compute/virtual_machine¶
Overview¶
This page documents the Terraform module implementation, key configuration surfaces, and how it integrates with CAF.
Dependency diagram (Mermaid)¶
graph TD
azurecaf_name.legacy["azurecaf_name.legacy"]
azurecaf_name.legacy_computer_name["azurecaf_name.legacy_computer_name"]
azurecaf_name.nic["azurecaf_name.nic"]
azurerm_backup_protected_vm.backup["azurerm_backup_protected_vm.backup"]
azurerm_dev_test_global_vm_shutdown_schedule.enabled["azurerm_dev_test_global_vm_shutdown_schedule.enabled"]
azurerm_key_vault_certificate.self_signed_winrm["azurerm_key_vault_certificate.self_signed_winrm"]
azurerm_key_vault_secret.admin_password["azurerm_key_vault_secret.admin_password"]
azurerm_key_vault_secret.backup_encryption_password["azurerm_key_vault_secret.backup_encryption_password"]
azurerm_key_vault_secret.sql_admin_password["azurerm_key_vault_secret.sql_admin_password"]
azurerm_key_vault_secret.ssh_private_key["azurerm_key_vault_secret.ssh_private_key"]
azurerm_key_vault_secret.ssh_public_key_openssh["azurerm_key_vault_secret.ssh_public_key_openssh"]
azurerm_linux_virtual_machine.vm["azurerm_linux_virtual_machine.vm"]
azurerm_managed_disk.disk["azurerm_managed_disk.disk"]
azurerm_mssql_virtual_machine.mssqlvm["azurerm_mssql_virtual_machine.mssqlvm"]
azurerm_network_interface.nic["azurerm_network_interface.nic"]
azurerm_network_interface_application_security_group_association.assoc["azurerm_network_interface_application_security_group_association.assoc"]
azurerm_network_interface_security_group_association.nic["azurerm_network_interface_security_group_association.nic"]
azurerm_network_interface_security_group_association.nic_nsg["azurerm_network_interface_security_group_association.nic_nsg"]
azurerm_virtual_machine.vm["azurerm_virtual_machine.vm"]
azurerm_virtual_machine_data_disk_attachment.disk["azurerm_virtual_machine_data_disk_attachment.disk"]
azurerm_windows_virtual_machine.vm["azurerm_windows_virtual_machine.vm"]
data.azurecaf_name.disk["data.azurecaf_name.disk"]
data.azurecaf_name.linux["data.azurecaf_name.linux"]
data.azurecaf_name.linux_computer_name["data.azurecaf_name.linux_computer_name"]
data.azurecaf_name.os_disk_linux["data.azurecaf_name.os_disk_linux"]
data.azurecaf_name.os_disk_windows["data.azurecaf_name.os_disk_windows"]
data.azurecaf_name.windows["data.azurecaf_name.windows"]
data.azurecaf_name.windows_computer_name["data.azurecaf_name.windows_computer_name"]
data.azurerm_key_vault_certificate.custom_data["data.azurerm_key_vault_certificate.custom_data"]
data.azurerm_key_vault_key.custom_data["data.azurerm_key_vault_key.custom_data"]
data.azurerm_key_vault_secret.custom_data["data.azurerm_key_vault_secret.custom_data"]
data.azurerm_managed_disk.os_disk["data.azurerm_managed_disk.os_disk"]
data.azurerm_storage_account.mssqlvm_backup_sa["data.azurerm_storage_account.mssqlvm_backup_sa"]
data.external.backup_encryption_password["data.external.backup_encryption_password"]
data.external.secret_key_id["data.external.secret_key_id"]
data.external.sp_client_id["data.external.sp_client_id"]
data.external.sp_client_secret["data.external.sp_client_secret"]
data.external.sql_password["data.external.sql_password"]
data.external.sql_username["data.external.sql_username"]
data.external.ssh_public_key_id["data.external.ssh_public_key_id"]
data.external.ssh_secret_keyvault["data.external.ssh_secret_keyvault"]
data.external.windows_admin_password["data.external.windows_admin_password"]
data.external.windows_admin_username["data.external.windows_admin_username"]
local_sensitive_file.custom_data["local_sensitive_file.custom_data"]
module.nics["module.nics"]
random_password.admin["random_password.admin"]
random_password.encryption_password["random_password.encryption_password"]
random_password.legacy["random_password.legacy"]
random_password.sql_admin_password["random_password.sql_admin_password"]
tls_private_key.ssh["tls_private_key.ssh"]
azurecaf_name.legacy_computer_name --> azurerm_network_interface.nic
azurecaf_name.legacy_computer_name --> azurerm_network_interface_security_group_association.nic_nsg
azurerm_backup_protected_vm.backup --> azurerm_linux_virtual_machine.vm
azurerm_backup_protected_vm.backup --> azurerm_windows_virtual_machine.vm
azurerm_dev_test_global_vm_shutdown_schedule.enabled --> azurerm_linux_virtual_machine.vm
azurerm_dev_test_global_vm_shutdown_schedule.enabled --> azurerm_windows_virtual_machine.vm
azurerm_key_vault_certificate.self_signed_winrm --> azurecaf_name.legacy
azurerm_key_vault_certificate.self_signed_winrm --> azurerm_network_interface.nic
azurerm_key_vault_certificate.self_signed_winrm --> data.azurecaf_name.windows
azurerm_key_vault_secret.admin_password --> data.azurecaf_name.windows_computer_name
azurerm_key_vault_secret.admin_password --> random_password.admin
azurerm_key_vault_secret.backup_encryption_password --> azurerm_windows_virtual_machine.vm
azurerm_key_vault_secret.backup_encryption_password --> random_password.encryption_password
azurerm_key_vault_secret.sql_admin_password --> azurerm_windows_virtual_machine.vm
azurerm_key_vault_secret.sql_admin_password --> random_password.sql_admin_password
azurerm_key_vault_secret.ssh_private_key --> azurecaf_name.legacy_computer_name
azurerm_key_vault_secret.ssh_private_key --> data.azurecaf_name.linux_computer_name
azurerm_key_vault_secret.ssh_private_key --> tls_private_key.ssh
azurerm_key_vault_secret.ssh_public_key_openssh --> azurecaf_name.legacy_computer_name
azurerm_key_vault_secret.ssh_public_key_openssh --> data.azurecaf_name.linux_computer_name
azurerm_key_vault_secret.ssh_public_key_openssh --> tls_private_key.ssh
azurerm_linux_virtual_machine.vm --> data.azurecaf_name.linux
azurerm_linux_virtual_machine.vm --> data.azurecaf_name.linux_computer_name
azurerm_linux_virtual_machine.vm --> data.azurecaf_name.os_disk_linux
azurerm_linux_virtual_machine.vm --> data.external.secret_key_id
azurerm_linux_virtual_machine.vm --> data.external.ssh_public_key_id
azurerm_linux_virtual_machine.vm --> data.external.ssh_secret_keyvault
azurerm_linux_virtual_machine.vm --> local_sensitive_file.custom_data
azurerm_linux_virtual_machine.vm --> tls_private_key.ssh
azurerm_managed_disk.disk --> data.azurecaf_name.disk
azurerm_mssql_virtual_machine.mssqlvm --> azurerm_linux_virtual_machine.vm
azurerm_mssql_virtual_machine.mssqlvm --> azurerm_virtual_machine_data_disk_attachment.disk
azurerm_mssql_virtual_machine.mssqlvm --> azurerm_windows_virtual_machine.vm
azurerm_mssql_virtual_machine.mssqlvm --> data.azurerm_storage_account.mssqlvm_backup_sa
azurerm_mssql_virtual_machine.mssqlvm --> data.external.backup_encryption_password
azurerm_mssql_virtual_machine.mssqlvm --> data.external.sp_client_id
azurerm_mssql_virtual_machine.mssqlvm --> data.external.sp_client_secret
azurerm_mssql_virtual_machine.mssqlvm --> data.external.sql_password
azurerm_mssql_virtual_machine.mssqlvm --> data.external.sql_username
azurerm_mssql_virtual_machine.mssqlvm --> random_password.encryption_password
azurerm_mssql_virtual_machine.mssqlvm --> random_password.sql_admin_password
azurerm_network_interface.nic --> azurecaf_name.nic
azurerm_network_interface_application_security_group_association.assoc --> azurerm_network_interface.nic
azurerm_network_interface_security_group_association.nic --> azurerm_network_interface.nic
azurerm_network_interface_security_group_association.nic_nsg --> azurerm_network_interface.nic
azurerm_virtual_machine.vm --> azurecaf_name.legacy_computer_name
azurerm_virtual_machine.vm --> azurerm_key_vault_certificate.self_signed_winrm
azurerm_virtual_machine.vm --> random_password.legacy
azurerm_virtual_machine.vm --> tls_private_key.ssh
azurerm_virtual_machine_data_disk_attachment.disk --> azurerm_linux_virtual_machine.vm
azurerm_virtual_machine_data_disk_attachment.disk --> azurerm_managed_disk.disk
azurerm_virtual_machine_data_disk_attachment.disk --> azurerm_windows_virtual_machine.vm
azurerm_windows_virtual_machine.vm --> azurerm_key_vault_certificate.self_signed_winrm
azurerm_windows_virtual_machine.vm --> azurerm_network_interface.nic
azurerm_windows_virtual_machine.vm --> azurerm_network_interface_security_group_association.nic_nsg
azurerm_windows_virtual_machine.vm --> data.azurecaf_name.os_disk_windows
azurerm_windows_virtual_machine.vm --> data.azurecaf_name.windows
azurerm_windows_virtual_machine.vm --> data.azurecaf_name.windows_computer_name
azurerm_windows_virtual_machine.vm --> random_password.admin
data.azurecaf_name.linux_computer_name --> azurerm_network_interface.nic
data.azurecaf_name.linux_computer_name --> azurerm_network_interface_security_group_association.nic_nsg
data.azurerm_key_vault_key.custom_data --> azurerm_managed_disk.disk
data.azurerm_managed_disk.os_disk --> azurerm_linux_virtual_machine.vm
data.azurerm_managed_disk.os_disk --> azurerm_windows_virtual_machine.vm
module.nics --> azurerm_network_interface.nic
Module Reference¶
Category: compute
Path: modules/compute/virtual_machine
Azure Resources: azurecaf_name, azurerm_backup_protected_vm, azurerm_dev_test_global_vm_shutdown_schedule, azurerm_key_vault_certificate, azurerm_key_vault_secret, azurerm_linux_virtual_machine, azurerm_managed_disk, azurerm_mssql_virtual_machine, azurerm_network_interface, azurerm_network_interface_application_security_group_association, azurerm_network_interface_security_group_association, azurerm_virtual_machine, azurerm_virtual_machine_data_disk_attachment, azurerm_windows_virtual_machine, local_sensitive_file, random_password, tls_private_key
Inputs¶
| Name | Description | Type | Required | Default | Validation |
|---|---|---|---|---|---|
global_settings |
Global settings object (see module README.md) | any |
yes | - |
- |
client_config |
Client configuration object (see module README.md). | any |
yes | - |
- |
resource_group |
Resource group object to deploy the Azure resource | any |
yes | - |
- |
keyvaults |
Keyvault to store the SSH public and private keys when not provided by the var.public_key_pem_file or retrieve admin ... | any |
no | - |
- |
boot_diagnostics_storage_account |
(Optional) The Primary/Secondary Endpoint for the Azure Storage Account (general purpose) which should be used to sto... | any |
no | - |
- |
settings |
The settings for the Azure resource. | any |
yes | - |
When 'shutdown_schedule.notification_settings.enabled' is true you must provide either 'email' or 'webhook_url' in settings.shutdown_schedule.notification_settings. |
vnets |
any |
yes | - |
- | |
public_key_pem_file |
If disable_password_authentication is set to true, ssh authentication is enabled. You can provide a list of file path... | any |
no | - |
- |
managed_identities |
any |
no | {} |
- | |
diagnostics |
any |
no | {} |
- | |
public_ip_addresses |
any |
no | {} |
- | |
recovery_vaults |
any |
no | {} |
- | |
storage_accounts |
any |
no | {} |
- | |
availability_sets |
any |
no | {} |
- | |
base_tags |
Base tags for the resource to be inherited from the resource group. | bool |
yes | - |
- |
proximity_placement_groups |
any |
no | {} |
- | |
disk_encryption_sets |
any |
no | {} |
- | |
application_security_groups |
any |
no | {} |
- | |
virtual_machines |
any |
no | {} |
- | |
image_definitions |
any |
no | {} |
- | |
custom_image_ids |
any |
no | {} |
- | |
network_security_groups |
Require a version 1 NSG definition to be attached to a nic. | any |
no | {} |
- |
dedicated_hosts |
any |
no | {} |
- | |
virtual_subnets |
Map of virtual_subnets objects | any |
no | {} |
- |
Outputs¶
| Name | Description | Sensitive | Value |
|---|---|---|---|
id |
- | local.os_type == "linux" ? try(azurerm_linux_virtual_machine.vm["linux"].id, null) : try(azurerm_windows_virtual_machine.vm["windows"].id, null) |
|
ip_configuration |
