Skip to content
/ terraform-azurerm-update-management Public
generated from qbeyond/terraform-module-template

Based on the defined severity groups this module deploys the update management configuration

License

MIT license
1 star 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

qbeyond/terraform-azurerm-update-management

BranchesTags

Repository files navigation

Module

GitHub tag License

Description

This Module creates an azure runbook that automatically creates and updates update deployment groups in azure automation. The created deployment groups include every virtual machine under the management group "alz" that has the severity group monthly tag with the correct syntax. The runbook runs every 12 hours starting 7am UTC+2 the next day.

Requirements

  • Powershell module az.resourcegraph in version 0.13.0 installed in the automation account
  • Powershell module az.accounts in version 2.12.1 installed in automation account. Higher versions are not supported by az.resourcegraph
  • System Managed Identity of the automation account with following permissions:
    • Reader on the scope of the specified management group (default alz)
    • Virtual machine contributor on the scope of the specified management group (default alz)
    • Automation contributor on the specified automation account

Usage

It's very easy to use!

provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "example" {
  name     = "example-resources"
  location = "West Europe"
}

resource "azurerm_automation_account" "example" {
  name                = "example-account"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  sku_name            = "Basic"
}

resource "azurerm_automation_module" "az_accounts" {
  name                    = "Az.Accounts"
  resource_group_name     = azurerm_resource_group.example.name
  automation_account_name = azurerm_automation_account.example.name

  module_link {
    uri = "https://devopsgallerystorage.blob.core.windows.net:443/packages/az.accounts.2.12.1.nupkg"
  }
}

resource "azurerm_automation_module" "az_resourcegraph" {
  name                    = "Az.Resourcegraph"
  resource_group_name     = azurerm_resource_group.example.name
  automation_account_name = azurerm_automation_account.example.name
  module_link {
    uri = "https://devopsgallerystorage.blob.core.windows.net:443/packages/az.resourcegraph.0.13.0.nupkg"
  }
  depends_on = [azurerm_automation_module.az_accounts]
}

module "update_management" {
  source                     = "../.."
  automation_account         = azurerm_automation_account.example
  management_subscription_id = "abcdef01-2345-6789-0abc-def012345678"
  management_group_id        = "sandbox"
  az_resourcegraph_module    = azurerm_automation_module.az_resourcegraph
}

Requirements

Name Version
azurerm >= 3.7.0

Inputs

Name Description Type Default Required
automation_account Automation account where the update management will be deployed. 
object({
    name                = string
    id                  = string
    resource_group_name = string
    location            = string
  })
 n/a yes
az_resourcegraph_module Required module Az.resourcegraph that is needed to run queries in the runbook. 
object({
    name = string
    module_link = list(object({
      uri = string
    }))
  })
 n/a yes
management_subscription_id Id of the management subscription. string n/a yes
management_group_id ID of the management group that scopes the update management. string "alz" no

Outputs

No outputs.

  ## Resource types

  | Type | Used |
  |------|-------|
    | [azurerm_automation_job_schedule](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/automation_job_schedule) | 1 |
    | [azurerm_automation_runbook](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/automation_runbook) | 1 |
    | [azurerm_automation_schedule](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/automation_schedule) | 1 |
    | [time_static](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/static) | 1 |

  **`Used` only includes resource blocks.** `for_each` and `count` meta arguments, as well as resource blocks of modules are not considered.

Modules

No modules.

    ## Resources by Files

        ### main.tf

        | Name | Type |
        |------|------|
              | [azurerm_automation_job_schedule.set_deployment_schedules](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/automation_job_schedule) | resource |
              | [azurerm_automation_runbook.set_deployment_schedules](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/automation_runbook) | resource |
              | [azurerm_automation_schedule.every_12h_starting_7am](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/automation_schedule) | resource |
              | [time_static.schedule_start_tomorrow_7am](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/static) | resource |

Contribute

About

Based on the defined severity groups this module deploys the update management configuration

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

2 forks
Report repository

Releases 6

Fixed issue that all schedules were created with a start date after the planned date Latest
May 14, 2024
+ 5 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages