'How to create schedule for the Update Manatement in Azure Automatiuon usin terraform
I'm trying to automate the update manager in Azure Automation using Terraform, but I can't find the information regarding the following 2 points:
- Schedule created for the updates doesn't work. I assume the problem is that the runbook is missing that defines which machines need to be updated and etc.
- Can't find information on how to automatically enable this update management for all machines in a specific resource group.
Here is the terraform code that I've done.
#Creates automation account
resource "azurerm_automation_account" "aa" {
name = local.autoac
location = local.region
resource_group_name = local.rg
sku_name = "Basic"
tags = {
environment = "test"
}
}
#Creates the schedule for updates
resource "azurerm_automation_schedule" "std-update" {
name = "Weekly-Sunday-6am"
resource_group_name = local.rg
automation_account_name = azurerm_automation_account.aa.name
frequency = "Week"
interval = 1
timezone = "Europe/Berlin"
start_time = "2021-04-28T18:00:15+02:00"
description = "Standard schedule for updates"
week_days = ["Sunday"]
}
#Creates log analitycs workspace
resource "azurerm_log_analytics_workspace" "law" {
name = local.lawname
location = local.region
resource_group_name = local.rg
sku = "PerGB2018"
retention_in_days = 30
tags = {
environment = "test"
}
}
# Link automation account to a Log Analytics Workspace.
resource "azurerm_log_analytics_linked_service" "autoacc_linked_log_workspace" {
resource_group_name = local.rg
workspace_id = azurerm_log_analytics_workspace.law.id
read_access_id = azurerm_automation_account.aa.id
}
# Add Updates workspace solution to log analytics
resource "azurerm_log_analytics_solution" "law_solution_updates" {
resource_group_name = local.rg
location = local.region
solution_name = "Updates"
workspace_resource_id = azurerm_log_analytics_workspace.law.id
workspace_name = azurerm_log_analytics_workspace.law.name
plan {
publisher = "Microsoft"
product = "OMSGallery/Updates"
}
}
Update regarding the question. I figured out that option to create an update schedule in update managements is not available yet in the Terraform. That's why we need to do this only from the way of the ARM template created in the terraform config. With the help from the previous comment, I was able to create the following schedule:
#Creates schedule for windows VM to update Monthly on 3rd Sunday
resource "azurerm_template_deployment" "windows-prod-3rd-Sunday" {
name = "windows-prod-3rd-Sunday"
resource_group_name = local.rg
template_body = <<DEPLOY
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"apiVersion": "2017-05-15-preview",
"type": "Microsoft.Automation/automationAccounts/softwareUpdateConfigurations",
"name": "${azurerm_automation_account.aa.name}/windows-prod-3rd-Sunday",
"properties": {
"updateConfiguration": {
"operatingSystem": "Windows",
"duration": "PT${local.update_max_hours}H",
"windows": {
"excludedKbNumbers": [
],
"includedUpdateClassifications": "${local.update_classifications}",
"rebootSetting": "${local.update_reboot_settings}"
},
"targets": {
"azureQueries": [
{
"scope": [
"/subscriptions/${local.subscriptionid}/resourceGroups/${local.rg}",
"/subscriptions/${local.subscriptionid}/resourceGroups/${local.rg}",
"/subscriptions/${local.subscriptionid}/resourceGroups/${local.rg}"
],
"tagSettings": {
"tags": {
"environment": [
"Prod"
],
"updatedate": [
"3rd_Sunday"
]
},
"filterOperator": "All"
},
"locations": [
"West Europe"
]
}
]
}
},
"scheduleInfo": {
"frequency": "Month",
"startTime": "${local.update_date}T${local.update_time}:00+00:00",
"timeZone": "${local.update_timezone}",
"interval": 1,
"advancedSchedule": {
"monthlyOccurrences": [
{
"occurrence": "${local.sunday_3}",
"day": "${local.update_day}"
}
]
}
}
}
}
]
}
DEPLOY
deployment_mode = "Incremental"
}
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|