Skip to content

rubrikinc/terraform-azure-polaris-cloud-native_subscription

BranchesTags

Repository files navigation

Terraform Module - Azure Rubrik Cloud Native Subscription

This module adds an Azure subscription to Rubrik Security Cloud (RSC/Polaris) using an existing tenant.

Usage

module "polaris_azure_cloud_native_subscription" {
  source = "rubrikinc/polaris-cloud-native_subscription/azure"

  azure_service_principal_object_id   = "6473bd4c-6341-4bf6-85dd-059976075869"
  rsc_service_principal_tenant_domain = "my-tenant-domain.onmicrosoft.com"

  azure_resource_group_name   = "RubrikBackups-RG-DontDelete-Terraform"
  azure_resource_group_region = "westus"
  azure_resource_group_tags   = {
    "Environment" = "Test"
    "Owner"       = "Terraform" 
  }

  regions_to_protect = [
    "westus",
  ]

  rsc_azure_features = [
    "AZURE_SQL_DB_PROTECTION",
    "AZURE_SQL_MI_PROTECTION",
    "CLOUD_NATIVE_ARCHIVAL",
    "CLOUD_NATIVE_ARCHIVAL_ENCRYPTION",
    "CLOUD_NATIVE_PROTECTION",
    "EXOCOMPUTE",
  ]

  exocompute_details  = {
    exocompute_config = {
      region                    = "westus"
      subnet_name               = "subnet1"
      vnet_name                 = "vnet1"
      vnet_resource_group_name  = "vnet-rg"
    }
  }
}

Examples

Changelog

v2.1.1

  • Remove unnecessary time_sleep resources from examples.

v2.1.0

  • Mark azure_tenant_id and polaris_credentials input variables as deprecated. They are no longer used by the module and have no replacements.
  • Move example configuration code from the README.md file to the examples directory.

Troubleshooting:

Error: Missing Tenant

When you remove the last subscription from an RSC tenant, the tenant will be automatically removed from RSC. To add another subscription to the tenant, the tenant must first be added back.

The following error, when applying a Terraform configuration, indicates that the tenant is missing:

╷
│ Error: failed to add subscription: failed to request addAzureCloudAccountWithoutOauth: graphql response body is an error (status code 200): NOT_FOUND: Failed to get service principal in the tenant. Azure may take some time to sync service principal. Please try after a minute (Azure error: [Unknown] Unknown service error) (code: 404, traceId: T908tqj5/shh8TMK9rX2lA==)
│
│   with polaris_azure_subscription.polaris,
│   on main.tf line 84, in resource "polaris_azure_subscription" "polaris":
│   84: resource "polaris_azure_subscription" "polaris" {
│

Solution: Taint the polaris_azure_service_principal.polaris resource and re-run the apply operation.

How You Can Help

We welcome contributions from the community. From updating the documentation to adding more functionality, all ideas are welcome. Thank you in advance for all of your issues, pull requests, and comments!

Requirements

Name Version
azurerm >=3.10.0
polaris >=1.0.0

Providers

Name Version
azurerm >=3.10.0
polaris >=1.0.0

Resources

Name Type
azurerm_resource_group.default resource
azurerm_role_assignment.resource_group resource
azurerm_role_assignment.subscription resource
azurerm_role_definition.resource_group resource
azurerm_role_definition.subscription resource
azurerm_user_assigned_identity.default resource
polaris_azure_exocompute.polaris resource
polaris_azure_subscription.default resource
azurerm_subnet.polaris data source
azurerm_subscription.current data source
polaris_azure_permissions.default data source

Inputs

Name Description Type Default Required
azure_resource_group_name Name of the Azure resource group to store snapshots and Exocompute artifacts. string "Rubrik-Backups-RG-Do-Not-Delete" no
azure_resource_group_region Region of the Azure resource group to store snapshots and Exocompute artifacts. string n/a yes
azure_resource_group_tags Tags to apply to the Azure resource group to store snapshots and Exocompute artifacts. map(string) {} no
azure_service_principal_object_id Azure service principal object id. string n/a yes
azure_subscription_id Deprecated: no replacement. string null no
delete_snapshots_on_destroy Should snapshots be deleted when the resource is destroyed. bool false no
exocompute_details Region, VNet, Subnet and pod CIDR for Exocompute. 
map(
    object(
      {
        region                   = string
        pod_overlay_network_cidr = string
        subnet_name              = string
        vnet_name                = string
        vnet_resource_group_name = string
      }
    )
  )
 {} no
polaris_credentials Deprecated: no replacement. string null no
regions_to_protect List of Azure regions to protect. list(string) n/a yes
rsc_azure_features List of RSC Azure features to enable. list(string) n/a yes
rsc_service_principal_tenant_domain Tenant domain of the Service Principal created in RSC. string n/a yes

Outputs

Name Description
polaris_azure_subscription_id The RSC cloud account ID of the Azure subscription.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

2 stars

Watchers

10 watching

Forks

2 forks
Report repository

Releases 8

v2.1.1 Latest
May 8, 2025
+ 7 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages