How to Update OS Disk Tags in Azure Using Terraform

Mastering Azure OS Disk Tagging with Terraform: A Step-by-Step Guide

How to Update OS Disk Tags in Azure Using Terraform

Introduction

Tagging resources is crucial in Azure environments, helping to improve cost management, governance, and more. Managing these tags effectively can greatly simplify your operations.

Tagging is more than just labeling resources. It is key to managing resources, enabling IT teams to quickly find resources based on workloads, environments, and ownership groups. Good tagging practices also help in tracking and optimizing cloud expenses, enhancing operations management, security, governance, compliance, automation, and workload optimization through consistent and strategic tagging.

In this guide, we'll look at how to use Terraform to update OS (Operating System) disk tags in Azure. Let's get started!

Understanding Tags on Managed Disks

Managed disks in Azure, like many other resources, can be tagged for easier identification and management. Tags are essentially key-value pairs that allow you to assign metadata to resources. This metadata can be used for a variety of purposes, including:

  • Cost Management: By tagging resources, you can categorize costs for billing and allocate expenses to specific projects or departments.

  • Resource Organization: Tags help you organize resources for easy identification and retrieval.

  • Governance and Compliance: Tags can be used to enforce compliance policies or track security-related metadata.

  • Automation: Tags are often used in scripts and automation workflows to target specific resources.

Screenshot of a cloud service interface showing details of a virtual machine disk named "osdisk-it-dev-srv1". The interface displays various parameters such as disk size, type, creation date, and tags indicating the owner, environment, application, and department.

The screenshot above shows an example of a tagged managed disk in Azure. As you can see, the disk has tags indicating the owner, environment, application, and department, among others.

Problem of managing tags inside Terraform for OS Disks

When you deploy the OS disk for your Azure Virtual machine directly inside the corresponding resource with one of the following resources ('azurerm_windows_virtual_machine' or 'azurerm_linux_virtual_machine') you are unable to add tags to the OS disk itself at the time of writing this article (April 2024).

So how do we solve this issue?

We could use the Terraform AzAPI Provider to do a PATCH via the Azure Resource Manager API after the disk is created to add the tags.

As we could only do this after the VM and the disk is created we need a data resource and an AzAPI resource. In the example code below we are referencing on an already existing Windows Virtual Machine which I have created before.


  1. We are starting with three variables for the name of the OS disk, the resource group where the disk (and the virtual machine) is created and also have some tags which are used later.

     variable "vm_os_disk_name" {
       description = "Name of the virtual machine."
       type        = string
       default     = "os-disk1"
     }
     variable "resource_group_name" {
       description = "Resource group name."
       type        = string
       default     = "rg-test"
     }
     variable "tags" {
       description = "Tags to apply to all resources."
       type        = map(string)
       default = {
         environment = "dev"
         owner       = "Michael Obernberger"
       }
     }
    
  2. Use the azurerm_managed_disk data source to retrieve the OS disk's ID. This requires waiting for the virtual machine to be created before the disk's ID is available.

     data "azurerm_managed_disk" "vm_os_disk" {
       name                = var.vm_os_disk_name
       resource_group_name = var.resource_group_name
    
       depends_on = [azurerm_windows_virtual_machine.main]
     }
    

    The depends_onattribute ensures that the virtual machine is created before attempting to retrieve the OS disk's ID.

  3. Once the disk's ID is obtained, use the azapi_resource_action resource to perform the PATCH operation. The method "PATCH" is chosen to update the existing resource, and the tags are encoded as JSON inside the body.

     resource "azapi_resource_action" "os_disk_tags" {
       type        = "Microsoft.Compute/disks@2022-03-02"
       resource_id = data.azurerm_managed_disk.vm_os_disk.id
       method      = "PATCH"
       body = jsonencode({
         tags = var.tags
       })
     }
    

Conclusion

By leveraging Terraform and the Azure Resource Manager (ARM) API, you can overcome the limitation of adding tags to Azure Virtual Machine OS disks during deployment. As demonstrated in this guide, you can implement a PATCH operation after the disk is created to ensure consistent and effective tagging.

The code snippets and guidance outlined in this post offer a practical approach to managing tags on OS disks, ensuring that you maintain optimal control over your Azure resources.

Additional Resources

If you want to find out more about Azure Tagging Best Practices find the links below from the Microsoft Learn Site: