87695a5a6dfa0b0649650d5ccf468a15

Contents
Terraform on Azure documentation

Overview
About Terraform on Azure
Terraform AzAPI provider
Terraform Azure provider versions
AzureRM provider versions
Install and Configure
Install and configure Terraform
Install the Azure Terraform Visual Studio Code extension
Authenticate Terraform to Azure
Store Terraform state in Azure Storage
Quickstarts
Your first Terraform project
Create an Azure resource group
AzAPI provider
Learn how to use the AzAPI resource
Learn how to use the AzAPI update resource
Containers
Kubernetes cluster with AKS
Database
MySQL Flexible Server
Virtual machines
Create a Linux VM
Samples
Configuration templates
Concepts
Testing Terraform code
Comparing features of Terraform and Bicep
Tutorials
Security
Azure Attestation
How-to guides
Test Terraform projects
Compliance testing
End-to-end testing
Integration testing
Troubleshoot
Troubleshoot common problems
App Service
Terraform and Azure provider deployment slots
Containers
Application Gateway ingress controller in AKS
Database
Azure Cosmos DB
PostgreSQL Flexible Server Database
Networks
Azure Network Watcher
Azure Firewall Premium
Deploy Azure Application Gateway v2
Hub and spoke topology
1. Create hub and spoke topology
2. Create on-premises virtual network
3. Create hub virtual network
4. Create hub virtual network appliance
5. Create spoke network
6. Validate network topology connectivity
Tools
Create a Terraform base template using Yeoman
Azure Virtual Desktop
Configure an Azure Virtual Desktop
Create a Session Host
Configure RBAC permissions
Configure Network Settings
Create Azure Files Storage
Create Azure Compute Gallery
Create Log Analytics Workspace
Virtual machines
Configure a virtual machine cluster
Virtual machine cluster with Terraform and HCL
Virtual machine scale set with infrastructure
Virtual machine scale set from Packer image
Reference
Azure module registry
Terraform Azure Provider
Terraform AzAPI Provider
Terraform AzAPI resource type definitions
Resources
Azure & Terraform
Azure Roadmap
Overview of Terraform on Azure - What is
Terraform?
11/2/2022 • 2 minutes to read • Edit Online
Hashicorp Terraform is an open-source IaC (Infrastructure-as-Code) tool for provisioning and managing cloud
infrastructure. It codifies infrastructure in configuration files that describe the desired state for your topology.
Terraform enables the management of any infrastructure - such as public clouds, private clouds, and SaaS
services - by using Terraform providers.
Terraform providers for Azure infrastructure

There are several Terraform providers that enable the management of Azure infrastructure:
AzureRM: Manage stable Azure resources and functionality such as virtual machines, storage accounts, and
networking interfaces.
AzureAD: Manage Azure Active directory resources such as groups, users, service principals, and
applications.
AzureDevops: Manage Azure DevOps resources such as agents, repositories, projects, pipelines, and queries.
AzAPI: Manage Azure resources and functionality using the Azure Resource Manager APIs directly. This
provider compliments the AzureRM provider by enabling the management of Azure resources that aren't
released. For more information about the AzAPI provider, see Terraform AzAPI provider.
Azure Stack: Manage Azure Stack resources such as virtual machines, DNS, VNet, and storage.
Benefits of Terraform with Azure

This section describes the benefits of using Terraform to manage Azure infrastructure.
Common IaC tool
Terraform Azure providers enable you to manage all of your Azure infrastructure using the same declarative
syntax and tooling. Using these providers you can:
1. Provision core platform capabilities such as management groups, policies, users, groups, and policies. For
more information, see Terraform implementation of Cloud Adoption Framework Enterprise-scale.
2. Provision Azure DevOps Projects and pipelines to automate regular infrastructure and application
deployments.
3. Provision Azure resources required by your applications.
Automate infrastructure management
The Terraform template-based configuration file syntax enables you to configure Azure resources in a repeatable
and predictable manner. Automating infrastructure includes the following benefits:
Lowers the potential for human errors while deploying and managing infrastructure.
Deploys the same template multiple times to create identical development, test, and production
environments.
Reduces the cost of development and test environments by creating them on-demand.
Understand infrastructure changes before being applied
As a resource topology becomes complex, understanding the meaning and impact of infrastructure changes can
be difficult.
The Terraform CLI enables users to validate and preview infrastructure changes before application of the plan.
Previewing infrastructure changes in a safe manner has several benefits:
Team members can collaborate more effectively by understanding proposed changes and their impact.
Unintended changes can be caught early in the development process.
Next steps
Based on your environment, install and configure Terraform:
Configure Terraform: If you haven't already done so, configure Terraform using one of the following
options:
Configure Terraform in Azure Cloud Shell with Bash
Configure Terraform in Azure Cloud Shell with PowerShell
Configure Terraform in Windows with Bash
Configure Terraform in Windows with PowerShell
Overview of the Terraform AzAPI provider
The AzAPI provider is a thin layer on top of the Azure ARM REST APIs. The AzAPI provider enables you to
manage any Azure resource type using any API version. This provider complements the AzureRM provider by
enabling the management of new Azure resources and properties (including private preview).
Resources
To allow you to manage all Azure resources and features without requiring updates, the AzAPI provider includes
the following generic resources:
RESO URC E N A M E DESC RIP T IO N
azapi_resource Used to fully manage any Azure (control plane) resource

(API) with full CRUD.
Example Use Cases:
New preview service
New feature added to existing service
Existing feature / service not currently covered
azapi_update_resource Used to manage resources or parts of resources that don't

have full CRUD
Example Use Cases:
Update new properties on an existing service
Update pre-created child resource - such as DNS SOA
record.
Resource configuration examples

The following code snippet configures a resource that doesn't currently exist in the AzureRM provider:
resource "azapi_resource" "publicip" {

type = "Microsoft.Network/Customipprefixes@2021-03-01"
name = "exfullrange"
parent_id = azurerm_resource_group.example.id
location = "westus2"
body = jsonencode({
properties = {
cidr = "10.0.0.0/24"
signedMessage = "Sample Message for WAN"
}
})
}
The following code snippet configures a preview property for an existing resource from AzureRM:
resource "azapi_update_resource" "test" {
type = "Microsoft.ContainerRegistry/registries@2020-11-01-preview"
resource_id = azurerm_container_registry.acr.id
body = jsonencode({
properties = {
anonymousPullEnabled = var.bool_anonymous_pull
}
})
}
Authentication using the AzAPI provider

The AzAPI provider enables the same authentication methods as the AzureRM provider. For more information
on authentication options, see Authenticate Terraform to Azure.
Benefits of using the AzAPI provider

The AzAPI provider features the following benefits:
Supports all Azure services:
Private preview services and features
Public preview services and features
All API versions
Full Terraform state file fidelity
Properties and values are saved to state
No dependency on Swagger
Common and consistent Azure authentication
Experience and lifecycle of the AzAPI provider

This section describes some tools to help you use the AzAPI provider.
VS Code extension and Language Server
The AzAPI VS Code extension provides a rich authoring experience with the following benefits:
Intellisense
Code auto-completion
Hints
Syntax validation
Quick info
AzAPI2AzureRM migration tool

The AzureRM provider provides the most integrated Terraform experience for managing Azure resources.
Therefore, the recommended usage of the AzAPI and AzureRM providers is as follows:
1. While the service or feature is in preview, use the AzAPI provider.
2. once the service is officially released, use the AzureRM provider.
The AzAPI2AzureRM tool is designed to help migrate from the AzAPI provider to the AzureRM provider.
AzAPI2AzureRM is an open-source tool that automates the process of converting AzAPI resources to AzureRM
resources.
AzAPI2AzureRM has two modes: plan and migrate:
Plan displays the AzAPI resources that can be migrated.
Migrate migrates the AzAPI resources to AzureRM resources in both the HCL files and the state.
AzAPI2AzureRM ensures after migration that your Terraform configuration and state are aligned with your
actual state. You can validate the state has been updated by running terraform plan after completing the
migration to see that nothing has changed.
Using the AzAPI provider

1. Install VS Code extension
2. Add the AzAPI provider to your Terraform configuration.
terraform {
required_providers {
azapi = {
source = "Azure/azapi"
}
}
}
provider "azapi" {
# More information on the authentication methods supported by
# the AzureRM Provider can be found here:
# https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs
# subscription_id = "..."
# client_id = "..."
# client_secret = "..."
# tenant_id = "..."
}
3. Declare one or more AzAPI resources as shown in the following example code:
resource "azapi_resource" "example" {

name = "example"
parent_id = data.azurerm_machine_learning_workspace.existing.id
type = "Microsoft.MachineLearningServices/workspaces/computes@2021-07-01"
location = "eastus"
body = jsonencode({
properties = {
computeType = "ComputeInstance"
disableLocalAuth = true
properties = {
vmSize = "STANDARD_NC6"
}
}
})
}
Next steps
Deploy your first resource with the AzAPI provider Deploy your first Update Resource with the AzAPI provider
Terraform AzureRM provider version history
This article contains the following change logs from the HashiCorp site showing the Terraform AzureRM
provider versions:
Versions 3.0.0 - current
Versions 2.0.0 - 2.99.0
Versions 1.0.0 - 1.44.0
Versions 0.1.0 - 0.3.3
Versions 3.0.0 - Current

3.21.0 (Unreleased)
FEATURES:
New Data Source : azurerm_monitor_data_collection_endpoint [GH-17992]
New Resource : azurerm_app_service_connection [GH-16907]
New Resource : azurerm_api_management_gateway_certificate_authority [GH-17879]
New Resource : azurerm_api_management_product_tag [GH-17798]
New Resource : azurerm_automation_connection_type [GH-17538]
New Resource : azurerm_automation_hybrid_runbook_worker_group [GH-17881]
New Resource : azurerm_container_registry_task_schedule_run_now [GH-15120]
New Resource : azurerm_cosmosdb_sql_dedicated_gateway [GH-18133]
New Resource : azurerm_dashboard_grafana [GH-17840]
New Resource : azurerm_log_analytics_query_pack_query [GH-17929]
New Resource : azurerm_healthcare_medtech_service [GH-15967]
New Resource : azurerm_spring_cloud_connection [GH-16907]
New Resource : azurerm_search_shared_private_link_service [GH-17744]
New Resource : azurerm_sentinel_alert_rule_nrt [GH-15999]
ENHANCEMENTS:
dependencies: updating to version v0.20220830.1105041 of github.com/hashicorp/go-azure-sdk [GH-18183]
azurerm_container_registry - support for the azuread_authentication_as_arm_policy_enabled and
soft_delete_policy properties [GH-17926]
azurerm_cosmosdb_cassandra_cluster - support for the HoursBetweenBackups property [GH-18154]
azurerm_hdinsight_kafka_cluster - add support for the disk_encryption property [GH-17351]
azurerm_hdinsight_spark_cluster - add support for the disk_encryption property [GH-17351]
azurerm_hdinsight_interactive_query_cluster - add support for the disk_encryption property [GH-17351]
azurerm_hdinsight_hbase_cluster - add support for the disk_encryption property [GH-17351]
azurerm_hdinsight_hadoop_cluster - add support for the disk_encryption property [GH-17351]
azurerm_iothub_dps - support for the resource_count , parallel_deployments , and failure_percentage
properties [GH-18151]
azurerm_kubernetes_node_pool - spot node pools can now be upgraded [GH-18124]
azurerm_management_group_policy_remediation - support for the resource_count , parallel_deployments , and
failure_percentage properties [GH-17313]
azurerm_monitor_diagnostic_setting - support for the category_group property [GH-16367]
azurerm_resource_group_policy_remediation - support for the resource_count , parallel_deployments , and
azurerm_resource_policy_remediation - support for the resource_count , parallel_deployments , and
azurerm_role_assignment - support scope to be /providers/Subscription [GH-17456]
azurerm_servicebus_namespace - support for the public_network_access_enabled and minimum_tls_version
properties [GH-17805]
azurerm_storage_account - support for the public_network_access_enabled property [GH-18005]
azurerm_stream_analytics_output_eventhub - support for the authentication_mode property [GH-18096]
azurerm_stream_analytics_output_mssql - support for the authentication_mode property [GH-18096]
azurerm_stream_analytics_output_servicebus_topic - support for the authentication_mode property [GH-
18096]
azurerm_stream_analytics_output_powerbi - support for the token_user_principal_name and
token_user_display_name properties [GH-18117]
azurerm_stream_analytics_output_cosmosdb - support for the partition_key property [GH-18120]
azurerm_stream_analytics_reference_input_blob - support for the authentication_mode property [GH-18137]
azurerm_subscription_policy_remediation - support for the resource_count , parallel_deployments , and
Dependencies: log_analytics - update to use hashicorp/go-azure-sdk [GH-18098]
BUG FIXES:
azurerm_kubernetes_cluster - kube_config is now set when AAD is enabled for a v1.24 cluster [GH-18142]
azurerm_redis_cache - will now recreate the cache when downgrading the SKU [GH-17767]
azurerm_spring_cloud_service - ignore default zero value for read_timeout_seconds [GH-18161]
3.20.0 (August 25, 2022)

FEATURES:
Provider : support for generic OIDC authentication providers (#18118)
New Resource : azurerm_backup_policy_vm_workload (#17765)
New Resource : azurerm_monitor_scheduled_query_rules_alert_v2 (#17772)
ENHANCEMENTS:
Dependencies: update go-azure-sdk to v0.20220824.1090858 (#18100)
Dependencies: consumption - updating to use hashicorp/go-azure-sdk (#18101)
azurerm_data_factory_dataset_json - filename and path in azure_blob_storage_location block can now be
empty (#18061)
BUG FIXES:
data.azurerm_kubernetes_cluster - kube_config is now set when AAD is enabled for a v1.24 cluster (#18131)
azurerm_cosmosdb_sql_database - prevent panic in autoacale settings (#18070)
azurerm_kubernetes_cluster_node_pool - fix a crash in expanding upgrade settings (#18074)
azurerm_mssql_elastic_pool - list of values for maintenance_configuration_name is now correct (#18041)
azurerm_postgresql_flexible_server - point_in_time_restore_time_in_utc correctly converts to RFC3339
(#18106)
3.19.1 (August 19, 2022)

BUG FIXES:
azurerm_dns_a_record - parse resource IDs insensitively in the read functions due to casing on the dnsZones
segment (#18048)
azurerm_dns_aaaa_record - parse resource IDs insensitively in the read functions due to casing on the
dnsZones segment (#18048)
azurerm_dns_caa_record - parse resource IDs insensitively in the read functions due to casing on the
azurerm_dns_cname_record - parse resource IDs insensitively in the read functions due to casing on the
azurerm_dns_mx_record - parse resource IDs insensitively in the read functions due to casing on the dnsZones
segment (#18048)
azurerm_dns_ns_record - parse resource IDs insensitively in the read functions due to casing on the dnsZones
segment (#18048)
azurerm_dns_ptr_record - parse resource IDs insensitively in the read functions due to casing on the
azurerm_dns_srv_record - parse resource IDs insensitively in the read functions due to casing on the
azurerm_dns_txt_record - parse resource IDs insensitively in the read functions due to casing on the
azurerm_dns_zone - parse resource IDs insensitively in the read functions due to casing on the dnsZones
segment (#18048)
3.19.0 (August 18, 2022)

FEATURES:
New Data Source : azurerm_dns_a_record (#17477)
New Data Source : azurerm_dns_aaaa_record (#17477)
New Data Source : azurerm_dns_caa_record (#17477)
New Data Source : azurerm_dns_cname_record (#17477)
New Data Source : azurerm_dns_mx_record (#17477)
New Data Source : azurerm_dns_ns_record (#17477)
New Data Source : azurerm_dns_ptr_record (#17477)
New Data Source : azurerm_dns_soa_record (#17477)
New Data Source : azurerm_dns_srv_record (#17477)
New Data Source : azurerm_dns_txt_record (#17477)
New Data Source : azurerm_private_dns_a_record (#18036)
New Data Source : azurerm_private_dns_aaaa_record (#18036)
New Data Source : azurerm_private_dns_cname_record (#18036)
New Data Source : azurerm_private_dns_mx_record (#18036)
New Data Source : azurerm_private_dns_ptr_record (#18036)
New Data Source : azurerm_private_dns_soa_record (#18036)
New Data Source : azurerm_private_dns_srv_record (#18036)
New Data Source : azurerm_private_dns_txt_record (#18036)
New Resource : azurerm_eventhub_namespace_schema_group (#17635)
New Resource : azurerm_cdn_frontdoor_firewall_policy (#17715)
New Resource : azurerm_cdn_frontdoor_security_policy (#17715)
New Resource : azurerm_data_factory_flowlet_data_flow (#16987)
ENHANCEMENTS:
Dependencies: update go-azure-helpers to v0.39.1 (#18015)
Dependencies: update go-azure-sdk to v0.20220815.1092453 (#17998)
Dependencies: dedicated_host_* to use hashicorp/go-azure-sdk (#17616)
Dependencies: dataprotection : updating to use hashicorp/go-azure-sdk (#17700)
Dependencies: dns - updating to use hashicorp/go-azure-sdk (#17986)
Dependencies: maintenance - updating to use hashicorp/go-azure-sdk (#17954)
Data Source: azurerm_images - now uses a logical id (#17766)
Data Source: azurerm_management_group - now exports the management_group_ids , all_management_group_ids ,
and all_subscription_ids attributes (#16208)
azurerm_active_directory_domain_service - support for the kerberos_armoring_enabled and
kerberos_rc4_encryption_enabled properties (#17853)
azurerm_application_gateway - support for the global block (#17651)
azurerm_application_gateway - support for components in rewrite_rule_set.rewrite_rule.url (#13899)
azurerm_automation_account - support for the private_endpoint_connection property (#17934)
azurerm_automation_account - support for the encryption block and local_authentication_enabled property
(#17454)
azurerm_batch_account - support for the storage_account_authentication_mode ,
storage_account_node_identit , and allowed_authentication_modes properties (#16758)
azurerm_batch_pool - support for identity referencees in container registries (#17416)
azurerm_data_factory_data_flow - support for the flowlet block (#16987)
azurerm_data_factory_integration_runtime_azure_ssis - support for the express_vnet_injection property
(#17756)
azurerm_firewall_policy_resource - support for the private_ranges and allow_sql_redirect properties
(#17842)
azurerm_key_vault - support for the public_network_access_enabled property (#17552)
azurerm_linux_virtual_machine - now supports delete Eviction policies (#17226)
azurerm_linux_virtual_machine_scale_set - now supports delete Eviction policies (#17226)
azurerm_mssql_elastic_pool - support for the maintenance_configuration_name property (#17790)
azurerm_mssql_server - support Disabled for the minimum_tls_version property (#16595)
azurerm_spring_cloud_app - support the public_endpoint_enabled property (#17630)
azurerm_spring_cloud_gateway_route_config - support for the open_api;azurerm_spring_cloud_service and
log_stream_public_endpoint_enabledread_timeout_seconds properties (#17630)
azurerm_shared_image - support for the architecture property (#17250)
azurerm_storage_account - support for the default_to_oauth_authentication property (#17116)
azurerm_storage_table_entity - support for specifying data types on entity properties (#15782)
azurerm_shared_image_version - support for blob_uri and storage_account_id (#17768)
azurerm_windows_virtual_machine - now supports delete Eviction policies (#17226)
azurerm_windows_virtual_machine_scale_set - now supports delete Eviction policies (#17226)
azurerm_web_application_firewall_policy - support for the excluded_rule_set property (#17757)
azurerm_log_analytics_workspace - support for the cmk_for_query_forced property (#17365)
azurerm_lb_backend_address_pool_address - support for the backend_address_ip_configuration_id property
(#17770)
BUG FIXES:
Data Source: azurerm_windows_web_app - add missing schema definition for 'virtual_network_subnet_id'
(#18028)
azurerm_cdn_endpoint_custom_domain - deprecating the key_vault_certificate_id property in favour of the
key_vault_secret_id property withing the user_managed https_allows block (#17114)
azurerm_data_protection_backup_policy_postgresql_resource - prevent a crash when given an empty criteria
block (#17904)
azurerm_disk_encryption_set - prevent an issue during creation when the disk encryption set and key vault
are in different subscriptions (#17964)
azurerm_windows_function_app fix a bug with setting values for WindowsFxString (#18014)
azurerm_windows_function_app_slot - fix a bug with setting values for WindowsFxString (#18014)
azurerm_linux_function_app - correctly send WEBSITE_CONTENTSHARE and
WEBSITE_CONTENTAZUREFILECONNECTIONSTRING (#18035)
azurerm_linux_function_app - fix content settings when storage_uses_managed_identity is set to true
(#18035)
azurerm_linux_function_app_slot - correctly send WEBSITE_CONTENTSHARE and
azurerm_linux_function_app_slot - fix content settings when storage_uses_managed_identity is set to true
(#18035)
azurerm_windows_function_app - correctly send WEBSITE_CONTENTSHARE and
azurerm_windows_function_app - fix content settings when storage_uses_managed_identity is set to true
(#18035)
azurerm_windows_function_app_slot - correctly send WEBSITE_CONTENTSHARE and
azurerm_windows_function_app_slot - fix content settings when storage_uses_managed_identity is set to true
(#18035)
3.18.0 (August 11, 2022)

FEATURES:
New Resource : azurerm_monitor_data_collection_endpoint (#17684)
ENHANCEMENTS:
dependencies: updating github.com/hashicorp/go-azure-sdk to v0.20220809.1122626 (#17905)
storage: updating to use API Version 2021-09-01 (#17523)
azurerm_express_route_circuit_peering - support for the ipv4_enabled and gateway_manager_etag properties
(#17338)
azurerm_site_recovery_replicated_vm - support for the target_disk_encryption block (#15783)
azurerm_subnet - deprecate enforce_private_link_endpoint_network_policies property in favour of
private_endpoint_network_policies_enabled (#17464)
azurerm_subnet - deprecate enforce_private_link_service_network_policies property in favour of
private_link_service_network_policies_enabled (#17464)
azurerm_servicebus_subscription - support for the client_scoped_subscription_enabled property and the
client_scoped_subscription block (#17101)
BUG FIXES:
azurerm_backup_policy_vm - now prevents crash when frequency is set to Hourly and, hour_interval and
hour_duration are not set (#17880)
Data Source: azurerm_blueprint_definition - Fix version property output (#16299)
3.17.0 (August 04, 2022)

ENHANCEMENTS:
domainservice: updating to use API Version 2021-05-01 (#17737)
Data Source: azurerm_proximity_placement_group - refactoring to use hashicorp/go-azure-sdk (#17776)
azurerm_api_management - update the sku_name property validation to accept newer Premium SKUs (#17887)
azurerm_firewall - the property sku_tier is now updateable (#17577)
azurerm_linux_virtual_machine_scale_set - the property instances is now Optional and defaults to 0
(#17836)
azurerm_log_analytics_cluster - updated validation for the size_gb property (#17780)
azurerm_proximity_placement_group - refactoring to use hashicorp/go-azure-sdk (#17776)
azurerm_shared_image - improved validation for the publisher , offer and sku properties in the
identifier block (#17547)
azurerm_subnet - support for the service delegation Microsoft.Orbital/orbitalGateway (#17854)
azurerm_eventhub_namespace - support for the local_authentication_enabled , public_network_access_enabled ,
and minimum_tls_version properties (#17194)
BUG FIXES:
Data Source: azurerm_private_dns_zone - returning the correct Resource ID when not specifying the
resource_group_name (#17729)
3.16.0 (July 28, 2022)

FEATURES:
New Resource : azurerm_datadog_monitor (#16131)
New Resource : azurerm_kusto_cluster_managed_private_endpoint (#17667)
New Resource : azurerm_log_analytics_query_pack (#17685)
New Resource : azurerm_logz_sub_account_tag_rule (#17557)
New Resource : azurerm_signalr_shared_private_link_resource (#16187)
ENHANCEMENTS:
dependencies: updating to version v0.20220725.1163004 of github.com/hashicorp/go-azure-sdk (#17753)
automationaccount: updating to use hashicorp/go-azure-sdk (#17347)
Data Source: azurerm_linux_function_app - support the virtual_network_subnet_id property for for vNet
integration (#17494)
Data Source: azurerm_windows_function_app - support the virtual_network_subnet_id property for for vNet
Data Source: azurerm_windows_web_app - support the virtual_network_subnet_id property for for vNet
eventhub : updating all data sources/resources onto single API Version 2021-11-01 (#17719)
azurerm_bot_service_azure_bot - support for the streaming_endpoint_enabled property (#17423)
azurerm_cognitive_account - support for the custom_question_answering_search_service_key property
(#17683)
asurerm_iothub_dps_certificate - support for the property (#17106)
is_verified
azurerm_linux_web_app - the virtual_network_subnet_id property is no longer ForceNew (#17584)
azurerm_linux_web_app_slot - the virtual_network_subnet_id property is no longer ForceNew (#17584)
azurerm_linux_function_app support the virtual_network_subnet_id property for for vNet integration
(#17494)
azurerm_linux_function_app_slot support the virtual_network_subnet_id property for for vNet integration
(#17494)
azurerm_stream_analytics_stream_input_eventhub - support for the authentication_mode property (#17739)
azurerm_windows_function_app support the virtual_network_subnet_id property for for vNet integration
(#17572)
azurerm_windows_function_app_slot support the virtual_network_subnet_id property for for vNet integration
(#17572)
azurerm_windows_web_app support the virtual_network_subnet_id property for for vNet integration (#17576)
azurerm_windows_web_app_slot support the virtual_network_subnet_id property for for vNet integration
(#17576)
BUG FIXES:
azurerm_linux_function_app - fix casing bug with the linux_fx_string property for Node apps (#17789)
azurerm_linux_function_app_slot - fix casing bug with the linux_fx_string property for Node apps
(#17789)
azurerm_resource_group_template_deployment - fixing a bug where the same Resource Provider defined in
different casings would cause the API Version to not be identified (#17707)
3.15.1 (July 25, 2022)

BUG FIXES:
data.azurerm_servicebus_queue - fix a regression around namespace_id (#17755)
azurerm_postgresql_aad_administrator - fix the state migration (#17732)
azurerm_postgresql_server - fix a regression around id (#17755)
3.15.0 (July 21, 2022)

FEATURES:
New Data Source : azurerm_cdn_frontdoor_origin_group (#17089)
New Data Source : azurerm_cdn_frontdoor_origin (#17089)
New Resource : azurerm_cdn_frontdoor_origin_group (#17089)
New Resource : azurerm_cdn_frontdoor_origin (#17089)
New Resource : azurerm_application_insights_workbook (#17368)
New Resource : azurerm_monitor_data_collection_rule (#17342)
New Resource : azurerm_route_server (#16578)
New Resource : azurerm_route_server_bgp_connection (#16578)
New Resource : azurerm_web_pubsub_private_link_resource (#15550)
ENHANCEMENTS:
dependencies: updating to v0.20220715.1071215 of github.com/hashicorp/go-azure-sdk (#17645)
domainservice: to use hashicorp/go-azure-sdk (#17595)
servicebus: refactoring to use hashicorp/go-azure-sdk (#17628)
postgres: refactoring to use hashicorp/go-azure-sdk (#17625)
azurerm_kusto_cluster_resource - support for the allowed_fqdns , allowed_ip_ranges , and
outbound_network_access_restricted properties (#17581)
azurerm_storage_account - supports for the change_feed_retention_in_days property (#17130)
3.14.0 (July 14, 2022)

FEATURES:
New Resource : azurerm_application_insights_workbook_template (#17433)
New Resource : azurerm_gallery_application (#17394)
New Resource : azurerm_gallery_application_version (#17394)
ENHANCEMENTS:
dependencies: updating to v0.37.0 of github.com/hashicorp/go-azure-helpers (#17588)
dependencies: updating to v2.18.0 of github.com/hashicorp/terraform-plugin-sdk (#17141)
appconfiguration: updating to use API Version 2022-05-01 (#17467)
spring: updating to use API Version 2022-05-01-preview (#17467)
databricks: refactoring to use hashicorp/go-azure-sdk (#17475)
lighthouse: refactoring to use hashicorp/go-azure-sdk (#17590)
policyremediation: updated to use version 2021-10-01 (#17298)
signalr: refactoring to use hashicorp/go-azure-sdk (#17463)
storage: refactoring objectreplicationpolicy to use hashicorp/go-azure-sdk (#17471)
Data Source: azurerm_availability_set - updating to use hashicorp/go-azure-sdk (#17608)
Data Source: azurerm_ssh_public_key - refactoring to use hashicorp/go-azure-sdk (#17609)
azurerm_availability_set - updating to use hashicorp/go-azure-sdk (#17608)
azurerm_container_group - support for the http_headers property (#17519)
azurerm_dashboard - refactoring to use hashicorp/go-azure-sdk (#17598)
azurerm_kusto_cluster - support for the public_ip_address property (#17520)
azurerm_kusto_script - support for the script_content property (#17522)
azurerm_kusto_iothub_data_connection - support for the database_routing_type property (#17526)
azurerm_kusto_eventhub_data_connection - support for the database_routing_type property (#17525)
azurerm_kusto_eventgrid_data_connection - support for the database_routing_type , eventgrid_resource_id ,
and managed_identity_resource_id properties (#17524)
azurerm_kubernetes_cluster - support for the host_group_id property (#17496)
azurerm_kubernetes_cluster_node_pool - support for the host_group_id property (#17496)
azurerm_linux_virtual_machine_scale_set - support for capacity_reservation_group_id property (#17530)
azurerm_linux_virtual_machine_scale_set - support for the placement property for os disks (#17013)
azurerm_orchestrated_virtual_machine_scale_set - support for the placement property for os disks (#17013)
azurerm_shared_image - support for the end_of_life_date disk_types_not_allowed ,
max_recommended_vcpu_count , max_recommended_vcpu_count , max_recommended_memory_in_gb ,
min_recommended_memory_in_gb (#17300)
azurerm_signalr_service - Add support for live_trace (#17629)
azurerm_ssh_public_key - refactoring to use hashicorp/go-azure-sdk (#17609)
azurerm_stream_analytics_output_blob - support for the authentication_mode property (#16652)
azurerm_windows_virtual_machine_scale_set - support for capacity_reservation_group_id property (#17530)
azurerm_windows_virtual_machine_scale_set - support for the placement property for os disks (#17013)
BUG FIXES:
azurerm_api_management - correct set the API Management Cipher TLS_RSA_WITH_3DES_EDE_CBC_SHA (#17554)
azurerm_dev_test_lab_schedule - deleting the schedule during deletion (#17614)
azurerm_linux_function_app - set the default_hostname properly on read (#17498)
azurerm_linux_function_app_slot - set the default_hostname properly on read (#17498)
azurerm_windows_function_app - set the default_hostname properly on read (#17498)
azurerm_windows_function_app - correctly create function apps when custom handlers are used (#17498)
azurerm_windows_function_app_slot - set the default_hostname properly on read (#17498)
azurerm_windows_function_app_slot - correctly create function apps when custom handlers are used (#17498)
3.13.0 (July 08, 2022)

FEATURES:
New Data Source : azurerm_public_maintenance_configurations (#16810)
New Resource : azurerm_fluid_relay_server (#17238)
New Resource : azurerm_logz_sub_account (#16581)
ENHANCEMENTS:
azurestackhci: refactoring to use hashicorp/go-azure-sdk (#17469)
containerinstance: refactoring to use hashicorp/go-azure-sdk (#17499)
eventhub: refactoring to use hashicorp/go-azure-sdk (#17445)
hardwaresecuritymodules: refactoring to use hashicorp/go-azure-sdk (#17470)
netapp: refactoring to use hashicorp/go-azure-sdk (#17465)
privatedns: refactoring to use hashicorp/go-azure-sdk (#17436)
Data Source: azurerm_container_registry - add support for the data_endpoint_enabled property (#17466)
azurerm_hdinsight_kafka_cluster -support for the network block (#17259)
azurerm_key_vault_certificate - will now correctly recover certificates on import (#17415)
azurerm_kubernetes_clusterl - support for the capacity_reservation_group_id property (#17395)
azurerm_kubernetes_node_pool - support for the capacity_reservation_group_id property (#17395)
azurerm_linux_virtual_machine - support for the capacity_reservation_group_id property (#17236)
azurerm_spring_cloud_deployment - support for the addon_json property (#16984)
azurerm_synapse_integration_runtime_azure - the location property now supports Auto Resolve (#17111)
azurerm_windows_virtual_machine - support for the capacity_reservation_group_id property (#17236)
BUG FIXES:
azurerm_application_gateway - the request_routing_rule.x.priority property is now optional (#17380)
3.12.0 (June 30, 2022)

FEATURES:
New Resource : azurerm_active_directory_domain_service_trust (#17045)
New Resource : azurerm_data_protection_resource_guard (#17325)
New Resource : azurerm_spring_cloud_api_portal_custom_domain (#16966)
ENHANCEMENTS:
appservice: replacing usages of ioutil with io (#17392)
containerservice: updated to use version 2022-03-02-preview (#17084)
elastic: refactoring to use hashicorp/go-azure-sdk (#17431)
loadtest: refactoring to use hashicorp/go-azure-sdk (#17432)
maps: refactoring to use hashicorp/go-azure-sdk (#17434)
mixedreality: switching to use hashicorp/go-azure-sdk (#17417)
msi: refactoring to use hashicorp/go-azure-sdk (#17430)
powerbi: refactoring to use hashicorp/go-azure-sdk (#17435)
purview: refactoring to use hashicorp/go-azure-sdk (#17419)
redisenterprise: refactoring to use hashicorp/go-azure-sdk (#17387)
relay: refactoring to use hashicorp/go-azure-sdk (#17385)
search: refactoring to use hashicorp/go-azure-sdk (#17386)
servicefabricmanaged: refactoring to use hashicorp/go-azure-sdk (#17384)
trafficmanager: refactoring to use hashicorp/go-azure-sdk (#17383)
videoanalyzer: refactoring to use hashicorp/go-azure-sdk (#17382)
vmware: refactoring to use hashicorp/go-azure-sdk (#17381)
Data Source: azurerm_key_vault_key - exporting the resource_id and resource_versionless_id attributes
(#17424)
Data Source: azurerm_key_vault_secret - exporting the resource_id and resource_versionless_id attributes
(#17424)
Data Source: azurerm_spatial_anchors_account - exposing the tags attribute (#17417)
azurerm_bot_service_azure_bot - support new bot type with the microsoft_app_msi_id ,
microsoft_app_tenant_id , and microsoft_app_type properties (#17077)
azurerm_bot_channels_registration - support for the streaming_endpoint_enabled property (#17369)
azurerm_data_factory - support for the purview_id property (#17001)
azurerm_digital_twins_instance - support for the identity block (#17076)
azurerm_key_vault_key - exporting the resource_id and resource_versionless_id attributes (#17424)
azurerm_key_vault_secret - exporting the resource_id and resource_versionless_id attributes (#17424)
azurerm_kubernetes_cluster - support for version aliases (#17084)
azurerm_linux_web_app - support for the virtual_network_subnet_id property (#17354)
azurerm_linux_web_app_slot - support for the virtual_network_subnet_id property (#17354)
azurerm_private_link_service - support for the fqdns property (#17366)
azurerm_shared_image_version - support Premium_LRS for the storage_account_type property (#17390)
azurerm_shared_image_version - support for the disk_encryption_set_id , end_of_life_date , and
replication_mode properties (#17295)
azurerm_static_site_custom_domain - the validation_type propety is now optional (#15849)
azurerm_vpn_site - support for the o365_policy block (#16820)
BUG FIXES:
Data Source: azurerm_key_vault- caching the Key Vault URI when the Key Vault has been retrieved (#17407)
azurerm_application_gateway - prevent a crash when the waf_configuration block is removed (#17241)
azurerm_data_factory_dataset_snowflake - ensuring schema is sent to the API to fix a UI bug in the Azure Data
Factory Portal (#17346)
azurerm_data_factory_linked_service_azure_file_storage - corredctly assign user_id (#17398)
azurerm_key_vault - ensuring that soft_delete_enabled is explicitly set when purge_protection_enabled is
set (#16368)
azurerm_linux_function_app - correctly validate the app_setting_names and connection_string_names
properties within the sticky_settings block (#17209)
azurerm_linux_web_app - correctly configure auto_heal and slow_request (#17296)
azurerm_linux_web_app - correctly validate the app_setting_names and connection_string_names properties
within the sticky_settings block (#17209)
azurerm_management_group_policy_assignment - the name property can no longer contain / (#16484)
azurerm_policy_assignment - the name property can no longer contain / (#16484)
azurerm_resource_group_policy_assignment - the name property can no longer contain / (#16484)
azurerm_subscription_policy_assignment - the name property can no longer contain / (#16484)
azurerm_windows_function_app - correctly validate the app_setting_names and connection_string_names
properties within the sticky_settings block (#17209)
azurerm_windows_web_app - correctly configure auto_heal and slow_request (#17296)
azurerm_windows_web_app - correctly validate the app_setting_names and connection_string_names properties
within the sticky_settings block (#17209)
3.11.0 (June 23, 2022)

FEATURES:
New Data Source : azurerm_management_group_template_deployment (#14524)
New Data Source : azurerm_policy_assignment (#16527)
New Data Source : azurerm_resource_group_template_deployment (#14524)
New Data Source : azurerm_subscription_template_deployment (#14524)
New Data Source : azurerm_tenant_template_deployment (#14524)
ENHANCEMENTS:
batch: updating to use API Version 2022-01-01 (#17219)
confidentialledger: updating to use API Version 2022-05-13 (#17146)
desktopvirtualization: refactoring to use hashicorp/go-azure-sdk (#17340)
Data Source: azurerm_managed_disk - exporting the disk_access_id attribute (#17270)
Data Source: azurerm_managed_disk - exporting the network_access_policy attribute (#17270)
Data Source: azurerm_storage_account - add support for the identity property (#17215)
BUG FIXES:
Data Source: azurerm_mysql_flexible_server - generate the correct terraform resource ID (#17301)
azurerm_shared_image - the privacy_statement_uri , publisher , offer , and sku fields are now ForceNew
(#17289)
azurerm_shared_image_* - correctly validate the gallery_name property (#17201)
azurerm_time_series_insights_gen2_environment - correctly order id_properties (#17234)
3.10.0 (June 09, 2022)

FEATURES:
New Data Source : azurerm_cdn_frontdoor_rule_set (#17094)
New Resource : azurerm_capacity_reservation_group (#16464)
New Resource : azurerm_capacity_reservation (#16464)
New Resource : azurerm_cdn_frontdoor_rule_set (#17094)
ENHANCEMENTS:
azurerm_cosmosdb_cassandra_cluster - support for the authentication_method , client_certificate ,
external_gossip_certificate , external_seed_node , identity , repair_enabled and version properties
(#16799)
azurerm_key_vault_managed_hardware_security_module - support for purging when soft deleted (#17148)
azurerm_hpc_cache - support for identity block and the key_vault_key_id and
automatically_rotate_key_to_latest_enabled properties (#16972)
BUG FIXES:
azurerm_api_management - default hostname proxy configuration is no longer ignored (#16524)
azurerm_application_gateway - add default value for backend_http_settings.0.request_timeout (#17162)
azurerm_applicaton_gateway - priority is now required (#16849)
azurerm_container_group - Double the delete check timeout for nic (#17115)
azurerm_windows_function_app_x - custom_domain_verification_id is now written to state file ((#17183)
3.9.0 (June 02, 2022)

FEATURES:
New Data Source : azurerm_app_configuration_keys (#17053)
New Data Source : azurerm_cdn_frontdoor_endpoint (#17078)
New Data Source : azurerm_cdn_frontdoor_profile (#17061)
New Resource : azurerm_cdn_frontdoor_endpoint (#17078)
New Resource : azurerm_cdn_frontdoor_profile (#17061)
New Resource : azurerm_sentinel_data_connector_office_atp (#16825)
New Resource : azurerm_vpn_server_configuration_policy_group (#16911)
ENHANCEMENTS:
dependencies: upgrading to v0.33.0 of github.com/hashicorp/go-azure-hepers (#17074)
dependencies: upgrading to v1.6.1 of github.com/hashicorp/go-getter (#17074)
dependencies: upgrade netapp to 2021-10-01 (#17043)
azurerm_batch_job - refactor to split create and update (#17138)
azurerm_data_factory_trigger_schedule - support for the pipeline block (#16922)
azurerm_backup_policy_vm - support for V2 policies viu the policy_type property, supporting Enhanced
Policies of the hourly type (#16940)
azurerm_log_analytics_workspace - allow property updates when a workspace is linked to a cluster (#17069)
azurerm_netapp_volume - support for the network_features property (#17043)
azurerm_provider_registration - refactor to split create and update (#17138)
azurerm_web_pubsub_hub - the event_handler block is now optional (#17037)
azurerm_redis_cache - support the identity block (#16990)
azurerm_service_fabric_managed_cluster - refactor to split create and update (#17138)
azurerm_synapse_role_assignment - the role_name property now supports Synapse Monitoring Operator
(#17024)
azurerm_vpn_gateway_nat_rule - support for the port_range property (#16724)
BUG FIXES:
azurerm_container_registry_task - sending authentication within the source_trigger block when updating
(#17002)
azurerm_eventhub_authorization_rule - extend regex char limit for name (#17057)
azurerm_kubernetes_cluster - prevent a potential crash during import of a cluster that doesn't have an API
Server Access Profile (#17005)
3.8.0 (May 26, 2022)

FEATURES:
New Resource : azurerm_mssql_server_dns_alias (#16861)
New Resource : azurerm_spring_cloud_gateway_route_config (#16721)
New Resource : azurerm_spring_cloud_api_portal (#16719)
New Resource : azurerm_spring_cloud_build_deployment (#16730)
ENHANCEMENTS:
dependencies: upgrade botservice to 2021-05-01-preview (#16665)
dependencies: upgrade keyvault to 2021-10-01 (#16955)
azurerm_active_directory_domain_service - supports for the domain_configuration_type property (#16920)
azurerm_backup_protected_vm - allow the attached vm to be disassociated from the backup (#16939)
azurerm_backup_protected_vm - the backup is now removed from state when it is soft deleted (#16939)
azurerm_portal_dashboard - now supports the display_name argument (#16406)
azurerm_data_factory_trigger_schedule - support for the time_zone property (#16918)
azurerm_linux_virtual_machine - add support for Confidential VMs (#16905)
azurerm_linux_virtual_machine_scale_set - add support for Confidential VMs (#16916)
azurerm_linux_web_app - add support for zip_deploy_file property (#16779)
azurerm_linux_web_app_slot - add support for zip_deploy_file property (#16779)
azurerm_managed_disk - add support for Confidential VM (#16908)
azurerm_spring_cloud_service - suppport the build_agent_pool_size property (#16841)
azurerm_spring_cloud_service - support the zone_redundant property (#16872)
azurerm_synapse_spark_pool - the spark_version property now supports 3.2 (#16906)
azurerm_virtual_network_gateway_connection - support for the egress_nat_rule_ids and
ingress_nat_rule_ids properties (#16862)
azurerm_vpn_gateway - support for the bgp_route_translation_for_nat_enabled property (#16817)
azurerm_vpn_gateway_connection - support for the custom_bgp_address block (#16960)
azurerm_windows_virtual_machine - add support for Confidential VMs (#16905)
azurerm_windows_virtual_machine_scale_set - add support for Confidential VM (#16916)
azurerm_windows_web_app - add support for zip_deploy_file property (#16779)
azurerm_windows_web_app_slot - add support for zip_deploy_file property (#16779)
BUG FIXES:
azurerm_mysql_server - fix an error updating public_network_access_enabled with replicas (#16506)
azurerm_linux_function_app_slot - correctly check for name availability during creation (#16410)
azurerm_windows_function_app_slot - correctly check for name availability during creation (#16410)
azurerm_windows_virtual_machine - changing the timezone property now creates a new resources (#16866)
3.7.0 (May 19, 2022)

FEATURES:
New Authentication Method: OIDC (#16555)
New Data Source : azurerm_elastic_cloud_elasticsearch (#14821)
New Resource : azurerm_elastic_cloud_elasticsearch (#14821)
New Resource : azurerm_healthcare_fhir_service (#15913)
New Resource : azurerm_virtual_network_gateway_nat_rule (#15720)
ENHANCEMENTS:
dependencies: upgrade redisto 2020-12-01 (#16532)
azurerm_container_registry - support changing replications (#16678)
azurerm_disk_encryption_set - the encryption_type property now supports
ConfidentialVmEncryptedWithCustomerKey (#16870)
azurerm_linux_function_app - add support for PowerShell 7.2 (#16718)
azurerm_signalr_service - support the Premium_P1 SKU (#16875)
azurerm_spring_cloud_app - support for the identity block (#16280)
azurerm_spring_cloud_app - support for the addon_json property (#16722)
azurerm_windows_function_app - support for PowerShell 7.2 (#16718)
azurerm_mssql_managed_instance - support for the maintenance_configuration_name property (#16832)
BUG FIXES:
Data Source: azurerm_databricks_workspace - prevent a panic when the SKU field is missing (#16819)
azurerm_application_insights_web_test - working around a breaking change in the API where creation would
fail (#16845)
azurerm_express_route_gateway - handle gateway connections not found error (#16804)
azurerm_shared_image - changing the eula property now creates a new resource (#16868)
DEPRECATIONS:
azurerm_video_analyzer - Video Analyzer (Preview) is now Deprecated and will be Retired on 2022-11-30 -
as such this resource is deprecated and will be removed in v4.0 of the AzureRM Provider (#16847)
azurerm_video_analyzer_edge_module - Video Analyzer (Preview) is now Deprecated and will be Retired on
2022-11-30 - as such this resource is deprecated and will be removed in v4.0 of the AzureRM Provider
(#16847)
3.6.0 (May 12, 2022)

FEATURES:
New Resource : azurerm_confidential_ledger (#15420)
New Resource : azurerm_managed_disk_sas_token (#15558)
New Resource : azurerm_spring_cloud_gateway (#16175)
New Resource : azurerm_spring_cloud_build_pack_binding (#16673)
New Resource : azurerm_spring_cloud_gateway_custom_domain (#16720)
New Resource : azurerm_stream_analytics_output_powerbi (#16439)
ENHANCEMENTS:
dependencies: updating to v64.0.0 of github.com/Azure/azure-sdk-for-go (#16631)
dependencies: upgrade network to 2021-08-01 (#16631)
azurerm_container_group - support for the key_vault_key_id property (Customer Managed Key encryption)
(#16709)
azurerm_cosmosdb_account - support mongo version 4.2 (#16738)
azurerm_cosmosdb_cassandra_cluster - support for the tags property (#16743)
azurerm_kubernetes_cluster_node_pool - the property node_labels can now be updated (#16360)
azurerm_kubernetes_cluster - the property default_node_pool.node_labels can now be updated (#16360)
azurerm_kubernetes_cluster - allow value none for network_profile.network_plugin (#16250)
azurerm_kusto_script - lock kusto cluster so multiple scripts can be applied (#16690)
azurerm_storage_share - support the access_tier attribute (#16462)
azurerm_snapshot - support for the trusted_launch_enabled propertyu (#16679)
azurerm_stream_analytics_function_javascript_uda - support for the input.configuration_parameter property
(#16575)
azurerm_stream_analytics_function_javascript_udf - support for the input.configuration_parameter property
(#16579)
azurerm_linux_virtual_machine - correctly support for the update the diff_disk_settings.placement property
(#14847)
azurerm_virtual_network_gateway_connection - support for the custom_bgp_addresses property (#16631)
azurerm_windows_virtual_machine - correctly support for the update the diff_disk_settings.placement
property (#14847)
BUG FIXES:
azurerm_app_configuration_feature - allow successful creation of resource without specifying any optional
filters (#16459)
azurerm_mssql_managed_instance_failover_group - correctly import resource and sent primary isntance id
(#16705)
3.5.0 (May 05, 2022)

FEATURES:
New Data Source : azurerm_healthcare_dicom_service (#15887)
New Resource : azurerm_healthcare_dicom_service (#15887)
New Resource : azurerm_mssql_managed_instance_vulnerability_assessment (#16639)
New resource : azurerm_sentinel_data_connector_aws_s3 (#16440)
New Resource : azurerm_spring_cloud_builder (#16036)
New Resource : azurerm_spring_cloud_configuration_service (#16087)
ENHANCEMENTS:
dependencies: updating to v1.5.11 of github.com/hashicorp/go-getter (#16659)
dependencies: upgrade recoveryservices to 2021-12-01 (#16001)
azurerm_linux_virtual_machine_scale_set - improve validation on the termination_notification.timeout
property (#16594)
azurerm_orchestrated_virtual_machine_scale_set - improve validation on the
termination_notification.timeout property (#16594)
azurerm_servicebus_namespace - the sku property can now be updated to Basic or Standard without
recreating the resource (#16523)
azurerm_storage_account - support for the cross_tenant_replication_enabled property (#16351)
azurerm_windows_virtual_machine_scale_set - improve validation on the termination_notification.timeout
property (#16594)
azurerm_virtual_network_gateway_connection - the traffic_selector_policy property can now be specified
(#15938)
azurerm_stream_analytics_output_servicebus_queue - support for the property_columns and
system_property_columns properties (#16572)
BUG FIXES:
Data Source: azurerm_servicebus_queue_authorization_rule - prevent a possible crash by setting queue_name
correctly (#16561)
Data Source: azurerm_service_plan: - correctly populate the kind and os_type attributes (#16431)
azurerm_data_factory_dataset_delimited_text - set defaults properly for column_delimiter , quote_character ,
escape_character , first_row_as_header and null_value (#16543)
azurerm_linux_function_app - correctly deduplicate user app_settings (#15740)
azurerm_linux_function_app - fix app_settings.WEBSITE_RUN_FROM_PACKAGE handling from external sources
(#16641)
azurerm_linux_function_app_slot - correctly deduplicate user app_settings (#15740)
azurerm_linux_function_app_slot - fix app_settings.WEBSITE_RUN_FROM_PACKAGE handling from external sources
(#16641)
azurerm_machine_learning_compute_cluster - resource will now be deleted instead of just detached (#16640)
azurerm_windows_function_app - correctly deduplicate user app_settings (#15740)
azurerm_windows_function_app_slot - correctly deduplicate user app_settings (#15740)
3.4.0 (April 28, 2022)

FEATURES:
New Resource : azurerm_stream_analytics_output_cosmosdb (#16441)
ENHANCEMENTS:
dependencies: updating to v0.11.26 of github.com/Azure/go-autorest (#16458)
dependencies: upgrading to v0.30.0 of github.com/hashicorp/go-azure-helpers (#16504)
dependencies: upgrade sqlvirtualmachine to 2021-11-01-preview (#15835)
Data Source: azurerm_linux_function_app - add support for sticky_settings (#16546)
Data Source: azurerm_linux_web_app - add support for sticky_settings (#16546)
Data Source: azurerm_windows_function_app - add support for sticky_settings (#16546)
Data Source: azurerm_windows_web_app - add support for sticky_settings (#16546)
azurerm_kubernetes_cluster - support for the run_command_enabled property (#15029)
azurerm_linux_function_app - add support for sticky_settings (#16546)
azurerm_linux_web_app - add support for sticky_settings (#16546)
azurerm_monitor_aad_diagnostic_setting - remove validation on log.category to allow for new log
categories that are available in Azure (#16534)
azurerm_mssql_database - Support for short_term_retention_policy.0.backup_interval_in_hours (#16528)
azurerm_postgresql_server - add validation for public_network_access_enabled (#16516)
azurerm_stream_analytics_job - support for the type property (#16548)
azurerm_windows_function_app - add support for sticky_settings (#16546)
azurerm_windows_web_app - add support for sticky_settings (#16546)
azurerm_linux_virtual_machine_scale_set - the terminate_notification property has been renamed to
termination_notification (#15570)
azurerm_windows_virtual_machine_scale_set - the terminate_notification property has been renamed to
termination_notification (#15570)
BUG FIXES:
azurerm_datafactory_dataset_x - Fix crash around azure_blob_storage_location.0.dynamic_container_enabled
(#16514)
azurerm_kubernetes_cluster - allow updates to a cluster running a deprecated version of kubernetes
(#16551)
azurerm_resource_policy_remediation - will no longer try to cancel a completed remediation task during
deletion (#16478)
3.3.0 (April 21, 2022)

FEATURES:
New Resource : azurerm_spring_cloud_container_deployment (#16181)
ENHANCEMENTS:
dependencies: updating to v0.19.0 of github.com/tombuildsstuff/giovanni (#16460)
Data Source: azurerm_kubernetes_cluster - exporting the microsoft_defender block (#16218)
Data Source: azurerm_storage_account - exporting the nfsv3_enabled attribute (#16404)
azurerm_data_factory_linked_service_azure_blob_storage - support for the storage_kind property (#16403)
azurerm_data_factory_linked_service_azure_blob_storage - support for the
service_principal_linked_key_vault_key property (#16414)
data_factory_linked_service_sql_server_resource - support for the user_name property (#16118)
azurerm_kubernetes_cluster - support for the microsoft_defender block (#16218)
azurerm_redis_enterprise_cluster - support for the linked_database_id and linked_database_group_nickname
properties (#16045)
azurerm_spring_cloud_service - support for the service_registry_enabled property (#16277)
azurerm_stream_analytics_output_mssql - support for the system_property_columns property (#16425)
azurerm_stream_analytics_output_servicebus_topic - support for the max_batch_count and max_writer_count
properties (#16409)
azurerm_stream_analytics_output_table - support for the columns_to_remove property (#16389)
azurerm_virtual_hub_connection - the internet_security_enabled property can now be updated (#16430)
BUG FIXES:
azurerm_cdn_endpoint - the origin.http and origin.https_ports properties now have thed efault values of
80 and 443 respectivly (#16143)
azurerm_key_vault_certificate - now authenticates and manages resources correctly within the US Gov
Cloud (#16455)
azurerm_key_vault_key - now authenticates and manages resources correctly within the US Gov Cloud
(#16455)
azurerm_key_vault_managed_storage_account - now authenticates and manages resources correctly within the
US Gov Cloud (#16455)
azurerm_key_vault_secret - now authenticates and manages resources correctly within the US Gov Cloud
(#16455)
azurerm_kubernetes_cluster - the role_based_access_control_enabled property can now be disabled
(#16488)
azurerm_linux_function_app - the ip_address property is now correctly set into state when the service_tag
property is specified (#16426)
azurerm_linux_function_app - fix a bug in updates to app_settings where settings could be lost (#16442)
azurerm_linux_function_app_slot - this ip_address property is now correctly set into state when the
service_tag property is specified (#16426)
azurerm_linux_web_app - the ip_address property is correctly set into state when the service_tag property
is specified (#16426)
azurerm_linux_web_app - fix a potential crash when an empty app_stack block is used (#16446)
azurerm_linux_web_app_slot - the ip_address property is now correctly set into state when the service_tag
azurerm_linux_web_app_slot - fix a potential crash when an empty app_stack block is used (#16446)
azurerm_sentinel_alert_rule_fusion - will no longer send the etag property during updates as it is longer
required (#16428)
azurerm_sentinel_alert_rule_machine_learning_behavior_analytics - will no longer send the etag property
during updates as it is longer required (#16428)
azurerm_sentinel_alert_rule_ms_security_incident - will no longer send the etag property during updates
as it is longer required (#16428)
azurerm_sentinel_alert_rule_scheduled - will no longer send the etag property during updates as it is
longer required (#16428)
azurerm_sentinel_data_connector_aws_cloud_trail - will no longer send the etag property during updates as
it is longer required (#16428)
azurerm_sentinel_data_connector_microsoft_cloud_app_security - will no longer send the etag property
during updates as it is longer required (#16428)
azurerm_sentinel_data_connector_office_365 - will no longer send the etag property during updates as it is
longer required (#16428)
azurerm_storage_account - will now update identity before customer_managed_key enabling adding a new
identity with access to the CMK (#16419)
azurerm_subnet - the address_prefixes property is now (explicitly) required (#16402)
azurerm_windows_function_app - the ip_address property is now correctly set into state when the
azurerm_windows_function_app - fix a bug in updates to app_settings where settings could be lost (#16442)
azurerm_windows_function_app_slot - the ip_address property is now correctly set into state when the
azurerm_windows_web_app - the ip_address property is now correctly set into state when the service_tag
azurerm_windows_web_app - prevent a potential crash when an empty app_stack block is used (#16446)
azurerm_windows_web_app_slot - the ip_address property is now correctly set into state when the
azurerm_windows_web_app_slot - prevent a potential crash when an empty app_stack block is used (#16446)
3.2.0 (April 14, 2022)

FEATURES:
New Datasource : azurerm_kusto_database (#16180)
New Resource : azurerm_container_connected_registry (#15731)
New Resource : azurerm_managment_group_policy_exemption (#16293)
New Resource : azurerm_resource_group_policy_exemption (#16293)
New Resource : azurerm_resource_policy_exemption (#16293)
New Resource : azurerm_stream_analytics_job_schedule (#16349)
New Resource : azurerm_subscription_policy_exemption (#16293)
ENHANCEMENTS:
Data Source: azurerm_stream_analytics_job - support for the last_output_time , start_mode , and
start_time properties (#16349)
azurerm_container_group - support for the init_container block (#16204)
azurerm_machine_learning_workspace - renamed the public_network_access_enabled property to
public_access_behind_virtual_network_enabled to better reflect what this property does (#16288)
azurerm_media_streaming_endpoint support Standard Streaming Endpoints (#16304)
azurerm_cdn_endpoint - the url_path_condition property now allows the RegEx and Wildcard values
(#16385)
BUG FIXES:
Data Source: azurerm_log_analytics_linked_storage_account - correctly set the data_source_type property
(#16313)
azurerm_lb_outbound_rule - allow 0 for the allocated_outbound_ports property (#16369)
azurerm_mysql_flexible_server - backup_retention_days can now be set any value from 1 - 35 (#16312)
azurerm_sentinel_watchlist - support for the required property item_search_key (#15861)
azurerm_vpn_server_configuration - the server_root_certificate property is now optional (#16366)
azurerm_storage_data_lake_gen2_path - support $superuser as an option for owner and group (#16370)
azurerm_eventhub_namespace - can now be updated when customer managed keys are being used (#16371)
azurerm_postgresql_flexible_server - high_availability blocks can now be added and removed (#16328)
3.1.0 (April 07, 2022)

FEATURES:
New Resource : azurerm_container_registry_agent_pool (#16258)
ENHANCEMENTS:
dependencies: updating digitaltwins to use API Version 2020-12-01 (#16044)
dependencies: updating streamanalytics to use API Version 2020-03-01 (#16270)
provider: upgrading to Go 1.18 (#16247)
Data Source: azurerm_kubernetes_cluster - support for the oidc_issuer_enabled and oidc_issuer_url
properties [#16130]
Data Source: azurerm_service_plan - add support for zone_balancing_enabled (#16156)
azurerm_application_gateway - add KNOWN-CVES to accepted values for the rule_group_name property
(#16080)
azurerm_automation_account - the dsc_primary_access_key and dsc_secondary_access_key properties are now
marked as sensitive (#16161)
azurerm_cognitive_account - support for the custom_question_answering_search_service_id property
(#15804)
azurerm_consumption_budget_management_group - support for SubscriptionID and SubscriptionName options in
the dimension block (#16074)
azurerm_cosmosdb_gremlin_graph - the property indexing_mode is now case-sensitive (#16152)
azurerm_cosmosdb_sql_container - the property indexing_mode is now case-sensitive (#16152)
azurerm_dedicated_host - support for the the DSv3-Type4 and ESv3-Type4 SKUs (#16253)
azurerm_kubernetes_cluster - support for the oidc_issuer_enabled and oidc_issuer_url properties
[#16130]
azurerm_kubernetes_cluster - the network_profile block now supports the ip_versions property (#16088)
azurerm_mssql_database - support for the ledger_enabled property (#16214)
azurerm_service_plan - support for the zone_balancing_enabled property (#16156)
azurerm_servicebus_namespace - support for the customer_managed_key block (#15601)
azurerm_web_application_firewall_policy - add KNOWN-CVES to accepted values for rule_group_name
(#16080)
azurerm_servicebus_namespace - add support for the local_auth_enabled property (#16268)
BUG FIXES:
azurerm_api_management_api_operation_tag - now retrieves tags from the correct API (#16006)
azurerm_api_management_api_operation - prevent a potential panic when parsing representation (#14848)
azurerm_application_gateway - a frontend_ip_configuration blocks can now be updated (#16132)
azurerm_application_insights - remove the disable logic for the created Action Groups (#16170)
azurerm_cosmosdb_sql_container - disabling the analytical_storage_ttl property now forces a new resoruce
to be created (#16229)
azurerm_linux_function_app - only one of application_insights_key or
application_insights_connection_string needs to be optionally specified (#16134)
azurerm_linux_function_app_slot - only one of application_insights_key or
application_insights_connection_string needs to be optionally specified (#16134)
azurerm_windows_function_app - fix the import check for Service Plan OS type (#16164)
azurerm_linux_web_app_slot - fix container_registry_managed_identity_client_id property validation
(#16149)
azurerm_windows_web_app - add support for dotnetcore in site metadata property current_stack (#16129)
azurerm_windows_web_app - fix docker windowsFXVersion when docker_container_registry is specified
(#16192)
azurerm_windows_web_app_slot - add support for dotnetcore in site metadata property current_stack
(#16129)
azurerm_windows_web_app_slot - fix docker windowsFXVersion when docker_container_registry is specified
(#16192)
azurerm_storage_data_lake_gen2_filesystem - add support for $superuser in group and owner properties
(#16215)
3.0.2 (March 26, 2022)

BUG FIXES:
azurerm_cosmosdb_account - prevent a panic when the API returns an empty list of read or write locations
(#16031)
azurerm_cdn_endpoint - prevent a panic when there is an empty country_codes property (#16066)
azurerm_key_vault - fix the authorizer was not an auth.CachedAuthorizer error (#16078)
azurerm_linux_function_app - correctly update storage settings when using MSI (#16046)
azurerm_managed_disk - changing the zone property now correctly creates a new resource (#16070)
azurerm_resource_group - will now during deletion if there are still resources found in the group it will wait a
little bit and check again to handle eventually consistancy bugs (#16073)
azurerm_windows_function_app - correctly update the storage settings when using MSI authentication
(#16046)
3.0.1 (March 24, 2022)

BUG FIXES:
provider: the prevent_deletion_if_contains_resources feature flag within the resource_group block now
defaults to true (#16021)
3.0.0 (March 24, 2022)

NOTES:
Major Version : Version 3.0 of the Azure Provider is a major version - some behaviours have changed and
some deprecated fields/resources have been removed - please refer to the 3.0 upgrade guide for more
information.
When upgrading to v3.0 of the AzureRM Provider, we recommend upgrading to the latest version of
Terraform Core (which can be found here) - the next major release of the AzureRM Provider (v4.0) will
require Terraform 1.0 or later.
FEATURES:
New Data Source : azurerm_healthcare_workspace (#15759)
New Data Source : azurerm_key_vault_encrypted_value (#15873)
New Data Source : azurerm_managed_api (#15797)
New Resource : azurerm_api_connection (#15797)
New Resource : azurerm_healthcare_workspace (#15759)
New Resource : azurerm_stream_analytics_function_javascript_uda (#15831)
New Resource : azurerm_security_center_server_vulnerability_assessment_virtual_machine (#15747)
ENHANCEMENTS:
dependencies: updating appplatform to API Version 2022-01-01-preview (#15597)
provider: MSAL (and Microsoft Graph) is now used for authentication instead of ADAL (and Azure Active
Directory Graph) (#12443)
provider: all (non-deprecated) resources now validate the Resource ID during import (#15989)
provider: added a new feature flag within the api_management block for recover_soft_deleted , for
configuring whether a soft-deleted azurerm_api_management should be recovered during creation (#15871)
provider: added a new feature flag within the key_vault block for recover_soft_deleted_certificates , for
configuring whether a soft-deleted azurerm_key_vault_certificate should be recovered during creation
(#10273)
provider: added a new feature flag within the key_vault block for
purge_soft_deleted_certificates_on_destroy , for configuring whether a deleted
azurerm_key_vault_certificate should be purged during deletion (#10273)
provider: added a new feature flag within the key_vault block for recover_soft_deleted_keys , for
configuring whether a soft-deleted azurerm_key_vault_key should be recovered during creation (#10273)
provider: added a new feature flag within the key_vault block for purge_soft_deleted_keys_on_destroy , for
configuring whether a deleted azurerm_key_vault_key should be purged during deletion (#10273)
provider: added a new feature flag within the key_vault block for recover_soft_deleted_secrets , for
configuring whether a soft-deleted azurerm_key_vault_secret should be recovered during creation (#10273)
provider: added a new feature flag within the key_vault block for purge_soft_deleted_secrets_on_destroy ,
for configuring whether a deleted azurerm_key_vault_secret should be purged during deletion (#10273)
provider: added a new feature flag within the resource_group block for
prevent_deletion_if_contains_resources , for configuring whether Terraform should prevent the deletion of a
Resource Group which still contains items (#13777)
provider: the feature flag permanently_delete_on_destroy within the log_analytics_workspace block now
defaults to true (#15948)
Resources supporting Availability Zones: Zones are now treated consistently across the Provider and the field
within Terraform has been renamed to either zone (for a single Zone) or zones (where multiple can be
defined) - the complete list of resources can be found in the 3.0 Upgrade Guide (#14588)
Resources supporting Managed Identity: Identity blocks are now treated consistently across the Provider -
the complete list of resources can be found in the 3.0 Upgrade Guide (#15187)
provider: removing the network and relaxed_locking feature flags, since this is now enabled by default
(#15719)
Data Source: azurerm_linux_function_app - support for the storage_key_vault_secret_id property (#15793)
Data Source: azurerm_storage_account_sas - now exports the tag and filter attributes (#15863)
Data Source: azurerm_windows_function_app - support for storage_key_vault_secret_id property (#15793)
azurerm_application_insights - can now disable Rule and Action Groups that are automatically created
(#15892)
azurerm_cdn_endpoint - the host_name property has been renamed to fqdn (#15992)
azurerm_eventgrid_system_topic_event_subscription - support for the delivery_property property (#15559)
azurerm_iothub - add support for the authentication_type and identity_id properties in the file_upload
block (#15874)
azurerm_kubernetes_cluster - the kube_admin_config block is now marked as sensitive in addition to all items
within it (#4105)
azurerm_kubernetes_cluster - add support for the key_vault_secrets_provider and
open_service_mesh_enabled property in Azure China and Azure Government (#15878)
azurerm_linux_function_app - add support for the storage_key_vault_secret_id property (#15793)
azurerm_linux_function_app - updating the read timeout to be 5m (#15867)
azurerm_linux_function_app - support for node version 16 preview (#15884)
azurerm_linux_function_app - add support for use_dotnet_isolated_runtime (#15969)
azurerm_linux_function_app_slot - add support for use_dotnet_isolated_runtime (#15969)
azurerm_linux_function_app_slot - add support for storage_key_vault_secret_id (#15793)
azurerm_linux_function_app_slot - updating the read timeout to be 5m (#15867)
azurerm_linux_virtual_machine - support for the termination_notification property (#14933)
azurerm_linux_virtual_machine - support for the edge_zone property (#15890)
azurerm_linux_virtual_machine_scale_set - support for the edge_zone property (#15890)
azurerm_linux_web_app - support for PHP version 8.0 (#15933)
azurerm_loadbalancer - support for the edge_zone property (#15890)
azurerm_managed_disk - support for the edge_zone property (#15890)
azurerm_management_group_policy_assignment - support for User Assigned Identities (#15376)
azurerm_mssql_server - the minimum_tls_version property now defaults to 1.2 (#10276)
azurerm_mysql_server - the ssl_minimal_tls_version_enforced property now defaults to 1.2 (#10276)
azurerm_network_interface - support for the edge_zone property (#15890)
azurerm_network_security_rule - no longer locks on the network security group name (#15719)
azurerm_postgresql_server - the ssl_minimal_tls_version_enforced property now defaults to 1.2 (#10276)
azurerm_public_ip - support for the edge_zone property (#15890)
azurerm_redis_cache - the minimum_tls_version property now defaults to 1.2 (#10276)
azurerm_resource_group - Terraform now checks during the deletion of a Resource Group if there's any items
remaining and will raise an error if so by default (to avoid deleting items unintentionally). This behaviour can
be controlled using the prevent_deletion_if_contains_resources feature-flag within the resource_group
block within the features block. (#13777)
azurerm_resource_group_policy_assignment - support for User Assigned Identities (#15376)
azurerm_resource_policy_assignment - support for User Assigned Identities (#15376)
azurerm_sentinel_alert_rule_scheduled - support for alert_details_override (#15901)
azurerm_sentinel_alert_rule_scheduled - support for entity_mapping [#15901]
azurerm_sentinel_alert_rule_scheduled - support for custom_details (#15901)
azurerm_sentinel_alert_rule_scheduled - support for group_by_alert_details (#15901)
azurerm_sentinel_alert_rule_scheduled - support for group_by_custom_details (#15901)
azurerm_site_recovery_replicated_vm - support for the target_availability_zone property (#15617)
azurerm_shared_image - support for the support_accelerated_network property (#15562)
azurerm_static_site - the identity property now supports SystemAssigned and UserAssigned (#15834)
azurerm_storage_account - the allow_blob_public_access property has been renamed to
allow_nested_items_to_be_public to better represent what is being enabled (#12689)
azurerm_storage_account - support for the edge_zone property (#15890)
azurerm_storage_account - ZRS is no longer supported when using StorageV1 (#16004)
azurerm_storage_account - the min_tls_version property now defaults to 1.2 (#10276)
azurerm_storage_share - quota is now required (#15982)
azurerm_subscription_policy_assignment - support for User Assigned Identities (#15376)
azurerm_virtual_network - support for the edge_zone property (#15890)
azurerm_virtual_network_gateway - support for the edge_zone property (#15890)
azurerm_virtual_hub - support for the virtual_router_asn and virtual_router_ips properties (#15741)
azurerm_windows_function_app - add support for storage_key_vault_secret_id property (#15793)
azurerm_windows_function_app - updating the read timeout to be 5m (#15867)
azurerm_windows_function_app node version validation string can not be prefixed with ~ (#15884)
azurerm_windows_function_app support for node version 16 preview support (#15884)
azurerm_windows_function_app - add support for use_dotnet_isolated_runtime (#15969)
azurerm_windows_function_app_slot - add support for use_dotnet_isolated_runtime (#15969)
azurerm_windows_function_app_slot - add support for the storage_key_vault_secret_id property (#15793)
azurerm_windows_function_app_slot - updating the read timeout to be 5m (#15867)
azurerm_windows_virtual_machine - support for the termination_notification property (#14933)
azurerm_windows_virtual_machine - support for the edge_zone property (#15890)
azurerm_windows_virtual_machine_scale_set - support for the edge_zone property (#15890)
BUG FIXES:
provider: the recover_soft_deleted_key_vaults feature flag within the key_vault block now defaults to true
(#15984)
provider: the purge_soft_delete_on_destroy feature flag within the key_vault block now defaults to true
[#15984]
azurerm_app_configuration_feature - detecting that the key is gone when the App Configuration has been
deleted (#15973)
azurerm_app_configuration_key - detecting that the key is gone when the App Configuration has been deleted
(#15973)
azurerm_application_gateway - the backend_address_pool block is now a Set rather than a List (#6896)
azurerm_application_gateway - the field fqdns within the backend_address_pool block is now a Set rather
than a List (#6896)
azurerm_application_gateway - the field ip_addresses within the backend_address_pool block is now a Set
rather than a List (#6896)
azurerm_application_gateway - the backend_http_settings block is now a Set rather than a List (#6896)
azurerm_application_gateway - the frontend_port block is now a Set rather than a List (#6896)
azurerm_application_gateway - the field host_names within the frontend_port block is now a Set rather than
a List (#6896)
azurerm_application_gateway - the http_listener block is now a Set rather than a List (#6896)
azurerm_application_gateway - the private_endpoint_connection block is now a Set rather than a List (#6896)
azurerm_application_gateway - the private_link_configuration block is now a Set rather than a List (#6896)
azurerm_application_gateway - the probe block is now a Set rather than a List (#6896)
azurerm_application_gateway - the redirect_configuration block is now a Set rather than a List (#6896)
azurerm_application_gateway - the request_routing_rule block is now a Set rather than a List (#6896)
azurerm_application_gateway - the ssl_certificate block is now a Set rather than a List (#6896)
azurerm_container_registry - validate the georepliactions property does not include the location of the
Container Registry (#15847)
azurerm_cosmosdb_mongo_collection - the default_ttl_seconds property can now be set to -1 (#15736)
azurerm_eventhub - prevent panic when the capture_description block is removed (#15930)
azurerm_key_vault_access_policy - validating the Resource ID during import (#15989)
azurerm_linux_function_app - fixed update handling of app_settings for WEBSITE_CONTENTSHARE and
azurerm_linux_function_app_slot - fixed update handling of app_settings for WEBSITE_CONTENTSHARE and
azurerm_local_network_gateway - fix for address_space cannot be updated (#15159)
azurerm_log_analytics_cluster_customer_managed_key - detecting when the Customer Managed Key has been
removed (#15973)
azurerm_mssql_database_vulnerability_assessment_rule_baseline - prevent the resource from being replaced
every apply (#14759)
azurerm_security_center_auto_provisioning - validating the Resource ID during import [#15989]
azurerm_security_center_setting - changing the setting_name property now forces a new resource
(#15983)
azurerm_synapse_workspace - fixing a bug where workspaces created from a Dedicated SQL Pool / SQL Data
Warehouse couldn't be retrieved (#15829)
azurerm_synapse_workspace_key - keys can now be correctly rotated (#15897)
azurerm_windows_function_app - fixed update handling of app_settings for WEBSITE_CONTENTSHARE and
azurerm_windows_function_app_slot - fixed update handling of app_settings for WEBSITE_CONTENTSHARE and
For information on changes between the v2.99.0 and v2.0.0 releases, please see the previous v2.x changelog
entries.
entries.
For information on changes prior to the v1.0.0 release, please see the v0.x changelog.
Versions 2.0.0 - 2.99.0

2.99.0 (March 11, 2022)
NOTES
Preparation for 3.0 : We intend for v2.99.0 to be the last release in the 2.x line - we’ll be turning our focus
to 3.0 with the next release. We recommend consulting the list of changes coming in 3.0 to be aware and
trialling the Beta available in the latest 2.x releases if you’re interested.
FEATURES:
New Beta Resource: azurerm_function_app_function (#15605)
New Beta Resource: azurerm_function_app_hybrid_connection (#15702)
New Beta Resource: azurerm_web_app_hybrid_connection (#15702)
New Resource: azurerm_cosmosdb_sql_role_assignment (#15038)
New Resource: azurerm_cosmosdb_sql_role_definition (#15035)
ENHANCEMENTS:
dependencies: updating compute to 2021-11-01 (#15099)
dependencies: updating kubernetescluster to 2022-01-02-preview (#15648)
dependencies: updating sentinel to 2021-09-01-preview (#14983)
Data Source: azurerm_kubernetes_cluster - deprecated the addon_profile block in favour of
aci_connector_linux , azure_policy_enabled , http_application_routing_enabled ,
ingress_application_gateway , key_vault_secrets_provider , oms_agent and open_service_mesh_enabled
properties (#15584)
Data Source: azurerm_kubernetes_cluster - deprecated the role_based_access_control block in favour of
azure_active_directory_role_based_access_control and role_based_access_control_enabled properties
(#15584)
Data Source: azurerm_servicebus_namespace_authorization_rule - support for the namespace_id property
(#15671)
Data Source: azurerm_servicebus_namespace_disaster_recovery_config - support for the namespace_id
property (#15671)
Data Source: azurerm_servicebus_queue - support for the namespace_id property (#15671)
Data Source: azurerm_servicebus_queue_authorization_rule - support for the queue_id property (#15671)
Data Source: azurerm_servicebus_subscription - support for the topic_id property (#15671)
Data Source: azurerm_servicebus_topic - support for the namespace_id property (#15671)
Data Source: azurerm_servicebus_topic_authorization_rule - support for the topic_id property (#15671)
Data Source: azurerm_virtual_network - support for the tags property (#14882)
azurerm_batch_account - support for customer managed keys (#14749)
azurerm_container_registry support for the export_policy_enabled property (#15036)
azurerm_kubernetes_cluster - deprecate the role_based_access_control block in favour of
role_based_access_control_enabled and azure_active_directory_role_based_access_control (#15546)
azurerm_iothub - deprecate the ip_filter_rule property in favour of the network_rule_set property
(#15590)
azurerm_lb_nat_rule - the frontend_port and backend_port properties now support 0 (#15694)
azurerm_machine_learning_compute_instance - updating the validation on the name property (#14839)
azurerm_mssql_database_extended_auditing_policy - support for the enabled property (#15624)
azurerm_mssql_server_extended_auditing_policy - support for the enabled property (#15624)
azurerm_management_group_policy_assignment - the parameters property can now be updated (#15623)
azurerm_mssql_server - the administrator_login and administrator_login_password properties are now
optional when Azure AD authentication is enforced (#15771)
azurerm_resource_policy_assignment - the parameters property can now be updated (#15623)
azurerm_resource_group_policy_assignment - the parameters property can now be updated (#15623)
azurerm_recovery_service_vault - support for the cross_region_restore_enabled property (#15757)
azurerm_subscription_policy_assignment - the parameters property can now be updated (#15623)
azurerm_storage_object_replication - support for replicating containers across subscriptions (#15603)
BUG FIXES:
azurerm_backup_protected_vm - the source_vm_id property is now case insensitive (#15656)
azurerm_batch_job - will not longer fail during creation if multiple common_environment_properties are set
(#15686)
azurerm_container_group - correctly parse empty or omitted dns_config.options and
dns_config.search_domains properties (#15618)
azurerm_key_vault_key - correctly set the vault id on import (#15670)
azurerm_monitor_diagnostic_setting - will now correctly parse the eventhub_authorization_rule_id property
(#15582)
azurerm_mssql_managed_instance_active_directory_administrator - prevent a perpetual diff with the instance
ID (#15725)
azurerm_orchestrated_virtual_machine_scale_set - prevent a crash when the 3.0 beta was enabled (#15637)
azurerm_storage_data_lake_gen2_filesystem - support configuring the group and owner properties
(#15598)
azurerm_virtual_network_gateway - prevent a panic with bgp_settings.0.peering_address (#15689)
2.98.0 (February 25, 2022)

FEATURES:
New Beta Resource: azurerm_function_app_active_slot (#15246)
New Beta Resource: azurerm_web_app_active_slot (#15246)
ENHANCEMENTS:
dependencies: upgrading to v0.18.0 of (#15507)
github.com/tombuildsstuff/giovanni
azurerm_linux_function_app - adds key_vault_reference_identity_id support (#15553)
azurerm_linux_function_app_slot - adds key_vault_reference_identity_id support (#15553)
azurerm_windows_function_app - adds key_vault_reference_identity_id support (#15553)
azurerm_windows_function_app_slot - adds key_vault_reference_identity_id support (#15553)
BUG FIXES:
azurerm_cosmosdb_mongo_collection - can now set the autoscale_settings property without setting a
shard_key when creating an Azure Cosmos DB MongoDB collection (#15529)
azurerm_firewall_policy - will not wait for resource to finish provisioning after creation (#15561)
2.97.0 (February 18, 2022)

