Azure Compute Gallery Overlay Terraform Module

This Overlay terraform module can deploy a Azure Compute Gallery (formerly known as Shared Image Gallery) and manage related parameters to be used in a SCCA compliant Management Network.

Using Azure Clouds

Since this module is built for both public and us government clouds. The environment variable defaults to public for Azure Cloud. When using this module with the Azure Government Cloud, you must set the environment variable to usgovernment. You will also need to set the azurerm provider environment variable to the proper cloud as well. This will ensure that the correct Azure Government Cloud endpoints are used. You will also need to set the location variable to a valid Azure Government Cloud location.

Example Usage for Azure Government Cloud:

provider "azurerm" {
  environment = "usgovernment"
}

module "overlays-shared-image-gallery" {
  source  = "azurenoops/overlays-shared-image-gallery/azurerm"
  version = "x.x.x"
  
  location = "usgovvirginia"
  environment = "usgovernment"
  ...
}

Resource Provider List

Terraform requires the following resource providers to be available:

• Microsoft.Network
• Microsoft.Storage
• Microsoft.Compute
• Microsoft.KeyVault
• Microsoft.Authorization
• Microsoft.Resources
• Microsoft.OperationalInsights
• Microsoft.GuestConfiguration
• Microsoft.Insights
• Microsoft.Advisor
• Microsoft.Security
• Microsoft.OperationsManagement
• Microsoft.AAD
• Microsoft.AlertsManagement
• Microsoft.Authorization
• Microsoft.AnalysisServices
• Microsoft.Automation
• Microsoft.Subscription
• Microsoft.Support
• Microsoft.PolicyInsights
• Microsoft.SecurityInsights
• Microsoft.Security
• Microsoft.Monitor
• Microsoft.Management
• Microsoft.ManagedServices
• Microsoft.ManagedIdentity
• Microsoft.Billing
• Microsoft.Consumption

Please note that some of the resource providers may not be available in Azure Government Cloud. Please check the Azure Government Cloud documentation for more information.

SCCA Compliance

This module can be SCCA compliant and can be used in a SCCA compliant Network. Enable private endpoints and SCCA compliant network rules to make it SCCA compliant.

For more information, please read the SCCA documentation.

Contributing

If you want to contribute to this repository, feel free to to contribute to our Terraform module.

More details are available in the CONTRIBUTING.md file.

License

This Terraform module is open-sourced software licensed under the MIT License.

Resources Supported

• Azure Compute Gallery
• Azure Compute Gallery Image Definition
• Azure Compute Gallery Image Version

Module Usage

# Azurerm provider configuration
provider "azurerm" {
  features {}
}

module "overlays-compute-image-gallery" {
  source  = "azurenoops/overlays-compute-image-gallery/azurerm"
  version = "x.x.x"
  
  create_gallery_resource_group = true
  location                      = "eastus"
  deploy_environment            = "dev"
  org_name                      = "anoa"
  environment                   = "public"

  # Azure Compute Image Gallery
  compute_images_definitions = [
    {
      name = "Debian11"
      identifier = {
        offer     = "Debian"
        publisher = "Claranet"
        sku       = "11"
      }
      os_type     = "Linux"
      description = "Claranet's Debian 11 custom image."
    },
    {
      name = "Debian12"
      identifier = {
        offer     = "Debian"
        publisher = "Claranet"
        sku       = "12"
      }
      os_type     = "Linux"
      description = "Claranet's Debian 12 custom image."
    },
  ]
  ...
}

Requirements

Name	Version
terraform	>= 1.3
azurenoopsutils	~> 1.0.4
azurerm	~> 3.22

Providers

Name	Version
azurenoopsutils	~> 1.0.4
azurerm	~> 3.22

Modules

Name	Source	Version
mod_azregions	azurenoops/overlays-azregions-lookup/azurerm	~> 1.0.0
mod_scaffold_rg	azurenoops/overlays-resource-group/azurerm	~> 1.0.1

Resources

Name	Type
azurerm_shared_image.compute_image	resource
azurerm_shared_image_gallery.compute_image_gallery	resource
azurenoopsutils_resource_name.shared_image_gallery	data source
azurerm_client_config.current	data source
azurerm_resource_group.rg	data source

Inputs

Name	Description	Type	Default	Required
add_tags	Map of custom tags.	map(string)	{}	no
compute_gallery	Configure the Azure Compute Image Gallery.	object({ eula = optional(string) prefix = optional(string) publisher_email = optional(string) publisher_uri = optional(string) permission = optional(string, "Private") })	null	no
compute_image_gallery_description	A description for this compute Image Gallery.	string	null	no
compute_images_definitions	Create Azure Compute Image Definition.	list(object({ name = string identifier = object({ offer = string publisher = string sku = string }) os_type = string description = optional(string) disk_types_not_allowed = optional(list(string)) end_of_life_date = optional(string) eula = optional(string) specialized = optional(bool) architecture = optional(string, "x64") hyper_v_generation = optional(string, "V1") max_recommended_vcpu_count = optional(number) min_recommended_vcpu_count = optional(number) max_recommended_memory_in_gb = optional(number) min_recommended_memory_in_gb = optional(number) privacy_statement_uri = optional(string) release_note_uri = optional(string) trusted_launch_enabled = optional(bool) confidential_vm_supported = optional(bool) confidential_vm_enabled = optional(bool) accelerated_network_support_enabled = optional(bool) tags = optional(map(string)) }))	[]	no
create_gallery_resource_group	Controls if the resource group should be created. If set to false, the resource group name must be provided. Default is false.	bool	false	no
create_private_endpoint_subnet	Controls if the subnet should be created. If set to false, the subnet name must be provided. Default is false.	bool	false	no
custom_compute_image_gallery_name	Custom Azure compute Image Gallery, generated if not set	string	""	no
custom_resource_group_name	The name of the custom resource group to create. If not set, the name will be generated using the org_name, workload_name, deploy_environment and environment variables.	string	null	no
default_tags_enabled	Option to enable or disable default tags.	bool	true	no
deploy_environment	Name of the workload's environment	string	n/a	yes
enable_community_gallery	Enable the Community Gallery.	bool	false	no
enable_private_endpoint	Manages a Private Endpoint to Azure Container Registry. Default is false.	bool	false	no
environment	The Terraform backend environment e.g. public or usgovernment	string	n/a	yes
existing_private_dns_zone	Name of the existing private DNS zone	any	null	no
existing_private_subnet_name	Name of the existing subnet for the private endpoint	any	null	no
existing_resource_group_name	The name of the existing resource group to use. If not set, the name will be generated using the org_name, workload_name, deploy_environment and environment variables.	string	null	no
location	Azure region in which instance will be hosted	string	n/a	yes
name_prefix	Optional prefix for the generated name	string	""	no
name_suffix	Optional suffix for the generated name	string	""	no
org_name	Name of the organization	string	n/a	yes
private_subnet_address_prefix	The name of the subnet for private endpoints	any	null	no
use_location_short_name	Use short location name for resources naming (ie eastus -> eus). Default is true. If set to false, the full cli location name will be used. if custom naming is set, this variable will be ignored.	bool	true	no
use_naming	Use the Azure NoOps naming provider to generate default resource name. storage_account_custom_name override this if set. Legacy default name is used if this is set to false.	bool	true	no
virtual_network_name	Name of the virtual network for the private endpoint	any	null	no
workload_name	Name of the workload_name	string	n/a	yes

Outputs

Name	Description
id	Azure Shared Image Gallery ID
name	Azure Shared Image Gallery name
shared_image_gallery	Azure Shared Image Gallery output object
shared_images_definitions	Azure Shared Images definitions