Adding the network_interface.nic to support remote dns on virtual networks | - | azurerm_network_interface.nic |
os_type |
- | local.os_type |
|
internal_fqdns |
- | try(var.settings.networking_interfaces, null) != null ? flatten([for nic_key in try(var.settings.virtual_machine_settings[local.os_type].network_interface_keys, []) : format("%s.%s", try(azurerm_network_interface.nic[nic_key].internal_dns_name_label, try(azurerm_linux_virtual_machine.vm["linux"].name, azurerm_windows_virtual_machine.vm["windows"].name)), azurerm_network_interface.nic[nic_key].internal_domain_name_suffix)]) : null |
|
admin_username |
Local admin username | - | try(local.admin_username, null) == null ? var.settings.virtual_machine_settings[local.os_type].admin_username : local.admin_username |
admin_password_secret_id |
Local admin password Key Vault secret id | - | try(azurerm_key_vault_secret.admin_password[local.os_type].id, null) |
winrm |
- | local.os_type == "windows" && local.keyvault != null ? {'keyvault_id': '${local.keyvault.id}', 'certificate_url': '${try(azurerm_key_vault_certificate.self_signed_winrm[local.os_type].secret_id, null)}'} : null |
|
ssh_keys |
- | local.create_sshkeys ? {'keyvault_id': '${local.keyvault.id}', 'ssh_private_key_pem': '${azurerm_key_vault_secret.ssh_private_key[local.os_type].name}', 'ssh_public_key_open_ssh': '${azurerm_key_vault_secret.ssh_public_key_openssh[local.os_type].name}', 'ssh_private_key_open_ssh': '${azurerm_key_vault_secret.ssh_public_key_openssh[local.os_type].name}'} : null |
|
nic_id |
- | coalescelist(flatten([for nic_key in try(var.settings.virtual_machine_settings[local.os_type].network_interface_keys, []) : format("%s.%s", try(azurerm_network_interface.nic[nic_key].id, try(azurerm_linux_virtual_machine.vm["linux"].name, azurerm_windows_virtual_machine.vm["windows"].name)), azurerm_network_interface.nic[nic_key].id)]), try(var.settings.networking_interface_ids, [])) |
|
nics |
- | {for key , value in var.settings.networking_interfaces : key => {"id": "${azurerm_network_interface.nic[key].id}", "name": "${azurerm_network_interface.nic[key].name}"}} |
|
data_disks |
- | {for key , value in lookup(var.settings, "data_disks", {}) : key => azurerm_managed_disk.disk[key].id} |
|
os_disk_id |
- | data.azurerm_managed_disk.os_disk.id |
|
identity |
The identity block of the virtual machine | - | local.os_type == "linux" ? try(azurerm_linux_virtual_machine.vm["linux"].identity, null) : try(azurerm_windows_virtual_machine.vm["windows"].identity, null) |
rbac_id |
The object_id for the role_mapping | - | local.os_type == "linux" ? try(azurerm_linux_virtual_machine.vm["linux"].identity[0].principal_id, null) : try(azurerm_windows_virtual_machine.vm["windows"].identity[0].principal_id, null) |
private_ip_address |
Map of NIC keys to private IP addresses for the VM's network interfaces | - | try({for nic_key in try(var.settings.virtual_machine_settings[local.os_type].network_interface_keys, []) : nic_key => (try(azurerm_network_interface.nic[nic_key].ip_configuration[0].private_ip_address, null))}, null) |
Sources¶
modules/compute/virtual_machine/admin_ssh_key.tfmodules/compute/virtual_machine/application_security_group.tfmodules/compute/virtual_machine/backup.tfmodules/compute/virtual_machine/diagnostics.tfmodules/compute/virtual_machine/dynamic_custom_data.tfmodules/compute/virtual_machine/keyvault.tfmodules/compute/virtual_machine/locals.tfmodules/compute/virtual_machine/main.tfmodules/compute/virtual_machine/managed_identities.tfmodules/compute/virtual_machine/mssql_vm.tfmodules/compute/virtual_machine/network_interface.tfmodules/compute/virtual_machine/outputs.tfmodules/compute/virtual_machine/shutdown_schedule.tfmodules/compute/virtual_machine/variables.tfmodules/compute/virtual_machine/vm_disk.tfmodules/compute/virtual_machine/vm_legacy.tfmodules/compute/virtual_machine/vm_linux.tfmodules/compute/virtual_machine/vm_windows.tfmodules/compute/virtual_machine/vm_windows_winrm_self.tf