UPGRADE NOTES:
3.0 Beta: This release includes a new feature-flag to opt-into the 3.0 Beta - which (when enabled) introduces
a number of new data sources/resources, behavioural changes, field renames and removes some older
deprecated resources. The 3.0 Beta is still a work-in-progress at this time and as such the changes listed in
the 3.0 Upgrade Guide may change, however we're interested to hear your feedback and instructions on how
to opt-into the 3.0 Beta can be found here.
FEATURES:
New Data Source: azurerm_extended_locations (#15181)
New Data Source: azurerm_mssql_managed_instance (#15203)
New Resource: azurerm_iothub_certificate (#15461)
New Resource: azurerm_mssql_outbound_firewall_rule (#14795)
New Resource: azurerm_mssql_managed_database (#15203)
New Resource: azurerm_mssql_managed_instance (#15203)
New Resource: azurerm_mssql_managed_instance_active_directory_administrator (#15203)
New Resource: azurerm_mssql_managed_instance_failover_group (#15203)
New Resource: azurerm_spring_cloud_storage (#15375)
ENHANCEMENTS:
azurerm_automation_account - add support for the public_network_access_enabled property (#15429)
azurerm_kubernetes_cluster - deprecate the addon_profile block, moving all properties to the top level as
well as removing the enabled field for all add-ons (#15108)
azurerm_kusto_cluster - supports for the public_network_access_enabled property (#15428)
azurerm_machine_learning_workspace - support for both SystemAssigned, UserAssigned and UserAssigned
Identities (#14181)
azurerm_machine_learning_workspace - support for encryption using a User Assigned Identity (#14181)
azurerm_monitor_activity_log_alert support for the resource_health block (#14917)
azurerm_iothub_dps - support for the ip_filter_rule block and the public_network_access_enabled property
(#15343)
azurerm_spring_cloud_app - support for the custom_persistent_disk block (#15400)
azurerm_servicebus_namespace - support for the identity block (#15371)
azurerm_storage_account - add support for creating a customer managed key upon creation of a storage
account (#15082)
azurerm_storage_management_policy - add support for
tier_to_cool_after_days_since_last_access_time_greater_than ,
tier_to_archive_after_days_since_last_access_time_greater_than, and
delete_after_days_since_last_access_time_greater_than (#15423)
azurerm_web_pubsub - support for the identity block (#15288)
BUG FIXES:
azurerm_application_gateway - fixing a regression where the identity block wasn't set into the state
(#15412)
azurerm_automation_account - fixing a crash where the keys weren't returned from the API (#15482)
azurerm_kusto_cluster - ranaming the properties enable_auto_stop to auto_stop_enabled ,
enable_disk_encryption to disk_encryption_enabled , enable_streaming_ingest to
streaming_ingestion_enabled , and enable_purge to purge_enabled with the orginal properties being
deprecated (#15368)
azurerm_log_analytics_linked_storage_account - correct casing for data_source_type when using ingestion
(#15451)
azurerm_logic_app_integration_account_map - set content_type to text/plain when map_type is Liquid
(#15370)
azurerm_stream_analytics_cluster - fix an issue where the tags were not being set in the state (#15380)
azurerm_virtual_desktop_host_pool - the registration_info info block is deprecated in favour of the
azurerm_virtual_desktop_host_pool_registration_info resource due to changes in the API (#14953)
azurerm_virtual_machine_data_disk_attachment - fixing a panic when an incorrect disk_id is provided
(#15470)
azurerm_web_application_firewall_policy - disabled_rules is now optional (#15386)
2.96.0 (February 11, 2022)

FEATURES:
New Data Source: azurerm_portal_dashboard (#15326)
New Data Source: azurerm_site_recovery_fabric (#15349)
New Data Source: azurerm_site_recovery_protection_container (#15349)
New Data Source: azurerm_site_recovery_replication_policy (#15349)
New Resource: azurerm_disk_pool_iscsi_target_lun (#15329)
New Resource: azurerm_sentinel_watchlist_item (#14366)
New Resource: azurerm_stream_analytics_output_function (#15162)
New Resource: azurerm_web_pubsub_network_acl (#14827)
New Beta Resource: azurerm_app_service_source_control_slot (#15301)
ENHANCEMENTS:
azurerm_application_gateway - the type property within the identity block is now required when an
identity block is specified (#15337)
azurerm_application_insights - support for the force_customer_storage_for_profiler property (#15254)
azurerm_automation_account - support for managed identities (#15072)
azurerm_data_factory - refactoring the identity block to be consistant across resources (#15344)
azurerm_kusto_cluster - support for the enable_auto_stop (#15332)
azurerm_linux_virtual_machine - support the StandardSSD_ZRS and Premium_ZRS values for the
storage_account_type property (#15360)
azurerm_linux_virtual_machine - full support for Automatic VM Guest Patching (#14906)
azurerm_network_watcher_flow_log - the name property can now be set for new resources (#15016)
azurerm_orchestrated_virtual_machine_scale_set - full support for Automatic VM Guest Patching and
Hotpatching (#14935)
azurerm_windows_virtual_machine - support the StandardSSD_ZRS and Premium_ZRS values for the
storage_account_type property (#15360)
azurerm_windows_virtual_machine - full support for Automatic VM Guest Patching and Hotpaching (#14796)
BUG FIXES:
azurerm_application_insights_api_key - prevent panic by checking for the id of an existing API Key (#15297)
azurerm_app_service_active_slot - fix regression in ID set in creation of new resource (#15291)
azurerm_firewall - working around an Azure API issue when deleting the Firewall (#15330)
azurerm_kubernetes_cluster - unsetting outbound_ip_prefix_ids or outbound_ip_address_ids with an empty
slice will default the load_balancer_profile to a managed outbound IP (#15338)
azurerm_orchestrated_virtual_machine_scale_set - fixing a crash when the computer_name_prefix wasn't
specified (#15312)
azurerm_recovery_services_vault - fixing an issue where the subscription couldn't be found when running in
Azure Government (#15316)
2.95.0 (February 04, 2022)
FEATURES:
New Data Source: azurerm_container_group (#14946)
New Data Source: azurerm_logic_app_standard (#15199)
New Resource: azurerm_disk_pool_iscsi_target (#14975)
New Beta Resource: azurerm_linux_function_app_slot (#14940)
New Resource: azurerm_traffic_manager_azure_endpoint (#15178)
New Resource: azurerm_traffic_manager_external_endpoint (#15178)
New Resource: azurerm_traffic_manager_nested_endpoint (#15178)
New Beta Resource: azurerm_windows_function_app_slot (#14940)
New Beta Resource: azurerm_windows_web_app_slot (#14613)
ENHANCEMENTS:
dependencies: updating backup to API Version 2021-07-01 (#14980)
azurerm_storage_account - the identity block is no longer computed (#15207)
azurerm_linux_virtual_machine - support for the dedicated_host_group_id property (#14936)
azurerm_recovery_services_vault - support Zone Redundant storage (#14980)
azurerm_web_pubsub_hub - the managed_identity_id property within the auth block now accepts UUIDs
(#15183)
azurerm_windows_virtual_machine - support for the dedicated_host_group_id property (#14936)
BUG FIXES:
azurerm_container_group - fixing parallel provisioning failures with the same network_profile_id (#15098)
azurerm_frontdoor - fixing the validation for resource_group_name (#15174)
azurerm_kubernetes_cluster - prevent panic when updating sku_tier (#15229)
azurerm_hdinsight_interactive_query_cluster - support for the storage_resource_id property to fix missing
storage account errors (#15039)
azurerm_hdinsight_hadoop_cluster - support for the storage_resource_id property to fix missing storage
account errors (#15039)
azurerm_hdinsight_spark_cluster - support for the storage_resource_id property to fix missing storage
azurerm_hdinsight_hbase_cluster - support for the storage_resource_id property to fix missing storage
azurerm_log_analytics_datasource_windows_event - adding a state migration to fix
ID was missing the dataSources element (#15194)
azurerm_policy_definition - fix the deprecation of management_group_name in favour of management_group_id
(#15209)
azurerm_policy_set_definition - fix the deprecation of management_group_name in favour of
management_group_id (#15209)
azurerm_static_site - fixing the creation of a Free tier Static Site (#15141)
azurerm_storage_share - fixing the ShareBeingDeleted error when the Storage Share is recreated (#15180)
2.94.0 (January 28, 2022)

UPGRADE NOTES:
provider: support for the Azure German cloud has been removed in this release as this environment is no
longer operational (#14403)
azurerm_api_management_policy - resources that were created with v2.92.0 will be marked as tainted due to a
bug. This version addresses the underlying issue, but the actual resource needs to either be untainted (via
terraform untaint ) or allow Terraform to delete the resource and create it again.
azurerm_hdinsight_kafka_cluster - the security_group_name property in the rest_proxy block is
conditionally required when the use_msal provider property is enabled (#14403)
FEATURES:
New Data Source: azurerm_linux_function_app (#15009)
New Data Source azurerm_web_pubsub (#14731)
New Data Source azurerm_web_pubsub_hub (#14731)
New Resource: azurerm_web_pubsub (#14731)
New Resource: azurerm_web_pubsub_hub (#14731)
New Resource: azurerm_virtual_desktop_host_pool_registration_info (#14134)
ENHANCEMENTS:
dependencies: updating kusto to API Version 2021-08-27 (#15040)
provider: opt-in support for v2 authentication tokens via the use_msal provider property (#14403)
azurerm_app_service_slot - support for the storage_account block (#15084)
azurerm_stream_analytics_stream_input_eventhub - support for the partition_key property (#15019)
BUG FIXES:
data.image_source - fix a regression around id (#15119)
azurerm_api_management_backend fix a crash caused by backend_credentials (#15123)
azurerm_api_management_policy - fixing the Resource ID for the api_management_policy block when this was
provisioned using version 2.92.0 of the Azure Provider (#15060)
azurerm_bastion_host - fix a crash by adding nil check for the copy_paste_enabled property (#15074)
azurerm_dev_test_lab - fix an unexpected diff on with the key_vault_id property (#15054)
azurerm_subscription_cost_management_export - now sents the ETag when updating a cost management
export (#15017)
azurerm_template_deployment - fixes a potential bug occuring during the deletion of a template deployment
(#15085)
azurerm_eventhub - the partition_count property can now be changed when using Premium sku (#15088)
2.93.1 (January 24, 2022)
BUG FIXES:
azurerm_app_service - fix name availability check request (#15062)
2.93.0 (January 21, 2022)
FEATURES:
New Data Source : azurerm_mysql_flexible_server (#14976)
New Beta Data Source : azurerm_windows_function_app (#14964)
ENHANCEMENTS:
dependencies: upgrading to v61.1.0 of github.com/Azure/azure-sdk-for-go (#14828)
dependencies: updating containerregistry to API version 2021-08-01-preview (#14961)
Data Source azurerm_logic_app_workflow - exporting the identity block (#14896)
azurerm_bastion_host - support for the copy_paste_enabled , file_copy_enabled , ip_connect_enabled ,
shareable_link_enabled , and tunneling_enabled properties (#14987)
azurerm_bastion_host - support for the scale_units property (#14968)
azurerm_security_center_automation - the event_source property can now be set to AssessmentsSnapshot ,
RegulatoryComplianceAssessment , RegulatoryComplianceAssessmentSnapshot , SecureScoreControlsSnapshot ,
SecureScoresSnapshot , and SubAssessmentsSnapshot (#14996)
azurerm_static_site - support for the identity block (#14911)
azurerm_iothub - Support for Identity-Based Endpoints (#14705)
azurerm_servicebus_namespace_network_rule_set - support for the public_network_access_enabled property
(#14967)
BUG FIXES:
azurerm_machine_learning_compute_instance - add validation for tenant_id and object_id properties to
prevent null values and subsequent panic (#14982)
azurerm_linux_function_app - (beta) fix potential panic in application_stack when that block is not in config
(#14844)
azurerm_storage_share_file changing the content_md5 property will now trigger recreation and the
content_length property of share file will now be set when updating properties. (#15007)
2.92.0 (January 14, 2022)

FEATURES:
New Resource: azurerm_api_management_api_tag (#14711)
New Resource: azurerm_disk_pool_managed_disk_attachment (#14268)
ENHANCEMENTS:
dependencies: upgrading eventgrid to API version 2021-12-01 (#14433)
azurerm_api_management_custom_domain - the proxy property has been deprecated in favour of the gateway
for the 3.0 release (#14628)
azurerm_databricks_workspace_customer_managed_key - allow creation of resource when
infrastructure_encryption_enabled is set to true for the databricks workspace (#14915)
azurerm_eventgrid_domain - support for the local_auth_enabled , auto_create_topic_with_first_subscription ,
and auto_delete_topic_with_last_subscription properties (#14433)
azurerm_monitor_action_group - support for the event_hub_receiver block (#14771)
azurerm_mssql_server_extended_auditing_policy - support storing audit data in storage account that is behind
a firewall and VNet (#14656)
azurerm_purview_account - export the managed_resources block (#14865)
azurerm_recovery_services_vault - support for customer-managed keys (CMK) with the encryption block
(#14718)
azurerm_storage_account - support for the infrastructure_encryption_enabled property (#14864)
BUG FIXES:
azurerm_aadb2c_directory - fix importing existing resources (#14879)
azurerm_consumption_budget_subscription - fix issue in migration logic (#14898)
azurerm_cosmosdb_account - only force ForceMongo when kind is set to MongoDB (#14924)
azurerm_cosmosdb_mongo_collection - now validates that "_id" is included as an index key (#14857)
azurem_hdinsight - hdinsight resources using oozie metastore can now be created without error (#14880)
azurerm_log_analytics_datasource_windows_performance_counter - state migration for case conversion of ID
element (#14916)
azurerm_monitor_aad_diagnostic_setting - use the correct parser function for event hub rule IDs (#14944)
azurerm_mysql_server_key - fix issue when checking for existing resource on create (#14883)
azurerm_spring_cloud_service - fix panic when removing git repos (#14900)
azurerm_log_analytics_workspace - the reservation_capcity_in_gb_per_day has been deprecated and
renamed to reservation_capacity_in_gb_per_day (#14910)
azurerm_iothub_dps - fixed default value of allocation_weight to match azure default (#14943)
azurerm_iothub - now exports event_hub_events_namespace and has a fallback route by default (#14942)
2.91.0 (January 07, 2022)

FEATURES:
New Data Source: azurerm_aadb2c_directory (#14671)
New Data Source: azurerm_sql_managed_instance (#14739)
New Resource: azurerm_aadb2c_directory (#14671)
New Resource: azurerm_app_service_slot_custom_hostname_binding (#13097)
New Resource: azurerm_data_factory_linked_service_odbc (#14787)
New Resource: azurerm_disk_pool (#14675)
New Resource: azurerm_load_test (#14724)
New Resource: azurerm_virtual_desktop_scaling_plan (#14188)
ENHANCEMENTS:
dependencies: upgrading appplatform to API version 2021-09-01-preview (#14365)
dependencies: upgrading network to API Version 2021-05-01 (#14164)
dependencies: upgrading to v60.2.0 of github.com/Azure/azure-sdk-for-go (#14688] and [#14667)
dependencies: upgrading to v2.10.1 of github.com/hashicorp/terraform-plugin-sdk (#14666)
azurerm_application_gateway - support for the key_vault_secret_id and force_firewall_policy_association
properties (#14413)
azurerm_application_gateway - support the fips_enagled property (#14797)
azurerm_cdn_endpoint_custom_domain - support for HTTPS (#13283)
azurerm_hdinsight_hbase_cluster - support for the network property (#14825)
azurerm_iothub - support for the identity block (#14354)
azurerm_iothub_endpoint_servicebus_queue_resource - depracating the iothub_name propertyin favour of
iothub_id property (#14690)
azurerm_iothub_endpoint_storage_container_resource - depracating the iothub_name property in favour of
iothub_id property [#14690]
azurerm_iot_fallback_route - support for the source property (#14836)
azurerm_kubernetes_cluster - support for the public_network_access_enabled , scale_down_mode , and
workload_runtime properties (#14386)
azurerm_linux_function_app - (Beta Resource) fix the filtering of app_settings for WEBSITE_CONTENTSHARE and
azurerm_linux_virtual_machine - support for the user_data property (#13888)
azurerm_linux_virtual_machine_scale_set - support for the user_data property (#13888)
azurerm_managed_disk - support for the gallery_image_reference_id property (#14121)
azurerm_mysql_server - support capacities up to 16TB for the storage_mb property (#14838)
azurerm_postgresql_flexible_server - support for the geo_redundant_backup_enabled property (#14661)
azurerm_recovery_services_vault - support for the storage_mode_type property (#14659)
azurerm_spring_cloud_certificate - support for the certificate_content property (#14689)
azurerm_servicebus_namespace_authorization_rule - the resource_group_name and namespace_name properties
have been deprecated in favour of the namespace_id property (#14784)
azurerm_servicebus_namespace_network_rule_set - the resource_group_name and namespace_name properties
azurerm_servicebus_namespace_authorization_rule - the resource_group_name and namespace_name properties
azurerm_servicebus_queue - the resource_group_name and namespace_name properties have been deprecated
in favour of the namespace_id property (#14784)
azurerm_servicebus_queue_authorization_rule - the resource_group_name , namespace_name , and queue_name
properties have been deprecated in favour of the queue_id property (#14784)
azurerm_servicebus_subscription - the resource_group_name , namespace_name , and topic_name properties
have been deprecated in favour of the topic_id property (#14784)
azurerm_servicebus_subscription_rule - the resource_group_name , namespace_name , topic_name , and
subscription_name properties have been deprecated in favour of the subscription_id property (#14784)
azurerm_servicebus_topic - the resource_group_name and namespace_name properties have been deprecated
in favour of the namespace_id property (#14784)
azurerm_servicebus_topic_authorization_rule - the resource_group_name , namespace_name , and topic_name
properties have been deprecated in favour of the topic_id property (#14784)
azurerm_shared_image_version - images can now be sorted by semver (#14708)
azurerm_virtual_network_gateway_connection - support for the connection_mode property (#14738)
azurerm_web_application_firewall_policy - the file_upload_limit_in_mb property within the
policy_settings block can now be set to 4000 (#14715)
azurerm_windows_virtual_machine - support for the user_data property (#13888)
azurerm_windows_virtual_machine_scale_set - support for the user_data property (#13888)
BUG FIXES:
azurerm_app_service_environment_v3 - fix the default value of the allow_new_private_endpoint_connections
property (#14805)
azurerm_consumption_budget_subscription - added an additional state migration to fix the bug introduced by
the first one and to parse the subscription_id from the resource's ID (#14803)
azurerm_network_interface_security_group_association - checking the ID matches the expected format during
import (#14753)
azurerm_storage_management_policy - handle the unexpected deletion of the storage account (#14799)
2.90.0 (December 17, 2021)
FEATURES:
New Data Source: azurerm_app_configuration_key (#14484)
New Resource: azurerm_container_registry_task (#14533)
New Resource: azurerm_maps_creator (#14566)
New Resource: azurerm_netapp_snapshot_policy (#14230)
New Resource: azurerm_synapse_sql_pool_workload_classifier (#14412)
New Resource: azurerm_synapse_workspace_sql_aad_admin (#14341)
New Resource: azurerm_vpn_gateway_nat_rule (#14527)
ENHANCEMENTS:
dependencies: updating apimanagement to API Version 2021-08-01 (#14312)
dependencies: updating managementgroups to API Version 2020-05-01 (#14635)
dependencies: updating redisenterprise to use an Embedded SDK (#14502)
Data Source: azurerm_function_app_host_keys - support for signalr_extension_key and
durabletask_extension_key (#13648)
azurerm_application_gateway - support for private link configurations (#14583)
azurerm_blueprint_assignment - support for the lock_exclude_actions property (#14648)
azurerm_container_group - support for ip_address_type = None (#14460)
azurerm_cosmosdb_account - support for the create_mode property and restore block (#14362)
azurerm_data_factory_dataset_* - deprecate data_factory_name in favour of data_factory_id for consistency
across all data factory dataset resources (#14610)
azurerm_data_factory_integration_runtime_* - deprecate data_factory_name in favour of data_factory_id for
consistency across all data factory integration runtime resources (#14610)
azurerm_data_factory_trigger_* - deprecate data_factory_name in favour of data_factory_id for consistency
across all data factory trigger resources (#14610)
azurerm_data_factory_pipeline - deprecate data_factory_name in favour of data_factory_id for consistency
across all data factory resources (#14610)
azurerm_iothub - support for the cloud_to_device block (#14546)
azurerm_iothub_endpoint_eventhub - the iothub_name property has been deprecated in favour of the
iothub_id property (#14632)
azurerm_logic_app_workflow - support for the open_authentication_policy block (#14007)
azurerm_signalr - support for the live_trace_enabled property (#14646)
azurerm_xyz_policy_assignment add support for non_compliance_message (#14518)
BUG FIXES:
azurerm_cosmosdb_account - will now set a default value for default_identity_type when the API return a nil
value (#14643)
azurerm_function_app - address app_settings during creation rather than just updates (#14638)
azurerm_marketplace_agreement - fix crash when the import check triggers (#14614)
azurerm_postgresql_configuration - now locks during write operations to prevent conflicts (#14619)
azurerm_postgresql_flexible_server_configuration - now locks during write operations to prevent conflicts
(#14607)
2.89.0 (December 10, 2021)
FEATURES:
New Resource: azurerm_bot_service_azure_bot [#14462]
New Resource: azurerm_consumption_budget_management_group [#14411]
New Resource: azurerm_sql_managed_instance_active_directory_administrator (#14104)
New Resource: azurerm_sql_managed_instance_failover_group (#13974)
New Beta resource: azurerm_windows_function_app (#14247)
New Beta Resource: azurerm_linux_web_app_slot (#14305)
ENHANCEMENTS:
dependencies: updating the Embedded SDK for databricks (#14430)
dependencies: updating the Embedded SDK for datalake (#14429)
dependencies: updating the Embedded SDK for frontdoor (#14432)
azurerm_app_service_environment_v3 - allow updating of tags (#14491)
azurerm_data_factory_linked_services_* - deprecate data_factory_name in favour of data_factory_id for
consistency across all data factory linked service resources (#14492)
azurerm_shared_image - support for the trusted_launch_enabled property (#14528)
azurerm_key_vault_certificate - support for the versionless_id and versionless_secret_id properties
(#14287)
azurerm_kubernetes_cluster - support for the http_proxy_config block which contains the http_proxy ,
https_proxy , no_proxy and trusted_ca properties (#14177)
azurerm_kubernetes_cluster - support for the azure_keyvault_secrets_provider addon (#14308)
azurerm_managed_disk - support for the hyper_v_generation property (#13825)
azurerm_netapp_pool - support for qos_type property (#14372)
azurerm_netapp_volume - support for throughput_in_mibps property (#14372)
azurerm_sql_managed_instance : Support for storage_account_type (#14123)
azurerm_signalr_service - deprecate features block in favour of connectivity_logs_enabled ,
messaging_logs_enabled and service_mode (#14360)
azurerm_vpn_gateway_connection - support for the propagated_route_table.labels , vpn_link.connection_mode
and traffic_selector_policy properties (#14371)
BUG FIXES:
azurerm_data_fatory_trigger_schedule - correctly set schedule when frequency is Month/Week (#14391)
azurerm_iothub_endpoint_storage_container - remove the default value false from the file_name_format
property and add the correct validation function for it (#14458)
azurerm_postgresql_server - will now change the password after being promoted from Replica to Default
mode (#14376)
BETA NOTES:
A number of properties in the App Service Beta resources have been renamed for consistency with the rest of
the provider. As these are beta resources, this breaking change is not compensated for with deprecations or
state migrations. Please update any configurations using these resources with the following details:
remote_debugging renamed to remote_debugging_enabled
number_of_workers renamed to worker_count
detailed_error_logging renamed to detailed_error_logging_enabled
auto_heal renamed to auto_heal_enabled
local_mysql renamed to local_mysql_enabled
client_cert_enabled renamed to client_certificate_enabled
client_cert_mode renamed to client_certificate_mode
2.88.1 (December 03, 2021)
BUG FIXES
Data Source: azurerm_automation_account - fixing a bug where the Resource Group and Name were set in the
wrong order (#14464)
Data Source: azurerm_api_management - fixing a bug where the Managed Identity ID's weren't parsed correctly
(#14469)
Data Source: azurerm_kubernetes_cluster - fixing a bug where the Managed Identity ID's weren't parsed
correctly (#14469)
azurerm_api_management - fixing a bug where the Managed Identity ID's weren't parsed correctly (#14469)
azurerm_app_service - fixing a bug where the Managed Identity ID's weren't parsed correctly (#14469)
azurerm_app_service_slot - fixing a bug where the Managed Identity ID's weren't parsed correctly (#14469)
azurerm_application_gateway - fixing a bug where the Managed Identity ID's weren't parsed correctly
(#14469)
azurerm_automation_account - fixing a bug where the Resource Group and Name were set in the wrong order
(#14464)
azurerm_container_group - fixing a bug where the Managed Identity ID's weren't parsed correctly (#14469)
azurerm_data_factory - fixing a bug where the Managed Identity ID's weren't parsed correctly (#14469)
azurerm_function_app - fixing a bug where the Managed Identity ID's weren't parsed correctly (#14469)
azurerm_function_app_slot - fixing a bug where the Managed Identity ID's weren't parsed correctly (#14469)
azurerm_kubernetes_cluster - fixing a bug where the Managed Identity ID's weren't parsed correctly
(#14469)
azurerm_kusto_cluster - fixing a bug where the Managed Identity ID's weren't parsed correctly (#14469)
azurerm_mssql_server - fixing a bug where the Managed Identity ID's weren't parsed correctly (#14469)
2.88.0 (December 02, 2021)

FEATURES:
New Resource: azurerm_mysql_flexible_database (#14285)
New Resource: azurerm_synapse_sql_pool_workload_group (#13658)
ENHANCEMENTS:
dependencies: upgrading storagecache to API Version 2021-09-01 (#14311)
azurerm_app_service - support for the client_cert_mode property (#14395)
azurerm_bastion_host - support for sku property (#14370)
azurerm_batch_pool - deprecate max_task_retry_count and environment in favour of task_retry_maximum
and common_environment_properties for consistency across batch resources (#14368)
azurerm_data_factory_managed_private_endpoint - support for the fqdns property (#14355)
azurerm_linux_virtual_machine - support the secure_boot_enabled and vtpm_enabled properties (#13842)
azurerm_linux_virtual_machine_scale_set - support the secure_boot_enabled and vtpm_enabled properties
(#13842)
azurerm_mssql_database - add support for transparent data encryption, behind a 3.0 feature flag [#13748]
azurerm_point_to_site_vpn_gateway - support for the internet_security_enabled property (#14345)
azurerm_subscription - the tags property can now be set and updated (#14445)
BUG FIXES:
azurerm_container_group - allow search_domains and options under the dns_config block to be optional
since they are not required by the API (#14419)
azurerm_monitor_aad_diagnostic_setting - fixing the id validator to use the eventhub auth rule id rather than
the relay id (#14406)
azurerm_kubernetes_cluster - handle incorrect casing of kubernetes cluster resource ID with a state
migration (#14241)
azurerm_kubernetes_cluster_node_pool - handle incorrect casing of kubernetes cluster resource ID with a state
migration (#14241)
azurerm_kubernetes_cluster_nodepool reverting the computed behaviour of node_taints and
eviction_policy (#14378)
azurerm_storage_account - populating the account cache on creation, which fixes an issue when the storage
account occasionally couldn't be found (#14361)
2.87.0 (November 26, 2021)
FEATURES:
New Resource: azurerm_api_management_notification_recipient_user (#14239)
New Resource: azurerm_app_service_public_certificate (#14337)
New Resource: azurerm_service_fabric_managed_cluster (#14131)
New Resource: azurerm_sentinel_watchlist (#14258)
New Resource: azurerm_static_site_custom_domain (#12764)
New Resource: azurerm_stream_analytics_cluster (#14082)
New Resource: azurerm_stream_analytics_managed_private_endpoint (#14082)
ENHANCEMENTS:
azurerm_automation_rule - support for the expiration property (#14262)
azurerm_cosmosdb_account - support for the analytical_storage and capacity blocks,
default_identity_type and storage_redundancy properties (#14346)
azurerm_eventgrid_event_subscription - support the queue_message_time_to_live_in_seconds and
user_assigned_identity properties (#14318)
azurerm_firewall_policy - allow cidr ranges for the threat_intelligence_allowlist property (#14340)
azurerm_managed_disk - support for the public_network_access_enabled property (#14199)
azurerm_mssql_elasticpool - support for the DC family (#14270)
azurerm_mssql_server - groundwork for the (currently disabled) 3.0 feature to set the default TLS version to
1.2 (#14229)
azurerm_mysql_server - groundwork for the (currently disabled) 3.0 feature to set the default TLS version to
1.2 (#14229)
azurerm_orchestrated_virtual_machine_scale_set - add extension support (#14236)
azurerm_postgresql_server - groundwork for the (currently disabled) 3.0 feature to set the default TLS
version to 1.2 (#14229)
azurerm_redis_cache - groundwork for the (currently disabled) 3.0 feature to set the default TLS version to
1.2 (#14229)
azurerm_service_plan (beta) - add Logic App SKUs to validation. (#14288)
azurerm_site_recovery_replication_policy - now supports disabling of snapshots and their retention
(#14329)
azurerm_storage_account - groundwork for the (currently disabled) 3.0 feature to set the default TLS version
to 1.2 (#14229)
azurerm_stream_analytics_job - compatibility_level now accepts 1.2 (#14294)
BUG FIXES:
azurerm_function_app_slot - fix a bug in app_settings for WEBSITE_CONTENTSHARE incorrectly updating
(#14211)
azurerm_monitor_diagnostic_setting - Swap Relay parser and validator with EventHub (#14277)
azurerm_stream_analytics_stream_input_eventhub - correctly support creation with the default
eventhub_consumer_group_name (#14264)
azurerm_synapse_workspace - fix a crash during updates when sql_aad_admin was configured (#14275)
azurerm_linux_virtual_machine - the patch_mode property is now properly supported [GH0-14042]
2.86.0 (November 19, 2021)

FEATURES:
New Beta Resource: azurerm_linux_function_app (#13806)
New Resource: azurerm_automation_webhook (#13893)
New Resource: azurerm_resource_group_cost_management_export (#14140)
New Resource: azurerm_subscription_cost_management_export (#14140)
New Resource: azurerm_logz_tag_rule (#14020)
New Resource: azurerm_monitor_private_link_scoped_service (#14119)
New Resource: azurerm_storage_disks_pool (#14145)
ENHANCEMENTS:
compute: updating to use API Version 2021-07-01 (#14174)
databricks: updating the embedded SDK to use the new Resource ID Parsers (#14157)
datalake: updating the embedded SDK to use the new Resource ID Parsers (#14158)
maps: updating the embedded SDK to use the new Resource ID Parsers (#14155)
powerbi: updating the embedded SDK to use the new Resource ID Parsers (#14154)
relay: updating the embedded SDK to use the new Resource ID Parsers (#14153)
signalr: updating the embedded SDK to use the new Resource ID Parsers (#14150)
storage: updating to use API Version 2021-04-01 (#14083)
videoanalyzer: updating the embedded SDK to use the new Resource ID Parsers (#14135)
Data Source: azurerm_storage_account - support for the table_encryption_key_type and
queue_encryption_key_type attributes (#14080)
azurerm_container_registry - support for the anonymous_pull_enabled , data_endpoint_enabled , and
network_rule_bypass_option properties (#14096)
azurerm_cosmosdb_cassandra_datacenter - support the availabilit_zones_enabled property (#14235)
azurerm_cost_management_export_resource_group - has been deprecated in favour of the
azurerm_resource_group_cost_management_export resource (#14140)
azurerm_disk_encryption_set - add support for the encryption_type property (#14218)
azurerm_elastic_pool - support for the Fsv2 family SKUs (#14250)
azurerm_key_vault_certificate - groundwork for the (currently disabled) 3.0 feature to support more
granular configuration of soft-delete and purge protection (#13682)
azurerm_key_vault_key - groundwork for the (currently disabled) 3.0 feature to support more granular
configuration of soft-delete and purge protection (#13682)
azurerm_key_vault_secret - groundwork for the (currently disabled) 3.0 feature to support more granular
configuration of soft-delete and purge protection (#13682)
azurerm_key_vault_certificate - the certificate_policy property is now optional for imported certificates
(#14225)
azurerm_kubernetes_cluster - support for outbound_type = *NATGateway and the nat_gateway_profile block
(#14142)
azurerm_linux_web_app - (Beta) add support for health_check_eviction_time_in_mins and
vnet_route_all_enabled (#14202)
azurerm_managed_disk - support for the on_demand_bursting_enabled property (#14137)
azurerm_mssql_server - support for the azuread_authentication_only property on creation (#14169)
azurerm_machine_learning_workspace - support for the encryption block (#14120)
azurerm_orchestrated_virtual_machine_scale_set - added support for VMSS Flex public preview (#14003)
azurerm_postgresql_flexible_server - the zone and standby_availability_zone properties are no longer
computed (#13843)
azurerm_public_ip_prefix - support for the ip_version property (#14228)
azurerm_purview_account - support for the managed_resource_group_name property (#14217)
azurerm_resource_provider_registration - support for managing features (#12385)
azurerm_windows_virtual_machine - support for the vtpm_enabled and secure_boot_enabled properties
(#13713)
azurerm_windows_virtual_machine_scale_set - support for the vtpm_enabled and secure_boot_enabled
properties (#13713)
azurerm_windows_web_app - (Beta) add support for the health_check_eviction_time_in_mins and
vnet_route_all_enabled properties (#14202)
azurerm_stream_analytics_output_servicebus_topic - support for the property_columns property (#14252)
azurerm_storage_account - support for table_encryption_key_type and queue_encryption_key_type
properties (#14080)
azurerm_storage_account - (Beta) add a state migration for the renaming of allow_blob_public_access to
allow_nested_items_to_be_public (#13607)
azurerm_sql_active_directory_administrator - support for the azuread_authentication_only property
(#14172)
azurerm_virtual_network - support for the flow_timeout_in_minutes property (#14200)
azurerm_virtual_desktop_application_group - support for the default_desktop_display_name property
(#14227)
BUG FIXES:
azurerm_backup_protected_file_share - correctly list file shares that are added to an existing storage account
not returned by the Backup Protectable Items API (#14238)
azurerm_frontdoor - validation for probe_method allows the default value (#14204)
azurerm_key_vault_managed_hardware_security_module - extend context timeouts for creation and deletion
(#14253)
azurerm_key_vault_certificate - changing the tags property no longer forces a new resource to be created
(#14079)
azurerm_linux_virtual_machine_scale_set - changing the source_image_reference.offer and
source_image_reference.publisher now creates a new resource (#14165)
azurerm_mssql_database - corrert an error when using OnlineSecondary with auditing on the primary
database (#14192)
azurerm_network_watcher_flow_log - now locks on the network security group to prevent
AnotherOperationInProgress errors (#14160)
azurerm_windows_virtual_machine_scale_set - source_image_reference.offer and
source_image_reference.publisher are now ForceNew (#14165)
2.85.0 (November 12, 2021)
FEATURES:
New Data Source: azurerm_batch_application (#14043)
New Resource: azurerm_monitor_private_link_scope (#14098)
New Resource: azurerm_mysql_flexible_server_firewall_rule (#14136)
New Resource: azurerm_synapse_workspace_aad_admin (#13600)
IMPROVEMENTS:
dependencies: upgrading to v2.8.0 of github.com/hashicorp/terraform-plugin-sdk (#14060)
azurerm_application_insights - support for the internet_ingestion_enabled and internet_query_enabled
properties (#14035)
azurerm_backup_protected_vm - support for the exclude_disk_luns and include_disk_luns properties
(#14097)
azurerm_managed_disk_resource - support for the disk_iops_read_only and disk_mbps_read_only properties
(#14025)
azurerm_security_center_subscription_pricing - resource_type can now be set to
OpenSourceRelationalDatabases (#14103)
azurerm_storage_encryption_scope - allow versionless key_vault_key_id (#14085)
azurerm_sql_managed_instance - support for the identity block (#14052)
azurerm_virtual_network_gateway - enable configuration of an active-active zone redundant gateway with
P2S (#14124)
BUG FIXES:
Data Source: azurerm_redis_cache - parsing the subnet_id response value case-insensitively (#14108)
Data Source: azurerm_redis_cache - ensuring that shard_count always has a value set (#14108)
Data Source: azurerm_consumption_budget_resource_group - add missing threshold_type property in the
schema (#14125)
Data Source: azurerm_consumption_budget_subscription - add missing threshold_type property in the schema
(#14125)
azurerm_api_management_certificate - set subject property from correct field (#14026)
azurerm_app_service_virtual_network_swift_connection - fixing a panic when checking for an existing
resource during creation (#14070)
azurerm_frontdoor_resource - route engines are no longer removed on update (#14093)
azurerm_redis_cache - parsing the subnet_id response value case-insensitively (#14108)
azurerm_redis_cache - ensuring that shard_count always has a value set (#14108)
azurerm_storage_blob - ensuring that cache_control is sent during updates (#14100)
2.84.0 (November 05, 2021)

FEATURES:
New Resource: azurerm_cosmosdb_cassandra_cluster (#14019)
New Resource: azurerm_cosmosdb_cassandra_datacenter (#14019)
New Resource: logz_monitor (#13874)
New Resource: azurerm_stream_analytics_output_synapse (#14013)
IMPROVEMENTS:
upgrading cosmos to API Version 2021-10-15 (#13785)
upgrading aks to API Version 2021-08-01 (#13465)
upgrading purview to API Version 2021-07-01 (#13785)
Data Source: azurerm_key_vault_key - export the cureve , x , y , public_key_pem , and public_key_openssh
attributes (#13934)
azurerm_app_service_slot - support for the key_vault_reference_identity_id property (#13988)
azurerm_cosmosdb_account - the backup backup type can now be changed from Periodic to Continuous
without creating a new resource (#13967)
azurerm_firewall_policy_rule_collection_group - support for the translated_fqdn property (#13976)
azurerm_firewall_policy - support for the insights block (#14004)
azurerm_logic_app_integration_account - support the integration_service_environment_id property (#14015)
azurerm_function_app - support for the key_vault_reference_identity_id property (#13962)
azurerm_key_vault_key - support for the public_key_pem and public_key_openssh attributes (#13934)
azurerm_linux_virtual_machine - support for the patch_mode property (#13866)
azurerm_machine_learning_compute_cluster - support for the local_auth_enabled property (#13820)
azurerm_machine_learning_compute_cluster - support for the local_auth_enabled property (#13820)
azurerm_machine_learning_synapse_spark - support for the local_auth_enabled property (#13820)
azurerm_monitor_smart_detector_alert_rule - support additional detector types (#13998)
azurerm_mssql_elasticpool - support GP_FSv2 for the sku property (#13973)
azurerm_synapse_workspace - supports for the sql_aad_admin block (#13659)
azurerm_sql_managed_instance - support for the dns_zone_partner_id property (#13951)
azurerm_storage_blob - support for the cache_control property (#13946)
azurerm_storage_share - support for the enabled_protocol property (#13938)
BUG FIXES:
azurerm_application_insights - correct vlaidation for the daily_data_cap_in_gb property (#13971)
azurerm_logic_app_standard - will no longer error when working on private networks (#13964)
azurerm_managed_disk_resource - the validation for the disk_iops_read_write and disk_mbps_read_write
properties ensures values greater then 0 (#14028)
azurerm_purview_account - deprecate the sku_name property (#13897)
azurerm_synapse_workspace_key - deprecated the cusomter_managed_key_name property in favour of the
correctly spelled customer_managed_key_name one (#13881)
2.83.0 (October 29, 2021)
FEATURES:
New Data Source: azurerm_eventgrid_system_topic (#13851)
New Data Source: azurerm_billing_mpa_account_scope (#13723)
New Resource: azurerm_kusto_script (#13692)
New Resource: azurerm_iot_time_series_insights_event_source_eventhub (#13917)
New Resource: azurerm_stream_analytics_reference_input_mssql (#13822)
New Resource: azurerm_sentinel_automation_rule (#11502)
New Resource: azurerm_stream_analytics_output_table (#13854)
IMPROVEMENTS:
upgrading mysqlto API Version 2021-05-01 (#13818)
azurerm_application_gateway - support for the priority property (#13498)
azurerm_firewall_application_rule_collection - the port property is now required instead of optional
(#13869)
azurerm_kubernetes_cluster - expose the portal_fqdn attribute (#13887)
azurerm_linux_virtual_machine_scale_set - support for automatic_upgrade_enabled in extensions (#13394)
azurerm_linux_virtual_machine_scale_set - added feature for scale_to_zero_before_deletion (#13635)
azurerm_managed_disk - support for the trusted_launch_enabled property (#13849)
azurerm_postgres_flexible_server - enhanced validation for the administrator_login property (#13942)
azurerm_servicebus_queue - support for the max_message_size_in_kilobytes property (#13762)
azurerm_servicebus_topic - support for the max_message_size_in_kilobytes property (#13762)
azurerm_servicebus_namespace_network_rule_set - support for the trusted_services_allowed property
(#13853)
azurerm_windows_virtual_machine_scale_set - added feature for scale_to_zero_before_deletion (#13635)
azurerm_synapse_workspace - support for the linking_allowed_for_aad_tenant_ids , compute_subnet_id ,
public_network_access_enabled , purview_id , and last_commit_id properties (#13817)
azurerm_spring_cloud_java_deployment – the cpu and memory_in_gb properties have been deprecated in
favour of the quota block (#12924)
azurerm_vpn_gateway - support for the routing_preference property (#13882)
azurerm_virtual_hub - support for the default_route_table_id property (#13840)
azurerm_virtual_machine_scale_set_extension - support for automatic_upgrade_enabled (#13394)
azurerm_windows_virtual_machine_scale_set - support for automatic_upgrade_enabled in extensions (#13394)
BUG FIXES:
azurerm_automation_schedule_resource - allow Etc/UTC for the timezone property (#13906)
azurerm_app_configuration_key - now supports forward slashes in the key (#13859)
azurerm_application_gateway - prevent multiple ssl_policy blocks (#13929)
azurerm_cosmosdb_account - the capabilities property is now computed (#13936)
azurerm_cognitive_account - will now handle the unexpected state Accepted when waiting for creats
(#13925)
azurerm_data_factory - can now read global parameter values (#13519)
azurerm_firewall_policy - will now correctly import (#13862)
azurerm_firewall_policy - changing the identity will no longer create a new resource (#13904)
2.82.0 (October 21, 2021)

