Terraform script to enable Azure AD login feature for Virtual machines

Atanu Gupta 141 Reputation points
2022-09-14T08:26:24.073+00:00

Hello,

Just wanted to know if there is any terraform script to enable Azure AD login for VMs. From the portal I can do it by the following way but not sure how to enable it via terraform script

240880-pic4.png

Checked this doc also but nothing as such mentioned regarding this

https://learn.microsoft.com/en-us/azure/virtual-machines/linux/quick-create-terraform

Thanks in anticipation.

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,901 questions
0 comments No comments
{count} vote

Accepted answer
  1. Stanislav Zhelyazkov 24,216 Reputation points MVP
    2022-09-14T09:15:34.667+00:00

    Hi,
    AAD login is enabled via VM extension. You can find the details about the extension via the following CLI command. The name for the Windows extension is AADLoginForWindows and for Linux it is AADLoginForLinux. Deploying extension via terraform is here.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    2 people found this answer helpful.
    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Masi Malmi 46 Reputation points
    2022-12-16T17:29:30.617+00:00

    You need to also enable the Managed Identity (SystemAssigned) from IaC. That extension alone doesn't fully enable AAD login on the Azure VM, the MI is also required.

    2 people found this answer helpful.
    0 comments No comments

  2. Cedric Ahlers 55 Reputation points
    2023-05-30T17:15:22.4633333+00:00

    If someone is looking for the actual code example - here it is.

    Prerequirements:

    • enable a system assigned managed identity on the VM first
    resource "azurerm_virtual_machine_extension" "aad_login" {
      name                 = "AADLogin"
      virtual_machine_id   = "/subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP_NAME>/providers/Microsoft.Compute/virtualMachines/<VIRTUAL_MACHINE_NAME>" # Resource ID of your VM
      publisher            = "Microsoft.Azure.ActiveDirectory"
      type                 = "AADSSHLoginForLinux" # For Windows VMs: AADLoginForWindows
      type_handler_version = "1.0" # There may be a more recent version
    }
    

    After enabling the system assigned managed identity and deploying the VM extension you have to configure Azure RBAC to allow VM access. Assign ether Virtual Machine Administrator Login or Virtual Machine User Login to the VM resource.

    You can now use az ssh vm to login to the VM. Please note you have to set the proper subscription first.

    Here is an example how to login via SSH to a Linux VM:

    $ az login --tenant <TENANT_ID>
    $ az account set --name <SUBSCRIPTION_NAME>
    $ az ssh vm -g <RESOURCE_GROUP_NAME> -n <VIRTUAL_MACHINE_NAME>
    
    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.