Terraform Azure Update Manager Maintenance Configuration Dynamic Scope assignment to all subscriptions
This gist used the terraform azapi provider to directly interact with the ARM API, because the azurerm provider currently doesn't support this resource nativly.
You have to prepare the Azure VM first for Customer Managed Schedules Patch orchestration.
resource "azurerm_maintenance_configuration" "example" {
name = "example-mc"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
scope = "InGuestPatch"
window {
start_date_time = "2023-10-01 00:00"
duration = "02:00"
time_zone = "GTB Standard Time"
recur_every = "1Week Saturday"
}
install_patches {
reboot = "IfRequired"
linux {
classifications_to_include = ["Critical", "Security"]
}
windows {
classifications_to_include = ["Critical", "Security"]
}
}
in_guest_user_patch_mode = "User"
}
data "azurerm_subscriptions" "available" {} # Get all subscriptions
resource "azapi_resource" "dynamic_scope" {
for_each = { for sub in data.azurerm_subscriptions.available.subscriptions : sub.subscription_id => sub if sub.subscription_id == "cf288725-a1b6-48ce-9b2c-0506b1c5fa6d" }
type = "Microsoft.Maintenance/configurationAssignments@2023-04-01"
name = each.value.subscription_id # Is a unique identifier per resource
location = "" # Resource doesn't support locations
parent_id = each.value.id # Resource ID of the scope
body = jsonencode({
properties = {
filter = {
locations = []
osTypes = [
"Windows", "Linux"
]
resourceGroups = []
resourceTypes = [
"microsoft.Compute/VirtualMachines", # Azure VM
"microsoft.HybridCompute/machines", # Azure Arc
]
tagSettings = {
filterOperator = "All"
tags = {}
}
}
maintenanceConfigurationId = azurerm_maintenance_configuration.example.id
}
})
}References: