How to Update OS Disk Tags in Azure Using Terraform
Mastering Azure OS Disk Tagging with Terraform: A Step-by-Step Guide
Introduction
Tagging resources is crucial in Azure environments, helping to improve cost management, governance, and more. Managing these tags effectively can greatly simplify your operations.
Tagging is more than just labeling resources. It is key to managing resources, enabling IT teams to quickly find resources based on workloads, environments, and ownership groups. Good tagging practices also help in tracking and optimizing cloud expenses, enhancing operations management, security, governance, compliance, automation, and workload optimization through consistent and strategic tagging.
In this guide, we'll look at how to use Terraform to update OS (Operating System) disk tags in Azure. Let's get started!
Understanding Tags on Managed Disks
Managed disks in Azure, like many other resources, can be tagged for easier identification and management. Tags are essentially key-value pairs that allow you to assign metadata to resources. This metadata can be used for a variety of purposes, including:
Cost Management: By tagging resources, you can categorize costs for billing and allocate expenses to specific projects or departments.
Resource Organization: Tags help you organize resources for easy identification and retrieval.
Governance and Compliance: Tags can be used to enforce compliance policies or track security-related metadata.
Automation: Tags are often used in scripts and automation workflows to target specific resources.
The screenshot above shows an example of a tagged managed disk in Azure. As you can see, the disk has tags indicating the owner, environment, application, and department, among others.
Problem of managing tags inside Terraform for OS Disks
When you deploy the OS disk for your Azure Virtual machine directly inside the corresponding resource with one of the following resources ('azurerm_windows_virtual_machine' or 'azurerm_linux_virtual_machine') you are unable to add tags to the OS disk itself at the time of writing this article (April 2024).
So how do we solve this issue?
We could use the Terraform AzAPI Provider to do a PATCH via the Azure Resource Manager API after the disk is created to add the tags.
As we could only do this after the VM and the disk is created we need a data resource and an AzAPI resource. In the example code below we are referencing on an already existing Windows Virtual Machine which I have created before.
We are starting with three variables for the name of the OS disk, the resource group where the disk (and the virtual machine) is created and also have some tags which are used later.
variable "vm_os_disk_name" { description = "Name of the virtual machine." type = string default = "os-disk1" } variable "resource_group_name" { description = "Resource group name." type = string default = "rg-test" } variable "tags" { description = "Tags to apply to all resources." type = map(string) default = { environment = "dev" owner = "Michael Obernberger" } }
Use the
azurerm_managed_disk
data source to retrieve the OS disk's ID. This requires waiting for the virtual machine to be created before the disk's ID is available.data "azurerm_managed_disk" "vm_os_disk" { name = var.vm_os_disk_name resource_group_name = var.resource_group_name depends_on = [azurerm_windows_virtual_machine.main] }
The
depends_on
attribute ensures that the virtual machine is created before attempting to retrieve the OS disk's ID.Once the disk's ID is obtained, use the
azapi_resource_action
resource to perform the PATCH operation. The method "PATCH" is chosen to update the existing resource, and the tags are encoded as JSON inside the body.resource "azapi_resource_action" "os_disk_tags" { type = "Microsoft.Compute/disks@2022-03-02" resource_id = data.azurerm_managed_disk.vm_os_disk.id method = "PATCH" body = jsonencode({ tags = var.tags }) }
Conclusion
By leveraging Terraform and the Azure Resource Manager (ARM) API, you can overcome the limitation of adding tags to Azure Virtual Machine OS disks during deployment. As demonstrated in this guide, you can implement a PATCH operation after the disk is created to ensure consistent and effective tagging.
The code snippets and guidance outlined in this post offer a practical approach to managing tags on OS disks, ensuring that you maintain optimal control over your Azure resources.
Additional Resources
If you want to find out more about Azure Tagging Best Practices find the links below from the Microsoft Learn Site: