Loading source
Pulling the file list, source metadata, and syntax-aware rendering for this listing.
Source from repo
Get Azure VM and VM Scale Set recommendations based on workload, performance, and budget needs.
Files
Skill
Size
Entrypoint
Format
Open file
Syntax-highlighted preview of this file as included in the skill package.
workflows/vm-creator/examples/terraform/README.md
1# {vm-name} — Terraform2Deploys a Linux VM (RG, VNet, subnet, NSG with SSH allow, public IP, NIC).4## Prerequisites6- `terraform >= 1.5`7- `az login`8- Exported `AZ_SUB=<subscription-id>` env var9- SSH public key at `~/.ssh/id_rsa.pub`10## Quickstart12```bash14MY_IP=$(curl -s ifconfig.me)/32 # your current public IP, locked to /3215terraform init16terraform plan -var "vm_name=dev-vm" -var "admin_public_key=$(cat ~/.ssh/id_rsa.pub)" -var "subscription_id=$AZ_SUB" -var "resource_group_name=dev-vm-rg" -var "ssh_source_address_prefix=$MY_IP"17terraform apply -var "vm_name=dev-vm" -var "admin_public_key=$(cat ~/.ssh/id_rsa.pub)" -var "subscription_id=$AZ_SUB" -var "resource_group_name=dev-vm-rg" -var "ssh_source_address_prefix=$MY_IP"18```19## Variables (see `variables.tf`)21| Variable | Type | Default | Notes |23|---|---|---|---|24| `subscription_id` * | string | — | Azure subscription |25| `resource_group_name` * | string | — | RG will be created |26| `vm_name` * | string | — | VM resource name |27| `admin_public_key` * | string (sensitive) | — | Contents of `id_rsa.pub` |28| `ssh_source_address_prefix` * | string | — | Your public IP as `<ip>/32` or a trusted CIDR. `"*"` opens port 22 to the internet — only pass it if you have accepted that risk. |29| `location` | string | `eastus` | Azure region |30| `size` | string | `Standard_D2s_v5` | Verify with `compute_vm_list-skus` |31| `admin_username` | string | `azureuser` | |32| `zone` | string | `""` | `1`/`2`/`3`, or empty for regional |33| `os_disk_type` | string | `Premium_LRS` | |34| `os_disk_size_gb` | number | `30` | |35| `tags` | map(string) | `{}` | |36`*` = required (no default).38## Outputs (see `outputs.tf`)40- `vm_id` — full ARM resource ID41- `public_ip` — connect with `ssh {admin_username}@{public_ip}`42## VMSS variant44Replace `azurerm_linux_virtual_machine` with `azurerm_linux_virtual_machine_scale_set`; add `instances`, `upgrade_mode = "Manual" | "Automatic" | "Rolling"`. Inline NIC inside the scale set via `network_interface { ip_configuration { ... } }`.45## Notes47`ssh_source_address_prefix` is required because an open SSH port is a credential-stuffing target within minutes of going public. Always pass `<your-ip>/32` (or a trusted CIDR) — even for dev. For production, also add managed identity, diagnostics, and backup.48## Cleanup50```bash51terraform destroy -var "vm_name=dev-vm" -var "admin_public_key=$(cat ~/.ssh/id_rsa.pub)" -var "subscription_id=$AZ_SUB" -var "resource_group_name=dev-vm-rg" -var "ssh_source_address_prefix=$MY_IP" -auto-approve52```53