Description
SUMMARY
Currently, the azure_rm_virtualmachinescaleset Ansible module does not support attaching Application Security Groups (ASGs) to VMSS instances at all. The module lacks the application_security_groups parameter entirely, which prevents us from associating ASGs with VMSS instances during creation, updates, or at any other stage.
This feature would allow the integration of ASGs with VMSS instances, providing more flexibility in managing network security.
ISSUE TYPE
- Feature Idea
COMPONENT NAME
azure_rm_virtualmachinescalesetmodule
ADDITIONAL INFORMATION
The current limitation of the azure_rm_virtualmachinescaleset module is the complete absence of support for attaching Application Security Groups (ASGs) to VMSS instances. Without the application_security_groups parameter, we are unable to assign ASGs at any point during the lifecycle of a VMSS, whether during creation, updates, or afterward.
This lack of functionality creates significant challenges in managing network security for VMSS instances, as it forces us to rely on less flexible and more manual methods to achieve ASG integration.
Example use case:
- Without the feature: There is no way to attach ASGs to VMSS instances, whether during creation, update, or post-deployment.
- With the feature: The ability to specify and attach ASGs during VMSS creation or updates would allow better integration and more flexibility for network security management.
# Example to add ASG to VMSS (hypothetical, once feature is implemented)
- name: Attach ASG to VMSS
azure_rm_virtualmachinescaleset:
resource_group: "myResourceGroup"
name: "myVMSS"
application_security_groups:
- "/subscriptions/{subscription_id}/resourceGroups/{resource_group_name}/providers/Microsoft.Network/applicationSecurityGroups/{ASG_name}"