Skip to content

Latest commit

 

History

History
185 lines (153 loc) · 15.5 KB

readme.md

File metadata and controls

185 lines (153 loc) · 15.5 KB
Raw

Azure Virtual Machine Terraform Module

This Terraform module allows you to easily create one or more Virtual Machines (VMs) in Azure.

📌 Features

  • Creates a new Azure resource group
  • Creates one or more VMs within the resource group
  • Allows you to specify the VM size, OS, and other details

🔧 Usage

To use this module, you will need to have an Azure account and access to the Azure CLI with Terraform installed. I heavily rely on the terraform-azurerm-caf-enterprise-scale and the terraform-azurerm-lz-vending modules, hence some of the references to e.g. the management & connectivity subscriptions.

NOTE: I always suggest to use the ref argument to select a specific version.

module "k3s" {
  source  = "DevSecNinja/compute/azurerm"
  # version = "x.y.z" # Copy from Terraform registry

  ### Important
  instances = 3
  config    = local.config # I will soon open source my main repository under https://github.com/DevSecNinja/AzureEnvironment that provides the schema
  purpose   = "k3s"
  subnet_id = "/subscriptions/${data.azurerm_client_config.jeanpaulv-lz-corp-gen.subscription_id}/resourceGroups/${local.config.generic.org.root_id}-connectivity-${local.config.generic.regions.primaryRegion.name}/providers/Microsoft.Network/virtualNetworks/${local.config.generic.org.root_id}-spoke-lz-0-${local.config.generic.regions.primaryRegion.name}/subnets/snet-workload"
  os_type   = "linux"
  tags      = local.tags

  ## Optional
  location                 = local.config.generic.regions.primaryRegion.name
  install_oms_agent        = true
  vm_size                  = local.config.compute.virtualMachines.linux.settings.size
  enable_jit               = local.config.compute.virtualMachines.linux.just-in-time.enabled
  deploy_public_ip_address = false
  shutdown_policy_enabled  = "true"
  dns_host_record          = "k3s"
  join_in_aad              = true
  disable_backup           = true
  data_disk_size           = 32
  deploy_load_balancer     = true

  providers = {
    azurerm              = azurerm.lz-corp-gen # To deploy your resources
    azurerm.management   = azurerm.management # To access the Log Analytics workspace
    azurerm.connectivity = azurerm.connectivity # To create a DNS record
  }
}

📝 Note

After I built this module, I discovered that there is also a nice module created by the Azure team which is officially supported by Microsoft. You might want to start with that one first.

🤝 Contributions

I welcome contributions to this project! If you have an idea for a feature or improvement, please open an issue or pull request. If you find this project helpful, I would also appreciate it if you could leave a star on the GitHub repository 🌟

Thank you for considering contributing 🙏

📜 License

This project is licensed under the MIT License. It is not affiliated with my employer.

Feel free to use and modify the code as you see fit 🎉

📄 Terraform Documentation

I'm using terraform-docs to update my documentation automatically:

Requirements

Name Version
azurecaf 2.0.0-preview3
azurerm >= 3.29.1
random 3.4.3

Providers

Name Version
azurecaf 2.0.0-preview3
azurerm >= 3.29.1
azurerm.connectivity >= 3.29.1
azurerm.management >= 3.29.1
random 3.4.3
time n/a

Modules

No modules.

