Assigning Maintenance configuration to multiple existing virtual machines

I have below terraform code which creates maintenance configuration it is only for one virtual machine. you can see in the below code.

provider "azurerm" {
  features {}
}
terraform {
  required_providers {
    azapi = {
      source  = "Azure/azapi"
      version = "=0.4.0"
    }
  }
}

resource "azurerm_resource_group" "example" {
  name     = "example-resources"
  location = "West Europe"
}

# resource "azurerm_maintenance_configuration" "example" {
#   name                = "example-mc"
#   resource_group_name = azurerm_resource_group.example.name
#   location            = azurerm_resource_group.example.location
#   scope               = "InGuestPatch"

#   tags = {
#     Env = "prod"
#   }

  
# }

resource "azapi_resource" "vm_maintenance" {
  type      = "Microsoft.Maintenance/maintenanceConfigurations@2021-09-01-preview"
  name      = "vm-mc"
  parent_id = "/subscriptions/XXXX/resourceGroups/example-resources"
  location  = azurerm_resource_group.example.location

  body = jsonencode({
    properties = {
      visibility          = "Custom"
      namespace           = "Microsoft.Maintenance"
      maintenanceScope    = "InGuestPatch"
      extensionProperties = {
        "InGuestPatchMode" = "User"
      }
      maintenanceWindow = {
        startDateTime      = formatdate("YYYY-MM-DD 17:30", timestamp())
        expirationDateTime = null
        duration           = "PT3H30M"
        timeZone           = "Eastern Standard Time"
        recurEvery         = "120Hour"
      }
      installPatches = {
        linuxParameters = {
          classificationsToInclude  = ["Critical", "Security", "Other"]
          packageNameMasksToExclude = null
          packageNameMasksToInclude = null
        }
        windowsParameters = {
          classificationsToInclude = ["Critical", "Security" , "UpdateRollup", "FeaturePack" , "ServicePack", "Definition" ,"Tools", "Updates"  ]
          kbNumbersToExclude       = null
          kbNumbersToInclude       = null 
        }
        rebootSetting = "RebootIfRequired"
      }
    }
  })


}

resource "azapi_resource" "vm_maintenance_assignment" {
  type      = "Microsoft.Maintenance/configurationAssignments@2021-09-01-preview"
  name      = "vm--mca"
  parent_id = "/subscriptions/XXX/resourceGroups/example-resources/providers/Microsoft.Compute/virtualMachines/test1"
  location  = "East US 2"

  body = jsonencode({
    properties = {
      maintenanceConfigurationId = azapi_resource.vm_maintenance.id
    }
  })
}ype or paste code here

how do I assign it to multiple existing virtual machines? Please suggest fix

You should be able to use a for_each meta argument to achieve this, based upon a map or list of VMs being passed in via a variable (or obtained otherwise):

The below is a very simplistic approach, just interpolating the vm name into the resource id string that is required for the parent_id field.
Ideally you would probably get the resource ID for the VM from the VM resource iteslf (if in the same module) or via a data resource as it is unlikely all the VMs are in the same resource group/subscription etc.

I have used a local to provide the list of names in this instance.

locals {
  vm_list ["vm1", "vm2", "vm3"]
}


resource "azapi_resource" "vm_maintenance_assignment" {
  for_each = toset(local.vm_list)
  type      = "Microsoft.Maintenance/configurationAssignments@2021-09-01-preview"
  name      = "vm--mca"
  parent_id = "/subscriptions/XXX/resourceGroups/example-resources/providers/Microsoft.Compute/virtualMachines/${each.value}"
  location  = "East US 2"

  body = jsonencode({
    properties = {
      maintenanceConfigurationId = azapi_resource.vm_maintenance.id
    }
  })
}

Hope that helps

Happy Terraforming

HI ExtelligencelT,

Thank you,

I will check.

just quick question, if i want to use azurerm_mainteanceconfiguraiton with out using azure api, is it possible to do that way?

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.