diff --git a/azure/services/auth.tf b/azure/services/auth.tf
new file mode 100644
index 0000000..8d6ad4e
--- /dev/null
+++ b/azure/services/auth.tf
@@ -0,0 +1,6 @@
+
+provider "azurerm" {
+  features {}
+  subscription_id     = local.subscription_id
+  storage_use_azuread = true
+}
diff --git a/azure/services/backet.tf b/azure/services/backet.tf
new file mode 100644
index 0000000..993ced6
--- /dev/null
+++ b/azure/services/backet.tf
@@ -0,0 +1,58 @@
+
+resource "random_id" "backet" {
+  byte_length = 8
+}
+
+resource "azurerm_storage_account" "backet" {
+  name                     = random_id.backet.hex
+  resource_group_name      = local.resource_group
+  location                 = local.regions[0]
+  account_tier             = "Standard"
+  account_replication_type = "LRS"
+
+  shared_access_key_enabled        = false
+  cross_tenant_replication_enabled = false
+  allow_nested_items_to_be_public  = false
+
+  blob_properties {
+    versioning_enabled = false
+  }
+
+  tags = var.tags
+}
+
+resource "azurerm_storage_container" "backup" {
+  name                  = "backup"
+  storage_account_name  = azurerm_storage_account.backet.name
+  container_access_type = "private"
+}
+
+resource "azurerm_storage_management_policy" "backup" {
+  storage_account_id = azurerm_storage_account.backet.id
+
+  rule {
+    name    = "cleanup"
+    enabled = true
+    filters {
+      prefix_match = ["${azurerm_storage_container.backup.name}/"]
+      blob_types   = ["blockBlob"]
+    }
+    actions {
+      base_blob {
+        delete_after_days_since_modification_greater_than = 7
+      }
+    }
+  }
+}
+
+resource "azurerm_role_assignment" "terraform" {
+  scope                = azurerm_storage_container.backup.resource_manager_id
+  role_definition_name = "Storage Blob Data Reader"
+  principal_id         = data.azurerm_client_config.terraform.object_id
+}
+
+resource "azurerm_role_assignment" "backup" {
+  scope                = azurerm_storage_container.backup.resource_manager_id
+  role_definition_name = "Storage Blob Data Contributor"
+  principal_id         = var.principal
+}
diff --git a/azure/services/common.tf b/azure/services/common.tf
new file mode 100644
index 0000000..3bdf641
--- /dev/null
+++ b/azure/services/common.tf
@@ -0,0 +1,2 @@
+
+data "azurerm_client_config" "terraform" {}
diff --git a/azure/services/variables.tf b/azure/services/variables.tf
new file mode 100644
index 0000000..f37f4f5
--- /dev/null
+++ b/azure/services/variables.tf
@@ -0,0 +1,26 @@
+
+data "terraform_remote_state" "prepare" {
+  backend = "local"
+  config = {
+    path = "${path.module}/../prepare/terraform.tfstate"
+  }
+}
+
+locals {
+  subscription_id = data.terraform_remote_state.prepare.outputs.subscription
+  regions         = data.terraform_remote_state.prepare.outputs.regions
+  resource_group  = data.terraform_remote_state.prepare.outputs.resource_group
+}
+
+variable "principal" {
+  description = "principal id to have RW access the backet"
+  type        = string
+}
+
+variable "tags" {
+  description = "Tags of resources"
+  type        = map(string)
+  default = {
+    environment = "Develop"
+  }
+}
diff --git a/azure/services/versions.tf b/azure/services/versions.tf
new file mode 100644
index 0000000..8372c83
--- /dev/null
+++ b/azure/services/versions.tf
@@ -0,0 +1,10 @@
+
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~> 3.40.0"
+    }
+  }
+  required_version = ">= 1.2"
+}