main - miljodir/terraform-azurerm-virtual-machine GitHub Wiki

Module Location

To use this module in your Terraform, use the below source value.

module "main" {
  source = "[email protected]:miljodir/terraform-azurerm-virtual-machine?ref=1.7.8"

  # also any inputs for the module (see below)
}

Module Attributes

Requirements

Name Version
terraform ~> 1.5
azurerm > 3.0, < 5.0
random ~> 3.5

Providers

Name Version
azurerm > 3.0, < 5.0
random ~> 3.5
tls n/a

Modules

No modules.

Resources

Name Type
azurerm_linux_virtual_machine.linux_vm resource
azurerm_maintenance_assignment_virtual_machine.main resource
azurerm_managed_disk.datadisks_create resource
azurerm_network_interface.nic resource
azurerm_role_assignment.role resource
azurerm_virtual_machine_data_disk_attachment.datadisks_attach resource
azurerm_virtual_machine_extension.aad_extension_linux resource
azurerm_virtual_machine_extension.aad_extension_windows resource
azurerm_virtual_machine_extension.avd_register_session_host resource
azurerm_virtual_machine_extension.custom_script_extension resource
azurerm_virtual_machine_extension.disk_encryption_linux resource
azurerm_virtual_machine_extension.disk_encryption_windows resource
azurerm_virtual_machine_extension.extension resource
azurerm_windows_virtual_machine.win_vm resource
random_password.passwd resource
tls_private_key.rsa resource

Inputs

Name Description Type Default Required
resource_group_name A container that holds related resources for an Azure solution string n/a yes
subnet_id The ID of the subnet that the VM should use string n/a yes
virtual_machine_name The name of the virtual machine. Max 15 characters if os_flavor is set to windows string n/a yes
additional_capabilities Additional capabilities for the VM 
object({
    ultra_ssd_enabled   = optional(bool, false)
    hibernation_enabled = optional(bool, true)
  })
 null no
admin_password The Password which should be used for the local-administrator on this Virtual Machine string null no
admin_ssh_key_data specify the path to the existing SSH key to authenticate Linux virtual machine string null no
admin_username The username of the local administrator used for the Virtual Machine. string "sysadmin" no
allow_extension_operations Enable or disable VM extension operations? Defaults to true. bool true no
availability_set_id Attach the vm to a availability set. Only 'availability_zone' or 'availability_set_id' can be used string null no
availability_zone Set to a zone if you want the vm placed in a specific availability zone. One module instance supports only a single zone. number null no
avd_register_session_host Register VM to a host pool. Only works for Windows VMs and it needs to be aad joined 
object({
    #     # https://github.com/Azure/RDS-Templates/blob/master/ARM-wvd-templates/DSC/Configuration.zip (requires fw opening)
    # https://github.com/Azure/RDS-Templates/issues/790
    # Finding the latest extension version can be done via Azure Portal --> AVD quickstart --> View template
    module_url              = optional(string, "https://wvdportalstorageblob.blob.core.windows.net/galleryartifacts/Configuration_1.0.02790.438.zip")
    host_pool_name          = string
    registration_info_token = string
    aad_join                = optional(bool, true)
  })
 null no
bypass_platform_safety_checks_on_user_schedule_enabled Set to true if platform safety checks should be bypassed on user schedule. Defaults to false. bool true no
custom_image Provide the custom image to this module if the default variants are not sufficient 
object({
    publisher = string
    offer     = string
    sku       = string
    version   = optional(string, "latest")
  })
 null no
custom_script_extension Run a custom script on VM. See https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/custom-script-windows for more information. Also works for Linux VMs. 
object({
    command_to_execute     = string
    script_urls            = list(string)
    rerun_script_extension = optional(number, 0)
  })
 null no
datadisks The disks to create and attach 
map(object({
    size          = string
    type          = string
    caching       = string
    lun           = number
    override_name = optional(string, null)
  }))
 {} no
dedicated_host_id The ID of a Dedicated Host where this machine should be run on. string null no
disable_password_authentication Should Password Authentication be disabled on this Virtual Machine? Defaults to true. Only valid for Linux Virtual Machines. bool true no
disk_controller_type The disk controller type for the VM. Possible values are 'SCSI' and 'NVMe'. Defaults to 'SCSI'. string null no
dns_servers List of dns servers to use for network interface list(string) [] no
enable_aad_login Set to true if you want to enable AAD Login VM extension bool false no
enable_accelerated_networking Should Accelerated Networking be enabled? Defaults to false. bool false no
enable_automatic_updates Enable automatic updates of windows VM? Defaults to true. bool true no
enable_disk_encryption Set to true if disk encryption is not necessary. bool false no
enable_managed_identity Set to true if the machine should be equipped with a managed identity. Defaults to false. bool false no
encrypt_operation Value for which encrypt operation. Defaults to EnableEncryption. string "EnableEncryption" no
encryption_algorithm Encryption Algorithm. Defaults to RSA-OAEP. string "RSA-OAEP" no
encryption_at_host_enabled Enable or disable encryption at host. Cannot be used with Azure Disk Encryption. Defaults to false. bool true no
encryption_key_url URL to Key Encrypt Key (KEK) string "" no
encryption_key_vault_id Key vault id if encrypting disks. Remember to allow for disk encryption usage. string null no
encryption_key_vault_uri Key vault uri if encrypting disks. Must be in same subscription. string null no
generate_admin_ssh_key Generates a secure private key and encodes it as PEM. bool true no
host_name Override the hostname of the virtual machine. string null no
hotpatching_enabled Enable or disable hotpatching for the VM. Defaults to false. bool false no
ipconfig_name Name of ipconfig if applicable. Defaults to ipconfig01. string "ipconfig01" no
license_type Specifies the type of on-premise license which should be used for this Virtual Machine. Possible values are None, Windows_Client and Windows_Server. string "None" no
linux_distribution_name Variable to pick an OS flavour for Linux based VM. string "ubuntu2404" no
location The Azure Region in which all resources should be created string "norwayeast" no
maintenance_configuration_id The ID of the Maintenance Configuration to use for this Virtual Machine. patch_mode must be set to AutomaticByPlatform. string null no
managed_identity_roles List of roles to assign to the managed identity 
map(object({
    role_definition_name = string
    scope                = string
  }))
 {} no
os_disk_name Override the OS disk name. If not set, the name will be generated from the virtual machine name. string null no
os_disk_size_gb Override the OS disk size the size used in the image this Virtual Machine is sourced from. number null no
os_disk_storage_account_type The Type of Storage Account which should back this the Internal OS Disk. Possible values include Standard_LRS, StandardSSD_LRS and Premium_LRS. string "Premium_LRS" no
os_flavor Specify the flavor of the operating system image to deploy Virtual Machine. Valid values are windows and linux string "windows" no
patch_assessment_mode Possible values are ImageDefault, AutomaticByPlatform string "AutomaticByPlatform" no
patch_mode Possible values are Manual, AutomaticByOS, AutomaticByPlatform and ImageDefault string "AutomaticByPlatform" no
private_ip_address The Static IP Address which should be used. This is valid only when private_ip_address_allocation is set to Static string null no
private_ip_address_allocation_type The allocation method used for the Private IP Address. Possible values are Dynamic and Static. string "Dynamic" no
provision_vm_agent Enable or disable provision of VM agent? Defaults to true. bool true no
secure_boot_enabled Enable or disable Secure Boot for the VM. bool true no
source_image_id The ID of an Image which each Virtual Machine should be based on string null no
tags A map of tags to add to all resources map(string) null no
timezone Time zone for virtual machine. Defaults to 'W. Europe Standard Time'. https://jackstromberg.com/2017/01/list-of-time-zones-consumed-by-azure/ string "W. Europe Standard Time" no
type_handler_version Type handler version of the VM extension to use. Defaults to 2.2 on Windows and 1.1 on Linux string null no
virtual_machine_size The Virtual Machine SKU for the Virtual Machine, Default is Standard_B2as_v2 string "Standard_B2as_v2" no
vm_agent_platform_updates_enabled (DEPRECATED - remove in next major version bump) Enable or disable VM Agent platform updates. Defaults to true. bool true no
vm_extension Argument to create azurerm_virtual_machine_extension resource, the argument descriptions could be found at the document. 
object({
    name                        = string
    publisher                   = string
    type                        = string
    type_handler_version        = string
    auto_upgrade_minor_version  = optional(bool)
    automatic_upgrade_enabled   = optional(bool)
    failure_suppression_enabled = optional(bool, false)
    settings                    = optional(string)
    protected_settings          = optional(string)
    protected_settings_from_key_vault = optional(object({
      secret_url      = string
      source_vault_id = string
    }))
  })
 null no
volume_type Value for which disks to encrypt. Defaults to All. string "All" no
vtpm_enabled Enable or disable Virtual Trusted Platform Module (vTPM) for the VM. bool true no
windows_distribution_name Variable to pick an OS flavour for Windows based VM. string "windows2025az" no