FEATURES:
New Resource: azurerm_mysql_flexible_server_configuration (#13831)
New Resource: azurerm_synapse_sql_pool_vulnerability_assessment_baseline (#13744)
New Resource: azurerm_virtual_hub_route_table_route (#13743)
IMPROVEMENTS:
upgrading netapp to API Version 2021-06-01 (#13812)
upgrading servicebus to API Version 2021-06-01-preview (#13701)
Data Source: azurerm_disk_encryption_set - support for the auto_key_rotation_enabled property (#13747)
Data Source: azurerm_virtual_machine - expose IP addresses as data source outputs (#13773)
azurerm_batch_account - support for the identity block (#13742)
azurerm_batch_pool - support for the identity block (#13779)
azurerm_container_registry - supports for the property (#13767)
regiononal_endpoint_enabled
azurerm_data_factory_integration_runtime_azure - support AutoResolve for the location property (#13731)
azurerm_disk_encryption_set - support for the auto_key_rotation_enabled property (#13747)
azurerm_iot_security_solution - support for the additional_workspace and disabled_data_sources
properties (#13783)
azurerm_kubernetes_cluster - support for the open_service_mesh block (#13462)
azurerm_lb - support for the gateway_load_balancer_frontend_ip_configuration_id property (#13559)
azurerm_lb_backend_address_pool - support for the tunnel_interface block (#13559)
azurerm_lb_rule - the backend_address_pool_ids property has been deprecated in favour of the
backend_address_pool_ids property (#13559)
azurerm_lb_nat_pool - support for the floating_ip_enabled , tcp_reset_enabled , and
idle_timeout_in_minutes properties (#13674)
azurerm_mssql_server - support for the azuread_authentication_only property (#13754)
azurerm_network_interface - support for the gateway_load_balancer_frontend_ip_configuration_id property
(#13559)
azurerm_synapse_spark_pool - support for the cache_size , compute_isolation_enabled ,
dynamic_executor_allocation_enabled , session_level_packages_enabled and spark_config properties
(#13690)
BUG FIXES:
azurerm_app_configuration_feature - fix default value handling for percentage appconfig feature filters.
(#13771)
azurerm_cosmosdb_account - force MongoEnabled feature when enabling MongoDBv3.4 . (#13757)
azurerm_mssql_server - will now configure the azuread_administrator during resource creation (#13753)
azurerm_mssql_database - fix failure by preventing extended_auditing_policy from being configured for
secondaries (#13799)
azurerm_postgresql_flexible_server - changing the standby_availability_zone no longer forces a new
resource (#13507)
azurerm_servicebus_subscription - the name field can now start & end with an underscore (#13797)
2.81.0 (October 14, 2021)

FEATURES:
New Data Source: azurerm_consumption_budget_resource_group (#12538)
New Data Source: azurerm_consumption_budget_subscription (#12540)
New Resource: azurerm_data_factory_linked_service_cosmosdb_mongoapi (#13636)
New Resource: azurerm_mysql_flexible_server (#13678)
IMPROVEMENTS:
upgrading batch to API Version 2021-06-01 (#13718)
upgrading mssql to API Version v5.0 (#13622)
Data Source: azurerm_key_vault - exports the enable_rbac_authorization attribute (#13717)
azurerm_app_service - support for the key_vault_reference_identity_id property (#13720)
azurerm_lb - support for the sku_tier property (#13680)
azurerm_eventgrid_event_subscription - support the delivery_property block (#13595)
azurerm_mssql_server - support for the user_assigned_identity_ids and primary_user_assigned_identity_id
properties (#13683)
azurerm_network_connection_monitor - add support for the destination_port_behavior property (#13518)
azurerm_security_center_workspace - now supports the Free pricing tier (#13710)
azurerm_kusto_attached_database_configuration - support for the sharing property (#13487)
BUG FIXES:
Data Source: azurerm_cosmosdb_account - prevent a panic from an index out of range error (#13560)
azurerm_function_app_slot - the client_affinity property has been deprecated as it is no longer
configurable in the service's API (#13711)
azurerm_kubernetes_cluster - the kube_config and kube_admin_config blocks can now be marked entirely as
Sensitive via an environment variable (#13732)
azurerm_logic_app_workflow - will not check for nil and empty access control properties (#13689)
azurerm_management_group - will not nil check child management groups when deassociating a subscription
from a management group (#13540)
azurerm_subnet_resource - will now lock the virtual network and subnet on updates (#13726)
azurerm_app_configuration_key - can now mix labeled and unlabeled keys (#13736)
2.80.0 (October 08, 2021)

FEATURES:
New Data Source: backup_policy_file_share (#13444)
IMPROVEMENTS:
Data Source azurerm_public_ips - deprecate the attached property infavour of the attachment_status
property to improve filtering (#13500)
Data Source azurerm_public_ips - return public IPs associated with NAT gateways when attached set to
true or attachment_status set to Attached (#13610)
azurerm_kusto_eventhub_data_connection supports - support for the identity_id property (#13488)
azurerm_managed_disk - support for the logical_sector_size property (#13637)
azurerm_service_fabric_cluster - support for the service_fabric_zonal_upgrade_mode and
service_fabric_zonal_upgrade_mode properties (#13399)
azurerm_stream_analytics_output_eventhub - support for the partition_key property (#13562)
azurerm_linux_virtual_machine_scale_set - correctly update the overprovision property (#13653)
BUG FIXES:
azurerm_function_app - fix regressions in function app storage introduced in v2.77 (#13580)
azurerm_managed_application - fixed typecasting bug (#13641)
2.79.1 (October 01, 2021)

BUG FIXES:
azurerm_managed_disk - the max_shares propety is now Computed to account for managed disks that are
already managed by Terraform (#13587)
2.79.0 (October 01, 2021)
FEATURES:
New Resource: azurerm_app_configuration_feature (#13452)
New Resource: azurerm_logic_app_standard (#13196)
IMPROVEMENTS:
Data Source: azurerm_key_vault_certificate - exporting the expires and not_before attributes (#13527)
Data Source: azurerm_key_vault_certificate_data - exporting the not_before attribute (#13527)
azurerm_communication_service - export the primary_connection_string , secondary_connection_string ,
primary_key , and secondary_key attributes (#13549)
azurerm_consumption_budget_subscription support for the Forecasted threshold type (#13567)
azurerm_consumption_budget_resource_group support for the Forecasted` threshold type (#13567)
azurerm_managed_disk - support for the max_shares property (#13571)
azurerm_mssql_database - will now update replicated databases SKUs first (#13478)
azurerm_virtual_hub_connection - optimized state change refresh function (#13548)
BUG FIXES:
azurerm_cosmosdb_account - the mongo_server_version can now be changed without creating a new resouce
(#13520)
azurerm_iothub - correctly suppress diffs for the connection_string property (#13517)
azurerm_kubernetes_cluster - explicitly setting upgrade_channel to None when it's unset to workaround a
breaking behavioural change in AKS (#13493)
azurerm_linux_virtual_machine_scale_set - will not correctly ignore the protected_setting block withing the
extension block (#13440)
azurerm_windows_virtual_machine_scale_set - will not correctly ignore the protected_setting block withing
the extension block (#13440)
azurerm_app_configuration_key - correctly set the etag property (#13534)
2.78.0 (September 23, 2021)

UPGRADE NOTES
The azurerm_data_factory_dataset_snowflake has been updated to set the correct schema_column api property
with the correct schema - to retain the old behaviour please switch to the structure_column property
(#13344)
FEATURES:
New Resource: azurerm_frontdoor_rules_engine (#13249)
New Resource: azurerm_key_vault_managed_storage_account (#13271)
New Resource: azurerm_key_vault_managed_storage_account_sas_token_definition (#13271)
New Resource: azurerm_mssql_failover_group (#13446)
New Resource: azurerm_synapse_sql_pool_extended_auditing_policy (#12952)
New Resource: azurerm_synapse_workspace_extended_auditing_policy (#12952)
ENHANCEMENTS:
upgrading iothub to API Version 2021-03-31 (#13324)
Data Source: azurerm_private_endpoint_connection - Export network_interface attributes from private
endpoints (#13421)
azurerm_app_service - support for the vnet_route_all_enabled property (#13310)
azurerm_bot_channel_slack - support for the signing_secret property (#13454)
azurerm_data_factory - support for identity being SystemAssiged and UserAssigned (#13473)
azurerm_function_app - support for the vnet_route_all_enabled property (#13310)
azurerm_machine_learning_workspace - support for public_network_access_enabled ,
public_network_access_enabled , and discovery_url properties (#13268)
azurerm_private_endpoint_connection - export the network_interface attribute from private endpoints
(#13421)
azurerm_storage_account_network_rules - Deprecate storage_account_name and resource_group_name in favor
of storage_account_id(#13307)
azurerm_storage_share_file - will now recreate and upload deleted/missing files (#13269)
azurerm_synapse_workspace - the tenant_id property is now computed (#13464)
BUG FIXES:
Data Source: azurerm_app_service_certificate - prevent panics if the API returns a nil issue_date or
expiration_date (#13401)
azurerm_app_service_certificate - prevent panics if the API returns a nil issue_date or expiration_date
(#13401)
azurerm_app_service_certificate_binding - reverted a change that introduced a bug in certificate selection
for non-managed certificates (#13455)
azurerm_container_group - allow creation of shared volume between containers in multi container group
(#13374)
azurerm_kubernetes_cluster - changing the private_cluster_public_fqdn_enabled no longer created a new
resource (#13413)
azurerm_app_configuration_key - fix nil pointer for removed key (#13483)
2.77.0 (September 17, 2021)

FEATURES:
New Data Source: azurerm_policy_virtual_machine_configuration_assignment (#13311)
New Resource: azurerm_synapse_integration_runtime_self_hosted (#13264)
New Resource: azurerm_synapse_integration_runtime_azure (#13341)
New Resource: azurerm_synapse_linked_service (#13204)
New Resource: azurerm_synapse_sql_pool_security_alert_policy (#13276)
New Resource: azurerm_synapse_sql_pool_vulnerability_assessment (#13276)
New Resource: azurerm_synapse_workspace_security_alert_policy (#13276)
New Resource: azurerm_synapse_workspace_vulnerability_assessment (#13276)
ENHANCEMENTS:
Data Source: azurerm_mssql_elasticpool- export the sku block (#13336)
azurerm_api_management - now supports purging soft deleted instances via the purge_soft_delete_on_destroy
provider level feature (#12850)
azurerm_data_factory_trigger_schedule - support for the activated property (#13390)
azurerm_logic_app_workflow - support for the enabled and access_control properties (#13265)
azurerm_monitor_scheduled_query_rules_alert - support auto_mitigation_enabled property (#13213)
azurerm_machine_learning_inference_cluster - support for the identity block (#12833)
azurerm_machine_learning_compute_cluster - support for the ssh_public_access_enabled enhancement property
and the identity and ssh blocks (#12833)
azurerm_spring_cloud_service - support for the connection_string property (#13262)
BUG FIXES:
azurerm_app_service_certificate_binding - rework for removal of thumbprint from service (#13379)
azurerm_app_service_managed_certificate : Fix for empty issue_date (#13357)
azurerm_cosmosdb_sql_container : fix crash when deleting (#13339)
azurerm_frontdoor - Fix crash when cache is disabled (#13338)
azurerm_function_app - fix app_settings for WEBSITE_CONTENTSHARE (#13349)
azurerm_function_app_slot - fix for WEBSITE_CONTENTSHARE (#13349)
app_settings
azurerm_kubernetes_cluster_node_pool - os_sku is now computed (#13321)
azurerm_linux_virtual_machine_scale_set - fixed crash when automatic_os_policy was nil (#13335)
azurerm_lb - support for adding or replacing a frontend_ip_configuration with an availability_zone
(#13305)
azurerm_virtual_hub_connection - fixing race condition in the creation of virtual network resources (#13294)
2.76.0 (September 10, 2021)

NOTES
Opt-In Beta: Version 2.76 of the Azure Provider introduces an opt-in Beta for some of the new functionality
coming in 3.0 - more information can be found in the 3.0 Notes and 3.0 Upgrade Guide (#12132)
FEATURES:
New Data Source: azurerm_eventgrid_domain (#13033)
New Resource: azurerm_data_protection_backup_instance_blob_storage (#12683)
New Resource: azurerm_logic_app_integration_account_assembly (#13239)
New Resource: azurerm_logic_app_integration_account_batch_configuration (#13215)
New Resource: azurerm_logic_app_integration_account_agreement (#13287)
New Resource: azurerm_sql_managed_database (#12431)
ENHANCEMENTS:
upgrading cdn to API Version 2021-09-01 (#13282)
upgrading cosmos to API Version 2021-06-15 (#13188)
azurerm_app_service_certificate - support argument app_service_plan_id for usage with ASE (#13101)
azurerm_application_gateway - mTLS support for Application Gateways (#13273)
azurerm_cosmosdb_account support for the local_authentication_disabled property (#13237)
azurerm_data_factory_integration_runtime_azure - support for the cleanup_enabled and subnet_id
properties (#13222)
azurerm_data_factory_trigger_schedule - support for the schedule and description properties (#13243)
azurerm_firewall_policy_rule_collection_group - support for the description , destination_addresses ,
destination_urls , terminate_tls , and web_categories properties (#13190)
azurerm_eventgrid_event_subscription - support for the delivery_identity and dead_letter_identity blocks
(#12945)
azurerm_eventgrid_system_topic_event_subscription - support for the delivery_identity and
dead_letter_identity blocks (#12945)
azurerm_eventgrid_domain support for the identity block (#12951)
azurerm_eventgrid_topic support for the identity block (#12951)
azurerm_eventgrid_system_topic support for the identity block (#12951)
azurerm_kubernetes_cluster - support for the os_sku property (#13284)
azurerm_synapse_workspace - support for the tenant_id property (#13290)
azurerm_site_recovery_network_mapping - refactoring to use an ID Formatter/Parser (#13277)
azurerm_stream_analytics_output_blob - support for the Parquet type and the batch_max_wait_time and
batch_min_rows properties (#13245)
azurerm_virtual_network_gateway_resource - support for multiple vpn authentication types (#13228)
BUG FIXES:
Data Source: azurerm_kubernetes_cluster - correctly read resource when local_account_disabled is true
(#13260)
azurerm_api_management_subscription - relax subscription_id validation (#13203)
azurerm_app_configuration_key - fix KV import with no label (#13253)
azurerm_synapse_sql_pool - properly support UTF-8 characters for the name property (#13289)
2.75.0 (September 02, 2021)

FEATURES:
New Data Source: azurerm_cosmosdb_mongo_database (#13123)
New Resource: azurerm_cognitive_account_customer_managed_key (#12901)
New Resource: azurerm_logic_app_integration_account_partner (#13157)
New Resource: azurerm_logic_app_integration_account_map (#13187)
New Resource: azurerm_app_configuration_key (#13118)
ENHANCEMENTS:
upgrading dataprotection to API Version 2021-07-01 (#13161)
azurerm_application_insights - support the local_authentication_disabled property (#13174)
azurerm_data_factory_linked_service_azure_blob_storage - support for the key_vault_sas_token property
(#12880)
azurerm_data_factory_linked_service_azure_function support for the key_vault_key block (#13159)
azurerm_data_protection_backup_instance_postgresql - support the database_credential_key_vault_secret_id
property (#13183)
azurerm_hdinsight_hadoop_cluster - support for the security_profile block (#12866)
azurerm_hdinsight_hbase_cluster - support for the security_profile block (#12866)
azurerm_hdinsight_interactive_query_cluster - support for the security_profile block (#12866)
azurerm_hdinsight_kafka_cluster - support for the security_profile block (#12866)
azurerm_hdinsight_spark_cluster - support for the security_profile block (#12866)
azurerm_mssql_server - refactoring to use an ID Formatter/Parser (#13151)
azurerm_policy_virtual_machine_configuration_assignment - support for the assignment_type , content_uri ,
and content_hash properties (#13176)
azurerm_storage_account - handle nil values for AllowBlobPublicAccess (#12689)
azurerm_synapse_spark_pool - add support spark for 3.1 (#13181)
2.74.0 (August 27, 2021)

FEATURES:
New Resource: azurerm_logic_app_integration_account_schema (#13100)
New Resource: azurerm_relay_namespace_authorization_rule (#13116)
New Resource: azurerm_relay_hybrid_connection_authorization_rule (#13116)
ENHANCEMENTS:
dependencies: upgrading monitor to API Version 2021-07-01-preview (#13121)
dependencies: upgrading devtestlabs to API Version 2018-09-15 (#13074)
Data Source: azurerm_servicebus_namespace_authorization_rule - support for the
primary_connection_string_alias and secondary_connection_string_alias properties (#12997)
Data Source: azurerm_servicebus_queue_authorization_rule - support for the
primary_connection_string_alias and secondary_connection_string_alias properties (#12997)
Data Source: azurerm_network_service_tags - new properties ipv4_cidrs and ipv6_cidrs (#13058)
azurerm_api_management - now exports certificate expiry , thumbprint and subject attributes (#12262)
azurerm_app_configuration - support for user assigned identities (#13080)
azurerm_app_service - add support for vnet_route_all_enabled property (#13073)
azurerm_app_service_plan - support for the zone_redundant property (#13145)
azurerm_data_factory_dataset_binary - support for dynamic_path_enabled and dynamic_path_enabled
properties (#13117)
azurerm_data_factory_dataset_delimited_text - support for dynamic_path_enabled and dynamic_path_enabled
properties (#13117)
azurerm_data_factory_dataset_json - support for dynamic_path_enabled and dynamic_path_enabled
properties (#13117)
azurerm_data_factory_dataset_parquet - support for dynamic_path_enabled and dynamic_path_enabled
properties (#13117)
azurerm_firewall_policy - support for the intrusion_detection , identity and tls_certificate blocks
(#12769)
azurerm_kubernetes_cluster - support for the pod_subnet_id property (#12313)
azurerm_kubernetes_cluster_node_pool - support for the pod_subnet_id property (#12313)
azurerm_monitor_autoscale_setting - support for the field divide_by_instance_count within the
metric_trigger block (#13121)
azurerm_redis_enterprise_cluster - the tags property can now be updated (#13084)
azurerm_storage_account - add support for shared_key_access_enabled property (#13014)
azurerm_servicebus_namespace_authorization_rule - support for the primary_connection_string_alias and
secondary_connection_string_alias properties (#12997)
azurerm_servicebus_topic_authorization_rule - support for the primary_connection_string_alias and
secondary_connection_string_alias properties (#12997)
azurerm_dev_test_global_vm_shutdown_schedule - support for the mail property (#13074)
BUG FIXES:
azurerm_data_factory_dataset_delimited_text - support empty values for the column_delimiter ,
row_delimiter , quote_character , escape_character , and encoding propeties (#13149)
azurerm_cosmosdb_cassandra_table - correctly update throughput (#13102)
azurerm_private_dns_a_record - fix regression in name validation and add max recordset limit validation
(#13093)
azurerm_postgresql_flexible_server_database the charset and collation properties are now optional
(#13110)
azurerm_spring_cloud_app - Fix crash when identity is not present (#13125)
2.73.0 (August 20, 2021)

FEATURES:
New Data Source: azurerm_vpn_gateway (#12844)
New Data Source: azurerm_data_protection_backup_vault (#13062)
New Resource: azurerm_api_management_notification_recipient_email (#12849)
New Resource: azurerm_logic_app_integration_account_session (#12982)
New Resource: azurerm_machine_learning_synapse_spark (#13022)
New Resource: azurerm_machine_learning_compute_instance (#12834)
New Resource: azurerm_vpn_gateway (#13003)
ENHANCEMENTS:
Dependencies: upgrade github.com/Azure/azure-sdk-for-go to v56.2.0 (#12969)
Dependencies: updating frontdoor to use API version 2020-05-01 (#12831)
Dependencies: updating web to use API version 2021-02-01 (#12970)
Dependencies: updating kusto to use API version 2021-01-01 (#12967)
Dependencies: updating machinelearning to use API version 2021-07-01 (#12833)
Dependencies: updating network to use API version 2021-02-01 (#13002)
appconfiguration: updating to use the latest embedded SDK (#12950)
eventhub: updating to use the latest embedded SDK (#12946)
Data Source: azurerm_iothub - support for the property hostname (#13001)
Data Source: azurerm_application_security_group - refactoring to use an ID Formatter/Parser (#13028)
azurerm_active_directory_domain_service - export the resource_id attribute (#13011)
azurerm_app_service_environment_v3 - updated for GA changes, including support for
internal_load_balancing_mode , zone_redundant , dedicated_host_count , and several new exported properties
(#12932)
azurerm_application_security_group - refactoring to use an ID Formatter/Parser (#13028)
azurerm_data_lake_store - support for the identity block (#13050)
azurerm_kubernetes_cluster - support for the ultra_ssd_enabled and private_cluster_public_fqdn_enabled
properties (#12780)
azurerm_kubernetes_cluster_node_pool - supportfor the ultra_ssd_enabled property (#12780)
azurerm_logic_app_trigger_http_request - support for the callback_url attribute (#13057)
azurerm_netapp_volume - support for the snapshot_directory_visible property (#12961)
azurerm_sql_server - support for configuring threat_detection_policy (#13048)
azurerm_stream_analytics_output_eventhub - support for the property_columns property (#12947)
BUG FIXES:
azurerm_frontdoor - expose support for cache_duration and cache_query_parameters fields (#12831)
azurerm_network_watcher_flow_log - correctly truncate name by ensuring it doesn't end in a - (#12984)
azurerm_databricks_workspace - corrent logic for the public_network_access_enabled property (#13034)
azurerm_databricks_workspace - fix potential crash in Read (#13025)
azurerm_private_dns_zone_id - correctly handle inconsistant case (#13000)
azurerm_private_dns_a_record_resource - currently validate the name property by allowing @ s (#13042)
azurerm_eventhub_namespace - support upto 40 for the maximum_throughput_units property (#13065)
azurerm_kubernetes_cluster - fix crash in update when previously configured AAD Profile is now nil
(#13043)
azurerm_redis_enterprise_cluster - changing the tags property no longer creates a new resource (#12956)
azurerm_storage_account - allow 0 for the cors.max_age_in_seconds property (#13010)
azurerm_servicebus_topic - correctyl validate the name property (#13026)
azurerm_virtual_hub_connection - will not correctly lock it's cirtual network during updates (#12999)
azurerm_linux_virtual_machine_scale_set - fix potential crash in updates to the rolling_upgrade_policy block
(#13029)
2.72.0 (August 12, 2021)
UPGRADE NOTES
This version of the Azure Provider introduces the prevent_deletion_if_contains_resources feature flag (which
is disabled by default) which (when enabled) means that Terraform will check for Resources nested within the
Resource Group during the deletion of the Resource Group and require that these Resources are deleted first.
This avoids the unintentional deletion of unmanaged Resources within a Resource Group - and is defaulted
off in 2.x versions of the Azure Provider but will be enabled by default in version 3.0 of the Azure
Provider , see the features block documentation for more information. (#12657)
FEATURES:
New Resource: azurerm_video_analyzer (#12665)
New Resource: azurerm_video_analyzer_edge_module (#12911)
ENHANCEMENTS:
azurerm_api_management_named_value - support for system managed identities (#12938)
azurerm_application_insights_smart_detection_rule - support all currenly availible rules in the SDK (#12857)
azurerm_function_app - add support for dotnet_framework_version in (#12883)
azurerm_resource_group - conditionally (based on the prevent_deletion_if_contains_resources features flag -
see the 'Upgrade Notes' section) checking for nested Resources during deletion of the Resource Group and
raising an error if Resources are found (#12657)
BUG FIXES:
Data Source: azurerm_key_vault_certificate_data - updating the PEM Header when using a RSA Private Key
so this validates with OpenSSL (#12896)
azurerm_active_directory_domain_service - removing an unnecessary check during deletion (#12879)
azurerm_app_service_environment - removing an unnecessary check during deletion (#12879)
azurerm_cdn_profile - removing an unnecessary check during deletion (#12879)
azurerm_container_registry_scope_map - removing an unnecessary check during deletion (#12879)
azurerm_container_registry_token - removing an unnecessary check during deletion (#12879)
azurerm_container_registry_webhook - removing an unnecessary check during deletion (#12879)
azurerm_container_registry - removing an unnecessary check during deletion (#12879)
azurerm_data_factory_dataset_delimited_text - correctly send optional optional values to the API (#12921)
azurerm_data_lake_analytics_account - removing an unnecessary check during deletion (#12879)
azurerm_data_lake_store - removing an unnecessary check during deletion (#12879)
azurerm_data_protection_backup_instance_disk - removing an unnecessary check during deletion (#12879)
azurerm_database_migration_service - removing an unnecessary check during deletion (#12879)
azurerm_dns_zone - removing an unnecessary check during deletion (#12879)
azurerm_eventgrid_domain_topic - removing an unnecessary check during deletion (#12879)
azurerm_eventgrid_domain - removing an unnecessary check during deletion (#12879)
azurerm_eventgrid_event_subscription - removing an unnecessary check during deletion (#12879)
azurerm_eventgrid_system_topic_event_subscription - removing an unnecessary check during deletion
(#12879)
azurerm_eventgrid_system_topic - removing an unnecessary check during deletion (#12879)
azurerm_eventgrid_topic - removing an unnecessary check during deletion (#12879)
azurerm_express_route_circuit_authorization - removing an unnecessary check during deletion (#12879)
azurerm_express_route_circuit_peering - removing an unnecessary check during deletion (#12879)
azurerm_express_route_gateway - removing an unnecessary check during deletion (#12879)
azurerm_express_route_port - removing an unnecessary check during deletion (#12879)
azurerm_frontdoor_firewall_policy - removing an unnecessary check during deletion (#12879)
azurerm_hpc_cache_blob_nfs_target - removing an unnecessary check during deletion (#12879)
azurerm_iothub - removing an unnecessary check during deletion (#12879)
azurerm_key_vault_managed_hardware_security_module - removing an unnecessary check during deletion
(#12879)
azurerm_kubernetes_cluster - prevent nil panic when rbac config is empty (#12881)
azurerm_iot_dps - fixing a crash during creation (#12919)
azurerm_local_network_gateway - removing an unnecessary check during deletion (#12879)
azurerm_logic_app_trigger_recurrence - update time zone strings to match API behaviour, and use the
timezone even when start_time is not specified (#12453)
azurerm_mariadb_database - removing an unnecessary check during deletion (#12879)
azurerm_mariadb_server - removing an unnecessary check during deletion (#12879)
azurerm_mariadb_virtual_network_rule - removing an unnecessary check during deletion (#12879)
azurerm_mssql_database - removing an unnecessary check during deletion (#12879)
azurerm_mssql_virtual_network_rule - removing an unnecessary check during deletion (#12879)
azurerm_mysql_server - removing an unnecessary check during deletion (#12879)
azurerm_nat_gateway - removing an unnecessary check during deletion (#12879)
azurerm_network_packet_capture - removing an unnecessary check during deletion (#12879)
azurerm_packet_capture - removing an unnecessary check during deletion (#12879)
azurerm_postgresql_configuration - removing an unnecessary check during deletion (#12879)
azurerm_postgresql_firewall_rule - removing an unnecessary check during deletion (#12879)
azurerm_postgresql_server - removing an unnecessary check during deletion (#12879)
azurerm_postgresql_virtual_network_rule - removing an unnecessary check during deletion (#12879)
azurerm_private_dns_zone_virtual_network_link - removing an unnecessary check during deletion (#12879)
azurerm_private_endpoint - removing an unnecessary check during deletion (#12879)
azurerm_private_link_service - removing an unnecessary check during deletion (#12879)
azurerm_shared_image_gallery - removing an unnecessary check during deletion (#12879)
azurerm_sql_virtual_network_rule - removing an unnecessary check during deletion (#12879)
azurerm_virtual_machine_scale_set_extension - removing an unnecessary check during deletion (#12879)
azurerm_virtual_wan - removing an unnecessary check during deletion (#12879)
azurerm_vpn_gateway_connection - removing an unnecessary check during deletion (#12879)
azurerm_web_application_firewall_policy - removing an unnecessary check during deletion (#12879)
2.71.0 (August 06, 2021)

FEATURES:
New Data Source: azurerm_databricks_workspace_private_endpoint_connection (#12543)
New Resource: azurerm_api_management_tag (#12535)
New Resource: azurerm_bot_channel_line (#12746)
New Resource: azurerm_cdn_endpoint_custom_domain (#12496)
New Resource: azurerm_data_factory_data_flow (#12588)
New Resource: azurerm_postgresql_flexible_server_database (#12550)
ENHANCEMENTS:
dependencies: updating appinsights to use API Version 2020-02-02 (#12818)
dependencies: updating containerservice to use API Version 2021-05-1 (#12747)
dependencies: updating machinelearning to use API Version 2021-04-01 (#12804)
dependencies: updating databricks to use API Version 2021-04-01-preview (#12543)
PowerBI: refactoring to use an Embedded SDK (#12787)
SignalR: refactoring to use an Embedded SDK (#12785)
azurerm_api_management_api_diagnostic - support for the operation_name_format property (#12782)
azurerm_app_service - support for the acr_use_managed_identity_credentials and
acr_user_managed_identity_client_id properties (#12745)
azurerm_app_service - support v6.0 for the dotnet_framework_version property (#12788)
azurerm_application_insights - support for the workspace_id property (#12818)
azurerm_databricks_workspace - support for private link endpoint (#12543)
azurerm_databricks_workspace - add support for Customer Managed Keys for Managed Services (#12799)
azurerm_data_factory_linked_service_data_lake_storage_gen2 - don't send a secure connection string when
using a managed identity (#12359)
azurerm_function_app - support for the elastic_instance_minimum , app_scale_limit , and
runtime_scale_monitoring_enabled properties (#12741)
azurerm_kubernetes_cluster - support for the local_account_disabled property (#12386)
azurerm_kubernetes_cluster - support for the maintenance_window block (#12762)
azurerm_kubernetes_cluster - the field automatic_channel_upgrade can now be set to node-image (#12667)
azurerm_logic_app_workflow - support for the workflow_parameters (#12314)
azurerm_mssql_database - support for the Free and FSV2 SKU's (#12835)
azurerm_network_security_group - the protocol property now supports Ah and Esp values (#12865)
azurerm_public_ip_resource - support for sku_tier property (#12775)
azurerm_redis_cache - support for the replicas_per_primary , redis_version , and tenant_settings
properties and blocks (#12820)
azurerm_redis_enterprise_cluster - this can now be provisioned in Canada Central (#12842)
azurerm_static_site - support Standard SKU (#12510)
BUG FIXES:
Data Source azurerm_ssh_public_key - normalising the SSH Public Key (#12800)
azurerm_api_management_api_subscription - fixing the default scope to be /apis rather than all_apis as
required by the latest API (#12829)
azurerm_app_service_active_slot - fix 404 not found on read for slot (#12792)
azurerm_linux_virtual_machine_scale_set - fix crash in checking for latest image (#12808)
azurerm_kubernetes_cluster - corrently valudate the net_ipv4_ip_local_port_range_max property (#12859)
azurerm_local_network_gateway - fixing a crash where the LocalNetworkAddressSpace block was nil (#12822)
azurerm_notification_hub_authorization_rule - switching to use an ID Formatter (#12845)
azurerm_notification_hub - switching to use an ID Formatter (#12845)
azurerm_notification_hub_namespace - switching to use an ID Formatter (#12845)
azurerm_postgresql_database - fixing a crash in the Azure SDK (#12823)
azurerm_private_dns_zone - fixing a crash during deletion (#12824)
azurerm_resource_group_template_deployment - fixing deletion of nested items when using non-top level items
(#12421)
azurerm_subscription_template_deployment - fixing deletion of nested items when using non-top level items
(#12421)
azurerm_virtual_machine_extension - changing the publisher property now creates a new resource
(#12790)
2.70.0 (July 30, 2021)
FEATURES:
New Data Source azurerm_storage_share (#12693)
New Resource azurerm_bot_channel_alexa (#12682)
New Resource azurerm_bot_channel_direct_line_speech (#12735)
New Resource azurerm_bot_channel_facebook (#12709)
New Resource azurerm_bot_channel_sms (#12713)
New Resource azurerm_data_factory_trigger_custom_event (#12448)
New Resource azurerm_data_factory_trigger_tumbling_window (#12437)
New Resource azurerm_data_protection_backup_instance_disk (#12617)
ENHANCEMENTS:
dependencies: Upgrade web (App Service) API to 2021-01-15 (#12635)
analysisservices: refactoring to use an Embedded SDK (#12771)
maps: refactoring to use an Embedded SDK (#12716)
msi: refactoring to use an Embedded SDK (#12715)
relay: refactoring to use an Embedded SDK (#12772)
vmware: refactoring to use an Embedded SDK (#12751)
Data Source: azurerm_storage_account_sas - support for the property ip_addresses (#12705)
azurerm_api_management_diagnostic - support for the property operation_name_format (#12736)
azurerm_automation_certificate - the exportable property can now be set (#12738)
azurerm_data_factory_dataset_binary - the blob path and filename propeties are now optional (#12676)
azurerm_data_factory_trigger_blob_event - support for the activation property (#12644)
azurerm_data_factory_pipeline - support for the concurrency and moniter_metrics_after_duration
properties (#12685)
azurerm_hdinsight_interactive_query_cluster - support for the encryption_in_transit_enabled property
(#12767)
azurerm_hdinsight_spark_cluster - support for the encryption_in_transit_enabled property (#12767)
azurerm_firewall_polcy - support for property private_ip_ranges (#12696)
BUG FIXES:
azurerm_cdn_endpoint- fixing a crash when the future is nil (#12743)
azurerm_private_endpoint - working around a casing issue in private_connection_resource_id for MariaDB,
MySQL and PostgreSQL resources (#12761)
2.69.0 (July 23, 2021)

FEATURES:
New Data Source azurerm_active_directory_domain_service (#10782)
New Resource azurerm_active_directory_domain_service (#10782)
New Resource azurerm_active_directory_domain_service_replica_set (#10782)
New Resource azurerm_api_management_gateway_api (#12398)
New Resource azurerm_batch_job (#12573)
New Resource azurerm_bot_channel_web_chat (#12672)
New Resource azurerm_data_factory_managed_private_endpoint (#12618)
New Resource azurerm_data_protection_backup_policy_blob_storage (#12362)
New Resource azurerm_signalr_service_network_acl (#12434)
New Resource azurerm_virtual_network_dns_servers (#10782)
ENHANCEMENTS:
dependencies: Updgrading to v55.6.0 of github.com/Azure/azure-sdk-for-go (#12565)
azurerm_api_management_named_value - the field secret_id can now be set to a versionless Key Vault Key
(#12641)
azurerm_data_factory_integration_runtime_azure_ssis - support for the public_ips , express_custom_setup ,
package_store , and proxy blocks (#12545)
azurerm_data_factory_integration_runtime_azure_ssis - support for the key_vault_password , and
key_vault_license blocks (#12659)
azurerm_bot_channels_registration - support for the cmk_key_vault_url , description , icon_url , and
isolated_network_enabled (#12560)
azurerm_data_factory_integration_runtime_azure - support for the virtual_network_enabled property
(#12619)
azurerm_eventgrid_event_subscription - support for the advanced_filtering_on_arrays_enabled property
(#12609)
azurerm_eventgrid_system_topic_event_subscription - support for the advanced_filtering_on_arrays_enabled
property (#12609)
azurerm_eventhub_namespace - support for Azure Event Hubs Namespace Premium tier (#12695)
azurerm_kubernetes_cluster - support for downgrading sku_tier from Paid to Free without recreating
the Cluster (#12651)
azurerm_kusto_eventgrid_data_connection - Add supported data_format APACHEAVRO, ORC, PARQUET, TSVE
and W3CLOGFILE to validation function. (#12687)
azurerm_postgresql_flexible_server - support for the high_availability block (#12587)
BUG FIXES:
data.azurerm_redis_cache - fix a bug that caused the data source to raise an error (#12666)
azurerm_application_gateway - return an error when ssl policy is not properly configured (#12647)
azurerm_data_factory_linked_custom_service - fix a bug causing additional_properties to be read incorrectly
into state (#12664)
azurerm_eventhub_authorization_rule - fixing the error "empty non-retryable error received" (#12642)
azurerm_machine_learning_compute_cluster - fix a crash when creating a cluster without specifying
subnet_resource_id (#12658)
azurerm_storage_account - fixed account_replication_type validation (#12645)
2.68.0 (July 16, 2021)