Resources

Name Type
azurecaf_name.vm resource
azurecaf_name.vm_data_disk_01 resource
azurecaf_name.vm_dns_name resource
azurecaf_name.vm_shared_disk resource
azurecaf_name.vm_single resource
azurerm_availability_set.vm resource
azurerm_dev_test_global_vm_shutdown_schedule.vm resource
azurerm_dns_a_record.vm_pip resource
azurerm_lb.vm resource
azurerm_lb_backend_address_pool.vm resource
azurerm_lb_probe.lb_probe resource
azurerm_linux_virtual_machine.vm resource
azurerm_managed_disk.data_01 resource
azurerm_managed_disk.shared_01 resource
azurerm_network_interface.vm_nic resource
azurerm_network_interface_backend_address_pool_association.vm resource
azurerm_proximity_placement_group.vm resource
azurerm_public_ip.lb_pip resource
azurerm_public_ip.vm_pip resource
azurerm_resource_group.vm_rg resource
azurerm_resource_group_policy_exemption.backup resource
azurerm_resource_group_policy_exemption.ip_forwarding resource
azurerm_security_center_server_vulnerability_assessment_virtual_machine.vm resource
azurerm_virtual_machine_data_disk_attachment.data_01 resource
azurerm_virtual_machine_data_disk_attachment.shared_01 resource
azurerm_virtual_machine_extension.avd resource
azurerm_virtual_machine_extension.domain_join_azuread resource
azurerm_virtual_machine_extension.vm_amaagent resource
azurerm_virtual_machine_extension.vm_linux resource
azurerm_virtual_machine_extension.vm_windows resource
azurerm_windows_virtual_machine.vm resource
random_password.vm_password resource
time_sleep.wait_60_seconds resource
azurerm_client_config.core data source
azurerm_log_analytics_workspace.law data source

Inputs

Name Description Type Default Required
avd_extension Installs the Azure Virtual Desktop extension map 
{
  "aadJoin": true,
  "enabled": false,
  "hostPoolName": null,
  "registrationInfoToken": null
}
 no
config Provide the decoded data from the files in generic/json/config any n/a yes
custom_data Base64encoded string of the custom data config string null no
custom_script_extension Installs the specified custom script extension. Script should be a base64encoded string map 
{
  "enabled": false,
  "name": null,
  "script": null
}
 no
data_disk_caching Specify the caching setting for the data disk string "ReadWrite" no
data_disk_size Deploys a data disk if size is >0 number 0 no
data_disk_type Specify the disk type for the data disk string "StandardSSD_LRS" no
deploy_in_availability_set Instead of using Availability Zones (99.99% SLA - DC failure protection), the VMs will be deployed in an Availability Set (99.9% SLA - 'rack failure' protection). bool false no
deploy_load_balancer Deploys a load balancer and adds the network interfaces to the backend pool bool false no
deploy_public_ip_address n/a bool false no
disable_backup Requests a policy exemption for backups on the VM in the Resource Group bool false no
dns_host_record DNS Host record will only be set when deploying a public IP address bool false no
enable_ip_forwarding n/a bool false no
enable_jit Enables Just-in-Time Administration bool false no
install_oms_agent Installs the OMS Agent bool false no
instances Specify the number of VM instances number 1 no
join_in_aad Joins the machine in Azure Active Directory bool true no
load_balancer_health_probe_port Health probe port, default is 22 for Linux and 3389 for Windows number 0 no
load_balancer_is_public If true, a Public IP address will be created and associated bool false no
location Provide the Azure region string "westeurope" no
os_type Specify the Operating System time string "windows_server" no
purpose Purpose is used in the naming of the VM any n/a yes
shared_data_disk_size Deploys a shared data disk if size is >0 number 0 no
shared_disk_caching Specify the caching setting for the shared disk string "ReadWrite" no
shared_disk_type Specify the disk type for the shared disk string "StandardSSD_LRS" no
shutdown_policy_enabled n/a string "true" no
source_image_reference n/a map(string) 
{
  "offer": null,
  "publisher": null,
  "sku": null,
  "version": null
}
 no
subnet_id Provide the ID of the subnet that the VM should use any n/a yes
tags n/a map(string) {} no
vm_size n/a string "Standard_B2s" no
workspace_id Provide the Log Analytics Workspace ID for the VM to report data to any null no
workspace_key Provide the Log Analytics Workspace key for the VM to report data to any null no

Outputs

Name Description
vm n/a
vm_identity n/a
vm_lb n/a
vm_lb_pip n/a
vm_lb_probe n/a
vm_nic n/a
vm_pip n/a
vm_rg n/a