Outputs

Name Description
admin_ssh_key_private The generated private key data in PEM format
admin_ssh_key_public The generated public key data in PEM format
virtual_machine The Virtual Machine object
windows_vm_password Password for the windows VM

Changelog

1.7.8 (2025-06-29)

  • PR #23 - Update default sku to more modern hardware
Updates default vm sku to more modern tier

1.7.7 (2025-06-29)

  • PR #22 - Fix broken session registry host settings
The  file from /galleryartifacts/Configuration.zip does not contain the aadJoin flag causing issues, ref. https://rozemuller.com/how-to-join-azure-ad-automated/
Attempting the raw file from github instead.

1.7.6 (2025-06-28)

  • PR #21 - Use latest version of avd session host vm extension
Ensures that the latest configuration version is pulled. This increases the chances of the latest AVD agent being installed and will not need further updating.
Also bumps DSC extension to latest version

1.7.5 (2025-06-27)

  • PR #20 - Enable encryption by default
Enables host level encryption by default

1.7.4 (2025-05-26)

  • PR #19 - Support inputting disk_controller_type
- **Support v6 image skus**

1.7.3 (2025-04-15)

  • PR #18 - Remove attribute which is now read-only
Due to a breaking change in the Azure API the vm_agent_platform_updates_enabled field is now a Read-Only field that is controlled by the platform. Its value cannot be set, modified, or updated.

Remove the variable in the next major bump of the module.

1.7.2 (2025-01-27)

  • PR #15 - windows: update aad vm extension to v2
Updates vm extension to latest version
no answer given on why this is a major bump, but have not found issues yet.

1.7.1 (2024-11-22)

  • PR #17 - adds argument vm_agent_platform_updates_enabled
adds argument vm_agent_platform_updates_enabled and sets default to `true`

1.7.0 (2024-11-06)

  • PR #16 - windows: default to server 2025
Default new windows VMs to use windows 2025 azure edition

1.6.0 (2024-10-08)

  • PR #14 - change default values for patch related arguments
adds variables for:
- patch_assessment_mode
- hotpatching_enabled

changes defaults to align with Azure Update Manager configuration and policies

1.5.0 (2024-10-03)

  • PR #13 - adds support for changing os disk size on win vms
adds support for changing os disk size on win vms

1.4.0 (2024-09-10)

  • PR #12 - Change defaults for new Linux VMs
- **Change default algorithm to ED25519**
- **Default to ubuntu2404**

1.3.2 (2024-09-02)

  • PR #11 - Multi-repo update: Ensure terraform uses azurerm 4.0 provider
Preparation for 4.0 upgrade

1.3.1 (2024-08-29)

  • PR #10 - fixes hotpatching_enabled being set to true
fixes hotpatching_enabled being set to true when custom image is supplied and there are no changes to windows_distribution_name

1.3.0 (2024-08-14)

  • PR #9 - Support settings for vtpm and secure boot
- **Add settings for vtpm and secure boot**
- **Secure boot for new vms, ignore for existing**
- **Default to hotpatch edition of win server**
- **Enable hotpatch if hotpatch sku is used**

1.2.1 (2024-07-26)

  • PR #8 - nic: fix deprecated attributes
Removes attributes which will be removed in azurerm 4.0 provider

1.2.0 (2024-05-15)

  • PR #7 - Remove dependency on azapi
- Removes depdency on azapi provider
- Supports hibernation_enabled feature
- Adds placeholder for ubuntu24_04 image

1.1.0 (2024-02-15)

  • PR #6 - Support mdmid and azapi_vm
- AutoEnrolls Entra joined win10 and win11 devices to Intune
- Supports azapi_vm in case preview functionality is needed for testing

1.0.3 (2024-02-03)

  • PR #4 - avd: make aadJoin optional
Makes aadJoin attribute optional in order to support domain joined vs

1.0.2 (2024-01-30)

  • PR #3 - adds principle type to role assignment
- adds `principal_type` to `azurerm_role_assignment.role`

1.0.1 (2023-12-05)

  • PR #2 - Attempt fixing random_passwd logic
Logic is currently invalid, attempting a fix

1.0.0 (2023-11-30)

  • PR #1 - Add outline for v1 module
Create v1 tag for existing VM module
⚠️ **GitHub.com Fallback** ⚠️