How to create a machine configuration assignment using Terraform
You can use Terraform to deploy machine configuration assignments.
Important
The Terraform provider azurerm_policy_virtual_machine_configuration_assignment hasn't been updated to support the assignmentType property so only configurations that perform audits are supported.
Assign a custom configuration
The following example assigns a custom configuration.
Replace the following "<>" fields with values specific to your environment:
<configuration_name>: Specify the name of the configuration to apply.<Url_to_Package.zip>: Specify an HTTPS link to the.zipfile for your custom content package.<SHA256_hash_of_package.zip>: Specify the SHA256 hash of the.zipfile for your custom content package.
resource "azurerm_virtual_machine_configuration_policy_assignment" "<configuration_name>" {
name = "<configuration_name>"
location = azurerm_windows_virtual_machine.example.location
virtual_machine_id = azurerm_windows_virtual_machine.example.id
configuration {
name = "<configuration_name>"
contentUri = '<Url_to_Package.zip>'
contentHash = '<SHA256_hash_of_package.zip>'
version = "1.*"
assignmentType = "ApplyAndMonitor
}
}
Assign a built-in configuration
The following example assigns the AzureWindowBaseline built-in configuration.
resource "azurerm_virtual_machine_configuration_policy_assignment" "AzureWindowsBaseline" {
name = "AzureWindowsBaseline"
location = azurerm_windows_virtual_machine.example.location
virtual_machine_id = azurerm_windows_virtual_machine.example.id
configuration {
name = "AzureWindowsBaseline"
version = "1.*"
parameter {
name = "Minimum Password Length;ExpectedValue"
value = "16"
}
parameter {
name = "Minimum Password Length;RemediateValue"
value = "16"
}
parameter {
name = "Minimum Password Age;ExpectedValue"
value = "75"
}
parameter {
name = "Minimum Password Age;RemediateValue"
value = "75"
}
}
}