Open
Description
Check for previous/existing GitHub issues
- I have checked for previous/existing GitHub issues
Issue Type?
Bug
(Optional) Module Version
No response
(Optional) Correlation Id
No response
Description
The Azure Landing Zone reference architecture uses Azure Policy to deploy the Azure Monitor Agent, along with assigning the managed identity to the VM. This conflicts with this module which then tries to remove the managed identity on subsequent deployments.
~ resource "azurerm_linux_virtual_machine" "this" {
id = "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/rg-test/providers/Microsoft.Compute/virtualMachines/vm-test"
name = "vm-test"
tags = {}
# (39 unchanged attributes hidden)
- identity {
- identity_ids = [
- "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/rg-log/providers/Microsoft.ManagedIdentity/userAssignedIdentities/uai-log",
] -> null
- principal_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -> null
- tenant_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -> null
- type = "SystemAssigned, UserAssigned" -> null
}
# (5 unchanged blocks hidden)
}ignore_changes should include the identity attribute to avoid this.
https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Policies
https://github.com/Azure/terraform-azurerm-avm-ptn-alz
https://learn.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-policy
https://www.azadvertizer.net/azpolicyinitiativesadvertizer/924bfe3a-762f-40e7-86dd-5c8b95eb09e6.html
Activity