🔥Let’s Do DevOps: Azure Dynamic Scopes for Maintenance Configs Across Subscriptions🚀

aka, updating all the VMs in `n` subscriptions from a single pane of glass

This blog series focuses on presenting complex DevOps projects as simple and approachable via plain language and lots of pictures. You can do it!

I’ve moved to LetsDoDevOps.com, you can find the full article here. This content has a paywall for 1 week, and then will be free starting at 10/1 9a CT.

Hey all!

When you’re talking about patching your (particularly Windows) virtual machines in Azure, all roads lead to the Azure Update Manager, the Azure-native tooling that operates an agents on your machines, repos on update status, and permits deploying updates from the console in an automated way.

The Azure Update Manager, in many ways, rules. It’s flexible, it’s powerful, it’s easy to use — at least in the GUI. And that’s the biggest problem, for this and many other Azure functionalities — they’re built for GUI management in the web portal. Management via CLI, or via tools that use the CLI, like Terraform, are a second thought at best.

And so, we take me back to a few weeks ago, when I offered to build Terraform to automate the Maintenance Configs and Dynamic Scopes across a half dozen subscriptions, for a team of ours for the first time. I’m pretty sure I said I’d get it done in an hour. How wrong I was 😂.

Before we get too far, let’s define some terms:

• Terrform/Tofu (TF) Provider — An API instruction book, basically. Tells the TF core binary how to manage resources for a specific platform, in this case, Azure.
• Maintenance Configuration — Controls everything about the Patches to install on the OS. The packs to include, when to install them, which ones to include vs exclude, stuff like that.
• Maintenance Dynamic Scope — Controls everything about which servers to add to a particular maintenance configuration. Can be specified individually (serverA, serverB, etc.) or via a dynamic scope which is a filter against a subscription by tags or other attributes.

Okay, let’s build some cool stuff. Scroll to the very end for a link to the gist with all code.

Let’s Do DevOps

From here on out, all content will be published on Let’s Do DevOps. I want to give back to the community as much as I’m able. Please subscribe there to avoid missing any content. Thanks all ❤.

This content has a paywall for 1 week, and then will be free starting at 10/1/2024 9a CT.

You can find this article here: https://www.letsdodevops.com/p/lets-do-devops-azure-dynamic-scopes