compute/virtual_machine¶
Overview¶
This page documents the Terraform module implementation, key configuration surfaces, and how it integrates with CAF.
Dependency diagram (Mermaid)¶
graph TD
azurecaf_name.legacy["azurecaf_name.legacy"]
azurecaf_name.legacy_computer_name["azurecaf_name.legacy_computer_name"]
azurecaf_name.nic["azurecaf_name.nic"]
azurerm_backup_protected_vm.backup["azurerm_backup_protected_vm.backup"]
azurerm_dev_test_global_vm_shutdown_schedule.enabled["azurerm_dev_test_global_vm_shutdown_schedule.enabled"]
azurerm_key_vault_certificate.self_signed_winrm["azurerm_key_vault_certificate.self_signed_winrm"]
azurerm_key_vault_secret.admin_password["azurerm_key_vault_secret.admin_password"]
azurerm_key_vault_secret.backup_encryption_password["azurerm_key_vault_secret.backup_encryption_password"]
azurerm_key_vault_secret.sql_admin_password["azurerm_key_vault_secret.sql_admin_password"]
azurerm_key_vault_secret.ssh_private_key["azurerm_key_vault_secret.ssh_private_key"]
azurerm_key_vault_secret.ssh_public_key_openssh["azurerm_key_vault_secret.ssh_public_key_openssh"]
azurerm_linux_virtual_machine.vm["azurerm_linux_virtual_machine.vm"]
azurerm_managed_disk.disk["azurerm_managed_disk.disk"]
azurerm_mssql_virtual_machine.mssqlvm["azurerm_mssql_virtual_machine.mssqlvm"]
azurerm_network_interface.nic["azurerm_network_interface.nic"]
azurerm_network_interface_application_security_group_association.assoc["azurerm_network_interface_application_security_group_association.assoc"]
azurerm_network_interface_security_group_association.nic["azurerm_network_interface_security_group_association.nic"]
azurerm_network_interface_security_group_association.nic_nsg["azurerm_network_interface_security_group_association.nic_nsg"]
azurerm_virtual_machine.vm["azurerm_virtual_machine.vm"]
azurerm_virtual_machine_data_disk_attachment.disk["azurerm_virtual_machine_data_disk_attachment.disk"]
azurerm_windows_virtual_machine.vm["azurerm_windows_virtual_machine.vm"]
data.azurecaf_name.disk["data.azurecaf_name.disk"]
data.azurecaf_name.linux["data.azurecaf_name.linux"]
data.azurecaf_name.linux_computer_name["data.azurecaf_name.linux_computer_name"]
data.azurecaf_name.os_disk_linux["data.azurecaf_name.os_disk_linux"]
data.azurecaf_name.os_disk_windows["data.azurecaf_name.os_disk_windows"]
data.azurecaf_name.windows["data.azurecaf_name.windows"]
data.azurecaf_name.windows_computer_name["data.azurecaf_name.windows_computer_name"]
data.azurerm_key_vault_certificate.custom_data["data.azurerm_key_vault_certificate.custom_data"]
data.azurerm_key_vault_key.custom_data["data.azurerm_key_vault_key.custom_data"]
data.azurerm_key_vault_secret.custom_data["data.azurerm_key_vault_secret.custom_data"]
data.azurerm_managed_disk.os_disk["data.azurerm_managed_disk.os_disk"]
data.azurerm_storage_account.mssqlvm_backup_sa["data.azurerm_storage_account.mssqlvm_backup_sa"]
data.external.backup_encryption_password["data.external.backup_encryption_password"]
data.external.secret_key_id["data.external.secret_key_id"]
data.external.sp_client_id["data.external.sp_client_id"]
data.external.sp_client_secret["data.external.sp_client_secret"]
data.external.sql_password["data.external.sql_password"]
data.external.sql_username["data.external.sql_username"]
data.external.ssh_public_key_id["data.external.ssh_public_key_id"]
data.external.ssh_secret_keyvault["data.external.ssh_secret_keyvault"]
data.external.windows_admin_password["data.external.windows_admin_password"]
data.external.windows_admin_username["data.external.windows_admin_username"]
local_sensitive_file.custom_data["local_sensitive_file.custom_data"]
module.nics["module.nics"]
random_password.admin["random_password.admin"]
random_password.encryption_password["random_password.encryption_password"]
random_password.legacy["random_password.legacy"]
random_password.sql_admin_password["random_password.sql_admin_password"]
tls_private_key.ssh["tls_private_key.ssh"]
azurecaf_name.legacy_computer_name --> azurerm_network_interface.nic
azurecaf_name.legacy_computer_name --> azurerm_network_interface_security_group_association.nic_nsg
azurerm_backup_protected_vm.backup --> azurerm_linux_virtual_machine.vm
azurerm_backup_protected_vm.backup --> azurerm_windows_virtual_machine.vm
azurerm_dev_test_global_vm_shutdown_schedule.enabled --> azurerm_linux_virtual_machine.vm
azurerm_dev_test_global_vm_shutdown_schedule.enabled --> azurerm_windows_virtual_machine.vm
azurerm_key_vault_certificate.self_signed_winrm --> azurecaf_name.legacy
azurerm_key_vault_certificate.self_signed_winrm --> azurerm_network_interface.nic
azurerm_key_vault_certificate.self_signed_winrm --> data.azurecaf_name.windows
azurerm_key_vault_secret.admin_password --> data.azurecaf_name.windows_computer_name
azurerm_key_vault_secret.admin_password --> random_password.admin
azurerm_key_vault_secret.backup_encryption_password --> azurerm_windows_virtual_machine.vm
azurerm_key_vault_secret.backup_encryption_password --> random_password.encryption_password
azurerm_key_vault_secret.sql_admin_password --> azurerm_windows_virtual_machine.vm
azurerm_key_vault_secret.sql_admin_password --> random_password.sql_admin_password
azurerm_key_vault_secret.ssh_private_key --> azurecaf_name.legacy_computer_name
azurerm_key_vault_secret.ssh_private_key --> data.azurecaf_name.linux_computer_name
azurerm_key_vault_secret.ssh_private_key --> tls_private_key.ssh
azurerm_key_vault_secret.ssh_public_key_openssh --> azurecaf_name.legacy_computer_name
azurerm_key_vault_secret.ssh_public_key_openssh --> data.azurecaf_name.linux_computer_name
azurerm_key_vault_secret.ssh_public_key_openssh --> tls_private_key.ssh
azurerm_linux_virtual_machine.vm --> data.azurecaf_name.linux
azurerm_linux_virtual_machine.vm --> data.azurecaf_name.linux_computer_name
azurerm_linux_virtual_machine.vm --> data.azurecaf_name.os_disk_linux
azurerm_linux_virtual_machine.vm --> data.external.secret_key_id
azurerm_linux_virtual_machine.vm --> data.external.ssh_public_key_id
azurerm_linux_virtual_machine.vm --> data.external.ssh_secret_keyvault
azurerm_linux_virtual_machine.vm --> local_sensitive_file.custom_data
azurerm_linux_virtual_machine.vm --> tls_private_key.ssh
azurerm_managed_disk.disk --> data.azurecaf_name.disk
azurerm_mssql_virtual_machine.mssqlvm --> azurerm_linux_virtual_machine.vm
azurerm_mssql_virtual_machine.mssqlvm --> azurerm_virtual_machine_data_disk_attachment.disk
azurerm_mssql_virtual_machine.mssqlvm --> azurerm_windows_virtual_machine.vm
azurerm_mssql_virtual_machine.mssqlvm --> data.azurerm_storage_account.mssqlvm_backup_sa
azurerm_mssql_virtual_machine.mssqlvm --> data.external.backup_encryption_password
azurerm_mssql_virtual_machine.mssqlvm --> data.external.sp_client_id
azurerm_mssql_virtual_machine.mssqlvm --> data.external.sp_client_secret
azurerm_mssql_virtual_machine.mssqlvm --> data.external.sql_password
azurerm_mssql_virtual_machine.mssqlvm --> data.external.sql_username
azurerm_mssql_virtual_machine.mssqlvm --> random_password.encryption_password
azurerm_mssql_virtual_machine.mssqlvm --> random_password.sql_admin_password
azurerm_network_interface.nic --> azurecaf_name.nic
azurerm_network_interface_application_security_group_association.assoc --> azurerm_network_interface.nic
azurerm_network_interface_security_group_association.nic --> azurerm_network_interface.nic
azurerm_network_interface_security_group_association.nic_nsg --> azurerm_network_interface.nic
azurerm_virtual_machine.vm --> azurecaf_name.legacy_computer_name
azurerm_virtual_machine.vm --> azurerm_key_vault_certificate.self_signed_winrm
azurerm_virtual_machine.vm --> random_password.legacy
azurerm_virtual_machine.vm --> tls_private_key.ssh
azurerm_virtual_machine_data_disk_attachment.disk --> azurerm_linux_virtual_machine.vm
azurerm_virtual_machine_data_disk_attachment.disk --> azurerm_managed_disk.disk
azurerm_virtual_machine_data_disk_attachment.disk --> azurerm_windows_virtual_machine.vm
azurerm_windows_virtual_machine.vm --> azurerm_key_vault_certificate.self_signed_winrm
azurerm_windows_virtual_machine.vm --> azurerm_network_interface.nic
azurerm_windows_virtual_machine.vm --> azurerm_network_interface_security_group_association.nic_nsg
azurerm_windows_virtual_machine.vm --> data.azurecaf_name.os_disk_windows
azurerm_windows_virtual_machine.vm --> data.azurecaf_name.windows
azurerm_windows_virtual_machine.vm --> data.azurecaf_name.windows_computer_name
azurerm_windows_virtual_machine.vm --> random_password.admin
data.azurecaf_name.linux_computer_name --> azurerm_network_interface.nic
data.azurecaf_name.linux_computer_name --> azurerm_network_interface_security_group_association.nic_nsg
data.azurerm_key_vault_key.custom_data --> azurerm_managed_disk.disk
data.azurerm_managed_disk.os_disk --> azurerm_linux_virtual_machine.vm
data.azurerm_managed_disk.os_disk --> azurerm_windows_virtual_machine.vm
module.nics --> azurerm_network_interface.nic
Module Reference¶
Category: compute
Path: modules/compute/virtual_machine
Azure Resources: azurecaf_name, azurerm_backup_protected_vm, azurerm_dev_test_global_vm_shutdown_schedule, azurerm_key_vault_certificate, azurerm_key_vault_secret, azurerm_linux_virtual_machine, azurerm_managed_disk, azurerm_mssql_virtual_machine, azurerm_network_interface, azurerm_network_interface_application_security_group_association, azurerm_network_interface_security_group_association, azurerm_virtual_machine, azurerm_virtual_machine_data_disk_attachment, azurerm_windows_virtual_machine, local_sensitive_file, random_password, tls_private_key
Inputs¶
| Name | Description | Type | Required | Default | Validation |
|---|---|---|---|---|---|
"global_settings" |
"Global settings object (see module README.md)" | any |
yes | - |
- |
"client_config" |
"Client configuration object (see module README.md)." | any |
yes | - |
- |
"resource_group" |
"Resource group object to deploy the Azure resource" | any |
yes | - |
- |
"keyvaults" |
"Keyvault to store the SSH public and private keys when not provided by the var.public_key_pem_file or retrieve admin... | any |
no | "" |
- |
"boot_diagnostics_storage_account" |
"(Optional) The Primary/Secondary Endpoint for the Azure Storage Account (general purpose) which should be used to st... | any |
no | - |
- |
"settings" |
"The settings for the Azure resource." | any |
yes | - |
"When 'shutdown_schedule.notification_settings.enabled' is true you must provide either 'email' or 'webhook_url' in settings.shutdown_schedule.notification_settings." |
"vnets" |
any |
yes | - |
- | |
"public_key_pem_file" |
"If disable_password_authentication is set to true, ssh authentication is enabled. You can provide a list of file pat... | any |
no | "" |
- |
"managed_identities" |
any |
no | {} |
- | |
"diagnostics" |
any |
no | {} |
- | |
"public_ip_addresses" |
any |
no | {} |
- | |
"recovery_vaults" |
any |
no | {} |
- | |
"storage_accounts" |
any |
no | {} |
- | |
"availability_sets" |
any |
no | {} |
- | |
"base_tags" |
"Base tags for the resource to be inherited from the resource group." | bool |
yes | - |
- |
"proximity_placement_groups" |
any |
no | {} |
- | |
"disk_encryption_sets" |
any |
no | {} |
- | |
"application_security_groups" |
any |
no | {} |
- | |
"virtual_machines" |
any |
no | {} |
- | |
"image_definitions" |
any |
no | {} |
- | |
"custom_image_ids" |
any |
no | {} |
- | |
"network_security_groups" |
"Require a version 1 NSG definition to be attached to a nic." | any |
no | {} |
- |
"dedicated_hosts" |
any |
no | {} |
- | |
"virtual_subnets" |
"Map of virtual_subnets objects" | any |
no | {} |
- |
Outputs¶
| Name | Description | Sensitive | Value |
|---|---|---|---|
"id" |
- | local.os_type == "linux" ? try(azurerm_linux_virtual_machine.vm["linux"].id, null) : try(azurerm_windows_virtual_machine.vm["windows"].id, null) |
|
"ip_configuration" |
