Guides

Ensure that Azure Virtual Machine is assigned to an availability set

Availability sets ensure that the VMs you deploy on Azure are distributed across multiple isolated hardware clusters. Doing this, ensures that if a hardware or software failure within Azure happens, only a subset of your VMs is impacted and that your overall solution remains available and operational.

Suggest Edits

Risk Level: High
Cloud Entity: Virtual Machine
CloudGuard Rule ID: D9.AZU.DR.03
Covered by Spectral: Yes
Category: Compute

GSL LOGIC

VirtualMachine where isScaleSetVm=false should have availabilitySet

REMEDIATION

From Portal

  1. Go to 'Resource Groups' and filter the availability set
  2. Select the Availability set and click on 'Overview'
  3. Now click on 'Create' button and 'Virtual Machine'
  4. Now provide all the necessary details and hit Review + Create
  5. Click Save.

From TF
Set the 'availability_set_id' argument under azurerm_windows_virtual_machine 

resource "azurerm_windows_virtual_machine" "example" {
	..
	availability_set_id = AVAILABILITYSETID
	..
}

Note:You can put azurerm_windows_virtual_machine or azurerm_linux_virtual_machine, whichever VM you want to assign to an availability set

From Command Line
First create Availability Set and Resource Group using below Command:-
Run

az group create --name RESOURCEGROUPNAME --location LOCATION

az vm availability-set create --resource-group RESOURCEGROUPNAME --name AVAILABILITYSETNAME --platform-fault-domain-count COUNT --platform-update-domain-count COUNT

Now,create the VM using the --availability-set parameter to specify the name of the availability set
Run

for i in `seq 1 2`; do
az vm create --resource-group RESOURCEGROUPNAME --name VMNAME --availability-set AVAILABILITYSETNAME --size VMSIZE --vnet-name VNETNAME --subnet SUBNETNAME --image IMAGE --admin-username USERNAME --generate-ssh-keys
done

Note:An existing VM cannot be added to an availability set after it is created.

References

  1. https://docs.microsoft.com/en-us/azure/virtual-machines/availability-set-overview
  2. https://docs.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-availability-sets
  3. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/windows_virtual_machine#availability_set_id

Virtual Machine

Azure Virtual Machines (VM) is one of several types of on-demand, scalable computing resources that Azure offers. Typically, you choose a VM when you need more control over the computing environment than the other choices offer. This article gives you information about what you should consider before you create a VM, how you create it, and how you manage it.

Compliance Frameworks

  • Azure CloudGuard Best Practices
  • Azure HITRUST v9.5.0
  • Azure NIST 800-53 Rev 5
  • CloudGuard Azure All Rules Ruleset

Updated about 1 year ago