FEATURES:
New Data Source azurerm_local_network_gateway (#12579)
New Resource azurerm_api_management_api_release (#12562)
New Resource azurerm_data_protection_backup_policy_disk (#12361)
New Resource azurerm_data_factory_custom_dataset (#12484)
New Resource azurerm_data_factory_dataset_binary (#12369)
New Resource azurerm_maintenance_assignment_virtual_machine_scale_set (#12273)
New Resource azurerm_postgresql_flexible_server_configuration (#12294)
New Resource azurerm_synapse_private_link_hub (#12495)
ENHANCEMENTS:
dependencies: updating bot to use API Version 2021-03-01 (#12449)
dependencies: updating maintenance to use API Version 2021-05-01 (#12273)
azurerm_api_management_named_value - support for the value_from_key_vault block (#12309)
azurerm_api_management_api_diagnostic - support for the data_masking 1 property (#12419)
azurerm_cognitive_account - support for the identity , storage , disable_local_auth , fqdns ,
public_network_access_enabled , and restrict_outbound_network_access properties (#12469)
azurerm_cognitive_account - the virtual_network_subnet_ids property has been deprecated in favour of
virtual_network_rules block to supoport the ignore_missing_vnet_service_endpoint property (#12600)
azurerm_container_registry - now exports the principal_id and tenant_id attributes in the identity
block (#12378)
azurerm_data_factory - support for the managed_virtual_network_enabled property (#12343)
azurerm_linux_virtual_machine_scale_set - Fix un-necessary VMSS instance rolling request (#12590)
azurerm_maintenance_configuration - support for the window , visibility , and properties blocks (#12273)
azurerm_powerbi_embedded - support for the mode property (#12394)
azurerm_redis_cache - support for the maintenance_window property in the patch_schedule block (#12472)
azurerm_storage_account_customer_managed_key - support for the user_assigned_identity_id property
(#12516)
BUG FIXES:
azurerm_api_management - no longer forces a new resource when changing the subnet_id property (#12611)
azurerm_function_app - set a default value for os_type and allow a blank string to be specified as per
documentation (#12482)
azurerm_key_vault_access_policy - prevent a possible panic on delete (#12616)
azurerm_postgresql_flexible_server - add new computed property private_dns_zone_id to work around an
upcomming breaking change in the API (#12288)
machine_learning_compute_cluster - make the subnet_resource_id property actually optional (#12558)
azurerm_mssql_database - don't allow license_type to be set for serverless SQL databases (#12555)
azurerm_subnet_network_security_group_association - prevent potential deadlocks when using multiple
association resources (#12267)
2.67.0 (July 09, 2021)
FEATURES:
New Data Source azurerm_api_management_gateway (#12297)
New Resource azurerm_api_management_gateway (#12297)
New Resource azurerm_databricks_workspace_customer_managed_key (#12331)
ENHANCEMENTS:
dependencies: updating postgresqlflexibleservers to use API Version 2021-06-01 (#12405)
azurerm_databricks_workspace - add support for machine_learning_workspace_id ,
customer_managed_key_enabled , infrastructure_encryption_enabled and storage_account_identity (#12331)
azurerm_security_center_assessment_policy - support for the categories propety (#12383)
BUG FIXES:
azurerm_api_management - fix an issue where changing the location of an additional_location would force a
new resource (#12468)
azurerm_app_service - fix crash when resource group or ASE is missing. (#12518)
azurerm_automation_variable_int - fixed value parsing order causing 1 to be considered a bool (#12511)
azurerm_automation_variable_bool - fixed value parsing order causing 1 to be considered a bool (#12511)
azurerm_data_factory_dataset_parquet - the azure_blob_storage_location.filename property cis now optional
(#12414)
azurerm_kusto_eventhub_data_connection - APACHEAVRO can now be used as a data_format option (#12480)
azurerm_site_recovery_replicated_vm - Fix potential crash in reading managed_disk properties (#12509)
azurerm_storage_account - account_replication_type can now be updated (#12479)
azurerm_storage_management_policy - fix crash in read of properties (#12487)
azurerm_storage_share_directory now allows underscore in property name [#12454]
azurerm_security_center_subscription_pricing - removed Owner permission note from documentation
(#12481)
DEPRECATIONS:
azurerm_postgresql_flexible_server - the cmk_enabled property has been deprecated as it has been
removed from the API (#12405)
azurerm_virtual_machine_configuration_policy_assignment - has been deprecated and renamed to
azurerm_policy_virtual_machine_configuration_assignment (#12497)
2.66.0 (July 02, 2021)
FEATURES:
New Resource azurerm_api_management_api_operation_tag (#12384)
New Resource azurerm_data_factory_linked_custom_service (#12224)
New Resource azurerm_data_factory_trigger_blob_event (#12330)
New Resource azurerm_express_route_connection (#11320)
New Resource azurerm_express_route_circuit_connection (#11303)
New Resource azurerm_management_group_policy_assignment (#12349)
New Resource azurerm_resource_group_policy_assignment (#12349)
New Resource azurerm_resource_policy_assignment (#12349)
New Resource azurerm_subscription_policy_assignment (#12349)
New resource azurerm_tenant_configuration (#11697)
Cognitive Service now supports purging soft delete accounts (#12281)
ENHANCEMENTS:
dependencies: updating cognitive to use API Version 2021-03-01 (#12281)
dependencies: updating trafficmanager to use API Version 2018-08-01 (#12400)
azurerm_api_management_backend - support for the client_certificate_id property (#12402)
azurerm_api_management_api - support for the revision_description , version_description , and
source_api_id properties (#12266)
azurerm_batch_account - support for the public_network_access_enabled property (#12401)
azurerm_eventgrid_event_subscription - support for additional advanced filters string_not_begins_with ,
string_not_ends_with , string_not_contains , is_not_null , is_null_or_undefined , number_in_range and
number_not_in_range (#12167)
azurerm_eventgrid_system_topic_event_subscription - support for additional advanced filters
string_not_begins_with , string_not_ends_with , string_not_contains , is_not_null , is_null_or_undefined ,
number_in_range and number_not_in_range (#12167)
azurerm_kubernetes_cluster - support for the fips_enabled , kubelet_disk_type , and license properties
(#11835)
azurerm_kubernetes_cluster_node_pool - support for the fips_enabled , and kubelet_disk_type properties
(#11835)
azurerm_lighthouse_definition - support for the plan block (#12360)
azurerm_site_recovery_replicated_vm - Add support for target_disk_encryption_set_id in managed_disk
(#12374)
azurerm_traffic_manager_endpoint - supports for the minimum_required_child_endpoints_ipv4 and
minimum_required_child_endpoints_ipv6 (#12400)
BUG FIXES:
azurerm_app_service - fix app_setting and SCM setting ordering (#12280)
azurerm_hdinsight_kafka_cluster - will no longer panic from an empty component_version property
(#12261)
azurerm_spatial_anchors_account - the tags property can now be updated without creating a new resource
(#11985)
Data Source azurerm_app_service_environment_v3 - fix id processing for Read (#12436)
2.65.0 (June 25, 2021)
FEATURES:
New Resource azurerm_data_protection_backup_instance_postgresql (#12220)
New Resource azurerm_hpc_cache_blob_nfs_target (#11671)
New Resource azurerm_nat_gateway_public_ip_prefix_association (#12353)
ENHANCEMENTS:
dependencies: updating to v0.11.19 of github.com/Azure/go-autorest/autorest (#12209)
dependencies: updating to v0.9.14 of github.com/Azure/go-autorest/autorest/adal (#12209)
dependencies: updating the embedded SDK for Eventhub Namespaces to use API Version
2021-01-01-preview (#12290)
azurerm_express_route_circuit_peering - support for the bandwidth_in_gbps and express_route_port_id
properties (#12289)
azurerm_kusto_iothub_data_connection - support for the data_format , mapping_rule_name and table_name
properties (#12293)
azurerm_linux_virtual_machine - updating proximity_placement_group_id will no longer create a new
resoruce (#11790)
azurerm_security_center_assessment_metadata - support for the categories property (#12278)
azurerm_windows_virtual_machine - updating proximity_placement_group_id will no longer create a new
resoruce (#11790)
BUG FIXES:
azurerm_data_factory - fix a bug where the name property was stored with the wrong casing (#12128)
2.64.0 (June 18, 2021)
FEATURES:
New Data Source azurerm_key_vault_secrets (#12147)
New Resource azurerm_api_management_redis_cache (#12174)
New Resource azurerm_data_factory_linked_service_odata (#11556)
New Resource azurerm_data_protection_backup_policy_postgresql (#12072)
New Resource azurerm_machine_learning_compute_cluster (#11675)
New Resource azurerm_eventhub_namespace_customer_managed_key (#12159)
New Resource azurerm_virtual_desktop_application (#12077)
ENHANCEMENTS:
dependencies: updating synapse to use API Version 2021-03-01 (#12183)
azurerm_api_management - support for the client_certificate_enabled , gateway_disabled , min_api_version ,
and zones propeties (#12125)
azurerm_api_management_api_schema - prevent plan not empty after apply for json definitions (#12039)
azurerm_application_gateway - correctly poopulat the identity block (#12226)
azurerm_container_registry - support for the zone_redundancy_enabled field (#11706)
azurerm_cosmosdb_sql_container - support for the spatial_index block (#11625)
azurerm_cosmos_gremlin_graph - support for the spatial_index property (#12176)
azurerm_data_factory - support for global_parameter (#12178)
azurerm_kubernetes_cluster - support for the kubelet_config and linux_os_config blocks (#11119)
azurerm_monitor_metric_alert - support the StartsWith dimension operator (#12181)
azurerm_private_link_service - changing load_balancer_frontend_ip_configuration_ids list no longer creates
a new resource (#12250)
azurerm_stream_analytics_job - supports for the identity block (#12171)
azurerm_storage_account - support for the share_properties block (#12103)
azurerm_synapse_workspace - support for the data_exfiltration_protection_enabled property (#12183)
azurerm_synapse_role_assignment - support for scopes and new role types (#11690)
BUG FIXES:
azurerm_synapse_role_assignment - support new roles and scopes (#11690)
azurerm_lb - fix zone behaviour bug introduced in recent API upgrade (#12208)
2.63.0 (June 11, 2021)
FEATURES:
New Resource azurerm_data_factory_linked_service_azure_search (#12122)
New Resource azurerm_data_factory_linked_service_kusto (#12152)
ENHANCEMENTS:
dependencies: updating streamanalyticsto use API Version 2020-03-01-preview (#12133)
dependencies: updating virtualdesktop to use API Version 2020-11-02-preview (#12160)
data.azurerm_synapse_workspace - support for the identity attribute (#12098)
azurerm_cosmosdb_gremlin_graph - support for the composite_index and partition_key_version properties
(#11693)
azurerm_data_factory_dataset_azure_blob - support for the dynamic_filename_enabled and
dynamic_path_enabled properties (#12034)
azurerm_data_factory_dataset_delimited_text - supports the azure_blob_fs_location property (#12041)
azurerm_data_factory_linked_service_azure_sql_database - support for the key_vault_connection_string
property (#12139)
azurerm_data_factory_linked_service_sql_server - add key_vault_connection_string argument (#12117)
azurerm_data_factory_linked_service_data_lake_storage_gen2 - supports for the storage_account_key
property (#12136)
azurerm_eventhub - support for the status property (#12043)
azurerm_kubernetes_cluster - support migration of service_principal to identity (#12049)
azurerm_kubernetes_cluster -support for BYO kubelet_identity (#12037)
azurerm_kusto_cluster_customer_managed_key - supports for the user_identity property (#12135)
azurerm_network_watcher_flow_log - support for the location and tags properties (#11670)
azurerm_storage_account - support for user assigned identities (#11752)
azurerm_storage_account_customer_managed_key - support the use of keys from key vaults in remote
subscription (#12142)
azurerm_virtual_desktop_host_pool - support for the start_vm_on_connect property (#12160)
azurerm_vpn_server_configuration - now supports multiple auth blocks (#12085)
BUG FIXES:
Service: App Configuration - Fixed a bug in tags on resources all being set to the same value (#12062)
Service: Event Hubs - Fixed a bug in tags on resources all being set to the same value (#12062)
azurerm_subscription - fix ability to specify DevTest as workload (#12066)
azurerm_sentinel_alert_rule_scheduled - the query frequency duration can noe be up to 14 days (#12164)
2.62.1 (June 08, 2021)

BUG FIXES:
azurerm_role_assignment - use the correct ID when assigning roles to resources (#12076)
2.62.0 (June 04, 2021)
FEATURES:
New Resource azurerm_data_protection_backup_vault (#11955)
New Resource azurerm_postgresql_flexible_server_firewall_rule(#11834)
New Resource azurerm_vmware_express_route_authorization (#11812)
New Resource azurerm_storage_object_replication_policy (#11744)
ENHANCEMENTS:
dependencies: updating networkto use API Version 2020-11-01 (#11627)
azurerm_app_service_environment - support for the internal_ip_address , service_ip_address , and
outbound_ip_addresses properties (#12026)
azurerm_api_management_api_subscription - support for the api_id property (#12025)
azurerm_container_registry - support for versionless encryption keys for ACR (#11856)
azurerm_kubernetes_cluster - support for gateway_name for Application Gateway add-on (#11984)
azurerm_kubernetes_cluster - support update of azure_rbac_enabled (#12029)
azurerm_kubernetes_cluster - support for node_public_ip_prefix_id (#11635)
azurerm_kubernetes_cluster_node_pool - support for node_public_ip_prefix_id (#11635)
azurerm_machine_learning_inference_cluster - support for the ssl.leaf_domain_label and
ssl.overwrite_existing_domain properties (#11830)
azurerm_role_assignment - support the delegated_managed_identity_resource_id property (#11848)
BUG FIXES:
azuerrm_postgres_server - do no update password unless its changed (#12008)
azuerrm_storage_acount - prevent containerDeleteRetentionPolicy and lastAccessTimeTrackingPolicy not
supported in AzureUSGovernment errors (#11960)
2.61.0 (May 27, 2021)
FEATURES:
New Data Source: azurerm_spatial_anchors_account (#11824)
ENHANCEMENTS:
dependencies: updating mixedreality to use API Version 2021-01-01 (#11824)
refactor: switching to use an embedded SDK for appconfiguration (#11959)
refactor: switching to use an embedded SDK for eventhub (#11973)
provider: support for the Virtual Machine skip_shutdown_and_force_delete feature (#11216)
provider: support for the Virtual Machine Scale Set force_delete feature (#11216)
provider: no longer auto register the Microsoft.DevSpaces RP (#11822)
Data Source: azurerm_key_vault_certificate_data - support certificate bundles and add support for ECDSA
keys (#11974)
azurerm_data_factory_linked_service_sftp - support for hostkey related properties (#11825)
azurerm_spatial_anchors_account - support for account_domain and account_id (#11824)
azurerm_static_site - Add support for tags attribute (#11849)
azurerm_storage_account - private_link_access supports more values (#11957)
azurerm_storage_account_network_rules : private_link_access supports more values (#11957)
azurerm_synapse_spark_pool - spark_version now supports 3.0 (#11972)
BUG FIXES:
azurerm_cdn_endpoint - do not send an empty origin_host_header to the api (#11852)
azurerm_linux_virtual_machine_scale_set : changing the disable_automatic_rollback and
enable_automatic_os_upgrade properties no longer created a new resource (#11723)
azurerm_storage_share : Fix ID for resource_manager_id (#11828)
azurerm_windows_virtual_machine_scale_set : changing the disable_automatic_rollback and
enable_automatic_os_upgrade properties no longer created a new resource (#11723)
2.60.0 (May 20, 2021)

FEATURES:
New Data Source: azurerm_eventhub_cluster (#11763)
New Data Source: azurerm_redis_enterprise_database (#11734)
New Resource: azurerm_static_site (#7150)
New Resource: azurerm_machine_learning_inference_cluster (#11550)
ENHANCEMENTS:
dependencies: updating to use API Version 2021-03-01 (#11708)
aks
dependencies: updating eventgrid to use API Version 2020-10-15-preview (#11746)
azurerm_cosmosdb_mongo_collection - support for the analytical_storage_ttl property (#11735)
azurerm_cosmosdb_cassandra_table - support for the analytical_storage_ttl property (#11755)
azurerm_healthcare_service - support for the public_network_access_enabled property (#11736)
azurerm_hdinsight_kafka_cluster - support for the encryption_in_transit_enabled property (#11737)
azurerm_media_services_account - support for the key_delivery_access_control block (#11726)
azurerm_monitor_activity_log_alert - support for Security event type for Azure Service Health alerts
(#11802)
azurerm_netapp_volume - support for the security_style property - (#11684)
azurerm_redis_cache - suppot for the replicas_per_master peoperty (#11714)
azurerm_spring_cloud_service - support for the required_network_traffic_rules block (#11633)
azurerm_storage_account_management_policy - the name property can now contain - (#11792)
BUG FIXES:
azurerm_frontdoor - added a check for to avoid panic on destroy (#11720)
nil
azurerm_linux_virtual_machine_scale_set - the extension blocks are now a set (#11425)
azurerm_virtual_network_gateway_connection - fix a bug where shared_key was not being updated (#11742)
azurerm_windows_virtual_machine_scale_set - the extension blocks are now a set (#11425)
azurerm_windows_virtual_machine_scale_set - changing the license_type will no longer create a new
resource (#11731)
2.59.0 (May 14, 2021)
FEATURES:
New Resource: azurerm_consumption_budget_resource_group (#9201)
New Resource: azurerm_consumption_budget_subscription (#9201)
New Resource: azurerm_monitor_aad_diagnostic_setting (#11660)
New Resource: azurerm_sentinel_alert_rule_machine_learning_behavior_analytics (#11552)
New Resource: azurerm_servicebus_namespace_disaster_recovery_config (#11638)
ENHANCEMENTS:
dependencies: updating databox to API version 2020-12-01 (#11626)
dependencies: updating maps to API version 2021-02-01 (#11676)
Data Source: azurerm_kubernetes_cluster - Add ingress_application_gateway_identity export for add-on
ingress_application_gateway (#11622)
azurerm_cosmosdb_account - support for the identity and cors_rule blocks (#11653)
azurerm_cosmosdb_account - support for the backup property (#11597)
azurerm_cosmosdb_sql_container - support for the analytical_storage_ttl property (#11655)
azurerm_container_registry - support for the identity and encryption blocks (#11661)
azurerm_frontdoor_custom_https_configuration - Add support for resource import. (#11642)
azurerm_kubernetes_cluster - export the ingress_application_gateway_identity attribute for the
ingress_application_gateway add-on (#11622)
azurerm_managed_disk - support for the tier property (#11634)
azurerm_storage_account - support for the azure_files_identity_based_authentication and
routing_preference blocks (#11485)
azurerm_storage_account - support for the private_link_access property (#11629)
azurerm_storage_account - support for the change_feed_enabled property (#11695)
BUG FIXES
Data Source: azurerm_container_registry_token - updating the validation for the name field (#11607)
azurerm_bastion_host - updating the ip_configuration block properties now forces a new resource
(#11700)
azurerm_container_registry_token - updating the validation for the name field (#11607)
azurerm_mssql_database - wil now correctly import the creation_source_database_id property for Secondary
databases (#11703)
azurerm_storage_account - allow empty/blank values for the allowed_headers and exposed_headers
properties (#11692)
2.58.0 (May 07, 2021)
UPGRADE NOTES
azurerm_frontdoor - The custom_https_provisioning_enabled field and the custom_https_configuration block
have been deprecated and has been removed as they are no longer supported. (#11456)
azurerm_frontdoor_custom_https_configuration - The resource_group_name has been deprecated and has been
removed as it is no longer supported. (#11456)
FEATURES:
New Data Source: azurerm_storage_table_entity (#11562)
New Resource: azurerm_app_service_environment_v3 (#11174)
New Resource: azurerm_cosmosdb_notebook_workspace (#11536)
New Resource: azurerm_cosmosdb_sql_trigger (#11535)
New Resource: azurerm_cosmosdb_sql_user_defined_function (#11537)
New Resource: azurerm_iot_time_series_insights_event_source_iothub (#11484)
New Resource: azurerm_storage_blob_inventory_policy (#11533)
ENHANCEMENTS:
dependencies: updating network-dbto API version 2020-07-01 (#10767)
azurerm_cosmosdb_account - support for the access_key_metadata_writes_enabled , mongo_server_version , and
network_acl_bypass properties (#11486)
azurerm_data_factory - support for the customer_managed_key_id property (#10502)
azurerm_data_factory_pipeline - support for the folder property (#11575)
azurerm_frontdoor - Fix for Frontdoor resource elements being returned out of order. (#11456)
azurerm_hdinsight_*_cluster - support for autoscale #8104 (#11547)
azurerm_network_security_rule - support for the protocols Ah and Esp (#11581)
azurerm_network_connection_monitor - support for the coverage_level , excluded_ip_addresses ,
included_ip_addresses , target_resource_id , and resource_type propeties (#11540)
2.57.0 (April 30, 2021)

UPGRADE NOTES
azurerm_api_management_authorization_server - due to a bug in the 2020-12-01 version of the API
Management API, changes to resource_owner_username and resource_owner_password in Azure will not be
noticed by Terraform (#11146)
azurerm_cosmosdb_account - the 2021-02-01 version of Azure Cosmos DB for MongoDB defaults new
MongoDB accounts to v3.6 rather then v3.2 (#10926)
azurerm_cosmosdb_mongo_collection - the _id index is now required by the new API/MongoDB version
(#10926)
azurerm_cosmosdb_gremlin_graph and azurerm_cosmosdb_sql_container - the patition_key_path property is
now required (#10926)
FEATURES:
Data Source: azurerm_container_registry_scope_map (#11350)
Data Source: azurerm_container_registry_token (#11350)
Data Source: azurerm_postgresql_flexible_server (#11081)
Data Source: azurerm_key_vault_managed_hardware_security_module (#10873)
New Resource: azurerm_container_registry_scope_map (#11350)
New Resource: azurerm_container_registry_token (#11350)
New Resource: azurerm_data_factory_dataset_snowflake (#11116)
New Resource: azurerm_healthbot (#11002)
New Resource: azurerm_key_vault_managed_hardware_security_module (#10873)
New Resource: azurerm_media_asset_filter (#11110)
New Resource: azurerm_mssql_job_agent (#11248)
New Resource: azurerm_mssql_job_credential (#11363)
New Resource: azurerm_mssql_transparent_data_encryption (#11148)
New Resource: azurerm_postgresql_flexible_server (#11081)
New Resource: azurerm_spring_cloud_app_cosmosdb_association (#11307)
New Resource: azurerm_sentinel_data_connector_microsoft_defender_advanced_threat_protection (#10669)
New Resource: azurerm_virtual_machine_configuration_policy_assignment (#11334)
New Resource: azurerm_vmware_cluster (#10848)
ENHANCEMENTS:
dependencies: updating cosmos-db to API version 2021-02-01 (#10926)
dependencies: updating keyvault to API version v7.1 (#10926)
Data Source: azurerm_healthcare_service - export the cosmosdb_key_vault_key_versionless_id attribute
(#11481)
Data Source: azurerm_key_vault_certificate - export the curve attribute in the key_properties block
(#10867)
Data Source: azurerm_virtual_machine_scale_set - now exports the network_interfaces (#10585)
azurerm_app_service - support for the site_config.ip_restrictions.headers and
site_config.scm_ip_restrictions.headers properties (#11209)
azurerm_app_service_slot - support for the site_config.ip_restrictions.headers and
azurerm_backup_policy_file_share - support for the retention_weekly , retention_monthly , and
retention_yearly blocks (#10733)
azurerm_cosmosdb_sql_container - support for the conflict_resolution_policy block (#11517)
azurerm_container_group - support for the exposed_port block (#10491)
azurerm_container_registry - deprecating the georeplication_locations property in favour of the
georeplications property #11200]
azurerm_database_migration - switching to using an ID Formatter (#11378)
azurerm_database_migration_project - switching to using an ID Formatter (#11378)
azurerm_databricks_workspace - switching to using an ID Formatter (#11378)
azurerm_databricks_workspace - fixes propagation of tags to connected resources (#11405)
azurerm_data_factory_linked_service_azure_file_storage - support for the key_vault_password property
(#11436)
azurerm_dedicated_host_group - support for the automatic_placement_enabled property (#11428)
azurerm_frontdoor - sync MaxItemson various attributes to match azure docs (#11421)
azurerm_frontdoor_custom_https_configuration - removing secret version validation when using azure key
vault as the certificate source (#11310)
azurerm_function_app - support for the site_config.ip_restrictions.headers and
azurerm_function_app - support the java_version property (#10495)
azurerm_hdinsight_interactive_query_cluster - add support for private link endpoint (#11300)
azurerm_hdinsight_hadoop_cluster - add support for private link endpoint (#11300)
azurerm_hdinsight_spark_cluster - add support for private link endpoint (#11300)
azurerm_healthcare_service - support for the cosmosdb_key_vault_key_versionless_id property (#11481)
azurerm_kubernetes_cluster - support for the ingress_application_gateway addon (#11376)
azurerm_kubernetes_cluster - support for the azure_rbac_enabled property (#10441)
azurerm_hpc_cache - support for the directory_active_directory , directory_flat_file , and directory_ldap
blocks (#11332)
azurerm_key_vault_certificate - support additional values for the key_size property in the key_properties
block (#10867)
azurerm_key_vault_certificate - support the curve property in the key_properties block (#10867)
azurerm_key_vault_certificate - the key_size property in the key_properties block is now optional
(#10867)
azurerm_kubernetes_cluster - support for the dns_prefix_private_cluster property (#11321)
azurerm_kubernetes_cluster - support for the max_node_provisioning_time , max_unready_percentage , and
max_unready_nodes properties (#11406)
azurerm_storage_encryption_scope - support for the infrastructure_encryption_required property (#11462)
azurerm_kubernetes_cluster support for the empty_bulk_delete_max in the auto_scaler_profile block #
(#11060)
azurerm_lighthouse_definition - support for the delegated_role_definition_ids property (#11269)
azurerm_managed_application - support for the parameter_values property (#8632)
azurerm_managed_disk - support for the network_access_policy and disk_access_id properties (#9862)
azurerm_postgresql_server - wait for replica restarts when needed (#11458)
azurerm_redis_enterprise_cluster - support for the minimum_tls_version and hostname properties (#11203)
azurerm_storage_account - support for the versioning_enabled , default_service_version , and
last_access_time_enabled properties within the blob_properties block (#11301)
azurerm_storage_account - support for the nfsv3_enabled property (#11387)
azurerm_storage_management_policy - support for the version block (#11163)
azurerm_synapse_workspace - support for the customer_managed_key_versionless_id property (#11328)
BUG FIXES:
azurerm_api_management - will no longer panic with an empty hostname_configuration (#11426)
azurerm_api_management_diagnostic - fix a crash with the frontend_request , frontend_response ,
backend_request , backend_response blocks (#11402)
azurerm_eventgrid_system_topic - remove strict validation on topic_type (#11352)
azurerm_iothub - change filter_rule from TypeSet to TypeList to resolve an ordering issue (#10341)
azurerm_linux_virtual_machine_scale_set - the default value for the priority property will no longer force a
replacement of the resource (#11362)
azurerm_monitor_activity_log_alert - fix a persistent diff for the service_health block (#11383)
azurerm_mssql_database - return an error when secondary database uses max_size_gb (#11401)
azurerm_mssql_database - correctly import the create_mode property (#11026)
azurerm_netap_volume - correctly set the replication_frequency attribute in the data_protection_replication
block (#11530)
azurerm_postgresql_server - ensure public_network_access_enabled is correctly set for replicas (#11465)
azurerm_postgresql_server - can now correctly disable replication if required when create_mode is changed
(#11467)
azurerm_virtual_network_gatewa - updating the custom_route block no longer forces a new resource to be
created [GH- 11433]
2.56.0 (April 15, 2021)
FEATURES:
New Resource: azurerm_data_factory_linked_service_azure_databricks (#10962)
New Resource: azurerm_data_lake_store_virtual_network_rule (#10430)
New Resource: azurerm_media_live_event_output (#10917)
New Resource: azurerm_spring_cloud_app_mysql_association (#11229)
ENHANCEMENTS:
dependencies: updating github.com/Azure/azure-sdk-for-go to v53.0.0 (#11302)
dependencies: updating containerservice to API version 2021-02-01 (#10972)
azurerm_app_service - fix broken ip_restrictions and scm_ip_restrictions (#11170)
azurerm_application_gateway - support for configuring firewall_policy_id within the path_rule block
(#11239)
azurerm_firewall_policy_rule_collection_group - allow * for the
network_rule_collection.destination_ports property (#11326)
azurerm_function_app - fix broken ip_restrictions and scm_ip_restrictions (#11170)
azurerm_data_factory_linked_service_sql_database - support managed identity and service principal auth
and add the keyvault_password property (#10735)
azurerm_hpc_cache - support for tags (#11268)
azurerm_linux_virtual_machine_scale_set - Support health extension for rolling ugrade mode (#9136)
azurerm_monitor_activity_log_alert - support for service_health (#10978)
azurerm_mssql_database - support for the geo_backup_enabled property (#11177)
azurerm_public_ip - support for ip_tags (#11270)
azurerm_windows_virtual_machine_scale_set - Support health extension for rolling ugrade mode (#9136)
BUG FIXES:
azurerm_app_service_slot - fix crash bug when given empty http_logs (#11267)
2.55.0 (April 08, 2021)
FEATURES:
New Resource: azurerm_api_management_email_template (#10914)
New Resource: azurerm_communication_service (#11066)
New Resource: azurerm_express_route_port (#10074)
New Resource: azurerm_spring_cloud_app_redis_association (#11154)
ENHANCEMENTS:
Data Source: azurerm_user_assigned_identity - exporting tenant_id (#11253)
Data Source: azurerm_function_app - exporting client_cert_mode (#11161)
azurerm_eventgrid_data_connection - support for the table_name , mapping_rule_name , and data_format
properties (#11157)
azurerm_hpc_cache - support for configuring dns (#11236)
azurerm_hpc_cache - support for configuring ntp_server (#11236)
azurerm_hpc_cache_nfs_target - support for the access_policy_name property (#11186)
azurerm_hpc_cache_nfs_target - usage_model can now be set to READ_HEAVY_CHECK_180 ,
WRITE_WORKLOAD_CHECK_30 , WRITE_WORKLOAD_CHECK_60 and WRITE_WORKLOAD_CLOUDWS (#11247)
azurerm_function_app - support for configuring client_cert_mode (#11161)
azurerm_netapp_volume - adding root_access_enabled to the export_policy_rule block (#11105)
azurerm_private_endpoint - allows for an alias to specified (#10779)
azurerm_user_assigned_identity - exporting tenant_id (#11253)
azurerm_web_application_firewall_policy - version within the managed_rule_set block can now be set to
(OWASP) 3.2 (#11244)
BUG FIXES:
Data Source: azurerm_dns_zone - fixing a bug where the Resource ID wouldn't contain the Resource Group
name when looking this up (#11221)
azurerm_media_service_account - storage_authentication_type correctly accepts both ManagedIdentity and
System (#11222)
azurerm_web_application_firewall_policy - http_listener_ids and path_based_rule_ids are now Computed
only (#11196)
2.54.0 (April 02, 2021)
FEATURES:
New Resource: azurerm_hpc_cache_access_policy (#11083)
New Resource: azurerm_management_group_subscription_association (#11069)
New Resource: azurerm_media_live_event (#10724)
ENHANCEMENTS:
dependencies: updating storage to API version 2021-01-01 (#11094)
dependencies: updating storagecache (a.k.a hpc ) to API version 2021-03-01 (#11083)
azurerm_application_gateway - support for rewriting urls with the url block (#10950)
azurerm_cognitive_account - Add support for network_acls (#11164)
azurerm_container_registry - support for the quarantine_policy_enabled property (#11011)
azurerm_firewall - support for the private_ip_ranges property [p#10627]
azurerm_log_analytics_workspace - Fix issue where -1 couldn't be specified for daily_quota_gb (#11182)
azurerm_spring_cloud_service - supports for the sample_rate property (#11106)
azurerm_storage_account - support for the container_delete_retention_policy property (#11131)
azurerm_virtual_desktop_host_pool - support for the custom_rdp_properties property (#11160)
azurerm_web_application_firewall_policy - support for the http_listener_ids and path_based_rule_ids
properties (#10860)
BUG FIXES:
azurerm_api_management - the property is now optional (#11139)
certificate_password
azurerm_data_factory_linked_service_azure_blob_storage - correct managed identity implementation by
implementing the service_endpoint property (#10830)
azurerm_machine_learning_workspace - deprecate the Enterprise sku as it has been deprecated by Azure
(#11063)
azurerm_machine_learning_workspace - support container registries in other subscriptions (#11065)
azurerm_site_recovery_fabric - Fixes error in checking for existing resource (#11130)
azurerm_spring_cloud_custom_domain - thumbprint is required when specifying certificate_name (#11145)
azurerm_subscription - fixes broken timeout on destroy (#11124)
2.53.0 (March 26, 2021)

FEATURES:
New Resource: azurerm_management_group_template_deployment (#10603)
New Resource: azurerm_tenant_template_deployment (#10603)
New Data Source: azurerm_template_spec_version (#10603)
ENHANCEMENTS:
Data Source: azurerm_key_vault_secret - support for the versionless_id attribute (#11091)
azurerm_container_registry - support for the public_network_access_enabled property (#10969)
azurerm_kusto_eventhub_data_connection - support for the event_system_properties block (#11006)
azurerm_logic_app_trigger_recurrence - Add support for schedule (#11055)
azurerm_resource_group_template_deployment - add support for template_spec_version_id property (#10603)
azurerm_role_definition - the permissions block is now optional (#9850)
azurerm_subscription_template_deployment - add support for template_spec_version_id property (#10603)
BUG FIXES:
azurerm_frontdoor_custom_https_configuration - fixing a crash during update (#11046)
azurerm_resource_group_template_deployment - always sending parameters_content during an update
(#11001)
azurerm_role_definition - fixing crash when permissions are empty (#9850)
azurerm_subscription_template_deployment - always sending parameters_content during an update (#11001)
azurerm_spring_cloud_app - supports for the tls_enabled property (#11064)
2.52.0 (March 18, 2021)

FEATURES:
New Resource: azurerm_mssql_firewall_rule (#10954)
New Resource: azurerm_mssql_virtual_network_rule (#10954)
ENHANCEMENTS:
dependencies: updating to of github.com/Azure/azure-sdk-for-go (#10982)
v52.4.0
azurerm_api_management_subscription - making user_id property optional [#10638}
BUG FIXES:
azurerm_cosmosdb_account_resource - marking connection_string as sensitive (#10942)
azurerm_eventhub_namespace_disaster_recovery_config - deprecating the alternate_name property due to a
service side API bug (#11013)
azurerm_local_network_gateway - making the address_space property optional (#10983)
azurerm_management_group - validation for subscription_id list property entries (#10948)
2.51.0 (March 12, 2021)
FEATURES:
New Resource: azurerm_purview_account (#10395)
New Resource: azurerm_data_factory_dataset_parquet (#10852)
New Resource: azurerm_security_center_server_vulnerability_assessment (#10030)
New Resource: azurerm_security_center_assessment (#10694)
New Resource: azurerm_security_center_assessment_policy (#10694)
New Resource: azurerm_sentinel_data_connector_azure_advanced_threat_protection (#10666)
New Resource: azurerm_sentinel_data_connector_azure_security_center (#10667)
New Resource: azurerm_sentinel_data_connector_microsoft_cloud_app_security (#10668)
ENHANCEMENTS:
azurerm_role_assignment - support enrollment ids in scope argument (#10890)
azurerm_kubernetes_cluster - support None for the private_dns_zone_id property (#10774)
azurerm_kubernetes_cluster - support for expander in the auto_scaler_profile block (#10777)
azurerm_linux_virtual_machine - support for configuring platform_fault_domain (#10803)
azurerm_linux_virtual_machine_scale_set - will no longer recreate the resource when
rolling_upgrade_policy or health_probe_id is updated (#10856)
azurerm_netapp_volume - support creating from a snapshot via the create_from_snapshot_resource_id
property (#10906)
azurerm_role_assignment - support for the description , condition , and condition_version (#10804)
azurerm_windows_virtual_machine - support for configuring platform_fault_domain (#10803)
azurerm_windows_virtual_machine_scale_set - will no longer recreate the resource when
rolling_upgrade_policy or health_probe_id is updated (#10856)
BUG FIXES:
Data Source: azurerm_function_app_host_keys - retrying reading the keys to work around a broken API
(#10894)
Data Source: azurerm_log_analytics_workspace - ensure the id is returned with the correct casing (#10892)
Data Source: azurerm_monitor_action_group - add support for aad_auth attribute (#10876)
azurerm_api_management_custom_domain - prevent a perpetual diff (#10636)
azurerm_eventhub_consumer_group - detecting as removed when deleted in Azure (#10900)
azurerm_key_vault_access_policy - Fix destroy where permissions casing on service does not match config /
state (#10931)
azurerm_key_vault_secret - setting the value of the secret after recovering it (#10920)
azurerm_kusto_eventhub_data_connection - make table_name and data_format optional (#10913)
azurerm_mssql_virtual_machine - workaround for inconsistent API value for log_backup_frequency_in_minutes
in the manual_schedule block (#10899)
azurerm_postgres_server - support for replicaset scaling (#10754)
azurerm_postgresql_aad_administrator - prevent invalid usernames for the login property (#10757)
2.50.0 (March 05, 2021)

FEATURES:
New Data Source: azurerm_vmware_private_cloud (#9284)
New Resource: azurerm_kusto_eventgrid_data_connection (#10712)
New Resource: azurerm_sentinel_data_connector_aws_cloud_trail (#10664)
New Resource: azurerm_sentinel_data_connector_azure_active_directory (#10665)
New Resource: azurerm_sentinel_data_connector_office_365 (#10671)
New Resource: azurerm_sentinel_data_connector_threat_intelligence (#10670)
New Resource: azurerm_subscription (#10718)
New Resource: azurerm_vmware_private_cloud (#9284)
ENHANCEMENTS:
dependencies: updating compute to API version 2020-12-01 (#10650)
Data Source: azurerm_dns_zone - updating to use a consistent Terraform Resource ID to avoid API issues
(#10786)
azurerm_dns_a_record - updating to use a consistent Terraform Resource ID to avoid API issues (#10786)
azurerm_dns_aaaa_record - updating to use a consistent Terraform Resource ID to avoid API issues (#10786)
azurerm_dns_caa_record - updating to use a consistent Terraform Resource ID to avoid API issues (#10786)
azurerm_dns_cname_record - updating to use a consistent Terraform Resource ID to avoid API issues (#10786)
azurerm_dns_mx_record - updating to use a consistent Terraform Resource ID to avoid API issues (#10786)
azurerm_dns_ns_record - updating to use a consistent Terraform Resource ID to avoid API issues (#10786)
azurerm_dns_ptr_record - updating to use a consistent Terraform Resource ID to avoid API issues (#10786)
azurerm_dns_srv_record - updating to use a consistent Terraform Resource ID to avoid API issues (#10786)
azurerm_dns_txt_record - updating to use a consistent Terraform Resource ID to avoid API issues (#10786)
azurerm_dns_zone - updating to use a consistent Terraform Resource ID to avoid API issues (#10786)
azurerm_function_app_host_keys - support for event_grid_extension_config_key (#10823)
azurerm_keyvault_secret - support for the versionless_id property (#10738)
azurerm_kubernetes_cluster - support private_dns_zone_id when using a service_principal (#10737)
azurerm_kusto_cluster - supports for the double_encryption_enabled property (#10264)
azurerm_linux_virtual_machine - support for configuring license_type (#10776)
azurerm_log_analytics_workspace_resource - support permanent deletion of workspaces with the
permanently_delete_on_destroy feature flag (#10235)
azurerm_monitor_action_group - support for secure webhooks via the aad_auth block (#10509)
azurerm_mssql_database - support for the log_monitoring_enabled property within the
extended_auditing_policy block (#10324)
azurerm_mssql_database_extended_auditing_policy - support for the log_monitoring_enabled property
(#10324)
azurerm_mssql_server - support for the log_monitoring_enabled property within the
azurerm_mssql_server_extended_auditing_policy - support for the log_monitoring_enabled property [#10324]
azurerm_signalr_service - support for the upstream_endpoint block (#10459)
azurerm_sql_server - support for the log_monitoring_enabled property within the extended_auditing_policy
block (#10324)
azurerm_sql_database - support for the log_monitoring_enabled property within the
azurerm_spring_cloud_java_deployment - supporting delta updates (#10729)
azurerm_virtual_network_gateway - deprecate peering_address in favour of peering_addresses (#10381)
BUG FIXES:
Data Source: azurerm_netapp_volume - fixing a crash when setting data_protection_replication (#10795)
azurerm_api_management - changing the sku_name property no longer forces a new resouce to be created
(#10747)
azurerm_api_management - the field tenant_access can only be configured when not using a Consumption
SKU (#10766)
azurerum_frontdoor - removed the MaxItems validation from the Backend Pools (#10828)
azurerm_kubernetes_cluster_resource - allow windows passwords as short as 8 charaters long (#10816)
azurerm_cosmosdb_mongo_collection - ignore throughput if Azure Cosmos DB provisioned in 'serverless'
capacity mode (#10389)
azurerm_linux_virtual_machine - parsing the User Assigned Identity ID case-insensitively to work around an
Azure API issue (#10722)
azurerm_linux_virtual_machine_scale_set - parsing the User Assigned Identity ID case-insensitively to work
around an Azure API issue (#10722)
azurerm_netapp_volume - fixing a crash when setting data_protection_replication (#10795)
azurerm_virtual_machine - parsing the User Assigned Identity ID case-insensitively to work around an Azure
API issue (#10722)
azurerm_virtual_machine_scale_set - parsing the User Assigned Identity ID case-insensitively to work around
an Azure API issue (#10722)
azurerm_windows_virtual_machine - parsing the User Assigned Identity ID case-insensitively to work around
an Azure API issue (#10722)
azurerm_windows_virtual_machine_scale_set - parsing the User Assigned Identity ID case-insensitively to work
around an Azure API issue (#10722)
2.49.0 (February 26, 2021)
FEATURES:
New Data Source: azurerm_spring_cloud_app (#10678)
New Resource: azurerm_databox_edge_device (#10730)
New Resource: azurerm_databox_edge_order (#10730)
New Resource: azurerm_kusto_iothub_data_connection (#8626)
New Resource: azurerm_redis_enterprise_cluster (#10706)
New Resource: azurerm_redis_enterprise_database (#10706)
New Resource: azurerm_security_center_assessment_metadata (#10124)
New Resource: azurerm_spring_cloud_custom_domain (#10404)
ENHANCEMENTS:
dependencies: updating github.com/hashicorp/terraform-plugin-sdk to the latest 1.x branch (#10692)
dependencies: updating github.com/hashicorp/go-azure-helpers to v0.14.0 (#10740)
dependencies: updating github.com/Azure/go-autorest/autorest to v0.11.18 (#10740)
testing: updating the tests to use the Terraform release binaries when running acceptance tests (#10523)
azurerm_api_management - support for the tenant_access block (#10475)
azurerm_api_management_logger - support for configuring a resource_id (#10652)
azurerm_data_factory_linked_service_azure_blob_storage - now supports the sas_uri property (#10551)
azurerm_data_factory_linked_service_azure_blob_storage - now supports Managed Identity and Service
Principal authentication (#10551)
azurerm_monitor_smart_detector_alert_rule - supports for the tags property (#10646)
azurerm_netapp_volume - support for the data_protection_replication block (#10610)
azurerm_sentinel_alert_rule_ms_security_incident - support Microsoft Defender Advanced Threat Protection
and Office 365 Advanced Threat Protectionvalues for the product_filter property (#10725)
azurerm_service_fabric_cluster - Add support for the upgrade policy block (#10713)
BUG FIXES:
provider: fixing support for Azure Cloud Shell (#10740)
provider: MSI authentication is explicitly unavailable in Azure App Service and Function Apps as these are
intentionally not supported (#10740)
provider: only showing the deprecation message if skip_credentials_registration is explicitly configured
(#10699)
azurerm_batch_certificate - allow empty password when format is pfx (#10642)
azurerm_data_factory_integration_runtime_azure_ssis - the administrator_login and
administrator_password properties are now optional (#10474)
azurerm_data_factory_integration_runtime_managed - the administrator_login and administrator_password
properties are now optional (#10640)
azurerm_eventhub_namespace - the capacity property can now be greater than 50 (#10734)
azurerm_key_vault_certificate - waiting for deletion to complete before purging (#10577)
azurerm_key_vault_key - now waits for deletion to complete before purging (#10577)
azurerm_key_vault_secret - now waits for deletion to complete before purging (#10577)
azurerm_kusto_cluster - changing the virtual_network_configuration property forces a new resource to be
created (#10640)
azurerm_lb_outbound_rule - fixing a crash when frontendIPConfigurations is omitted in the API response
(#10696)
azurerm_media_content_key_policy - fix an encoding bug which prevented configuring ask in the
fairplay_configuration block (#10684)
2.48.0 (February 18, 2021)

FEATURES:
New Data Source: azurerm_application_gateway (#10268)
ENHANCEMENTS:
dependencies: updating to build using Go 1.16 which adds support for darwin/arm64 (Apple Silicon)
(#10615)
Data Source: azurerm_bastion_host - updating to use a Resource ID Formatter (#10570)
Data Source: azurerm_point_to_site_vpn_gateway - updating to use a Resource ID Formatter (#10570)
Data Source: azurerm_kubernetes_cluster - exposing the upgrade_settings block (#10376)
Data Source: azurerm_kubernetes_cluster_node_pool - exposing the upgrade_settings block (#10376)
Data Source: azurerm_route - pdating to use a Resource ID Formatter (#10570)
Data Source: azurerm_subnet - updating to use a Resource ID Formatter (#10570)
Data Source: azurerm_subscriptions - adding the field id to the subscriptions block (#10598)
Data Source: azurerm_virtual_network - updating to use a Resource ID Formatter (#10570)
azurerm_bastion_host - updating to use a Resource ID Formatter (#10570)
azurerm_bastion_host - support for enhanced import validation (#10570)
azurerm_kubernetes_cluster - support for configuring the upgrade_settings block (#10376)
azurerm_kubernetes_cluster - support for automatic_channel_upgrade (#10530)
azurerm_kubernetes_cluster - support for skip_nodes_with_local_storage within the auto_scaler_profile
block (#10531)
azurerm_kubernetes_cluster - support for skip_nodes_with_system_pods within the auto_scaler_profile
block (#10531)
azurerm_kubernetes_cluster_node_pool - support for configuring the upgrade_settings block (#10376)
azurerm_lighthouse_definition - add support for principal_id_display_name property (#10613)
azurerm_log_analytics_workspace - Support for capacity_reservation_level property and
CapacityReservation SKU (#10612)
azurerm_point_to_site_vpn_gateway - updating to use a Resource ID Formatter (#10570)
azurerm_point_to_site_vpn_gateway - support for enhanced import validation (#10570)
azurerm_route - updating to use a Resource ID Formatter (#10570)
azurerm_route - support for enhanced import validation (#10570)
azurerm_subnet - updating to use a Resource ID Formatter (#10570)
azurerm_subnet - support for enhanced import validation (#10570)
synapse_workspace_resource - support for the azure_devops_repo and github_repo blocks (#10157)
azurerm_virtual_network - updating to use a Resource ID Formatter (#10570)
azurerm_virtual_network - support for enhanced import validation (#10570)
BUG FIXES:
azurerm_eventgrid_event_subscription - change the number of possible advanced_filter items from 5 to
25 (#10625)
azurerm_key_vault - normalizing the casing on the certificate_permissions , key_permissions ,
secret_permissions and storage_permissions fields within the access_policy block (#10593)
azurerm_key_vault_access_policy - normalizing the casing on the certificate_permissions , key_permissions ,
secret_permissions and storage_permissions fields (#10593)
azurerm_mariadb_firewall_rule - correctly validate the name property (#10579)
azurerm_postgresql_server - correctly change ssl_minimal_tls_version_enforced on update (#10606)
azurerm_private_endpoint - only updating the associated Private DNS Zone Group when there's changes
(#10559)
azurerm_resource_group_template_deployment - fixing an issue where the API version for nested items couldn't
be found during deletion (#10565)
2.47.0 (February 11, 2021)
UPGRADE NOTES
azurerm_frontdoor & - the new fields
azurerm_frontdoor_custom_https_configuration
backend_pool_health_probes , backend_pool_load_balancing_settings , backend_pools , frontend_endpoints ,
routing_rules have been added to the azurerm_frontdoor resource, which are a map of name-ID references.
An upcoming version of the Azure Provider will change the blocks backend_pool , backend_pool_health_probe ,
backend_pool_load_balancing , frontend_endpoint and routing_rule from a List to a Set to work around an
ordering issue within the Azure API - as such you should update your Terraform Configuration to reference
these new Maps, rather than the Lists directly, due to the upcoming breaking change. For example, changing
azurerm_frontdoor.example.frontend_endpoint[1].id to
azurerm_frontdoor.example.frontend_endpoints["exampleFrontendEndpoint2"] (#9357)
azurerm_lb_backend_address_pool - the field backend_addresses has been deprecated and is no longer
functional - instead the azurerm_lb_backend_address_pool_address resource offers the same functionality.
(#10488)
azurerm_linux_virtual_machine_scale_set & azurerm_windows_virtual_machine_scale_set - the in-line
extension block is now GA - the environment variable ARM_PROVIDER_VMSS_EXTENSIONS_BETA no longer has any
effect and can be removed (#10528)
azurerm_data_factory_integration_runtime_managed - this resource has been renamed/deprecated in favour of
azurerm_data_factory_integration_runtime_azure_ssis (#10236)
The provider-block field skip_credentials_validation is now deprecated since this was non-functional and
will be removed in 3.0 of the Azure Provider (#10464)
FEATURES:
New Data Source: azurerm_key_vault_certificate_data (#8184)
New Resource: azurerm_application_insights_smart_detection_rule (#10539)
New Resource: azurerm_data_factory_integration_runtime_azure (#10236)
New Resource: azurerm_data_factory_integration_runtime_azure_ssis (#10236)
New Resource: azurerm_lb_backend_address_pool_address (#10488)
ENHANCEMENTS:
dependencies: updating github.com/hashicorp/terraform-plugin-sdk to v1.16.0 (#10521)
azurerm_frontdoor - added the new fields backend_pool_health_probes ,
backend_pool_load_balancing_settings , backend_pools , frontend_endpoints , routing_rules which are a map
of name-ID references (#9357)
azurerm_kubernetes_cluster - updating the validation for the log_analytics_workspace_id field within the
oms_agent block within the addon_profile block (#10520)
azurerm_kubernetes_cluster - support for configuring only_critical_addons_enabled (#10307)
azurerm_kubernetes_cluster - support for configuring private_dns_zone_id (#10201)
azurerm_linux_virtual_machine_scale_set - the extension block is now GA and available without enabling
the beta (#10528)
azurerm_media_streaming_endpoint - exporting the field host_name (#10527)
azurerm_mssql_virtual_machine - support for auto_backup (#10460)
azurerm_windows_virtual_machine_scale_set - the extension block is now GA and available without enabling
the beta (#10528)
azurerm_site_recovery_replicated_vm - support for the recovery_public_ip_address_id property and
changing target_static_ip or target_static_ip force a new resource to be created (#10446)
BUG FIXES:
provider: the provider-block field skip_credentials_validation is now deprecated since this was non-
functional. This will be removed in 3.0 of the Azure Provider (#10464)
Data Source: azurerm_shared_image_versions - retrieving all versions of the image prior to filtering (#10519)
azurerm_app_service - the ip_restriction.x.ip_address propertynow accepts anything other than an empty
string (#10440)
azurerm_cosmosdb_account - validate the key_vault_key_id property is versionless (#10420)
azurerm_cosmosdb_account - will no longer panic if the response is nil (#10525)
azurerm_eventhub_namespace - correctly downgrade to the Basic sku (#10536)
azurerm_key_vault_key - export the versionless_id attribute (#10420)
azurerm_lb_backend_address_pool - the backend_addresses block is now deprecated and non-functional - use
the azurerm_lb_backend_address_pool_address resource instead (#10488)
azurerm_linux_virtual_machine_scale_set - fixing a bug when protected_settings within the extension
block was an empty string (#10528)
azurerm_linux_virtual_machine_scale_set - fixing a bug when settings within the extension block was an
empty string (#10528)
azurerm_monitor_diagnostic_setting - changing the log_analytics_workspace_id property no longer creates a
new resource (#10512)
azurerm_storage_data_lake_gen2_filesystem - do not set/retrieve ACLs when HNS is not enabled (#10470)
azurerm_windows_virtual_machine_scale_set - fixing a bug when protected_settings within the extension
block was an empty string (#10528)
azurerm_windows_virtual_machine_scale_set - fixing a bug when settings within the extension block was an
empty string (#10528)
2.46.1 (February 05, 2021)
BUG FIXES:
azurerm_lb_backend_address_pool - mark backend_address as computed (#10481)
2.46.0 (February 04, 2021)
FEATURES:
New Resource: azurerm_api_management_identity_provider_aadb2c (#10240)
New Resource: azurerm_cosmosdb_cassandra_table (#10328)
ENHANCEMENTS:
dependencies: updating recoveryservices to API version 2018-07-10 (#10373)
azurerm_api_management_diagnostic - support for the always_log_errors , http_correlation_protocol ,
log_client_ip , sampling_percentage and verbosity properties (#10325)
azurerm_api_management_diagnostic - support for the frontend_request , frontend_response , backend_request
and backend_response blocks (#10325)
azurerm_kubernetes_cluster - support for configuring the field enable_host_encryption within the
default_node_pool block (#10398)
azurerm_kubernetes_cluster - added length validation to the admin_password field within the
windows_profile block (#10452)
azurerm_kubernetes_cluster_node_pool - support for enable_host_encryption (#10398)
azurerm_lb_backend_address_pool - support for the backend_address block (#10291)
azurerm_redis_cache - support for the public_network_access_enabled property (#10410)
azurerm_role_assignment - adding validation for that the scope is either a Management Group, Subscription,
Resource Group or Resource ID (#10438)
azurerm_service_fabric_cluster - support for the reverse_proxy_certificate_common_names block (#10367)
azurerm_monitor_metric_alert - support for the skip_metric_validation property (#10422)
BUG FIXES:
Data Source: azurerm_api_management fix an exception with User Assigned Managed Identities (#10429)
azurerm_api_management_api_diagnostic - fix a bug where specifying log_client_ip = false would not
disable the setting (#10325)
azurerm_key_vault - fixing a race condition when setting the cache (#10447)
azurerm_key_vault_certificate - fixing a race condition when setting the cache (#10447)
azurerm_key_vault_key - fixing a race condition when setting the cache (#10447)
azurerm_key_vault_secret - fixing a race condition when setting the cache (#10447)
azurerm_mssql_virtual_machine - fixing a crash where the KeyVault was nil in the API response (#10469)
azurerm_storage_account_datasource - prevent panics from passing in an empty name (#10370)
azurerm_storage_data_lake_gen2_filesystem - change the ace property to a TypeSet to ensure consistent
ordering (#10372)
azurerm_storage_data_lake_gen2_path - change the ace property to a TypeSet to ensure consistent ordering
(#10372)
2.45.1 (January 28, 2021)
BUG FIXES:
azurerm_app_service_environment - prevent a panic when the API returns a nil cluster settings (#10365)
2.45.0 (January 28, 2021)
FEATURES:
New Data Source azurerm_search_service (#10181)
New Resource: azurerm_data_factory_linked_service_snowflake (#10239)
New Resource: azurerm_data_factory_linked_service_azure_table_storage (#10305)
New Resource: azurerm_iothub_enrichment (#9239)
New Resource: azurerm_iot_security_solution (#10034)
New Resource: azurerm_media_streaming_policy (#10133)
New Resource: azurerm_spring_cloud_active_deployment (#9959)
New Resource: azurerm_spring_cloud_java_deployment (#9959)
IMPROVEMENTS:
dependencies: updating to v0.11.17 of github.com/Azure/go-autorest/autorest (#10259)
dependencies: updating the firewall resources to use the Networking API 2020-07-01 (#10252)
dependencies: updating the load balancer resources to use the Networking API version 2020-05-01
(#10263)
Data Source: azurerm_app_service_environment - export the cluster_setting block (#10303)
Data Source: azurerm_key_vault_certificate - support for the certificate_data_base64 attribute (#10275)
azurerm_app_service - support for the propety number_of_workers (#10143)
azurerm_app_service_environment - support for the cluster_setting block (#10303)
azurerm_data_factory_dataset_delimited_text - support for the compression_codec property (#10182)
azurerm_firewall_policy - support for the sku property (#10186)
azurerm_iothub - support for the enrichment property (#9239)
azurerm_key_vault - optimised loading of and added caching when retrieving the Key Vault (#10330)
azurerm_key_vault - support both ipv4 and cidr formats for the network_acls.ip_rules property (#10266)
azurerm_key_vault_certificate - optimised loading of and added caching when retrieving the Key Vault
(#10330)
azurerm_key_vault_key - optimised loading of and added caching when retrieving the Key Vault (#10330)
azurerm_key_vault_secret - optimised loading of and added caching when retrieving the Key Vault (#10330)
azurerm_key_vault_certificate - support for the certificate_data_base64 attribute (#10275)
azurerm_linux_virtual_machine - skipping shutdown for a machine in a failed state (#10189)
azurerm_media_services_account - support for setting the storage_authentication_type field to System
(#10133)
azurerm_redis_cache - support multiple availability zones (#10283)
azurerm_storage_data_lake_gen2_filesystem - support for the ace block (#9917)
azurerm_servicebus_namespace - will now allow a capacity of 16 for the Premium SKU (#10337)
azurerm_windows_virtual_machine - skipping shutdown for a machine in a failed state (#10189)
azurerm_linux_virtual_machine_scale_set - support for the extensions_time_budget property (#10298)
azurerm_windows_virtual_machine_scale_set - support for the extensions_time_budget property (#10298)
BUG FIXES:
azurerm_iot_time_series_insights_reference_data_set - the field data_string_comparison_behavior is now
ForceNew (#10343)
azurerm_iot_time_series_insights_reference_data_set - the key_property block is now ForceNew (#10343)
azurerm_linux_virtual_machine_scale_set - fixing an issue where protected_settings field within the
extension block couldn't be empty (#10351)
azurerm_linux_virtual_machine_scale_set - fixing an issue where settings field within the extension block
couldn't be empty (#10351)
azurerm_media_streaming_endpoint - stopping the streaming endpoint prior to deletion if the endpoint is in a
running state (#10216)
azurerm_role_definition - don't add scope to assignable_scopes unless none are specified (#8624)
azurerm_windows_virtual_machine_scale_set - fixing an issue where protected_settings field within the
extension block couldn't be empty (#10351)
azurerm_windows_virtual_machine_scale_set - fixing an issue where settings field within the extension
block couldn't be empty (#10351)
2.44.0 (January 21, 2021)
FEATURES:
New Data Source: azurerm_iothub (#10228)
New Resource: azurerm_media_content_key_policy (#9971)
IMPROVEMENTS:
dependencies: updating github.com/Azure/go-autorest to v0.11.16 (#10164)
dependencies: updating appconfiguration to API version 2020-06-01 (#10176)
dependencies: updating appplatform to API version 2020-07-01 (#10175)
dependencies: updating containerservice to API version 2020-12-01 (#10171)
dependencies: updating msi to API version 2018-11-30 (#10174)
Data Source: azurerm_kubernetes_cluster - support for the field user_assigned_identity_id within the
identity block (#8737)
azurerm_api_management - support additional TLS ciphers within the security block (#9276)
azurerm_api_management_api_diagnostic - support the sampling_percentage property (#9321)
azurerm_container_group - support for updating tags (#10210)
azurerm_kubernetes_cluster - the field type within the identity block can now be set to UserAssigned
(#8737)
azurerm_kubernetes_cluster - support for the field new_pod_scale_up_delay within the auto_scaler_profile
block (#9291)
azurerm_kubernetes_cluster - support for the field user_assigned_identity_id within the identity block
(#8737)
azurerm_monitor_autoscale_setting - now supports the dimensions property (#9795)
azurerm_sentinel_alert_rule_scheduled - now supports the event_grouping_setting property (#10078)
BUG FIXES:
azurerm_backup_protected_file_share - updating to account for a breaking API change (#9015)
azurerm_key_vault_certificate - fixing a crash when subject within the certificate_policy block was nil
(#10200)
azurerm_user_assigned_identity - adding a state migration to update the ID format (#10196)
2.43.0 (January 14, 2021)
FEATURES:
New Data Source: azurerm_sentinel_alert_rule_template (#7020)
IMPROVEMENTS:
Data Source: azurerm_api_management - ensuring the casing of the identity_ids field within the identity
block (#10105)
Data Source: azurerm_kubernetes_cluster - ensuring the casing of the identity_ids field within the
Data Source: azurerm_virtual_machine - ensuring the casing of the identity_ids field within the identity
block (#10105)
Data Source: azurerm_virtual_machine_scale_set - ensuring the casing of the identity_ids field within the
azurerm_api_management - adding validation on the identity_ids field within the identity block (#10105)
azurerm_app_service - adding validation on the identity_ids field within the identity block (#10105)
azurerm_app_service_slot - adding validation on the identity_ids field within the identity block (#10105)
azurerm_container_group - adding validation on the identity_ids field within the identity block (#10105)
azurerm_cosmosdb_account - support for analytical_storage_enabled property (#10055)
azurerm_cosmosdb_gremlin_graph - support the default_ttl property (#10159)
azurerm_data_factory - support for public_network_enabled (#9605)
azurerm_data_factory_dataset_delimited_text - support for the compression_type property (#10070)
azurerm_data_factory_linked_service_sql_server : support for the key_vault_password block (#10032)
azurerm_eventgrid_domain - support for the public_network_access_enabled and inbound_ip_rule properties
(#9922)
azurerm_eventgrid_topic - support for the public_network_access_enabled and inbound_ip_rule properties
(#9922)
azurerm_eventhub_namespace - support the trusted_service_access_enabled property (#10169)
azurerm_function_app - adding validation on the identity_ids field within the identity block (#10105)
azurerm_function_app_slot - adding validation on the identity_ids field within the identity block
(#10105)
azurerm_kusto_cluster - adding validation on the identity_ids field within the identity block (#10105)
azurerm_linux_virtual_machine - adding validation on the identity_ids field within the identity block
(#10105)
azurerm_linux_virtual_machine_scale_set - adding validation on the identity_ids field within the identity
block (#10105)
azurerm_security_center_automation - the field event_source within the source block now supports
SecureScoreControls and SecureScores (#10126)
azurerm_synapse_workspace - support for the sql_identity_control_enabled property (#10033)
azurerm_virtual_machine - adding validation on the identity_ids field within the identity block (#10105)
azurerm_virtual_machine_scale_set - adding validation on the identity_ids field within the identity block
(#10105)
azurerm_windows_virtual_machine - adding validation on the identity_ids field within the identity block
(#10105)
azurerm_windows_virtual_machine_scale_set - adding validation on the identity_ids field within the
BUG FIXES:
Data Source: azurerm_log_analytics_workspace - returning the Resource ID in the correct casing (#10162)
azurerm_advanced_threat_protection - fix a regression in the Resouce ID format (#10190)
azurerm_api_management - ensuring the casing of the identity_ids field within the identity block (#10105)
azurerm_app_service - ensuring the casing of the identity_ids field within the identity block (#10105)
azurerm_app_service_slot - ensuring the casing of the identity_ids field within the identity block
(#10105)
azurerm_application_gateway - ensuring the casing on identity_ids within the identity block (#10031)
azurerm_blueprint_assignment - ensuring the casing of the identity_ids field within the identity block
(#10105)
azurerm_container_group - ensuring the casing of the identity_ids field within the identity block
(#10105)
azurerm_databricks_workspace - changing the sku no longer always forces a new resource to be created
(#9541)
azurerm_function_app - ensuring the casing of the identity_ids field within the identity block (#10105)
azurerm_function_app_slot - ensuring the casing of the identity_ids field within the identity block
(#10105)
azurerm_kubernetes_cluster - ensuring the casing of the user_assigned_identity_id field within the
kubelet_identity block (#10105)
azurerm_kusto_cluster - ensuring the casing of the identity_ids field within the identity block (#10105)
azurerm_linux_virtual_machine - ensuring the casing of the identity_ids field within the identity block
(#10105)
azurerm_linux_virtual_machine_scale_set - ensuring the casing of the identity_ids field within the
azurerm_monitor_diagnostic_setting - handling mixed casing of the EventHub Namespace Authorization Rule
ID (#10104)
azurerm_mssql_virtual_machine - address persistent diff and use relative expiry for service principal
password (#10125)
azurerm_role_assignment - fix race condition in read after create (#10134)
azurerm_role_definition - address eventual consistency issues in update and delete (#10170)
azurerm_virtual_machine - ensuring the casing of the identity_ids field within the identity block
(#10105)
azurerm_virtual_machine_scale_set - ensuring the casing of the identity_ids field within the identity
block (#10105)
azurerm_windows_virtual_machine - ensuring the casing of the identity_ids field within the identity block
(#10105)
azurerm_windows_virtual_machine_scale_set - ensuring the casing of the identity_ids field within the
2.42.0 (January 08, 2021)

BREAKING CHANGES
azurerm_key_vault - the field soft_delete_enabled is now defaulted to true to match the breaking change
in the Azure API where Key Vaults now have Soft Delete enabled by default, which cannot be disabled. This
property is now non-functional, defaults to true and will be removed in version 3.0 of the Azure Provider.
(#10088)
azurerm_key_vault - the field soft_delete_retention_days is now defaulted to 90 days to match the Azure
API behaviour, as the Azure API does not return a value for this field when not explicitly configured, so
defaulting this removes a diff with 0 . (#10088)
FEATURES:
New Data Source: azurerm_eventgrid_domain_topic (#10050)
New Data Source: azurerm_ssh_public_key (#9842)
New Resource: azurerm_data_factory_linked_service_synapse (#9928)
New Resource: azurerm_disk_access (#9889)
New Resource: azurerm_media_streaming_locator (#9992)
New Resource: azurerm_sentinel_alert_rule_fusion (#9829)
New Resource: azurerm_ssh_public_key (#9842)
IMPROVEMENTS:
batch: updating to API version 2020-03-01 (#10036)
dependencies: upgrading to v0.15.1 of github.com/tombuildsstuff/giovanni (#10035)
Data Source: azurerm_hdinsight_cluster - support for the kafka_rest_proxy_endpoint property (#8064)
Data Source: azurerm_databricks_workspace - support for the tags property (#9933)
Data Source: azurerm_subscription - support for the tags property (#8064)
azurerm_app_service - now supports detailed_error_mesage_enabled and failed_request_tracing_enabled
logs settings (#9162)
azurerm_app_service - now supports service_tag in ip_restriction blocks (#9609)
azurerm_app_service_slot - now supports detailed_error_mesage_enabled and
failed_request_tracing_enabled logs settings (#9162)
azurerm_batch_pool support for the public_address_provisioning_type property (#10036)
azurerm_api_management - support Consumption_0 for the sku_name property (#6868)
azurerm_cdn_endpoint - only send content_types_to_compress and geo_filter to the API when actually set
(#9902)
azurerm_cosmosdb_mongo_collection - correctly read back the _id index when MongoDB 3.6 (#8690)
azurerm_container_group - support for the volume.empty_dir property (#9836)
azurerm_data_factory_linked_service_azure_file_storage - support for the file_share property (#9934)
azurerm_dedicated_host - support for addtional sku_name values (#9951)
azurerm_devspace_controller - deprecating since new DevSpace Controllers can no longer be provisioned,
this will be removed in version 3.0 of the Azure Provider (#10049)
azurerm_function_app - make pre_warmed_instance_count computed to use azure's default (#9069)
azurerm_function_app - now supports service_tag in ip_restriction blocks (#9609)
azurerm_hdinsight_hadoop_cluster - allow the value Standard_D4a_V4 for the vm_type property (#10000)
azurerm_hdinsight_kafka_cluster - support for the rest_proxy and kafka_management_node blocks (#8064)
azurerm_key_vault - the field soft_delete_enabled is now defaulted to true to match the Azure API
behaviour where Soft Delete is force-enabled and can no longer be disabled. This field is deprecated, can be
safely removed from your Terraform Configuration, and will be removed in version 3.0 of the Azure Provider.
(#10088)
azurerm_kubernetes_cluster - add support for network_mode (#8828)
azurerm_log_analytics_linked_service - add validation for resource ID type (#9932)
azurerm_log_analytics_linked_service - update validation to use generated validate functions (#9950)
azurerm_monitor_diagnostic_setting - validation that eventhub_authorization_rule_id is an EventHub
Namespace Authorization Rule ID (#9914)
azurerm_monitor_diagnostic_setting - validation that log_analytics_workspace_id is a Log Analytics
Workspace ID (#9914)
azurerm_monitor_diagnostic_setting - validation that storage_account_id is a Storage Account ID (#9914)
azurerm_network_security_rule - increase allowed the number of application_security_group blocks allowed
(#9884)
azurerm_sentinel_alert_rule_ms_security_incident - support the alert_rule_template_guid and
display_name_exclude_filter properties (#9797)
azurerm_sentinel_alert_rule_scheduled - support for the alert_rule_template_guid property (#9712)
azurerm_sentinel_alert_rule_scheduled - support for creating incidents (#8564)
azurerm_spring_cloud_app - support the properties https_only , is_public , and persistent_disk (#9957)
azurerm_subscription - support for the tags property (#9047)
azurerm_synapse_workspace - support for the managed_resource_group_name property (#10017)
azurerm_traffic_manager_profile - support for the traffic_view_enabled property (#10005)
BUG FIXES:
provider: will not correctly register the Microsoft.Blueprint and Microsoft.HealthcareApis RPs (#10062)
azurerm_application_gateway - allow 750 for when the sku is WAF_v2 (#8753)
file_upload_limit_mb
azurerm_firewall_policy_rule_collection_group - correctly validate the
network_rule_collection.destination_ports property (#9490)
azurerm_cdn_endpoint - changing many delivery_rule condition match_values to optional (#8850)
azurerm_cosmosdb_account - always include key_vault_id in update requests for azure policy enginer
compatibility (#9966)
azurerm_cosmosdb_table - do not call the throughput api when serverless (#9749)
azurerm_key_vault - the field soft_delete_retention_days is now defaulted to 90 days to match the Azure
API behaviour. (#10088)
azurerm_kubernetes_cluster - parse oms log_analytics_workspace_id to ensure correct casing (#9976)
azurerm_role_assignment fix crash in retry logic (#10051)
azurerm_storage_account - allow hns when account_tier is Premium (#9548)
azurerm_storage_share_file - allowing files smaller than 4KB to be uploaded (#10035)
2.41.0 (December 17, 2020)

UPGRADE NOTES:
azurerm_key_vault - Azure will be introducing a breaking change on December 31st, 2020 by force-enabling
Soft Delete on all new and existing Key Vaults. To workaround this, this release of the Azure Provider still
allows you to configure Soft Delete on before this date (but once this is enabled this cannot be disabled).
Since new Key Vaults will automatically be provisioned using Soft Delete in the future, and existing Key Vaults
will be upgraded - a future release will deprecate the soft_delete_enabled field and default this to true early
in 2021. (#9911)
azurerm_key_vault_certificate - Terraform will now attempt to purge Certificates during deletion due to the
upcoming breaking change in the Azure API where Key Vaults will have soft-delete force-enabled. This can be
disabled by setting the purge_soft_delete_on_destroy field within the features -> keyvault block to false .
(#9911)
azurerm_key_vault_key - Terraform will now attempt to purge Keys during deletion due to the upcoming
breaking change in the Azure API where Key Vaults will have soft-delete force-enabled. This can be disabled
by setting the purge_soft_delete_on_destroy field within the features -> keyvault block to false . (#9911)
azurerm_key_vault_secret - Terraform will now attempt to purge Secrets during deletion due to the
upcoming breaking change in the Azure API where Key Vaults will have soft-delete force-enabled. This can be
disabled by setting the purge_soft_delete_on_destroy field within the features -> keyvault block to false .
(#9911)
FEATURES:
New Resource: azurerm_eventgrid_system_topic_event_subscription (#9852)
New Resource: azurerm_media_job (#9859)
New Resource: azurerm_media_streaming_endpoint (#9537)
New Resource: azurerm_subnet_service_endpoint_storage_policy (#8966)
New Resource: azurerm_synapse_managed_private_endpoint (#9260)
IMPROVEMENTS:
azurerm_app_service - Add support for outbound_ip_address_list and possible_outbound_ip_address_list
(#9871)
azurerm_disk_encryption_set - support for updating key_vault_key_id (#7913)
azurerm_iot_time_series_insights_gen2_environment - exposing data_access_fqdn (#9848)
azurerm_key_vault_certificate - performing a "purge" of the Certificate during deletion if the feature is
opted-in within the features block, see the "Upgrade Notes" for more information (#9911)
azurerm_key_vault_key - performing a "purge" of the Key during deletion if the feature is opted-in within the
features block, see the "Upgrade Notes" for more information (#9911)
azurerm_key_vault_secret - performing a "purge" of the Secret during deletion if the feature is opted-in
within the features block, see the "Upgrade Notes" for more information (#9911)
azurerm_log_analytics_linked_service - Add new fields workspace_id , read_access_id , and write_access_id
(#9410)
azurerm_linux_virtual_machine - Normalise SSH keys to cover VM import cases (#9897)
azurerm_subnet - support for the service_endpoint_policy block (#8966)
azurerm_traffic_manager_profile - support for new field max_return and support for
traffic_routing_method to be MultiValue (#9487)
BUG FIXES:
azurerm_key_vault_certificate - reading dns_names and emails within the subject_alternative_names
block from the Certificate if not returned from the API (#8631)
azurerm_key_vault_certificate - polling until the Certificate is fully deleted during deletion (#9911)
azurerm_key_vault_key - polling until the Key is fully deleted during deletion (#9911)
azurerm_key_vault_secret - polling until the Secret is fully deleted during deletion (#9911)
azurerm_log_analytics_workspace - adding a state migration to correctly update the Resource ID (#9853)
2.40.0 (December 10, 2020)

FEATURES:
New Resource: azurerm_app_service_certificate_binding (#9415)
New Resource: azurerm_digital_twins_endpoint_eventhub (#9673)
New Resource: azurerm_digital_twins_endpoint_servicebus (#9702)
New Resource: azurerm_media_asset (#9387)
New Resource: azurerm_media_transform (#9663)
New Resource: azurerm_resource_provider (#7951)
New Resource: azurerm_stack_hci_cluster (#9134)
New Resource: azurerm_storage_share_file (#9406)
New Resource: azurerm_storage_sync_cloud_endpoint (#8540)
IMPROVEMENTS:
dependencies: upgrading github.com/Azure/go-autorest/validation to v0.3.1 (#9783)
dependencies: updating Log Analytics to API version 2020-08-01 (#9764)
internal: disabling the Azure SDK's validation since it's superfluous (#9783)
azurerm_app_service - support for PHP version 7.4 (#9727)
azurerm_bot_channel_directline - support for enhanced import validation (#9690)
azurerm_bot_channel_email - support for enhanced import validation (#9690)
azurerm_bot_channel_ms_teams - support for enhanced import validation (#9690)
azurerm_bot_channel_slack - support for enhanced import validation (#9690)
azurerm_bot_channels_registration - support for enhanced import validation (#9690)
azurerm_bot_connection - support for enhanced import validation (#9690)
azurerm_bot_web_app - support for enhanced import validation (#9690)
azurerm_cosmosdb_sql_container - support for the partition_key_version property (#9496)
azurerm_kusto_cluster - support for the engine property (#9696)
azurerm_kusto_eventhub_data_connection - support for compression (#9692)
azurerm_iothub - support for the min_tls_version property (#9670)
azurerm_recovery_services_vault - support for the identity block (#9689)
azurerm_redis_cache - adding enhanced import validation (#9771)
azurerm_redis_cache - adding validation that subnet_id is a valid Subnet ID (#9771)
azurerm_redis_firewall_rule - adding enhanced import validation (#9771)
azurerm_redis_linked_server - adding enhanced import validation (#9771)
azurerm_redis_linked_server - adding validation that linked_redis_cache_id is a valid Redis Cache ID
(#9771)
azurerm_security_center_automation - support for the description and tags properties (#9676)
azurerm_stream_analytics_reference_input_blob - support for enhanced import validation (#9735)
azurerm_stream_analytics_stream_input_blob - support for enhanced import validation (#9735)
azurerm_stream_analytics_stream_input_iothub - support for enhanced import validation (#9735)
azurerm_stream_analytics_stream_input_eventhub - support for enhanced import validation (#9735)
azurerm_storage_account - enable the allow_blob_public_access and azurerm_storage_account properties in
US Government Cloud (#9540)
BUG FIXES:
azurerm_app_service_managed_certificate - create certificate in service plan resource group to prevent diff
loop (#9701)
azurerm_bot_channel_directline - the field bot_name is now ForceNew to match the documentation/API
behaviour (#9690)
azurerm_bot_channel_ms_teams - the field bot_name is now ForceNew to match the documentation/API
behaviour (#9690)
azurerm_bot_channel_slack - the field bot_name is now ForceNew to match the documentation/API
behaviour (#9690)
azurerm_bot_connection - the field bot_name is now ForceNew to match the documentation/API behaviour
(#9690)
azurerm_frontdoor - working around an upstream API issue by rewriting the returned ID's within Terraform
(#9750)
azurerm_frontdoor_custom_https_configuration - working around an upstream API issue by rewriting the
returned ID's within Terraform (#9750)
azurerm_frontdoor_firewall_policy - working around an upstream API issue by rewriting the returned ID's
within Terraform (#9750)
azurerm_media_services_account - fixing a bug where storage_authentication_type wasn't set (#9663)
azurerm_media_service_account - checking for the presence of an existing account during creation (#9802)
azurerm_postgresql_server - changing the geo_redundant_backup_enabled property now forces a new
resource (#9694)
azurerm_postgresql_server - Fix issue when specifying empty threat detection list attributes (#9739)
azurerm_signar_service - having an empty allowed_origins in the cors block will no longer cause a panic
(#9671)
2.39.0 (December 04, 2020)
FEATURES:
New Resource: azurerm_api_management_policy (#9215)
New Resource: azurerm_digital_twins_endpoint_eventgrid (#9489)
New Resource: azurerm_iot_time_series_insights_gen2_environment (#9616)
IMPROVEMENTS:
azurerm_dashboard - adding validation at import time to ensure the ID is for a Dashboard (#9530)
azurerm_keyvault_certificate - add 3072 to allowed values for key_size (#9524)
azurerm_media_services_account - support for the identity , tags , and storage_authentication properties
(#9457)
azurerm_notification_hub_authorization_rule - adding validation at import time to ensure the ID is for a
Notification Hub Authorization Rule (#9529)
azurerm_notification_hub_namespace - adding validation at import time to ensure the ID is for a Notification
Hub Namespace (#9529)
azurerm_postgresql_active_directory_administrator - validating during import that the ID is for a PostgreSQL
Active Directory Administrator (#9532)
azurerm_postgresql_configuration - validating during import that the ID is for a PostgreSQL Configuration
(#9532)
azurerm_postgresql_database - validating during import that the ID is for a PostgreSQL Database (#9532)
azurerm_postgresql_firewall_rule - validating during import that the ID is for a PostgreSQL Firewall Rule
(#9532)
azurerm_postgresql_virtual_network_rule - validating during import that the ID is for a PostgreSQL Virtual
Network Rule (#9532)
azurerm_traffic_manager_profile - allow up to 2147483647 for the ttl property (#9522)
BUG FIXES:
azurerm_security_center_workspace - fixing the casing on the workspace_id (#9651)
azurerm_eventhub_dedicated_cluster - the sku_name capacity can be greater then 1 (#9649)
2.38.0 (November 27, 2020)

FEATURES:
New Resource azurerm_app_service_managed_certificate (#9378)
New Data Source: azurerm_digital_twins_instance (#9430)
New Data Source: azurerm_virtual_wan (#9382)
New Resource: azurerm_digital_twins_instance (#9430)
IMPROVEMENTS:
dependencies: updating App Service to API version 2020-06-01 (#9409)
Data Source azurerm_app_service now exports the custom_domain_verification_id attribute (#9378)
Data Source azurerm_function_app now exports the custom_domain_verification_id attribute (#9378)
Data Source: azurerm_spring_cloud_service - now exports the outbound_public_ip_addresses attribute
(#9261)
azurerm_app_service now exports custom_domain_verification_id (#9378)
azurerm_application_insights - validating the resource ID is correct during import (#9446)
azurerm_application_insights_web_test - validating the resource ID is correct during import (#9446)
azurerm_express_route_circuit_peering - support for the ipv6 block (#9235)
azurerm_function_app now exports the custom_domain_verification_id attribute (#9378)
azurerm_vpn_server_configuration - deprecate the radius_server block in favour of the radius block which
supports multiple servers (#9308)
azurerm_spring_cloud_service - now exports the outbound_public_ip_addresses attribute (#9261)
azurerm_virtual_network_gateway - support for the dpd_timeout_seconds and local_azure_ip_address_enabled
properties (#9330)
azurerm_virtual_network_gateway_connection - support for the private_ip_address_enabled propeties and the
custom_route block (#9330)
BUG FIXES:
azurerm_api_management - fixing an issue where developer portal certificates are updated on every apply
(#7299)
azurerm_cosmosdb_account - corrently updates the zone_redundant property during updates (#9485)
azurerm_search_service - allowed_ips now supports specifying a CIDR Block in addition to an IPv4 address
(#9493)
azurerm_virtual_desktop_application_group - adding a state migration to avoid a breaking change when
upgrading from v2.35.0 or later (#9495)
azurerm_virtual_desktop_host_pool - adding a state migration to avoid a breaking change when upgrading
from v2.35.0 or later (#9495)
azurerm_virtual_desktop_workspace - adding a state migration to avoid a breaking change when upgrading
from v2.35.0 or later (#9495)
azurerm_virtual_desktop_workspace_application_group_association - adding a state migration to avoid a
breaking change when upgrading from v2.35.0 or later (#9495)
azurerm_windows_virtual_machine - no longer sets patch_mode on creation if it is the default value (#9495)
2.37.0 (November 20, 2020)

