Best practices Blueprint for Azure Virtual Machine

Create a template that deploys...

Azure Virtual Machine

This blueprint creates an Azure Virtual Machine with best practices such as disabling password authentication by default to enhance security and encouraging the use of SSH keys for authentication. It uses managed disks and defaults to the latest Ubuntu LTS image. Variables are organized into intuitive groups to assist users who may not be cloud infrastructure experts. The blueprint also promotes the use of tags for better resource identification and management.

Template code

Automatically generated UI


---
constants:
  __name: "{{ name }}_{{ __guid }}"
variables:
  name:
    desc: "Name of the virtual machine."
    required: true
    group: Virtual Machine Details
  resource_group_name:
    desc: "Name of the resource group."
    required: true
    group: Virtual Machine Details
    links_to: resource.azurerm_resource_group.name
  location:
    desc: "Azure region where the virtual machine will be created."
    required: true
    group: Virtual Machine Details
    default: "eastus"
  vm_size:
    desc: "Size of the virtual machine."
    required: true
    group: Virtual Machine Details
    default: "Standard_DS1_v2"
  network_interface_ids:
    desc: "List of network interface IDs."
    required: true
    group: Network Interfaces
    links_to: resource.azurerm_network_interface.id
  os_disk_name:
    desc: "Name of the OS disk."
    required: true
    group: OS Disk
    default: "{{ name }}_osdisk"
  os_disk_caching:
    desc: "Caching type for the OS disk."
    required: false
    group: OS Disk
    default: "ReadWrite"
  os_disk_create_option:
    desc: "The create option for the OS disk."
    required: false
    group: OS Disk
    default: "FromImage"
  storage_os_disk_managed_disk_type:
    desc: "Type of managed disk for the OS disk."
    required: false
    group: OS Disk
    default: "Standard_LRS"
  image_publisher:
    desc: "Publisher of the image."
    required: true
    group: OS Profile
    default: "Canonical"
  image_offer:
    desc: "Offer of the image."
    required: true
    group: OS Profile
    default: "UbuntuServer"
  image_sku:
    desc: "SKU of the image."
    required: true
    group: OS Profile
    default: "18.04-LTS"
  image_version:
    desc: "Version of the image."
    required: true
    group: OS Profile
    default: "latest"
  admin_username:
    desc: "Admin username for the VM."
    required: true
    group: OS Profile
    default: "azureuser"
  admin_password:
    desc: "Admin password for the VM."
    required: false
    group: OS Profile
  disable_password_authentication:
    desc: "Disable password authentication."
    required: false
    group: OS Profile
    default: true
  ssh_keys:
    group: SSH Keys
    required: false
  custom_data:
    desc: "Custom data to be supplied to the machine."
    required: false
    group: Advanced
    advanced: true
  tags:
    group: Tags
    required: false
groups:
  Virtual Machine Details:
    order: 1
    desc: "Basic settings for the virtual machine."
  Network Interfaces:
    order: 2
    desc: "Network interface settings."
  OS Disk:
    order: 3
    desc: "OS disk configuration."
  OS Profile:
    order: 4
    desc: "Operating system settings."
  SSH Keys:
    order: 5
    desc: "SSH public keys for authentication."
  Advanced:
    order: 6
    desc: "Advanced settings for the virtual machine."
  Tags:
    order: 7
    desc: "Tags to assign to the virtual machine."
---

resource "azurerm_virtual_machine" "__name" {
  name                  = {{ name }}
  location              = {{ location }}
  resource_group_name   = {{ resource_group_name }}
  network_interface_ids = [
    {{# network_interface_ids }}
      {{ network_interface_ids }},
    {{/ network_interface_ids }}
  ]
  vm_size               = {{ vm_size }}

  storage_os_disk {
    name              = {{ os_disk_name }}
    caching           = {{ os_disk_caching }}
    create_option     = {{ os_disk_create_option }}
    managed_disk_type = {{ storage_os_disk_managed_disk_type }}
  }

  storage_image_reference {
    publisher = {{ image_publisher }}
    offer     = {{ image_offer }}
    sku       = {{ image_sku }}
    version   = {{ image_version }}
  }

  os_profile {
    computer_name  = {{ name }}
    admin_username = {{ admin_username }}
    admin_password = {{ admin_password | required: false }}
    custom_data    = {{ custom_data | required: false | advanced: true }}
  }

  os_profile_linux_config {
    disable_password_authentication = {{ disable_password_authentication }}

    {{# ssh_keys }}
    ssh_keys {
      path     = {{ ssh_keys.path | required: true | default: "/home/{{ admin_username }}/.ssh/authorized_keys" }}
      key_data = {{ ssh_keys.key_data | required: true }}
    }
    {{/ ssh_keys }}
  }

  tags = {
    Name = {{ name }}
    {{# tags }}
      {{ tags.key | required: false }} = {{ tags.value | required: false }}
    {{/ tags }}
  }
}

# Ensure that password authentication is disabled by default for enhanced security.
# Encourage the use of SSH keys for authentication.
# Use managed disks and the latest Ubuntu LTS image by default.
# Tags are included for better resource management and identification.
//

Azure Virtual Machine

Template code

Automatically generated UI

Talk to a Human