the resource group to which PostgreSQL server belongs to"
}

variable "region" {
      type        = string
      default     = "chinanorth"
      description = "Location of the PostgreSQL server"
}

variable "policy_name" {
      type        = string
      default     = "PostgreSQLbackuppolicytfv1"
      description = "Name of the backup policy"
}

variable "backup_schedule_frequency" {
      type        = string
      default     = "1"
      description = "Schedule frequency for backup"
}
variable "retention_duration_in_months" {
      type        = string
      default     = "3"
      description = "Retention duration for backup in month"
}

初始化用于 PostgreSQL 灵活服务器备份的 Terraform

  terraform init -upgrade

为 PostgreSQL 灵活服务器备份创建 Terraform 执行计划

  terraform plan -out main.tfplan

为 PostgreSQL 灵活服务器备份实施 Terraform 执行计划

  terraform apply main.tfplan

排查 Azure 上的 Terraform 问题

解决在 Azure 上使用 Terraform 时的常见问题。

后续步骤

使用 Azure CLI 还原 Azure Database for PostgreSQL - 灵活服务器。

Last updated on 2026-03-10

通过