Soft Delete for Azure Storage using ARM template , Azure CLI & PowerShell
Soft delete is an Azure offering which helps in data protection on Azure Blobs and Azure File Service to prevent accidental data deletion either by you or by someone. It’s a part of Azure backup.
Use Case:Assume a use case, You work in an enterprise application an somehow a user has gained access over a azure storage and accidentally deleted some blobs so how will you recover that.
Azure Storage soft delete enables you to achieve this.
Prerequisites:There should be already azure storage or Create a Azure storage on fly using ARM template.
If you have already create Azure storage just go to Azure Storage -> data Protection -> Enable blob soft delete.
Refer an image below for reference :
Azure Infrastructure as a Code (ARM Template)
An ARM template is an Infrastructure as a code (IaC) to provision a resource in Azure .In this section I’ll create a ARM template for storage account with soft a delete feature enable , Storage account is a resource type under Azure Storage provider Microsoft.Storage. Blob service is a sub resource with a single instance default. You can access this at Microsoft.Storage/storageAccounts/piperstorage/blobServices/default.
Following arm template creates a azure storage and enables soft delete for that.We will be running this using azure cli.
{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"location":{"type":"string"},"storageAccountName":{"type":"string"}},"variables":{},"resources":[{"type":"Microsoft.Storage/storageAccounts","sku":{"name":"Standard_LRS","tier":"Standard"},"kind":"StorageV2","name":"[parameters('storageAccountName')]","apiVersion":"2018-07-01","location":"[parameters('location')]"},{"name":"[concat(parameters('storageAccountName'), '/default')]","type":"Microsoft.Storage/storageAccounts/blobServices","apiVersion":"2018-07-01","properties":{"deleteRetentionPolicy":{"enabled":true,"days":30}},"dependsOn":["[concat('Microsoft.Storage/storageAccounts/', parameters('storageAccountName'))]"]}],"outputs":{}}
Once everything is setup , use az login command to get into your azure subscription. Create a resource group as per your choice. Follow below commands to Login , create resource group and execute azrue cli to create and enable storage account and soft delete for blob respectively.
Az Login
az group create --name cloudPipersRG --location "East US"
Deploy template using Azure CLI command :
az group deployment create --name StorageDeployment --resource-group cloudPipersRG --template-file "C:\Learning\Docs\ARM Templates\azureDeploy.Storage.json" --parameters storageAccountName=cloudpiperstorage location=eastus
Deploy template using Azure Powershell:
$resourceGroupName = cloudPipersRG
New-AzResourceGroup -Name $resourceGroupName -Location "centralus"
New-AzResourceGroupDeployment -ResourceGroupName $resourceGroupName -TemplateFile "C:\Learning\Docs\ARM Templates\azureDeploy.Storage.json" -storageAccountName "cloudpiperstorage" -location "westus"
Once it has succeeded , got to azure portal to verify the deployment and related things.
Jump to portal https://portal.azure.com/ - >cloudPipersRG-> deployment
Verify that storage account would have been created and looks like the below screen shot cloudpiperrg-deployment
Now go to recently create storage account , find data protection and click on that . it opens a new window as appears below enable-softdelete.png and shows that soft delete is enabled with the 30 days retention days.
You can go through with video demonstration HERE:
https://www.youtube.com/watch?v=AXEeYUnpWB4
For more deep dive learning about disaster recovery and account failover follow this link:
https://docs.microsoft.com/en-us/azure/storage/common/storage-disaster-recovery-guidance
