azurerm_virtual_machine_run_command

Manages a Virtual Machine Run Command.

Example Usage

resource "azurerm_resource_group" "example" {
  name     = "example-resources"
  location = "West Europe"
}

resource "azurerm_virtual_network" "example" {
  name                = "example-vnet"
  address_space       = ["10.0.0.0/16"]
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
}

resource "azurerm_subnet" "example" {
  name                 = "internal"
  resource_group_name  = azurerm_resource_group.example.name
  virtual_network_name = azurerm_virtual_network.example.name
  address_prefixes     = ["10.0.2.0/24"]
}

resource "azurerm_network_interface" "example" {
  name                = "example-nic"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name

  ip_configuration {
    name                          = "internal"
    subnet_id                     = azurerm_subnet.example.id
    private_ip_address_allocation = "Dynamic"
  }
}

resource "azurerm_user_assigned_identity" "example" {
  name                = "example-uai"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
}

resource "azurerm_linux_virtual_machine" "example" {
  name                            = "example-VM"
  resource_group_name             = azurerm_resource_group.example.name
  location                        = azurerm_resource_group.example.location
  size                            = "Standard_B2s"
  admin_username                  = "adminuser"
  admin_password                  = "P@$$w0rd1234!"
  disable_password_authentication = false
  network_interface_ids = [
    azurerm_network_interface.example.id,
  ]

  os_disk {
    caching              = "ReadWrite"
    storage_account_type = "Premium_LRS"
  }

  source_image_reference {
    publisher = "Canonical"
    offer     = "0001-com-ubuntu-server-jammy"
    sku       = "22_04-lts"
    version   = "latest"
  }

  identity {
    type         = "SystemAssigned, UserAssigned"
    identity_ids = [azurerm_user_assigned_identity.example.id]
  }
}

resource "azurerm_role_assignment" "example" {
  scope                = azurerm_storage_account.example.id
  role_definition_name = "Storage Blob Data Contributor"
  principal_id         = azurerm_user_assigned_identity.example.principal_id
}

resource "azurerm_storage_account" "example" {
  name                     = "exampleaccount"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "LRS"
}

resource "azurerm_storage_container" "example" {
  name                  = "example-sc"
  storage_account_name  = azurerm_storage_account.example.name
  container_access_type = "blob"
}

resource "azurerm_storage_blob" "example1" {
  name                   = "script1"
  storage_account_name   = azurerm_storage_account.example.name
  storage_container_name = azurerm_storage_container.example.name
  type                   = "Block"
  source_content         = "echo 'hello world'"
}

resource "azurerm_storage_blob" "example2" {
  name                   = "output"
  storage_account_name   = azurerm_storage_account.example.name
  storage_container_name = azurerm_storage_container.example.name
  type                   = "Append"
}

resource "azurerm_storage_blob" "example3" {
  name                   = "error"
  storage_account_name   = azurerm_storage_account.example.name
  storage_container_name = azurerm_storage_container.example.name
  type                   = "Append"
}

data "azurerm_storage_account_sas" "example" {
  connection_string = azurerm_storage_account.example.primary_connection_string
  https_only        = true
  signed_version    = "2019-10-10"
  start             = "2023-04-01T00:00:00Z"
  expiry            = "2024-04-01T00:00:00Z"

  resource_types {
    service   = false
    container = false
    object    = true
  }

  services {
    blob  = true
    queue = false
    table = false
    file  = false
  }

  permissions {
    read    = true
    write   = true
    delete  = false
    list    = false
    add     = true
    create  = true
    update  = false
    process = false
    tag     = false
    filter  = false
  }
}

# basic example
resource "azurerm_virtual_machine_run_command" "example" {
  name               = "example-vmrc"
  location           = azurerm_resource_group.example.location
  virtual_machine_id = azurerm_linux_virtual_machine.example.id
  source {
    script = "echo 'hello world'"
  }
}

# authorize to storage blob using user assigned identity
resource "azurerm_virtual_machine_run_command" "example2" {
  location           = azurerm_resource_group.example.location
  name               = "example2-vmrc"
  virtual_machine_id = azurerm_linux_virtual_machine.example.id
  output_blob_uri    = azurerm_storage_blob.example2.id
  error_blob_uri     = azurerm_storage_blob.example3.id
  run_as_password    = "P@$$w0rd1234!"
  run_as_user        = "adminuser"

  source {
    script_uri = azurerm_storage_blob.example1.id
    script_uri_managed_identity {
      client_id = azurerm_user_assigned_identity.example.client_id
    }
  }

  error_blob_managed_identity {
    client_id = azurerm_user_assigned_identity.example.client_id
  }

  output_blob_managed_identity {
    client_id = azurerm_user_assigned_identity.example.client_id
  }

  parameter {
    name  = "examplev1"
    value = "val1"
  }

  protected_parameter {
    name  = "examplev2"
    value = "val2"
  }

  tags = {
    environment = "terraform-examples"
    some_key    = "some-value"
  }

  depends_on = [
    azurerm_role_assignment.example,
  ]
}

# authorize to storage blob using SAS token
resource "azurerm_virtual_machine_run_command" "example3" {
  location           = azurerm_resource_group.example.location
  name               = "example3-vmrc"
  virtual_machine_id = azurerm_linux_virtual_machine.example.id
  run_as_password    = "P@$$w0rd1234!"
  run_as_user        = "adminuser"
  error_blob_uri     = "${azurerm_storage_blob.example3.id}${data.azurerm_storage_account_sas.example.sas}"
  output_blob_uri    = "${azurerm_storage_blob.example2.id}${data.azurerm_storage_account_sas.example.sas}"

  source {
    script_uri = "${azurerm_storage_blob.example1.id}${data.azurerm_storage_account_sas.example.sas}"
  }

  parameter {
    name  = "example-vm1"
    value = "val1"
  }

  tags = {
    environment = "terraform-example-s"
    some_key    = "some-value"
  }
}

Arguments Reference

The following arguments are supported:


An error_blob_managed_identity block supports the following arguments:


An output_blob_managed_identity block supports the following arguments:


A parameter block supports the following arguments:


A protected_parameter block supports the following arguments:


A script_uri_managed_identity block supports the following arguments:


A source block supports the following arguments:

Attributes Reference

In addition to the Arguments listed above - the following Attributes are exported:

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

Import

An existing Virtual Machine Run Command can be imported into Terraform using the resource id, e.g.

terraform import azurerm_virtual_machine_run_command.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Compute/virtualMachines/vm1/runCommands/rc1