Forum Discussion
Virtual Machine Vulnerability Assessment (powered by Qualys) extension installation via Terraform
hi cityofships
I saw that the license code and customerid don't change for my Subscription VMs in the imported VM extension terraform state file but resourceid changes for each VMs. I should find source of resourceid, how is it generated, or got.
ssherifit's done inside the portal and can be triggered using REST API. Looks like normally these values are not returned anywhere to the user which makes sense, you can't start generating license keys for the VMs outside of Azure. Have a look here: https://techcommunity.microsoft.com/t5/azure-security-center/built-in-vulnerability-assessment-for-vms-in-azure-security/ba-p/1577947
So looks like the only escape here is local-exec provisioner. ARM template is an alternative.
Thanks for your comments.
For now, I used the following link for developing Azure Policy Terraform files. Az Policy continuously monitors the VMs and deploys agent into the machines.https://github.com/Azure/Azure-Security-Center/tree/master/Remediation%20scripts/Enable%20the%20built-in%20vulnerability%20assessment%20solution%20on%20virtual%20machines%20(powered%20by%20Qualys)/Azure%20Policy