FEATURES:
New Data Source: azurerm_servicebus_subscription (#9272)
New Data Source: azurerm_storage_encryption_scope (#8894)
New Resource: azurerm_log_analytics_cluster (#8946)
New Resource: azurerm_log_analytics_cluster_customer_managed_key (#8946)
New Resource: azurerm_security_center_automation (#8781)
New Resource: azurerm_storage_data_lake_gen2_path (#7521)
New Resource: azurerm_storage_encryption_scope (#8894)
New Resource: azurerm_vpn_gateway_connection (#9160)
IMPROVEMENTS:
storage: foundational improvements to support toggling between the Data Plane and Resource Manager
Storage API's in the future (#9314)
Data Source: azurerm_firewall - exposing dns_servers , firewall_policy_id , sku_name , sku_tier ,
threat_intel_mode , virtual_hub and zones (#8879)
Data Source: azurerm_firewall - exposing public_ip_address_id and private_ip_address_id within the
ip_configuration block (#8879)
Data Source: azurerm_firewall - exposing name within the management_ip_configuration block (#8879)
Data Source: azurerm_kubernetes_node_pool - exposing os_disk_type (#9166)
azurerm_api_management_api_diagnostic - support for the always_log_errors , http_correlation_protocol ,
log_client_ip and verbosity attributes (#9172)
azurerm_api_management_api_diagnostic - support the frontend_request , frontend_response ,
backend_request and backend_response blocks (#9172)
azurerm_container_group - support for secret container volumes with the container.#.volume.#.secret
attribute (#9117)
azurerm_cosmosdb_account - support for the public_network_access_enabled property (#9236)
azurerm_cosmosdb_cassandra_keyspace - throughput can now be set to higher than 1000000 if enabled by
Azure Support (#9050)
azurerm_cosmosdb_gremlin_database - throughput can now be set to higher than 1000000 if enabled by Azure
Support (#9050)
azurerm_cosmosdb_mongo_database - throughput can now be set to higher than 1000000 if enabled by Azure
Support (#9050)
azurerm_cosmosdb_sql_container - max_throughput within the autoscale_settings block can now be set to
higher than 1000000 if enabled by Azure Support (#9050)
azurerm_cosmosdb_sql_database - throughput can now be set to higher than 1000000 if enabled by Azure
Support (#9050)
azurerm_cosmosdb_table - throughput can now be set to higher than 1000000 if enabled by Azure Support
(#9050)
azurerm_dns_zone - support for the soa_record block (#9319)
azurerm_firewall - support for firewall_policy_id , sku_name , sku_tier and virtual_hub (#8879)
azurerm_kubernetes_cluster - support for configuring os_disk_type within the default_node_pool block
(#9166)
azurerm_kubernetes_cluster - max_count within the default_node_pool block can now be set to a maximum
value of 1000 (#9227)
azurerm_kubernetes_cluster - min_count within the default_node_pool block can now be set to a maximum
value of 1000 (#9227)
azurerm_kubernetes_cluster - node_count within the default_node_pool block can now be set to a maximum
value of 1000 (#9227)
azurerm_kubernetes_cluster - the block http_application_routing within the addon_profile block can now
be updated/removed (#9358)
azurerm_kubernetes_node_pool - support for configuring os_disk_type (#9166)
azurerm_kubernetes_node_pool - max_count can now be set to a maximum value of 1000 (#9227)
azurerm_kubernetes_node_pool - min_count can now be set to a maximum value of 1000 (#9227)
azurerm_kubernetes_node_pool - node_count can now be set to a maximum value of 1000 (#9227)
azurerm_linux_virtual_machine - support for the extensions_time_budget property (#9257)
azurerm_linux_virtual_machine - updating the dedicated_host_id no longer forces a new resource (#9264)
azurerm_linux_virtual_machine - support for graceful shutdowns (via the features block) (#8470)
azurerm_linux_virtual_machine_scale_set - support for the platform_fault_domain_count ,
disk_iops_read_write , and disk_mbps_read_write properties (#9262)
azurerm_mssql_database - supports more DWxxxc options (#9370)
sku_name
azurerm_policy_set_definition - support for the policy_definition_group block (#9259)
azurerm_postgresql_server - increase max storage to 16TiB (#9373)
azurerm_private_dns_zone - support for the soa_record block (#9319)
azurerm_storage_blob - support for content_md5 (#7786)
azurerm_windows_virtual_machine - support for the extensions_time_budget property (#9257)
azurerm_windows_virtual_machine - updating the dedicated_host_id nolonger forces a new resource (#9264)
azurerm_windows_virtual_machine - support for graceful shutdowns (via the features block) (#8470)
azurerm_windows_virtual_machine - support for the patch_mode property (#9258)
azurerm_windows_virtual_machine_scale_set - support for the platform_fault_domain_count ,
disk_iops_read_write , and disk_mbps_read_write properties (#9262)
BUG FIXES:
Data Source: azurerm_key_vault_certificate - fixing a crash when serializing the certificate policy block
(#9355)
azurerm_api_management - the field xml_content within the policy block now supports C#/.net
interpolations (#9296)
azurerm_cosmosdb_sql_container - no longer attempts to get throughput settings when Azure Cosmos DB
account is serverless (#9311)
azurerm_firewall_policy - deprecate the dns.network_rule_fqdn_enabled property as the API no longer
allows it to be set (#9332)
azurerm_key_vault_certificate - fixing a crash when serializing the certificate policy block (#9355)
azurerm_mssql_virtual_machine - fixing a crash when serializing auto_patching (#9388)
azurerm_resource_group_template_deployment - fixing an issue during deletion where the API version of nested
resources couldn't be determined (#9364)
2.36.0 (November 12, 2020)
UPGRADE NOTES:
azurerm_network_connection_monitor - has been updated to work with v2 of the resource as the service team
is deprecating v1 - all v1 properties have been deprecated and will be removed in version 3.0 of the
provider and v2 propeties added. (#8640)
FEATURES:
New Data Source: azurerm_data_share_dataset_kusto_database (#8544)
New Data Source: azurerm_traffic_manager_profile (#9229)
New Resource: azurerm_api_management_custom_domain (#8228)
New Resource: azurerm_data_share_dataset_kusto_database (#8544)
New Resource: azurerm_log_analytics_storage_insights (#9014)
New Resource: azurerm_monitor_smart_detector_alert_rule (#9032)
New Resource: azurerm_virtual_hub_security_partner_provider (#8978)
New Resource: azurerm_virtual_hub_bgp_connection (#8959)
IMPROVEMENTS:
dependencies: upgrading to v0.4.2 of github.com/Azure/go-autorest/autorest/azure/cli (#9168)
storage: upgrading the Data Plane API's to API Version 2019-12-12 (#9192)
Data Source azurerm_kubernetes_node_pool - exporting proximity_placement_group_id (#9195)
azurerm_app_service support v5.0 for the dotnet_framework_version (#9251)
azurerm_availability_set - adding validation to the name field (#9279)
azurerm_cosmosdb_account - support for the key_vault_key_id property allowing use of Customer Managed
Keys (#8919)
azurerm_eventgrid_domain - adding validation to the name field (#9281)
azurerm_eventgrid_domain_topic - adding validation to the name field (#9281)
azurerm_eventgrid_domain_topic - adding validation to the domain_name field (#9281)
azurerm_eventgrid_event_subscription - adding validation to the name field (#9281)
azurerm_eventgrid_topic - adding validation to the name field (#9281)
azurerm_eventgrid_system_topic - adding validation to the name field (#9281)
azurerm_function_app - support for the health_check_path property under site_config (#9233)
azurerm_linux_virtual_machine - support for managed boot diagnostics by leaving the storage_account_uri
property empty (#8917)
azurerm_linux_virtual_machine_scale_set - support for managed boot diagnostics by leaving the
storage_account_uri property empty (#8917)
azurerm_log_analytics_workspace - support for the internet_ingestion_enabled and internet_query_enabled
properties (#9033)
azurerm_logic_app_workflow added logicapp name validation (#9282)
azurerm_kubernetes_cluster - support for proximity_placement_group_id within the default_node_pool block
(#9195)
azurerm_kubernetes_node_pool - support for proximity_placement_group_id (#9195)
azurerm_policy_remediation - support for the resource_discovery_mode property (#9210)
azurerm_point_to_site_vpn_gateway - support for the route block (#9158)
azurerm_virtual_network - support for the bgp_community and vnet_protection_enabled (#8979)
azurerm_vpn_gateway - support for the instance_0_bgp_peering_addresses and
instance_1_bgp_peering_addresses blocks (#9035)
azurerm_windows_virtual_machine - support for managed boot diagnostics by leaving the
azurerm_windows_virtual_machine_scale_set - support for managed boot diagnostics by leaving the
BUG FIXES:
azurerm_cosmosdb_sql_database no longer attempts to get throughput settings when Azure Cosmos DB
azurerm_kubernetes_cluster - changing the field availability_zones within the default_node_pool block
now requires recreating the resource to match the behaviour of the Azure API (#8814)
azurerm_kubernetes_cluster_node_pool - changing the field availability_zones now requires recreating the
resource to match the behaviour of the Azure API (#8814)
azurerm_log_analytics_workspace - fix the Free tier from setting the daily_quota_gb property (#9228)
azurerm_linux_virtual_machine - the field disk_size_gb within the os_disk block can now be configured up
to 4095 (#9202)
azurerm_linux_virtual_machine_scale_set - the field disk_size_gb within the os_disk block can now be
configured up to 4095 (#9202)
azurerm_linux_virtual_machine_scale_set - the field computer_name_prefix can now end with a dash (#9182)
azurerm_windows_virtual_machine - the field disk_size_gb within the os_disk block can now be configured
up to 4095 (#9202)
azurerm_windows_virtual_machine_scale_set - the field disk_size_gb within the os_disk block can now be
configured up to 4095 (#9202)
2.35.0 (November 05, 2020)
UPGRADE NOTES:
azurerm_kubernetes_cluster - the field enable_pod_security_policy and node_taints (within the
default_node_pool block) can no longer be configured - see below for more details (#8982)
FEATURES:
New Data Source: azurerm_images (#8629)
New Resource: azurerm_firewall_policy_rule_collection_group (#8603)
New Resource: azurerm_virtual_hub_ip_configuration (#8912)
New Resource: azurerm_virtual_hub_route_table (#8939)
IMPROVEMENTS:
dependencies: updating to API version 2020-09-01 (#8982)
containerservice
dependencies: updating iottimeseriesinsights to API Version 2020-05-15 (#9129)
azurerm_data_factory_linked_service_data_lake_storage_gen2 - Supports managed identity auth through
use_managed_identity (#8938)
azurerm_firewall - support the dns_servers property (#8878)
azurerm_firewall_network_rule_collection - support the destination_fqdns property in the rule block
(#8878)
azurerm_virtual_hub_connection - support for the routing block (#8950)
BUG FIXES:
Fixed regression that prevented Synapse client registering in all Azure environments (#9100)
azurerm_cosmosdb_mongo_database no longer attempts to get throughput settings when Azure Cosmos DB
azurerm_key_vault_access_policy - check access policy consistency before committing to state (#9125)
azurerm_kubernetes_cluster - the field enable_pod_security_policy can no longer be set, due to this
functionality being removed from AKS as of 2020-10-15 (#8982)
azurerm_kubernetes_cluster - the field node_taints can no longer be set on the default_node_pool block, to
match the behaviour of AKS (#8982)
azurerm_virtual_desktop_application_group - adding validation to the host_pool_id field (#9057)
azurerm_virtual_desktop_workspace_application_group_association - adding validation to the
application_group_id field (#9057)
azurerm_virtual_desktop_workspace_application_group_association - adding validation to the workspace_id
field (#9057)
azurerm_virtual_desktop_workspace_application_group_association - validating the ID during import is a
Workspace Application Group Association ID (#9057)
azurerm_postgresql_firewall_rule - add validation for start_ip_address and end_ip_address properties
(#8963)
2.34.0 (October 29, 2020)
UPGRADE NOTES
azurerm_api_management_api - fixing a regression introduced in v2.16 where this value for
subscription_required was defaulted to false instead of true (#7963)
FEATURES:
New Data Source: azurerm_cognitive_account (#8773)
New Resource: azurerm_log_analytics_data_export_rule (#8995)
New Resource: azurerm_log_analytics_linked_storage_account (#9002)
New Resource: azurerm_security_center_auto_provisioning (#8595)
New Resource: azurerm_synapse_role_assignment (#8863)
New Resource: azurerm_vpn_site (#8896)
IMPROVEMENTS:
Data Source: azurerm_policy_definition - can now look up built-in policy by name (#9078)
azurerm_backup_policy_vm - support for the property instant_restore_retention_days (#8822)
azurerm_container_group - support for the property git_repo within the volume block (#7924)
azurerm_iothub - support for the resource_group property within the endpoint block (#8032)
azurerm_key_vault - support for the contact block (#8937)
azurerm_log_analytics_saved_search - support for tags (#9034)
azurerm_log_analytics_solution - support for tags (#9048)
azurerm_logic_app_trigger_recurrence - support for time_zone [#8829]
azurerm_policy_definition - can now look up builtin policy by name (#9078)
BUG FIXES:
azurerm_automation_module - raising the full error from the Azure API during creation (#8498)
azurerm_api_management_api - fixing a regression introduced in v2.16 where the value for
subscription_required was defaulted to false instead of true (#7963)
azurerm_app_service - fixing a crash when provisioning an app service inside an App Service Environment
which doesn't exist (#8993)
azurerm_cdn_endpoint - disable persisting default value for is_compression_enabled to state file (#8610)
azurerm_databricks_workspace correctly validate the name property (#8997)
azurerm_dev_test_policy - now correctly deletes (#9077)
azurerm_log_analytics_workspace - support for the daily_quota_gb property (#8861)
azurerm_local_network_gateway - support for the gateway_fqdn property (#8998)
azurerm_key_vault - prevent unwanted diff due to inconsistent casing for the sku_name property (#8983)
azurerm_kubernetes_cluster - fix issue where min_count and max_count couldn't be equal (#8957)
azurerm_kubernetes_cluster - min_count can be updated when enable_auto_scaling is set to true (#8619)
azurerm_private_dns_zone_virtual_network_link - fixes case issue in name (#8617)
azurerm_private_endpoint - fix crash when deleting private endpoint (#9068)
azurerm_signalr_service - switching the features block to a set so order is irrelevant (#8815)
azurerm_virtual_desktop_application_group - correctly validate the name property (#9030)
2.33.0 (October 22, 2020)

UPGRADE NOTES
This release includes a workaround for a breaking change in Azure’s API related to the Extended Auditing
Policy of the SQL and MSSQL resources. The Service Team have confirmed that this Regression will first roll
out to all regions before the bug fix is deployed - as such this workaround will be removed in a future release
once the fix for the Azure API has been rolled out to all regions.
FEATURES:
New Resource: azurerm_service_fabric_mesh_secret (#8933)
New Resource: azurerm_service_fabric_mesh_secret_value (#8933)
IMPROVEMENTS:
Data Source: azurerm_shared_image_version - exposing os_disk_image_size_gb (#8904)
azurerm_app_configuration - support for the identity block (#8875)
azurerm_cosmosdb_sql_container - support for composite indexes (#8792)
azurerm_mssql_database - do not set longterm and shortterm retention policies when using the DW SKUs
(#8899)
azurerm_mysql_firewall_rule - validating the start_ip_address and end_ip_address fields are IP Addresses
(#8948)
azurerm_redis_firewall_rule - validating the start_ip and end_ip fields are IP Addresses (#8948)
azurerm_search_service - support for the identity block (#8907)
azurerm_sql_firewall_rule - adding validation for the start_ip_address and end_ip_address fields (#8935)
BUG FIXES:
azurerm_application_gateway - now supports ignore_changes for ssl_certificate when using pre-existing
certificates (#8761)
azurerm_mssql_database - working around a breaking change/regression in the Azure API (#8975)
azurerm_mssql_database_extended_auditing_policy - working around a breaking change/regression in the
Azure API (#8975)
azurerm_mssql_server - working around a breaking change/regression in the Azure API (#8975)
azurerm_mssql_server_extended_auditing_policy - working around a breaking change/regression in the Azure
API (#8975)
azurerm_sql_database - working around a breaking change/regression in the Azure API (#8975)
azurerm_sql_server - working around a breaking change/regression in the Azure API (#8975)
azurerm_policy_set_definition - Fix updates for parameters and parameter_values in
policy_definition_reference blocks (#8882)
2.32.0 (October 15, 2020)

FEATURES:
New data source: azurerm_mysql_server (#8787)
New resource: azurerm_security_center_setting (#8783)
New Resource: azurerm_service_fabric_mesh_local_network (#8838)
New resource: azurerm_eventgrid_system_topic (#8735)
IMPROVEMENTS:
azurerm_container_registry - support for the trust_policy and retention_policy blocks (#8698)
azurerm_security_center_contact - override SDK creat function to handle 201 response code (#8774)
2.31.1 (October 08, 2020)

IMPROVEMENTS:
azurerm_cognitive_account - now supports Personalizer (#8860)
kind
azurerm_search_service - sku now supports storage_optimized_l1 and storage_optimized_l2 (#8859)
azurerm_storage_share - set metadata to Computed and set acl start and expiry to Optional (#8811)
BUG FIXES:
azurerm_dedicated_hardware_security_module - stamp_id now optional to allow use in Locations which use
zones (#8826)
azurerm_storage_account - large_file_share_enabled marked as computed to prevent existing storage shares
from attempting to disable the default (#8807)
2.31.0 (October 08, 2020)
UPGRADE NOTES
This release updates the azurerm_security_center_subscription_pricing resource to use the latest version of
the Security API which now allows configuring multiple Resource Types - as such a new field resource_type
is now available. Configurations default the resource_type to VirtualMachines which matches the behaviour
of the previous release - but your Terraform Configuration may need updating.
FEATURES:
New Resource: azurerm_service_fabric_mesh_application (#6761)
New Resource: azurerm_virtual_desktop_application_group (#8605)
New Resource: azurerm_virtual_desktop_workspace_application_group_association (#8605)
New Resource: azurerm_virtual_desktop_host_pool (#8605)
New Resource: azurerm_virtual_desktop_workspace (#8605)
IMPROVEMENTS:
dependencies: updating github.com/Azure/azure-sdk-for-go to (#8642)
v46.4.0
data.azurerm_application_insights - support for the connection_string property (#8699)
azurerm_app_service - support for IPV6 addresses in the ip_restriction property (#8599)
azurerm_application_insights - support for the connection_string property (#8699)
azurerm_backup_policy_vm - validate daily backups is > 7 (#7898)
azurerm_dedicated_host - add support for the DSv4-Type1 and sku_name properties (#8718)
azurerm_iothub - Support for the public_network_access_enabled property (#8586)
azurerm_key_vault_certificate_issuer - the org_id property is now optional (#8687)
azurerm_kubernetes_cluster_node_pool - the max_node , min_node , and node_count properties can now be set
to 0 (#8300)
azurerm_mssql_database - the min_capacity property can now be set to 0 (#8308)
azurerm_mssql_database - support for long_term_retention_policy and short_term_retention_policy blocks
[#8765]
azurerm_mssql_server - support the minimum_tls_version property (#8361)
azurerm_mssql_virtual_machine - support for storage_configuration_settings (#8623)
azurerm_security_center_subscription_pricing - now supports per resource_type pricing (#8549)
azurerm_storage_account - support for the large_file_share_enabled property (#8789)
azurerm_storage_share - support for large quotas (up to 102400 GB) (#8666)
BUG FIXES:
azurerm_function_app - mark the app_settings block as computed (#8682)
azurerm_function_app_slot - mark the app_settings block as computed (#8682)
azurerm_policy_set_definition - corrects issue with empty parameter_values attribute (#8668)
azurerm_policy_definition - mode property now enforces correct case (#8795)
2.30.0 (October 01, 2020)

UPGRADE NOTES
This release renames certain fields within the azurerm_cosmosdb_account (data source & resource) and
azurerm_function_app_host_keys data source to follow HashiCorp's inclusive language guidelines - where
fields have been renamed, existing fields will continue to remain available until the next major version of the
Azure Provider ( v3.0 )
FEATURES:
New Data Source: azurerm_cosmosdb_sql_storedprocedure (#6189)
New Data Source: azurerm_ip_groups (#8556)
New Resource: azurerm_ip_groups (#8556)
New Resource: azurerm_resource_group_template_deployment (#8672)
New Resource: azurerm_subscription_template_deployment (#8672)
IMPROVEMENTS:
dependencies: updating iothub to (#8688)
2020-03-01
dependencies: updating storagecache to 2020-03-01 (#8078)
dependencies: updating resources to API Version 2020-06-01 (#8672)
azurerm_analysis_services_server - support for the S8v2 and S9v2 SKU's (#8707)
azurerm_cognitive_account - support for the S sku (#8639)
azurerm_container_group - support for the dns_config block (#7912)
azurerm_cosmosdb_account - support the zone_reduntant property (#8295)
azurerm_cosmosdb_mongo_collection - will now respect the order of the keys property in the index block
(#8602)
azurerm_hpc_cache - support the mtu and root_squash_enabled properties (#8078)
azurerm_key_vault - add support for enable_rbac_authorization (#8670)
azurerm_lighthouse_assignment - limit the scope property to subsriptions (#8601)
azurerm_logic_app_workflow - support for the integration_service_environment_id property (#8504)
azurerm_servicebus_topic - validate the max_size_in_megabytes property (#8648)
azurerm_servicebus_queue - validate the max_size_in_megabytes property (#8648)
azurerm_servicebus_subscription_rule - support the correlation_filter.properties property (#8646)
azurerm_storage_management_policy - support the appendBlob value for blob_types (#8659)
BUG FIXES:
azurerm_monitor_metric_alert - property wait when creating/updating multiple monitor metric alerts
(#8667)
azurerm_linux_virtual_machine_scale_set - fix empty JSON error in settings and protected_settings when
these values are not used (#8627)
2.29.0 (September 24, 2020)
UPGRADE NOTES:
azurerm_api_management - the value None has been removed from the identity block to match other
resources, to specify an API Management Service with no Managed Identity remove the identity block
(#8411)
azurerm_container_registry - the storage_account_id property now forces a new resource as required by
the updated API version (#8477)
azurerm_virtual_hub_connection - deprecating the field vitual_network_to_hub_gateways_traffic_allowed
since due to a breaking change in the API behaviour this is no longer used (#7601)
azurerm_virtual_hub_connection - deprecating the field hub_to_vitual_network_traffic_allowed since due to a
breaking change in the API behaviour this is no longer used (#7601)
azurerm_virtual_wan - deprecating the field allow_vnet_to_vnet_traffic since due to a breaking change in
the API behaviour this is no longer used (#7601)
FEATURES:
New Data Source: azurerm_data_share_dataset_kusto_cluster (#8464)
New Data Source: azurerm_databricks_workspace (#8502)
New Data Source: azurerm_firewall_policy (#7390)
New Data Source: azurerm_storage_sync_group (#8462)
New Data Source: azurerm_mssql_server (#7917)
New Resource: azurerm_data_share_dataset_kusto_cluster (#8464)
New Resource: azurerm_firewall_policy (#7390)
New Resource: azurerm_mysql_server_key (#8125)
New Resource: azurerm_postgresql_server_key (#8126)
IMPROVEMENTS:
dependencies: updating containerregistry to 2019-05-01 (#8477)
Data Source: azurerm_api_management - export the private_ip_addresses attribute for primary and additional
locations (#8290)
azurerm_api_management - support the virtual_network_configuration block for additional locations (#8290)
azurerm_api_management - export the private_ip_addresses attribute for additional locations (#8290)
azurerm_cosmosdb_account - support the Serverless value for the capabilities property (#8533)
azurerm_cosmosdb_sql_container - support for the indexing_policy property (#8461)
azurerm_mssql_server - support for the recover_database_id and restore_dropped_database_id properties
(#7917)
azurerm_policy_set_definition - support for typed parameter values other then string in
the policy_definition_reference block deprecating parameters in favour of parameter_vcaluess (#8270)
azurerm_search_service - Add support for allowed_ips (#8557)
azurerm_service_fabric_cluster - Remove two block limit for client_certificate_thumbprint (#8521)
azurerm_signalr_service - support for delta updates (#8541)
azurerm_spring_cloud_service - support for configuring the network block (#8568)
azurerm_virtual_hub_connection - deprecating the field vitual_network_to_hub_gateways_traffic_allowed
since due to a breaking change in the API behaviour this is no longer used (#7601)
azurerm_virtual_hub_connection - deprecating the field hub_to_vitual_network_traffic_allowed since due to a
breaking change in the API behaviour this is no longer used (#7601)
azurerm_virtual_hub_connection - switching to use the now separate API for provisioning these resources
(#7601)
azurerm_virtual_wan - deprecating the field allow_vnet_to_vnet_traffic since due to a breaking change in
the API behaviour this is no longer used (#7601)
azurerm_windows_virtual_machine - support for updating the license_type field (#8542)
BUG FIXES:
azurerm_api_management - the value None for the field type within the identity block has been removed -
to remove a managed identity remove the identity block (#8411)
azurerm_app_service - don't try to manage source_control when scm_type is VSTSRM (#8531)
azurerm_function_app - don't try to manage source_control when scm_type is VSTSRM (#8531)
azurerm_kubernetes_cluster - picking the first system node pool if the original default_node_pool has been
removed (#8503)
2.28.0 (September 17, 2020)
UPGRADE NOTES
The id field for the azurerm_role_definition changed in release 2.27.0 to work around a bug in the Azure
API when using management groups, where the Scope isn't returned - the existing id field is available as
role_definition_resource_id from this version of the Azure Provider.
FEATURES:
New Data Source: azurerm_data_share_dataset_data_lake_gen2 [#7907]
New Data Source: azurerm_servicebus_queue_authorization_rule (#8438)
New Data Source: azurerm_storage_sync [#7843]
New Resource: azurerm_data_share_dataset_data_lake_gen2 (#7907)
New Resource: azurerm_lighthouse_definition (#6560)
New Resource: azurerm_lighthouse_assignment (#6560)
New Resource: azurerm_mssql_server_extended_auditing_policy (#8447)
New Resource: azurerm_storage_sync (#7843)
New Resource: azurerm_synapse_sql_pool (#8095)
IMPROVEMENTS:
Data Source: azurerm_app_service_environment - Expose vip information of an app service environment
(#8487)
Data Source: azurerm_function_app - export the identity block (#8389)
azurerm_app_service_hybrid_connection - support relays in different namespaces (#8370)
azurerm_cosmosdb_cassandra_keyspace - support the autoscale_settings block (#7773)
azurerm_cosmosdb_gremlin_database - support the autoscale_settings block (#7773)
azurerm_cosmosdb_gremlin_graph - support the autoscale_settings block (#7773)
azurerm_cosmosdb_mongo_collection - support the autoscale_settings block (#7773)
azurerm_cosmosdb_mongo_database - support the autoscale_settings block (#7773)
azurerm_cosmosdb_sql_container - support the autoscale_settings block (#7773)
azurerm_cosmosdb_sql_database - support the autoscale_settings block (#7773)
azurerm_cosmosdb_table - support the autoscale_settings block (#7773)
azurerm_firewall - support the management_ip_configuration block (#8235)
azurerm_storage_account_customer_managed_key - support for key rotation (#7836)
BUG FIXES:
Data Source: azurerm_function_app_host_keys - Fix a crash when null ID sometimes returned by API (#8430)
azurerm_cognitive_account - correctly wait on update logic (#8386)
azurerm_eventhub_consumer_group - allow the name property to be set to $Default (#8388)
azurerm_kubernetes_cluster - ensure the OMS Agent Log Analytics Workspace case is preserved after
disabling/enabling (#8374)
azurerm_management_group_id - loosen case restritions during parsing of management group ID (#8024)
azurerm_packet_capture - fix to ID path to match change in API (#8167)
azurerm_role_definition - expose role_definition_resource_id (#8492)
2.27.0 (September 10, 2020)
UPGRADE NOTES
The id field for the azurerm_role_definition has changed in this release to work around a bug in the Azure
API when using management groups, where the Scope isn't returned - the existing id field is available as
role_definition_resource_id on the new resource from version 2.28.0 of the Azure Provider.
FEATURES:
New Data Source: azurerm_attestation_provider (#7885)
New Data Source: azurerm_function_app_host_keys (#7902)
New Data Source: azurerm_lb_rule (#8365)
New Resource: azurerm_mssql_database_extended_auditing_policy (#7793)
New Resource: azurerm_attestation_provider (#7885)
New Resource: azurerm_api_management_api_diagnostic (#7873)
New Resource: azurerm_data_factory_linked_service_azure_sql_database (#8349)
IMPROVEMENTS:
Data Source: azurerm_virtual_network_gateway - exposing aad_audience , aad_issuer and aad_tenant within
the vpn_client_configuration block (#8294)
azurerm_cosmosdb_account - supporting the value AllowSelfServeUpgradeToMongo36 for the name field within
the capabilities block (#8335)
azurerm_linux_virtual_machine - Add support for encryption_at_host_enabled (#8322)
azurerm_linux_virtual_machine_scale_set - Add support for encryption_at_host_enabled (#8322)
azurerm_servicebus_subscription - add support for dead_lettering_on_filter_evaluation_error (#8412)
azurerm_spring_cloud_app - support for the identity block (#8336)
azurerm_storage_share_directory - Update name validation (#8366)
azurerm_virtual_network_gateway - support for aad_audience , aad_issuer and aad_tenant within the
vpn_client_configuration block (#8294)
azurerm_windows_virtual_machine - Add support for encryption_at_host_enabled (#8322)
azurerm_windows_virtual_machine_scale_set - Add support for encryption_at_host_enabled (#8322)
BUG FIXES:
azurerm_api_management_x.y.api_name - validation fix (#8409)
azurerm_application_insights_webtests - Fix an issue where the kind property is sometimes set to null
(#8372)
azurerm_cognitive_account - Fixes a crash when provisioning a QnAMaker and supports AnomalyDetector
(#8357)
azurerm_linux_virtual_machine - Add WaitForState on VM delete (#8383)
azurerm_network_security_group - fixed issue where updates would fail for resource (#8384)
azurerm_role_definition - fixed delete operation when role is scoped to Management Group (#6107)
azurerm_windows_virtual_machine - Add WaitForState on VM delete (#8383)
2.26.0 (September 04, 2020)

UPGRADE NOTES:
Opt-In Beta: This release introduces an opt-in beta for in-line Virtual Machine Scale Set Extensions. This
functionality enables the resource to be used with Azure Service Fabric and other extensions that may
require creation time inclusion on Scale Set members. Please see the documentation for
azurerm_linux_virtual_machine_scale_set and azurerm_windows_virtual_machine_scale_set for information.
FEATURES:
New Resource: azurerm_log_analytics_saved_search (#8253)
IMPROVEMENTS:
dependencies: updating loganalyticsto 2020-03-01-preview (#8234)
azurerm_api_management_subscription - Support allow_tracing property (#7969)
azurerm_application_gateway - Add support for probe.properties.port (#8278)
azurerm_linux_virtual_machine_scale_set - Beta support for extension blocks (#8222)
azurerm_log_analytics_workspace - the sku value is now optional and defaults to PerGB2018 (#8272)
azurerm_windows_virtual_machine_scale_set - Beta support for extension blocks (#8222)
BUG FIXES:
azurerm_cdn_endpoint - fixing the casing of the Resource ID to be consistent (#8237)
azurerm_cdn_profile - fixing the casing of the Resource ID to be consistent (#8237)
azurerm_key_vault_key - updating the latest version of the key when updating metadata (#8304)
azurerm_key_vault_secret - updating the latest version of the secret when updating metadata (#8304)
azurerm_linux_virtual_machine - allow updating allow_extension_operations regardless of the value of
provision_vm_agent (for when the VM Agent has been installed manually) (#8001)
azurerm_linux_virtual_machine_scale_set - working around a bug in the Azure API by always sending the
existing Storage Image Reference during updates (#7983)
azurerm_network_interface_application_gateway_association - handling the Network Interface being deleted
during a refresh (#8267)
azurerm_network_interface_application_security_group_association - handling the Network Interface being
deleted during a refresh (#8267)
azurerm_network_interface_backend_address_pool_association - handling the Network Interface being deleted
azurerm_network_interface_nat_rule_association_resource - handling the Network Interface being deleted
azurerm_network_interface_network_security_group_association - handling the Network Interface being
deleted during a refresh (#8267)
azurerm_windows_virtual_machine - allow updating allow_extension_operations regardless of the value of
provision_vm_agent (for when the VM Agent has been installed manually) (#8001)
azurerm_windows_virtual_machine_scale_set - working around a bug in the Azure API by always sending the
existing Storage Image Reference during updates (#7983)
2.25.0 (August 27, 2020)
UPGRADE NOTES:
azurerm_container_group - The secure_environment_variables field within the container now maps keys
with empty values, which differs from previous versions of this provider which ignored empty values
(#8151)
FEATURES:
New Resource azurerm_spring_cloud_certificate (#8067)
IMPROVEMENTS:
dependencies: updating keyvault to 2019-09-01 (#7822)
azurerm_app_service_slot_virtual_network_swift_connection - adding validation that the app_service_id is an
App Service / Function App ID (#8111)
azurerm_app_service_slot_virtual_network_swift_connection - adding validation that the subnet is a Subnet
ID (#8111)
azurerm_batch_pool - Remove network_configuration from update payload (#8189)
azurerm_frontdoor_firewall_policy - match_variable within the match_condition block can now be set to
SocketAddr (#8244)
azurerm_linux_virtual_machine_scale_set - upgrade_mode="Automatic" no longer requires health probe
(#6667)
azurerm_key_vault - support for soft_delete_retention_days (#7822)
azurerm_shared_image - Support for purchase_plan (#8124)
azurerm_shared_image_gallery - validating at import time that the ID is for a Shared Image Gallery (#8240)
azurerm_windows_virtual_machine_scale_set - upgrade_mode="Automatic" no longer requires health probe
(#6667)
BUG FIXES:
Data Source: azurerm_app_service - ensuring the site_config block is correctly set into the state (#8212)
Enhanced Validation: supporting "centralindia", "southindia" and "westindia" as valid regions in Azure Public
(working around invalid data from the Azure API) (#8217)
azurerm_application_gateway - allow setting ip_addresses within the backend_address_pool block to an
empty list (#8210)
azurerm_application_gateway - adding validation to the zone field (#8233)
azurerm_container_group - the secure_environment_variables field within the container now maps keys with
empty values (#8151)
azurerm_dedicated_host - waiting for the resource to be gone 20 times rather than 10 to work around an API
issue (#8221)
azurerm_dedicated_host_group - adding validation to the zone field (#8233)
azurerm_firewall - adding validation to the zone field (#8233)
azurerm_hardware_security_module - adding validation to the zone field (#8233)
azurerm_lb - adding validation to the zone field (#8233)
azurerm_linux_virtual_machine - support for updating ultra_ssd_enabled within the
additional_capabilities block without recreating the virtual machine (#8015)
azurerm_linux_virtual_machine_scale_set - adding validation to the zone field (#8233)
azurerm_managed_disk - adding validation to the zone field (#8233)
azurerm_nat_gateway - adding validation to the zone field (#8233)
azurerm_orchestrated_virtual_machine_scale_set - adding validation to the zone field (#8233)
azurerm_public_ip_prefix - adding validation to the zone field (#8233)
azurerm_public_ip - adding validation to the zone field (#8233)
azurerm_redis_cache - adding validation to the zone field (#8233)
azurerm_virtual_machine - adding validation to the zone field (#8233)
azurerm_virtual_machine_scale_set - adding validation to the zone field (#8233)
azurerm_windows_virtual_machine - support for updating ultra_ssd_enabled within the
additional_capabilities block without recreating the virtual machine (#8015)
azurerm_windows_virtual_machine_scale_set - adding validation to the zone field (#8233)
2.24.0 (August 20, 2020)

FEATURES:
New Resource: azurerm_synapse_spark_pool (#7886)
IMPROVEMENTS:
dependencies: update to API version 2019-12-01 (#8110)
containerinstance
azurerm_api_management_api - now supports oauth2_authorization and openid_authentication (#7617)
azurerm_policy_definition - mode can now be updated without recreating the resource (#7976)
BUG FIXES:
azurerm_frontdoor - ensuring all fields are set into the state (#8146)
azurerm_frontdoor - rewriting case-inconsistent Resource ID's to ensure they're reliable (#8146)
azurerm_frontdoor_firewall_policy - ensuring all fields are set into the state (#8146)
azurerm_frontdoor_firewall_policy - rewriting case-inconsistent Resource ID's to ensure they're reliable
(#8146)
azurerm_frontdoor_custom_https_configuration - ensuring all fields are set into the state (#8146)
azurerm_frontdoor_custom_https_configuration - ensuring the resource_group_name field is set into the state
(#8173)
azurerm_frontdoor_custom_https_configuration - rewriting case-inconsistent Resource ID's to ensure they're
reliable (#8146)
azurerm_frontdoor_custom_https_configuration - updating the ID to use the frontendEndpoint's Resource ID
rather than a custom Resource ID (#8146)
azurerm_lb - switching to use API version 2020-03-01 to workaround a bug in API version 2020-05-01
(#8006)
azurerm_lb_backend_address_pool - adding more specific validation for the Load Balancer ID field (#8172)
azurerm_lb_backend_address_pool - ensuring all fields are always set into the state (#8172)
azurerm_lb_backend_address_pool - switching to use API version 2020-03-01 to workaround a bug in API
version 2020-05-01 (#8006)
azurerm_lb_nat_pool - adding more specific validation for the Load Balancer ID field (#8172)
azurerm_lb_nat_pool - ensuring all fields are always set into the state (#8172)
azurerm_lb_nat_pool - switching to use API version 2020-03-01 to workaround a bug in API version
2020-05-01 (#8006)
azurerm_lb_nat_rule - adding more specific validation for the Load Balancer ID field (#8172)
azurerm_lb_nat_rule - ensuring all fields are always set into the state (#8172)
azurerm_lb_nat_rule - switching to use API version 2020-03-01 to workaround a bug in API version
2020-05-01 (#8006)
azurerm_lb_outbound_rule - adding more specific validation for the Load Balancer ID field (#8172)
azurerm_lb_outbound_rule - ensuring all fields are always set into the state (#8172)
azurerm_lb_outbound_rule - switching to use API version 2020-03-01 to workaround a bug in API version
2020-05-01 (#8006)
azurerm_lb_probe - adding more specific validation for the Load Balancer ID field (#8172)
azurerm_lb_probe - ensuring all fields are always set into the state (#8172)
azurerm_lb_probe - switching to use API version 2020-03-01 to workaround a bug in API version 2020-05-01
(#8006)
azurerm_lb_rule - adding more specific validation for the Load Balancer ID field (#8172)
azurerm_lb_rule - ensuring all fields are always set into the state (#8172)
azurerm_lb_rule - switching to use API version 2020-03-01 to workaround a bug in API version 2020-05-01
(#8006)
azurerm_storage_account - only sending allow_blob_public_access and min_tls_version in Azure Public
since these are currently not supported in other regions (#8148)
2.23.0 (August 13, 2020)
FEATURES:
New Resource: azurerm_integration_service_environment (#7763)
New Resource: azurerm_redis_linked_server (#8026)
New Resource: azurerm_synapse_firewall_rule (#7904)
IMPROVEMENTS:
dependencies: updating containerservice to 2020-04-01 (#7894)
dependencies: updating mysql to 2020-01-01 (#8062)
dependencies: updating postgresql to 2020-01-01 (#8045)
Data Source: azurerm_app_service now exports source_control configuration (#7945)
Data Source: azurerm_function_app now exports source_control configuration (#7945)
Data Source: azurerm_function_app now exports site_config configuration (#7945)
azurerm_app_service now supports source_control configuration (#7945)
azurerm_function_app now supports source_control configuration (#7945)
azurerm_function_app now supports full ip_restriction configuration (#7945)
azurerm_function_app now supports full scm_ip_restriction configuration (#7945)
azurerm_eventhub_namespace - support for the identity block (#8065)
azurerm_postgresql_server - support for the identity block (#8044)
azurerm_site_recovery_replicated_vm - support setting target_network_id and network_interface on
failover (#5688)
azurerm_storage_account - support static_website for BlockBlobStorage account type (#7890)
azurerm_storage_account - filter allow_blob_public_access and min_tls_version from Azure US Government
(#8092)
BUG FIXES:
All resources using a location field - allowing the value global when using enhanced validation (#8042)
Data Source: azurerm_api_management_user - user_id now accepts single characters (#7975)
azurerm_application_gateway - enforce case for the rule_type property (#8061)
azurerm_iothub_consumer_group - lock during creation and deletion to workaround an API issue (#8041)
azurerm_iothub - the endpoint and route lists can now be cleared by setting them to [] (#8028)
azurerm_linux_virtual_machine - handling machines which are already stopped/deallocated (#8000)
azurerm_mariadb_virtual_network_rule will now work across subscriptions (#8100)
azurerm_monitor_metric_alert_resource - continue using SingleResourceMultiMetricCriteria for existing
alerts (#7995)
azurerm_mysql_server - prevent a non empty plan when using threat_detection_policy (#7981)
azurerm_orchestrated_virtual_machine_scale_set - allow single_placement_group to be true (#7821)
azurerm_mysql_server - support for the identity block (#8059)
azurerm_storage_account - set default for min_tls_version to TLS_10 (#8152)
azurerm_traffic_manager_profile - updating no longer clears all endpoints (#7846)
azurerm_windows_virtual_machine - handling machines which are already stopped/deallocated [#8000]'
azurerm_data_factory_dataset_delimited_text - fix issue with property azure_blob_storage_account (#7953)
2.22.0 (August 07, 2020)

