Azure PowerShell Terraform

Set up WinRM for a Azure Virtual Machine using Terraform Code

3, Add the right code to the Terraform code.

Ok, so now for the code.

Keeping it simple

To keep it simple to understand, I’m just going to put in the actual values rather than reference a variable in the variables file. Notice in the code below that the URL is the secrets URL path, the one I said to note down earlier.

Both of these blocks of code below go inside the virtual machine resource.

winrm_listener {
    protocol = https
    certificate_url = "https://russkv.vault.azure.net/secrets/RogerComputers/ef9bcfaca67d4aa19fc0afe3aaec1c9e"
 }
}
secret {
  certificate {
      store = "My"
      url   = "https://russkv.vault.azure.net/secrets/RogerComputers/ef9bcfaca67d4aa19fc0afe3aaec1c9e"
    }
    key_vault_id = azure_key_vault.keyvault.id
 }
}

Notice that the certificate_url in the Winrm_listener block is the same URL as the one in the secrets, certificates URL. This is how it’s supposed to be.

The “Store” is the certificate store on the virtual machine. So “My” is referring to “My” in “My local machine” certificate store. When you are able to RDP to the virtual machine, open the MMC, add the certificate snap-in and select My Local Machine. Under personal certificates, you will see the certificate. I couldn’t work this one out for ages.

The Key_vault_id is just that, so I’m specifying a key vault resource that gets created in the code. But if you have already got a key vault the use a data resource.

The secret block is saying import these certificates into my virtual machine. There could be more than one certificate, which you would create multiple certificate blocks.

The Winrm_listener block is specifying which certificate to use to secure my connection.

Continued on the next page