VM Without Azure VM Agent Installed
Description
Azure VM Agent is a lightweight process that manages and orchestrates various tasks on Azure VMs such as providing the interface to run extensions, enabling Azure Monitor and more. Ensuring VM Agent is installed helps leverage features like automated backups, patch management, and monitoring, which enhance the security and manageability of VMs.
This policy checks to ensure that the Azure VM Agent is installed on both Windows and Linux virtual machines as well as virtual machine scale sets.
Code Example
terraform
resource "azurerm_windows_virtual_machine" "example" {
name = "example-win-vm"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
# ... other configurations ...
+ provision_vm_agent = true
}
resource "azurerm_linux_virtual_machine" "example" {
name = "example-linux-vm"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
# ... other configurations ...
+ provision_vm_agent = true
}
# Similar configurations should be applied for "azurerm_windows_virtual_machine_scale_set" and "azurerm_linux_virtual_machine_scale_set"Remediation
Terraform
Resources:
- azurerm_windows_virtual_machine
- azurerm_windows_virtual_machine_scale_set
- azurerm_linux_virtual_machine_scale_set
- azurerm_linux_virtual_machine
Argument:
- provision_vm_agent
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0686 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, |
| Checkov ID | CKV_AZURE_179 |