"Adding the network_interface.nic to support remote dns on virtual networks" | - | azurerm_network_interface.nic |
"os_type" |
- | local.os_type |
|
"internal_fqdns" |
- | try(var.settings.networking_interfaces, null) != null ? flatten([for nic_key in try(var.settings.virtual_machine_settings[local.os_type].network_interface_keys, []) : format("%s.%s", try(azurerm_network_interface.nic[nic_key].internal_dns_name_label, try(azurerm_linux_virtual_machine.vm["linux"].name, azurerm_windows_virtual_machine.vm["windows"].name)), azurerm_network_interface.nic[nic_key].internal_domain_name_suffix)]) : null |
|
"admin_username" |
"Local admin username" | - | try(local.admin_username, null) == null ? var.settings.virtual_machine_settings[local.os_type].admin_username : local.admin_username |
"admin_password_secret_id" |
"Local admin password Key Vault secret id" | - | try(azurerm_key_vault_secret.admin_password[local.os_type].id, null) |
"winrm" |
- | local.os_type == "windows" && local.keyvault != null ? {keyvault_id = local.keyvault.id, certificate_url = try(azurerm_key_vault_certificate.self_signed_winrm[local.os_type].secret_id, null)} : null |
|
"ssh_keys" |
- | local.create_sshkeys ? {keyvault_id = local.keyvault.id, ssh_private_key_pem = azurerm_key_vault_secret.ssh_private_key[local.os_type].name, ssh_public_key_open_ssh = azurerm_key_vault_secret.ssh_public_key_openssh[local.os_type].name, ssh_private_key_open_ssh = azurerm_key_vault_secret.ssh_public_key_openssh[local.os_type].name} : null |
|
"nic_id" |
- | coalescelist(flatten([for nic_key in try(var.settings.virtual_machine_settings[local.os_type].network_interface_keys, []) : format("%s.%s", try(azurerm_network_interface.nic[nic_key].id, try(azurerm_linux_virtual_machine.vm["linux"].name, azurerm_windows_virtual_machine.vm["windows"].name)), azurerm_network_interface.nic[nic_key].id)]), try(var.settings.networking_interface_ids, [])) |
|
"nics" |
- | {for key, value in var.settings.networking_interfaces : key => {id = azurerm_network_interface.nic[key].id, name = azurerm_network_interface.nic[key].name}} |
|
"data_disks" |
- | {for key, value in lookup(var.settings, "data_disks", {}) : key => azurerm_managed_disk.disk[key].id} |
|
"os_disk_id" |
- | data.azurerm_managed_disk.os_disk.id |
|
"identity" |
"The identity block of the virtual machine" | - | local.os_type == "linux" ? try(azurerm_linux_virtual_machine.vm["linux"].identity, null) : try(azurerm_windows_virtual_machine.vm["windows"].identity, null) |
"rbac_id" |
"The object_id for the role_mapping" | - | local.os_type == "linux" ? try(azurerm_linux_virtual_machine.vm["linux"].identity[0].principal_id, null) : try(azurerm_windows_virtual_machine.vm["windows"].identity[0].principal_id, null) |
"private_ip_address" |
"Map of NIC keys to private IP addresses for the VM's network interfaces" | - | try({for nic_key in try(var.settings.virtual_machine_settings[local.os_type].network_interface_keys, []) : nic_key => (try(azurerm_network_interface.nic[nic_key].ip_configuration[0].private_ip_address, null))}, null) |
Sources¶
modules/compute/virtual_machine/admin_ssh_key.tfmodules/compute/virtual_machine/application_security_group.tfmodules/compute/virtual_machine/backup.tfmodules/compute/virtual_machine/diagnostics.tfmodules/compute/virtual_machine/dynamic_custom_data.tfmodules/compute/virtual_machine/keyvault.tfmodules/compute/virtual_machine/locals.tfmodules/compute/virtual_machine/main.tfmodules/compute/virtual_machine/managed_identities.tfmodules/compute/virtual_machine/mssql_vm.tfmodules/compute/virtual_machine/network_interface.tfmodules/compute/virtual_machine/outputs.tfmodules/compute/virtual_machine/shutdown_schedule.tfmodules/compute/virtual_machine/variables.tfmodules/compute/virtual_machine/vm_disk.tfmodules/compute/virtual_machine/vm_legacy.tfmodules/compute/virtual_machine/vm_linux.tfmodules/compute/virtual_machine/vm_windows.tfmodules/compute/virtual_machine/vm_windows_winrm_self.tf