Cosmos DB - Configure Seven Day Continuous Backup Retention using Terraform

Cosmos DB - Configure Seven Day Continuous Backup Retention using Terraform

James Cook's photo
James Cook
·

3 min read

Table of contents

When you create a Cosmos DB instance in Azure with Terraform and set backup to Continuous, you might notice that in the current AzureRM provider (3.27.0), you cannot configure any additional settings. You can only specify Continuous, which will result in 30-day retention being the default.

In this post, I will cover how we can amend the default so you can set 7-day retention. Why move from 30-day retention to 7-day retention, you might be thinking. Well, 7-day retention is free until June 2024, whereas 30-day is billable. Seven days may also be a step up from your current backup setup and might also be long enough for recovery needs.

This post will be relevant until the AzureRM provider is updated to support the ability to choose the retention period.

Configuration

Your current Cosmos DB block may look something like this:

resource "azurerm_cosmosdb_account" "my_cosmos_db" {
  name                = "my-cosmos-db"
  location            = "UK South"
  resource_group_name = azurerm_resource_group.resource_group.name
  offer_type          = "Standard"
  kind                = "MongoDB"

  enable_automatic_failover = true

  geo_location {
    location          = "westeurope"
    failover_priority = 1
  }

  geo_location {
    location          = "uksouth"
    failover_priority = 0
  }

  backup {
    type              = "Continuous"
}

And you will have the AzureRM provider configured:

terraform {
  required_providers {
    azurerm = {
      source = "hashicorp/azurerm"
      version = "3.27.0"
    }
  }
}

provider "azurerm" {}

First, you need to add a new provider called AzAPI. This will be used to configure the seven-day continuous backup. The provider config will look something like this:

terraform {
  required_providers {
    azurerm = {
      source = "hashicorp/azurerm"
      version = "3.27.0"
    }
    azapi = {
      source = "Azure/azapi"
      version = "1.0.0"
    }
  }
}

provider "azurerm" {}
provider "azapi" {}

Then you want to add the following resource block to set the retention:

resource "azapi_update_resource" "cosmosdb_backup_seven_days" {
  type        = "Microsoft.DocumentDB/databaseAccounts@2022-08-15-preview"
  resource_id = azurerm_cosmosdb_account.my_cosmos_db.id

  body = jsonencode({
    "properties" = {
      "backupPolicy" = {
          "type" : "Continuous",
          "continuousModeProperties" : {
              "tier" : "Continuous7Days"
          }
        }
    }
  })
}

You will notice the following is set:

type - This is set to the defined resource Microsoft.DocumentDB/databaseAccounts and API set to version 2022-08-15-preview. It must be the preview version, as the setting to set 7 days of continuous retention is only available in the preview.

Once the config is in and ready, you can run Terraform plan to confirm the new resource actions and then apply.

AzAPI resource

Some information on the resource you are adding.

The azapi_update_resource will create or modify resources. It will detect and replace any changes you make within the resource block. But, if you delete the resource block, it will delete from the state file and not from Azure. This will result in an orphan configuration.

Read more about AzAPI update resource here.

What to do when AzureRM supports configuration retention period

Once the retention period in Continuous Backup can be set, you will want to add the configuration to the Cosmos DB Account resource block. And then delete the AzAPI resource block, which will not delete the configuration as described above.

Did you find this article valuable?

Support James Cook by becoming a sponsor. Any amount is appreciated!

DatabasesTerraformAzureMicrosoftBackup