Top / Microsoft Azure / Azure Compute / Virtual Machine Extension

Azure Compute Virtual Machine Extension

This page shows how to write Terraform and Azure Resource Manager for Compute Virtual Machine Extension and write them securely.

terraform-logo

Review your .tf file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

azurerm_virtual_machine_extension (Terraform)

The Virtual Machine Extension in Compute can be configured in Terraform with the resource name azurerm_virtual_machine_extension. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub

main.tf#L53
resource "azurerm_virtual_machine_extension" "extension_good_1" {
  name                 = "hostname"
  virtual_machine_id   = azurerm_virtual_machine.virtual_machine_good_1.id
  publisher            = "Microsoft.Azure.Security"
  type                 = "IaaSAntimalware"
  type_handler_version = "2.0"
vm-extensions.tf#L5
resource "azurerm_virtual_machine_extension" "install-iis-spoke-1-vm" {

  name                 = "install-iis-spoke-1-vm"
  virtual_machine_id   = azurerm_windows_virtual_machine.spoke-1-vm.id
  publisher            = "Microsoft.Compute"
  type                 = "CustomScriptExtension"
vm-extensions.tf#L5
resource "azurerm_virtual_machine_extension" "install-iis-spoke-1-vm" {

  name                 = "install-iis-spoke-1-vm"
  virtual_machine_id   = azurerm_windows_virtual_machine.spoke-1-vm.id
  publisher            = "Microsoft.Compute"
  type                 = "CustomScriptExtension"
main.tf#L53
resource "azurerm_virtual_machine_extension" "extension_good_1" {
  name                 = "hostname"
  virtual_machine_id   = azurerm_virtual_machine.virtual_machine_good_1.id
  publisher            = "Microsoft.Azure.Security"
  type                 = "IaaSAntimalware"
  type_handler_version = "2.0"
vm-extensions.tf#L6
resource "azurerm_virtual_machine_extension" "install-dns-onprem-dc" {

  name                 = "install-dns-onprem-dc"
  virtual_machine_id   = azurerm_virtual_machine.onprem-dns-vm.id
  publisher            = "Microsoft.Compute"
  type                 = "CustomScriptExtension"

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Manages a Virtual Machine Extension to provide post deployment configuration and run automated tasks.

NOTE: Custom Script Extensions for Linux & Windows require that the commandToExecute returns a 0 exit code to be classified as successfully deployed. You can achieve this by appending exit 0 to the end of your commandToExecute. -> NOTE: Custom Script Extensions require that the Azure Virtual Machine Guest Agent is running on the Virtual Machine.

>> from Terraform Registry

Tips: Best Practices for The Other Azure Compute Resources

In addition to the azurerm_linux_virtual_machine, Azure Compute has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

azurerm_linux_virtual_machine

Ensure to use SSH authentication for virtual machines

It is better to use SSH authentication for virtual machines instead of password authentication to enforce more secure ways.

risk-label

azurerm_managed_disk

Ensure to enable the encryption on managed disks

It is better to enable the encryption on managed disks.

risk-label

azurerm_virtual_machine

Ensure to use SSH authentication for virtual machines

It is better to use SSH authentication for virtual machines instead of password authentication to enforce more secure ways.

Review your Azure Compute settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

Microsoft.Compute/virtualMachines/extensions/extensionName (Azure Resource Manager)

The virtualMachines/extensions/extensionName in Microsoft.Compute can be configured in Azure Resource Manager with the resource name Microsoft.Compute/virtualMachines/extensions/extensionName. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

The Other Related Azure Compute Resources

Frequently asked questions

What is Azure Compute Virtual Machine Extension?

Azure Compute Virtual Machine Extension is a resource for Compute of Microsoft Azure. Settings can be wrote in Terraform.

Where can I find the example code for the Azure Compute Virtual Machine Extension?

For Terraform, the melscoop-test/check, zipphreak/azure-vwan-microhack2.0 and mddazure/azure-vwan-microhack source code examples are useful. See the Terraform Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents