What resources does an Azure VM require in Terraform?

A working Linux VM needs a resource group, a virtual network, a subnet, a network interface, and the azurerm_linux_virtual_machine itself referencing the NIC and an OS disk. This builder emits all of them wired together with the correct references.

Should I use SSH keys or a password?

SSH public-key authentication is strongly recommended over passwords for Linux VMs — it is more secure and not subject to brute-force guessing. The builder reads your key with file() and only offers a password option backed by a sensitive variable.

Why is the password stored in a variable?

Hardcoding credentials in HCL leaks them into version control and state in plaintext. The builder declares admin_password as a sensitive variable so you supply it at apply time via an environment variable or a secrets backend instead.

What VM sizes are available?

Azure offers many size families — B-series for burstable workloads, D-series for general purpose, E-series for memory, F-series for compute. Standard_B2s is a low-cost default; pick a size that matches your CPU and memory needs.

How is the OS disk configured?

The os_disk block sets the caching mode, storage account type (Standard_LRS, StandardSSD_LRS, or Premium_LRS), and disk size in GB. Premium SSD gives the best performance; Standard HDD is cheapest for light workloads.

Terraform Azure VM Config Builder

Email me this result

Get this tool's output sent to your inbox, plus one useful tool a week. No spam, unsubscribe any time.

Stand up an Azure VM with Terraform, batteries included

An Azure virtual machine is never just one resource — it needs a network to live in. This builder generates the complete dependency chain (resource group, virtual network, subnet, NIC) plus the azurerm_linux_virtual_machine itself, with the cross-references already wired so terraform apply works first time.

How it works

Terraform creates Azure resources in dependency order using interpolated references. The VM references its network interface ID, the NIC references the subnet, the subnet references the virtual network, and everything references the resource group’s name and location. By chaining azurerm_resource_group.<id>.name style references, Terraform builds the correct graph and provisions resources in the right sequence.

For authentication, the recommended SSH path injects an admin_ssh_key block that reads your public key with file("~/.ssh/id_rsa.pub"). The password path sets disable_password_authentication = false and pulls the secret from a sensitive Terraform variable, so the credential never appears in your committed HCL.

Tips and notes

Prefer SSH keys — they avoid password brute-forcing and don’t leak into state as readable strings.
The OS image is pinned to Ubuntu 22.04 LTS gen2; change the source_image_reference block if you need a different distro.
Choose Premium_LRS for production disks and Standard_LRS to minimise cost on dev VMs.
Add a network security group and public IP if the VM needs inbound access — this template keeps it internal-only by default.