Point-in-Time Restore for Azure Blob Storage
TypeScriptPoint-in-Time Restore for Azure Blob Storage is a feature that allows you to recover data from a previous point in time. This can be critical for recovering from accidental deletions, corruptions, or malicious attacks. In Azure, you can achieve this by enabling soft delete and versioning features on your storage account, which keeps deleted and modified blob versions for a set retention period.
Azure Blob Storage does not have a direct "Point-in-Time Restore" service per se but utilizes several features to achieve a similar outcome. It is important to set up versioning which retains versions of blobs whenever they are deleted or overwritten. This is accompanied by setting appropriate retention policies.
Here's how to configure an Azure Storage Account for Blob soft delete and versioning using Pulumi's azure-native provider:
-
Enable Soft Delete: Soft delete for blobs allows you to recover your data when blobs or blob snapshots are deleted. This protection lasts for a set number of days.
-
Enable Versioning: Versioning maintains previous versions of a blob each time a blob is modified or deleted.
The following Pulumi program in TypeScript will set up an Azure Storage Account with these features enabled, which is the foundation for being able to restore blobs to a previous state.
import * as pulumi from "@pulumi/pulumi"; import * as azure_native from "@pulumi/azure-native"; const resourceGroupName = "my-resource-group"; // Replace with your resource group name const storageAccountName = "mystorageaccount"; // Replace with your storage account name // Create an Azure Resource Group const resourceGroup = new azure_native.resources.ResourceGroup(resourceGroupName); // Create an Azure Storage Account const storageAccount = new azure_native.storage.StorageAccount(storageAccountName, { resourceGroupName: resourceGroup.name, sku: { name: azure_native.storage.SkuName.Standard_LRS, // Use Locally-redundant storage }, kind: azure_native.storage.Kind.StorageV2, // Required for blob versioning location: resourceGroup.location, enableHttpsTrafficOnly: true, blobServices: { blobServiceName: "default", // Default blob service cors: { corsRules: [], // Optional, set up CORS rules here if applicable }, deleteRetentionPolicy: { enabled: true, days: 7, // Retain deleted blobs for 7 days }, isVersioningEnabled: true, // Enable blob versioning }, }); // Export the primary storage account endpoint export const primaryStorageEndpoint = storageAccount.primaryEndpoints.apply(endpoints => endpoints.blob);
This program performs the following actions, step by step:
- Imports the necessary Pulumi modules.
- Defines the Resource Group name and Storage Account name.
- Creates a new Resource Group in Azure.
- Creates a new Storage Account within the specified Resource Group.
- Sets the storage account to use the Locally-redundant storage (LRS) SKU for cost-effective storage.
- Ensures
Kind.StorageV2
is used, which supports blob versioning. - Sets the location of the storage account to be the same as the Resource Group.
- Secures the storage account by only allowing HTTPS traffic.
- Configures the
blobServices
which includes:- A retention policy to keep deleted blobs for 7 days.
- Enabled versioning for blobs to retain previous versions of the blobs.
- Lastly, the program exports the endpoint of the primary storage blob service.
Remember, this code is ready to be used in a Pulumi program with TypeScript; however, you need to ensure Azure resources are named appropriately as per your existing Azure setup.
To run this Pulumi code, you will need to have Pulumi CLI installed and configured with your Azure account credentials. Save this code in a
.ts
file, and runpulumi up
to create resources on Azure according to this script.-