Azure Compute Virtual Machine Extension
This page shows how to write Terraform and Azure Resource Manager for Compute Virtual Machine Extension and write them securely.
azurerm_virtual_machine_extension (Terraform)
The Virtual Machine Extension in Compute can be configured in Terraform with the resource name azurerm_virtual_machine_extension
. The following sections describe 5 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "azurerm_virtual_machine_extension" "extension_good_1" {
name = "hostname"
virtual_machine_id = azurerm_virtual_machine.virtual_machine_good_1.id
publisher = "Microsoft.Azure.Security"
type = "IaaSAntimalware"
type_handler_version = "2.0"
resource "azurerm_virtual_machine_extension" "install-iis-spoke-1-vm" {
name = "install-iis-spoke-1-vm"
virtual_machine_id = azurerm_windows_virtual_machine.spoke-1-vm.id
publisher = "Microsoft.Compute"
type = "CustomScriptExtension"
resource "azurerm_virtual_machine_extension" "install-iis-spoke-1-vm" {
name = "install-iis-spoke-1-vm"
virtual_machine_id = azurerm_windows_virtual_machine.spoke-1-vm.id
publisher = "Microsoft.Compute"
type = "CustomScriptExtension"
resource "azurerm_virtual_machine_extension" "extension_good_1" {
name = "hostname"
virtual_machine_id = azurerm_virtual_machine.virtual_machine_good_1.id
publisher = "Microsoft.Azure.Security"
type = "IaaSAntimalware"
type_handler_version = "2.0"
resource "azurerm_virtual_machine_extension" "install-dns-onprem-dc" {
name = "install-dns-onprem-dc"
virtual_machine_id = azurerm_virtual_machine.onprem-dns-vm.id
publisher = "Microsoft.Compute"
type = "CustomScriptExtension"
Parameters
-
auto_upgrade_minor_version
optional - bool -
id
optional computed - string -
name
required - string -
protected_settings
optional - string -
publisher
required - string -
settings
optional - string -
tags
optional - map from string to string -
type
required - string -
type_handler_version
required - string -
virtual_machine_id
required - string -
timeouts
single block
Explanation in Terraform Registry
Manages a Virtual Machine Extension to provide post deployment configuration and run automated tasks.
NOTE: Custom Script Extensions for Linux & Windows require that the
commandToExecute
returns a0
exit code to be classified as successfully deployed. You can achieve this by appendingexit 0
to the end of yourcommandToExecute
. -> NOTE: Custom Script Extensions require that the Azure Virtual Machine Guest Agent is running on the Virtual Machine.
Tips: Best Practices for The Other Azure Compute Resources
In addition to the azurerm_linux_virtual_machine, Azure Compute has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
azurerm_linux_virtual_machine
Ensure to use SSH authentication for virtual machines
It is better to use SSH authentication for virtual machines instead of password authentication to enforce more secure ways.
azurerm_managed_disk
Ensure to enable the encryption on managed disks
It is better to enable the encryption on managed disks.
azurerm_virtual_machine
Ensure to use SSH authentication for virtual machines
It is better to use SSH authentication for virtual machines instead of password authentication to enforce more secure ways.
Microsoft.Compute/virtualMachines/extensions/extensionName (Azure Resource Manager)
The virtualMachines/extensions/extensionName in Microsoft.Compute can be configured in Azure Resource Manager with the resource name Microsoft.Compute/virtualMachines/extensions/extensionName
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Frequently asked questions
What is Azure Compute Virtual Machine Extension?
Azure Compute Virtual Machine Extension is a resource for Compute of Microsoft Azure. Settings can be wrote in Terraform.
Where can I find the example code for the Azure Compute Virtual Machine Extension?
For Terraform, the melscoop-test/check, zipphreak/azure-vwan-microhack2.0 and mddazure/azure-vwan-microhack source code examples are useful. See the Terraform Example section for further details.