Loading source
Pulling the file list, source metadata, and syntax-aware rendering for this listing.
Source from repo
Select, configure, and scale Azure compute resources—VMs, App Service, AKS, and Container Apps
Files
Skill
Size
Entrypoint
Format
Open file
Syntax-highlighted preview of this file as included in the skill package.
workflows/vm-creator/examples/terraform/README.md
1# {vm-name} — Terraform2Deploys a Linux VM (RG, VNet, subnet, NSG with SSH allow, public IP, NIC).4## Prerequisites6- `terraform >= 1.5`7- `az login`8- Exported `AZ_SUB=<subscription-id>` env var9- SSH public key at `~/.ssh/id_rsa.pub`10## Quickstart12```bash14MY_IP=$(curl -s ifconfig.me)/32 # your current public IP, locked to /3215terraform init16terraform plan -var "vm_name=dev-vm" -var "admin_public_key=$(cat ~/.ssh/id_rsa.pub)" -var "subscription_id=$AZ_SUB" -var "resource_group_name=dev-vm-rg" -var "ssh_source_address_prefix=$MY_IP"17terraform apply -var "vm_name=dev-vm" -var "admin_public_key=$(cat ~/.ssh/id_rsa.pub)" -var "subscription_id=$AZ_SUB" -var "resource_group_name=dev-vm-rg" -var "ssh_source_address_prefix=$MY_IP"18```19## Variables (see `variables.tf`)21| Variable | Type | Default | Notes |23|---|---|---|---|24| `subscription_id` * | string | — | Azure subscription |25| `resource_group_name` * | string | — | RG will be created |26| `vm_name` * | string | — | VM resource name |27| `admin_public_key` * | string (sensitive) | — | Contents of `id_rsa.pub` |28| `ssh_source_address_prefix` * | string | — | Your public IP as `<ip>/32` or a trusted CIDR. `"*"` opens port 22 to the internet — only pass it if you have accepted that risk. |29| `location` | string | `eastus` | Azure region |30| `size` | string | `Standard_D2s_v5` | Verify with `compute_vm_list-skus` |31| `admin_username` | string | `azureuser` | |32| `zone` | string | `""` | `1`/`2`/`3`, or empty for regional |33| `os_disk_type` | string | `Premium_LRS` | |34| `os_disk_size_gb` | number | `30` | |35| `tags` | map(string) | `{}` | |36`*` = required (no default).38## Outputs (see `outputs.tf`)40- `vm_id` — full ARM resource ID41- `public_ip` — connect with `ssh {admin_username}@{public_ip}`42## VMSS variant44Replace `azurerm_linux_virtual_machine` with `azurerm_linux_virtual_machine_scale_set`; add `instances`, `upgrade_mode = "Manual" | "Automatic" | "Rolling"`. Inline NIC inside the scale set via `network_interface { ip_configuration { ... } }`.45## Notes47`ssh_source_address_prefix` is required because an open SSH port is a credential-stuffing target within minutes of going public. Always pass `<your-ip>/32` (or a trusted CIDR) — even for dev. For production, also add managed identity, diagnostics, and backup.48## Cleanup50```bash51terraform destroy -var "vm_name=dev-vm" -var "admin_public_key=$(cat ~/.ssh/id_rsa.pub)" -var "subscription_id=$AZ_SUB" -var "resource_group_name=dev-vm-rg" -var "ssh_source_address_prefix=$MY_IP" -auto-approve52```53