DEPENDENCIES:
updating github.com/Azure/azure-sdk-for-go to v44.2.0 (#7933)
IMPROVEMENTS:
azurerm_cosmosdb_account - support DisableRateLimitingResponses with the capabilities property (#8016)
azurerm_storage_account - support for the min_tls_version property (#7879)
azurerm_storage_account_sas - support for the signed_version attribute property (#8020)
azurerm_servicebus_queue - support for the enable_batched_operations , status , forward_to , and
forward_dead_lettered_messages_to (#7990)
BUG FIXES:
Data Source: azurerm_key_vault_certificate- fixing a crash when using acmebot certificates (#8029)
azurerm_iothub_shared_access_policy - prevent primary_connection_string & secondary_connection_string
from regenerating during every apply (#8017)
2.21.0 (July 31, 2020)
DEPENDENCIES:
updating search to 2020-03-13(#7867)
updating go-azure-helpers to v0.11.2 (#7911)
FEATURES:
New Data Source: azurerm_data_share_dataset_data_lake_gen1 (#7840)
New Resource: azurerm_dedicated_hardware_security_module (#7727)
IMPROVEMENTS:
azurerm_api_management_identity_provider_aad - Support for signin_tenant (#7901)
azurerm_app_service_plan - update the relation between kind and reserved (#7943)
azurerm_automation_runbook - recreate azurerm_automation_job_schedule after an update (#7555)
azurerm_app_service_slot - support for the application_logs.file_system (#7311)
azurerm_firewall - no longer requires a zone (#7817)
azurerm_function_app_slot - support for the site_config.auto_swap_slot_name property (#7859)
azurerm_kubernetes_cluster - support for in-place upgrade from Free to Paid for sku_tier (#7927)
azurerm_monitor_scheduled_query_rules_alert - action.0.custom_webhook_payload is now sent as empty to
allow for Azure's default to take effect(#7838)
azurerm_search_service - support for the public_network_access_enabled property (#7867)
azurerm_servicebus_subscription - support for the status property (#7852)
BUG FIXES:
azurerm_automation_runbook - allow resource to not be set (#7824)
publish_content_link
azurerm_api_management_named_value - the value has been marked as sensitive to hide secret values (#7819)
azurerm_cognitive_account - allow qname_runtime_endpoint to not be set (#7916)
azurerm_iothub_dps - the only valid value for the sku property for the API is now S1 (#7847)
azurerm_eventgrid_event_subscription - deprecate the topic_name as it is now readonly in the API (#7871)
azurerm_kubernetes_cluster - updates will no longer fail when using managed AAD integration (#7874)
2.20.0 (July 23, 2020)

UPGRADE NOTES
Enhanced Validation for Locations - the Azure Provider now validates that the value for the location
argument is a supported Azure Region within the Azure Environment being used (from the Azure Metadata
Service) - which allows us to catch configuration errors for this field at terraform plan time, rather than
during a terraform apply . This functionality is now enabled by default, and can be opted-out of by setting
the Environment Variable ARM_PROVIDER_ENHANCED_VALIDATION to false
azurerm_storage_account - will now default allow_blob_public_access to false to align with the portal and be
secure by default (#7784)
DEPENDENCIES:
updating cosmos to 2020-04-01 (#7597)
FEATURES:
New Data Source: azurerm_synapse_workspace (#7517)
New Resource: azurerm_data_share_dataset_data_lake_gen1 - add dataset_data_lake_gen1 suppport for
azurerm_data_share (#7511)
New Resource: azurerm_frontdoor_custom_https_configuration - move the front door
custom_https_configuration to its own resource to allow for parallel creation/update of custom https
certificates. (#7498)
New Resource: azurerm_kusto_cluster_customer_managed_key (#7520)
New Resource: azurerm_synapse_workspace (#7517)
IMPROVEMENTS:
azurerm_cosmos_db_account - add support for the enable_free_tier property (#7814)
BUG FIXES:
Data Source: azurerm_private_dns_zone - fix a crash when the zone does not exist (#7783)
azurerm_application_gateway - fix crash with gateway_ip_configuration (#7789)
azurerm_cosmos_account - the geo_location.prefix property has been deprecated as service no longer
accepts it as an input since Apr 25, 2019 (#7597)
azurerm_monitor_autoscale_setting - fix crash in notification (#7835)
azurerm_storage_account - will now default allow_blob_public_access to false to align with the portal and be
secure by default (#7784)
2.19.0 (July 16, 2020)
UPGRADE NOTES:
HDInsight 3.6 will be retired (in Azure Public) on 2020-12-30 - HDInsight 4.0 does not support ML Services,
RServer or Storm Clusters - as such the azurerm_hdinsight_ml_services_cluster ,
azurerm_hdinsight_rserver_cluster and azurerm_hdinsight_storm_cluster resources are deprecated and will
be removed in the next major version of the Azure Provider. (#7706)
provider: no longer auto register the Microsoft.StorageCache RP (#7768)
FEATURES:
New Data source: azurerm_route_filter (#6341)
New Resource: azurerm_route_filter (#6341)
IMPROVEMENTS:
dependencies: updating the machinelearning API to version 2020-04-01 (#7703)
Data Source: azurerm_storage_account - exposing allow_blob_public_access (#7739)
Data Source: azurerm_dns_zone - now provides feedback if a resource_group_name is needed to resolve
ambiguous zone (#7680)
azurerm_automation_schedule - Updated validation for timezone strings (#7754)
azurerm_express_route_circuit_peering - support for the route_filter_id property (#6341)
azurerm_kubernetes_cluster - no longer sending the kubernetes_dashboard addon in Azure China since this is
not supported in this region (#7714)
azurerm_local_network_gateway - address_space order can now be changed (#7745)
azurerm_machine_learning_workspace - adding the field high_business_impact (#7703)
azurerm_monitor_metric_alert - support for multiple scopes and associated criteria (#7159)
azurerm_mssql_database elastic_pool_id remove forcenew (#7628)
azurerm_policy_assignment - support for metadata property (#7725)
azurerm_policy_set_definition - support for the policy_definition_reference_id property (#7018)
azurerm_storage_account - support for configuring allow_blob_public_access (#7739)
azurerm_storage_container - container creation will retry if a container of the same name has not completed
its delete operation (#7179)
azurerm_storage_share - share creation will retry if a share of the same name has not completed its previous
delete operation (#7179)
azurerm_virtual_network_gateway_connection - support for the traffic_selector_policy block (#6586)
azurerm_orchestrated_virtual_machine_scale_set - support for the proximity_placement_group_id property
(#7510)
BUG FIXES:
provider: deprecating metadata_url to metadata_host since this is a hostname (#7740)
azurerm_*_virtual_machine - allow_extensions_operations can now be updated (#7749)
azurerm_eventhub_namespace - changing to zone_redundant now force a new resource (#7612)
azurerm_express_route_circuit - fix eventual consistency issue in create (#7753)
azurerm_express_route_circuit - fix potential crash (#7776)
azurerm_managed_disk - allow up to 65536 GB for the disk_size_gb property (#7689)
azurerm_machine_learning_workspace - waiting until the Machine Learning Workspace has been fully deleted
(#7635)
azurerm_mysql_server - ssl_minimal_tls_version_enforced now correctly set in updates (#7307)
azurerm_notification_hub - validating that the ID is in the correct format when importing the resource
(#7690)
azurerm_redis_cache - fixing a bug when provisioning with authentication disabled (#7734)
azurerm_virtual_hub - the field address_prefix is now ForceNew to match the behaviour of the Azure API
(#7713)
azurerm_virtual_hub_connection - using the delete timeout if specified (#7731)
2.18.0 (July 10, 2020)

FEATURES:
can be set at the provider level to use an environment provided by a specific url (#7664)
metadata_url
New Data Source: azurerm_key_vault_certificate_issuer (#7074)
New Data Source: azurerm_web_application_firewall_policy (#7469)
New Resource: azurerm_automation_connection (#6847)
New Resource: azurerm_automation_connection_certificate (#6847)
New Resource: azurerm_automation_connection_classic_certificate (#6847)
New Resource: azurerm_automation_connection_service_pricipal (#6847)
New Resource: azurerm_app_service_slot_virtual_network_swift_connection (#5916)
New Resource: azurerm_data_factory_dataset_azure_blob (#6366)
New Resource: azurerm_data_factory_dataset_cosmosdb_sqlapi (#6366)
New Resource: azurerm_data_factory_dataset_delimited_text (#6366)
New Resource: azurerm_data_factory_dataset_http (#6366)
New Resource: azurerm_data_factory_dataset_json (#6366)
New Resource: azurerm_data_factory_linked_service_azure_blob_storage (#6366)
New Resource: azurerm_data_factory_linked_service_azure_file_storage (#6366)
New Resource: azurerm_data_factory_linked_service_azure_file_storage (#6366)
New Resource: azurerm_data_factory_linked_service_cosmosdb (#6366)
New Resource: azurerm_data_factory_linked_service_sftp (#6366)
New Resource: azurerm_data_factory_linked_service_sftp (#6366)
New Resource: azurerm_key_vault_certificate_issuer (#7074)
New Resource: azurerm_kusto_attached_database_configuration (#7377)
New Resource: azurerm_kusto_database_principal_assignment (#7484)
New Resource: azurerm_mysql_active_directory_administrator (#7621)
IMPROVEMENTS:
dependencies: updating github.com/tombuildsstuff/giovanni to v0.11.0 (#7608)
dependencies: updating network to 2020-05-01 (#7585)
Data Source: azurerm_eventhub_namespace - exposing the dedicated_cluster_id field (#7548)
azurerm_cosmosdb_account - support for the ignore_missing_vnet_service_endpoint property (#7348)
azurerm_application_gateway - support for the firewall_policy_id attribute within the http_listener block
(#7580)
azurerm_eventhub_namespace - support for configuring the dedicated_cluster_id field (#7548)
azurerm_eventhub_namespace - support for setting partition_count to 1024 when using a Dedicated Cluster
(#7548)
azurerm_eventhub_namespace - support for setting retention_count to 90 when using a Dedicated Cluster
(#7548)
azurerm_hdinsight_hadoop_cluster - now supports Azure Monitor (#7045)
azurerm_hdinsight_hbase_cluster - now supports external metastores (#6969)
azurerm_hdinsight_hbase_cluster - now supports Azure Monitor (#7045)
azurerm_hdinsight_interactive_query_cluster - now supports external metastores (#6969)
azurerm_hdinsight_interactive_query_cluster - now supports Azure Monitor (#7045)
azurerm_hdinsight_kafka_cluster - now supports external metastores (#6969)
azurerm_hdinsight_kafka_cluster - now supports external Azure Monitor (#7045)
azurerm_hdinsight_spark_cluster - now supports external metastores (#6969)
azurerm_hdinsight_spark_cluster - now supports external Azure Monitor (#7045)
azurerm_hdinsight_storm_cluster - now supports external metastores (#6969)
azurerm_hdinsight_storm_cluster - now supports external Azure Monitor (#7045)
azurerm_policy_set_definition - the management_group_id property has been deprecated in favour of
management_group_name to align with the behaviour in azurerm_policy_definition (#6943)
azurerm_kusto_cluster - support for the language_extensions property (#7421)
azurerm_kusto_cluster - Support for the optimized_auto_scale property (#7371)
azurerm_mysql_server - support for the threat_detection_policy property (#7156)
azurerm_mssql_database - the sku_name property now only forces a new resource for the HS (HyperScale)
family (#7559)
azurerm_web_application_firewall_policy - allow setting version to 0.1 (for when type is set to
Microsoft_BotManagerRuleSet ) (#7579)
azurerm_web_application_firewall_policy - support the transforms property in the
custom_rules.match_conditions block (#7545)
azurerm_web_application_firewall_policy - support the request_body_check , file_upload_limit_in_mb , and
max_request_body_size_in_kb properties in the policy_settings block (#7363)
BUG FIXES:
azurerm_api_management_api_operation_policy - correctly parse XLM (#7345)
azurerm_application_insights_api_key - now correctly checks if the resource exists upon creation (#7650)
azurerm_api_management_identity_provider_aad - fix perpetual diff on the client_secret property (#7529)
azurerm_eventhub_namespace_authorization_rule - correctly update old resource IDs (#7622)
azurerm_policy_remediation - removing the validation for the policy_definition_reference_id field since this
isn't a Resource ID (#7600)
azurerm_storage_data_lake_gen2_filesystem - prevent a crash during plan if storage account was deleted
(#7378)
2.17.0 (July 03, 2020)
UPGRADE NOTES:
azurerm_hdinsight_hadoop_cluster - the enabled property within the gateway block now defaults to true
and cannot be disabled, due to a behavioural change in the Azure API (#7111)
azurerm_hdinsight_hbase_cluster - the enabled property within the gateway block now defaults to true
azurerm_hdinsight_interactive_query_cluster - the enabled property within the gateway block now defaults
to true and cannot be disabled, due to a behavioural change in the Azure API (#7111)
azurerm_hdinsight_kafka_cluster - the enabled property within the gateway block now defaults to true
azurerm_hdinsight_ml_services_cluster - the enabled property within the gateway block now defaults to
true and cannot be disabled, due to a behavioural change in the Azure API (#7111)
azurerm_hdinsight_rserver_cluster - the enabled property within the gateway block now defaults to true
azurerm_hdinsight_spark_cluster - the enabled property within the gateway block now defaults to true
azurerm_hdinsight_storm_cluster - the enabled property within the gateway block now defaults to true
FEATURES:
New Resource: azurerm_kusto_cluster_principal_assignment (#7533)
IMPROVEMENTS:
Data Source: azurerm_eventhub_namespace - exposing the zone_redundant property (#7534)
Data Source: azurerm_postgresql_server - exposing sku_name (#7523)
azurerm_app_service_environment - the property user_whitelisted_ip_ranges has been deprecated and
renamed to allowed_user_ip_cidrs to clarify the function and expected format (#7499)
azurerm_eventhub_namespace - support for the zone_redundant property (#7534)
azurerm_key_vault_certificate - exposing the certificate_attribute block (#7387)
azurerm_kusto_cluster - Support trusted_external_tenants (#7374)
azurerm_sentinel_alert_rule_ms_security_incident - the property text_whitelist has been deprecated and
renamed to display_name_filter to better match the api (#7499)
azurerm_shared_image - support for specialized images via the specialized property (#7277)
azurerm_shared_image_version - support for specialized images via the specialized property (#7277)
azurerm_spring_cloud_service - support for sku_name (#7531)
azurerm_spring_cloud_service - support for the trace block (#7531)
BUG FIXES:
azurerm_api_management_named_value - polling until the property is fully created (#7547)
azurerm_api_management_property - polling until the property is fully created (#7547)
azurerm_linux_virtual_machine_scale_set - using the provider feature roll_instances_when_required when
upgrade_mode is set to Manual (#7513)
azurerm_marketplace_agreement - fix issue around import (#7515)
azurerm_windows_virtual_machine_scale_set - using the provider feature roll_instances_when_required when
upgrade_mode is set to Manual (#7513)
2.16.0 (June 25, 2020)

DEPENDENCIES:
updating github.com/Azure/go-autorest/azure/cli to v0.3.1 (#7433)
FEATURES:
New Resource: azurerm_postgresql_active_directory_administrator (#7411)
IMPROVEMENTS:
authentication: Azure CLI - support for access tokens in custom directories (#7433)
azurerm_api_management_api - support for the subscription_required property (#4885)
azurerm_app_service_environment - support a value of Web, Publishing for the internal_load_balancing_mode
property (#7346)
azurerm_kusto_cluster - support for the identity block (#7367)
azurerm_kusto_cluster - support for virtual_network_configuration block (#7369)
azurerm_kusto_cluster - supoport for the zone property (#7373)
azurerm_firewall - support for configuring threat_intel_mode (#7437)
azurerm_management_group - waiting until the Management Group has been fully replicated after creating
(#7473)
azurerm_monitor_activity_log_alert - support for the fields recommendation_category , recommendation_impact
and recommendation_type in the criteria block (#7458)
azurerm_mssql_database - support up to 5 for the min_capacity property (#7457)
azurerm_mssql_database - support GP_S_Gen5 SKUs up to GP_S_Gen5_40 (#7453)
BUG FIXES:
azurerm_api_management_api - allowing dots as a prefix of the name field (#7478)
azurerm_function_app - state fixes for app_settings (#7440)
azurerm_hdinsight_hadoop_cluster - fixes for node and instance count validation (#7430)
azurerm_hdinsight_hbase_cluster - fixes for node and instance count validation (#7430)
azurerm_hdinsight_interactive_query_cluster - fixes for node and instance count validation (#7430)
azurerm_hdinsight_kafka_cluster - fixes for node and instance count validation (#7430)
azurerm_hdinsight_ml_services_cluster - fixes for node and instance count validation (#7430)
azurerm_hdinsight_rserver_cluster - fixes for node and instance count validation (#7430)
azurerm_hdinsight_spark_cluster - fixes for node and instance count validation (#7430)
azurerm_hdinsight_storm_cluster - fixes for node and instance count validation (#7430)
azurerm_monitor_autoscale_settings - support for setting time_aggregation to Last as per the
documentation (#7480)
azurerm_postgresql_server - can now update the tier of sku_name by recreating the resource (#7456)
azurerm_network_interface_security_group_association - is now considered delete whtn the network interfact
is notfound (#7459)
azurerm_role_definition - terraform import now sets scope to prevent a force recreate (#7424)
azurerm_storage_account_network_rules - corretly clear ip_rules , virtual_network_subnet_ids when set to
[] (#7385)
2.15.0 (June 19, 2020)

UPGRADE NOTES:
azurerm_orchestrated_virtual_machine_scale_set - the single_placement_group property is now required to
be false by the service team in the 2019-12-01 compute API (#7188)
DEPENDENCIES
updating to v43.1.0 of github.com/Azure/azure-sdk-for-go (#7188)
upgrading kusto to 2019-12-01 (#7101)
upgrading kusto to 2020-02-15 (#6838)
FEATURES
New Data Source: azurerm_data_share_dataset_blob_storage (#7107)
New Resource: azurerm_data_factory_integration_runtime_self_hosted (#6535)
New Resource: azurerm_data_share_dataset_blob_storage (#7107)
New Resource: azurerm_eventhub_cluster (#7306)
New Resource: azurerm_maintenance_assignment_dedicated_host (#6713)
New Resource: azurerm_maintenance_assignment_virtual_machine (#6713)
IMPROVEMENTS:
Data Source: azurerm_management_group- support lookup via display_name (#6845)
azurerm_api_management - support for the developer_portal_url property (#7263)
azurerm_app_service - support for scm_ip_restriction (#6955)
azurerm_app_service_certificate - support for the hosting_environment_profile_id propety (#7087)
azurerm_app_service_environment - support for the user_whitelisted_ip_ranges property (#7324)
azurerm_kusto_cluster - Support for enable_purge (#7375)
azurerm_kusto_cluster - Support for extended Kusto Cluster SKUs (#7372)
azurerm_policy_assignment - added support for enforcement_mode (#7331)
azurerm_private_endpoint - support for the private_dns_zone_group , private_dns_zone_configs , and
custom_dns_configs blocks (#7246)
azurerm_storage_share_directory - name can now contain one nested directory (#7382)
BUG FIXES:
azurerm_api_management_api - correctly wait for future on create/update (#7273)
azurerm_bot_connection - adding a runtime check for the available service providers in the Azure Region
being used (#7279)
azurerm_healthcare_service - the access_policy_object_ids property is now optional (#7296)
azurerm_hdinsight_cluster - deprecating the min_instance_count property (#7272)
azurerm_network_watcher_flow_log - propertly disable the flowlog on destroy (#7154)
2.14.0 (June 11, 2020)

UPGRADE NOTES:
azurerm_kubernetes_cluster - the Azure Policy add-on now only supports v2 (as per the Azure API) (#7233)
DEPENDENCIES:
containerservice - updating to 2020-03-01 (#7233)
policy - updating to 2019-09-01 (#7211)
FEATURES:
New Data Source: azurerm_blueprint_definition (#6930)
New Data Source: azurerm_blueprint_published_version (#6930)
New Data Source: azurerm_key_vault_certificate (#7285)
New Data Source: azurerm_kubernetes_cluster_node_pool (#7233)
New Resource: azurerm_blueprint_assignment (#6930)
New Resource: azurerm_data_factory_linked_service_key_vault (#6971)
New Resource: azurerm_iot_time_series_insights_access_policy (#7202)
New Resource: azurerm_iot_time_series_insights_reference_data_set (#7112)
New Resource: azurerm_app_service_hybrid_connection (#7224)
ENHANCEMENTS:
Data Source: azurerm_kubernetes_cluster - exposing the version of the Azure Policy add-on (#7233)
Data Source: azurerm_kubernetes_cluster - exposing the orchestrator_version being used for each Node
Pool (#7233)
Data Source: azurerm_kubernetes_cluster - exposing the disk_encryption_set_id field (#7233)
azurerm_api_management_api - ensuring wsdl_selector is populated when content_format is wsdl (#7076)
azurerm_cosmosdb_account modifying geo_location no longer triggers a recreation of the resource (#7217)
azurerm_eventgrid_event_subscription - support for azure_function_endpoint (#7182)
azurerm_eventgrid_event_subscription - exposing base_url , max_events_per_batch ,
preferred_batch_size_in_kilobytes , active_directory_tenant_id and active_directory_app_id_or_uri in the
webhook_endpoint block (#7207)
azurerm_kubernetes_cluster - support for configuring/updating the version of Kubernetes used in the
Default Node Pool (#7233)
azurerm_kubernetes_cluster - support for Azure Active Directory (Managed) Integration v2 (#7233)
azurerm_kubernetes_cluster - support for using a Disk Encryption Set (#7233)
azurerm_kubernetes_cluster - support for configuring the Auto-Scale Profile (#7233)
azurerm_kubernetes_cluster - support for configuring outbound_ports_allocated and
idle_timeout_in_minutes within the load_balancer_profile block (#7233)
azurerm_kubernetes_cluster - support for the Uptime SLA / Paid SKU (#7233)
azurerm_kubernetes_cluster - exposing the private_fqdn of the cluster (#7233)
azurerm_kubernetes_cluster_node_pool - support for configuring/updating the version of Kubernetes (#7233)
azurerm_kubernetes_cluster_node_pool - support for Spot Node Pools (#7233)
azurerm_kubernetes_cluster_node_pool - support for System & User Node Pools (#7233)
azurerm_web_application_firewall_policy - Add support for GeoMatch operator in request filter (#7181)
BUG FIXES:
Data Source: azurerm_kubernetes_cluster - fixing an issue where some read-only fields were unintentionally
marked as user-configurable (#7233)
azurerm_application_gateway - support for specifying the ID of a Key Vault Secret without a version (#7095)
azurerm_bot_channel_ms_teams - only sending calling_web_hook when it's got a value (#7294)
azurerm_eventhub_namespace_authorization_rule - handling the Resource ID changing on Azure's side from
authorizationRules to AuthorizationRules (#7248)
azurerm_eventgrid_event_subscription - fixing a crash when subject_filter was omitted (#7222)
azurerm_function_app - fix app_settings when using linux consumption plan (#7230)
azurerm_linux_virtual_machine_scale_set - adding validation for the max_bid_price field (#7233)
azurerm_kubernetes_cluster - the Azure Policy add-on is not supported in Azure China and no longer sent
(#7233)
azurerm_kubernetes_cluster - the Azure Policy add-on is not supported in Azure US Government and no
longer sent (#7233)
azurerm_kubernetes_cluster - the Kubernetes Dashboard add-on is not supported in Azure US Government
and no longer sent (#7233)
azurerm_kubernetes_cluster - searching for a system node pool when importing the default_node_pool
(#7233)
azurerm_kubernetes_cluster_node_pool - changes to the node_taints field now force a new resource,
matching the updated API behaviour (#7233)
azurerm_management_group - using the Subscription ID rather than Subscription Resource ID when detaching
Subscriptions from Management Groups during deletion (#7216)
azurerm_windows_virtual_machine_scale_set - adding validation for the max_bid_price field (#7233)
2.13.0 (June 04, 2020)

FEATURES:
New Data Source : azurerm_logic_app_integration_account (#7099)
New Data Source: azurerm_virtual_machine_scale_set (#7141)
New Resource : azurerm_logic_app_integration_account (#7099)
New Resource : azurerm_monitor_action_rule_action_group (#6563)
New Resource : azurerm_monitor_action_rule_suppression (#6563)
IMPROVEMENTS:
azurerm_data_factory_pipeline - Support for activities (#6224)
azurerm_eventgrid_event_subscription - support for advanced filtering (#6861)
azurerm_signalr_service - support for EnableMessagingLogs feature (#7094)
BUG FIXES:
azurerm_app_service - default priority now set on ip restricitons when not explicitly specified (#7059)
azurerm_app_service - App Services check correct scope for name availability in ASE (#7157)
azurerm_cdn_endpoint - origin_host_header can now be set to empty (#7164)
azurerm_cosmosdb_account - workaround for CheckNameExists 500 response code bug (#7189)
azurerm_eventhub_authorization_rule - Fix intermittent 404 errors (#7122)
azurerm_eventgrid_event_subscription - fixing an error when setting the hybrid_connection_endpoint block
(#7203)
azurerm_function_app - correctly set Kind when os_type is linux (#7140)
azurerm_key_vault_certificate - always setting the certificate_data and thumbprint fields (#7204)
azurerm_role_assignment - support for Preview role assignments (#7205)
azurerm_virtual_network_gateway - vpn_client_protocols is now also computed to prevent permanent diffs
(#7168)
2.12.0 (May 28, 2020)
FEATURES:
New Data Source: azurerm_advisor_recommendations (#6867)
New Resource: azurerm_dev_test_global_shutdown_schedule (#5536)
New Resource: azurerm_nat_gateway_public_ip_association (#6450)
IMPROVEMENTS:
Data Source: azurerm_kubernetes_cluster - exposing the oms_agent_identity block within the addon_profile
block (#7056)
Data Source: azurerm_kubernetes_cluster - exposing the identity and kubelet_identity properties (#6527)
azurerm_batch_pool - support the container_image_names property (#6689)
azurerm_eventgrid_event_subscription - support for the expiration_time_utc , service_bus_topic_endpoint ,
and service_bus_queue_endpoint , property (#6860)
azurerm_eventgrid_event_subscription - the eventhub_endpoint was deprecated in favour of the
eventhub_endpoint_id property (#6860)
azurerm_eventgrid_event_subscription - the hybrid_connection_endpoint was deprecated in favour of the
hybrid_connection_endpoint_id property (#6860)
azurerm_eventgrid_topic - support for input_schema , input_mapping_fields , and
input_mapping_default_values (#6858)
azurerm_kubernetes_cluster - exposing the oms_agent_identity block within the addon_profile block
(#7056)
azurerm_logic_app_action_http - support for the run_after property (#7079)
azurerm_storage_account - support RAGZRS and GZRS for the account_replication_type property (#7080)
BUG FIXES:
azurerm_api_management_api_version_set - handling changes to the Azure Resource ID (#7071)
azurerm_key_vault_certificate - fixing a bug when using externally-signed certificates (using the Unknown
issuer) where polling would continue indefinitely (#6979)
azurerm_linux_virtual_machine - correctly validating the rsa ssh public_key properties length (#7061)
azurerm_linux_virtual_machine - allow setting virtual_machine_scale_set_id in non-zonal deployment
(#7057)
azurerm_servicebus_topic - support for numbers in the name field (#7027)
azurerm_shared_image_version - target_region.x.storage_account_type is now defaulted and multiple
target_region s can be added/removed (#6940)
azurerm_sql_virtual_network_rule - updating the validation for the name field (#6968)
azurerm_windows_virtual_machine - allow setting virtual_machine_scale_set_id in non-zonal deployment
(#7057)
azurerm_windows_virtual_machine - correctly validating the rsa ssh public_key properties length (#7061)
2.11.0 (May 21, 2020)
DEPENDENCIES:
updating network to 2020-03-01 (#6727)
FEATURES:
Opt-In/Experimental Enhanced Validation for Locations: This allows validating that the location field
being specified is a valid Azure Region within the Azure Environment being used - which can be caught via
terraform plan rather than terraform apply . This can be enabled by setting the Environment Variable
ARM_PROVIDER_ENHANCED_VALIDATION to true and will be enabled by default in a future release of the AzureRM
Provider (#6927)
Data Source: azurerm_data_share (#6789)
New Resource: azurerm_data_share (#6789)
New Resource: azurerm_iot_time_series_insights_standard_environment (#7012)
New Resource: azurerm_orchestrated_virtual_machine_scale_set (#6626)
IMPROVEMENTS:
Data Source: azurerm_platform_image - support for version filter (#6948)
azurerm_api_management_api_version_set - updating the validation for the name field (#6947)
azurerm_app_service - the ip_restriction block now supports the action property (#6967)
azurerm_databricks_workspace - exposing workspace_id and workspace_url (#6973)
azurerm_netapp_volume - support the mount_ip_addresses property (#5526)
azurerm_redis_cache - support new maxmemory policies allkeys-lfu & volatile-lfu (#7031)
azurerm_storage_account - allowing the value PATCH for allowed_methods within the cors_rule block within
the blob_properties block (#6964)
BUG FIXES:
Data Source: azurerm_api_management_group - raising an error when the Group cannot be found (#7024)
Data Source: azurerm_image - raising an error when the Image cannot be found (#7024)
Data Source: azurerm_data_lake_store - raising an error when Data Lake Store cannot be found (#7024)
Data Source: azurerm_data_share_account - raising an error when Data Share Account cannot be found
(#7024)
Data Source: azurerm_hdinsight_cluster - raising an error when the HDInsight Cluster cannot be found
(#7024)
Data Source: azurerm_healthcare_service - raising an error when the HealthCare Service cannot be found
(#7024)
Data Source: azurerm_healthcare_service - ensuring all blocks are set in the response (#7024)
Data Source: azurerm_firewall - raising an error when the Firewall cannot be found (#7024)
Data Source: azurerm_maintenance_configuration - raising an error when the Maintenance Configuration
cannot be found (#7024)
Data Source: azurerm_private_endpoint_connection - raising an error when the Private Endpoint Connection
cannot be found (#7024)
Data Source: azurerm_resources - does not return all matched resources sometimes (#7036)
Data Source: azurerm_shared_image_version - raising an error when the Image Version cannot be found
(#7024)
Data Source: azurerm_shared_image_versions - raising an error when Image Versions cannot be found
(#7024)
Data Source: azurerm_user_assigned_identity - raising an error when the User Assigned Identity cannot be
found (#7024)
azurerm_api_management_subscription - fix the export of primary_key and secondary_key (#6938)
azurerm_eventgrid_event_subscription - correctly parsing the ID (#6958)
azurerm_healthcare_service - ensuring all blocks are set in the response (#7024)
azurerm_linux_virtual_machine - allowing name to end with a capital letter (#7023)
azurerm_linux_virtual_machine_scale_set - allowing name to end with a capital (#7023)
azurerm_management_group - workaround for 403 bug in service response (#6668)
azurerm_postgresql_server - do not attempt to get the threat protection when the sku is basic (#7015)
azurerm_windows_virtual_machine - allowing name to end with a capital (#7023)
azurerm_windows_virtual_machine_scale_set - allowing name to end with a capital (#7023)
2.10.0 (May 14, 2020)

DEPENDENCIES:
updating eventgrid to 2020-04-01-preview (#6837)
updating iothub to 2019-03-22-preview (#6875)
FEATURES:
New Data Source: azurerm_eventhub (#6841)
New Resource: azurerm_eventgrid_domain_topic (#6859)
IMPROVEMENTS:
All Data Sources: adding validation for the resource_group_name field to not be empty where it's Required
(#6864)
Data Source: azurerm_virtual_machine - export identity attribute (#6826)
azurerm_api_management - support for configuring the Developer Portal (#6724)
azurerm_api_management - support for user assigned managed identities (#6783)
azurerm_api_management - support key_vault_id that do not have a version (#6723)
azurerm_api_management_diagnostic - support required property api_management_logger_id (#6682)
azurerm_application_gateway - support for WAF policies (#6105)
azurerm_app_service_environment - support specifying explicit resource group (#6821)
azurerm_express_route_circuit - de-provision and re-provision circuit when changing the bandwidth
reduction (#6601)
azurerm_frontdoor - expose the header_frontdoor_id attribute (#6916)
azurerm_log_analytics_workspace - add support for rentention_in_days for Free Tier (#6844)
azurerm_mariadb_server - support for the create_mode property allowing the creation of replicas, point in
time restores, and geo restors (#6865)
azurerm_mariadb_server - support for the public_network_access_enabled property (#6865)
azurerm_mariadb_server - all properties in the storage_profile block have been moved to the top level
(#6865)
azurerm_mariadb_server - the following properties were renamed and changed to a boolean type:
ssl_enforcement to ssl_enforcement_enabled , geo_redundant_backup to geo_redundant_backup_enabled , and
auto_grow
azurerm_mysql_server - support for the create_mode property allowing the creation of replicas, point in time
restores, and geo restors (#6833)
azurerm_mysql_server - support for the public_network_access_enabled property (#6833)
azurerm_mysql_server - all properties in the storage_profile block have been moved to the top level
(#6833)
azurerm_mysql_server - the following properties were renamed and changed to a boolean type:
auto_grow to auto_grow_enabled (#6833)
azurerm_mssql_server - add support for the azuread_administrator property (#6822)
azurerm_postgres_server - support for the threat_detection_policy property (#6721)
azurerm_storage_account - enable migration of account_kind from Storage to StorageV2 (#6580)
azurerm_windows_virtual_machine - the os_disk.disk_encryption_set_id can now be updated (#6846)
BUG FIXES:
Data Source: azurerm_automation_account - using the ID of the Automation Account, rather than the ID of the
Automation Account's Registration Info (#6848)
Data Source: azurerm_security_group - fixing crash where id is nil (#6910)
Data Source: azurerm_mysql_server - remove administrator_login_password property as it is not returned
from the api (#6865)
azurerm_api_management - fixing a crash when policy is nil (#6862)
azurerm_api_management - only sending the hostname_configuration properties if they are not empty (#6850)
azurerm_api_management_diagnostic - can now be provision again by supporting api_management_logger_id
(#6682)
azurerm_api_management_named_value - fix the non empty plan when secret is true (#6834)
azurerm_application_insights - retention_in_days defaults to 90 (#6851)
azurerm_data_factory_trigger_schedule - setting the type required for Pipeline References (#6871)
azurerm_kubernetes_cluster - fixes the InvalidLoadbalancerProfile error (#6534)
azurerm_linux_virtual_machine_scale_set - support for updating the
do_not_run_extensions_on_overprovisioned_machines property (#6917)
azurerm_monitor_diagnostic_setting - fix possible crash with retention_policy (#6911)
azurerm_mariadb_server - the storage_mb property is now optional when auto_grow is enabled (#6865)
azurerm_mysql_server - the storage_mb property is now optional when auto_grow is enabled (#6833)
azurerm_role_assignment - added evential consistency check to assignment creation (#6925)
azurerm_windows_virtual_machine_scale_set - support for updating the
do_not_run_extensions_on_overprovisioned_machines property (#6917)
2.9.0 (May 07, 2020)

FEATURES:
New Data Source: azurerm_data_share_account (#6575)
New Resource: azurerm_data_share_account (#6575)
New Resource: azurerm_function_app_slot (#6435)
New Resource: azurerm_sentinel_alert_rule_scheduled (#6650)
IMPROVEMENTS:
Data Source: azurerm_eventhub_authorization_rule - support for the primary_connection_string_alias an
secondary_connection_string_alias propeties (#6708)
Data Source: azurerm_eventhub_namespace_authorization_rule - support for the
primary_connection_string_alias an secondary_connection_string_alias propeties (#6708)
Data Source: azurerm_eventhub_namespace - support for the default_primary_connection_string_alias an
_defaultsecondary_connection_string_alias propeties (#6708)
azurerm_analysis_services_server - support updating when the Server is paused (#6786)
azurerm_app_service - support for health_check_path preview feature added (#6661)
azurerm_app_service - support for name and priority on ip_restrictions (#6705)
azurerm_application_gateway - support for SSL Certificates without passwords (#6742)
azurerm_eventhub_authorization_rule - support for the primary_connection_string_alias an
azurerm_eventhub_namespace_authorization_rule - support for the primary_connection_string_alias an
azurerm_eventhub_namespace - support for the default_primary_connection_string_alias an
_defaultsecondary_connection_string_alias propeties (#6708)
azurerm_hdinsight_hadoop_cluster - support for metastores on cluster creation (#6145)
azurerm_key_vault_certificate - support for recovering a soft-deleted certificate if the features flag
recover_soft_deleted_key_vaults is set to true (#6716)
azurerm_key_vault_key - support for recovering a soft-deleted key if the features flag
azurerm_key_vault_secret - support for recovering a soft-deleted secret if the features flag
azurerm_linux_virtual_machine_scale_set - support for configuring create_mode for data disks (#6744)
azurerm_monitor_diagnostic_setting - log_analytics_destination_type supports AzureDiagnostics (#6769)
azurerm_windows_virtual_machine_scale_set - support for configuring create_mode for data disks (#6744)
BUG FIXES:
provider: raising an error when the environment is set to AZURESTACKCLOUD (#6817)
azurerm_analysis_services_server - ip restriction name field no longer case sensitive (#6774)
azurerm_automation_runbook - the publish_content_link property is now optional (#6813)
azurerm_eventhub_namespace_authorization_rule - lock to prevent multiple resources won't clash (#6701)
azurerm_network_interface - changes to dns servers no longer use incremental update (#6624)
azurerm_policy_assignment - allow polices with scopes without subscription/<id> (built-in policies) (#6792)
azurerm_policy_definition - changes to the dynamic fields ( createdBy , createdOn , updatedBy , updatedOn )
keys in the metadata field are excluded from diff's (#6734)
azurerm_redis_cache - ensure rdb_storage_connection_string is set when rdb_backup_enabled is enabled
(#6819)
azurerm_site_recovery_network_mapping - handling an API Error when checking for the presence of an existing
Network Mapping (#6747)
2.8.0 (April 30, 2020)
FEATURES:
New Data Source: azurerm_sentinel_alert_rule_ms_security_incident (#6606)
New Data Source: azurerm_shared_image_versions (#6700)
New Resource: azurerm_managed_application (#6386)
New Resource: azurerm_mssql_server (#6677)
New Resource: azurerm_sentinel_alert_rule_ms_security_incident (#6606)
IMPROVEMENTS:
azurerm_api_management - supports the Consumption value for sku (#6602)
sku_name
azurerm_api_management_api - support for openapi v3 content formats (#6618)
azurerm_application_gateway - support host_names property (#6630)
azurerm_express_route_circuit_peering - support for the customer_asn and routing_registry_name propeties
(#6596)
azurerm_frontdoor - Add support for backend_pools_send_receive_timeout_seconds (#6604)
azurerm_mssql_server -support the public_network_access_enabled property (#6678)
azurerm_mssql_database - support for the extended_auditing_policy block (#6402)
azurerm_mssql_elasticpool - support license_type (#6631)
azurerm_subnet : Support for multiple prefixes with address_prefixes (#6493)
data.azurerm_shared_image_version - name supports latest and recent (#6707)
BUG FIXES:
azurerm_key_vault - can now be created without subscription level permissions (#6260)
azurerm_linux_virtual_machine - fix validation for name to allow full length resource names (#6639)
azurerm_linux_virtual_machine_scale_set - fix validation for name to allow full length resource names
(#6639)
azurerm_monitor_diagnostic_setting - make retention_policy and retention_policy optional (#6603)
azurerm_redis_cache - correctly build connection strings when SSL is disabled (#6635)
azurerm_sql_database - prevent extended auditing policy for secondary databases (#6402)
azurerm_web_application_firewall_policy - support for the managed_rules property which is required by the
new API version (#6126)
azurerm_windows_virtual_machine - fix validation for name to allow full length resource names (#6639)
azurerm_windows_virtual_machine_scale_set - fix validation for name to allow full length resource names
(#6639)
azurerm_virtual_network_gateway_connection - shared_key is now optional when type is IPSec (#6565)
2.7.0 (April 23, 2020)

FEATURES:
New Data Source: azurerm_private_dns_zone (#6512)
New Resource: azurerm_maintenance_configuration (#6038)
New Resource: azurerm_servicebus_namespace_network_rule_set (#6379)
New Resource: azurerm_spring_cloud_app (#6384)
DEPENDENCIES:
updating apimanagement to 2019-12-01 (#6479)
updating the fork of github.com/Azure/go-autorest (#6509)
IMPROVEMENTS:
Data Source: app_service_environment - export the location property (#6538)
Data Source: azurerm_notification_hub_namespace - export tags (#6578)
azurerm_api_management - support for virtual network integrations (#5769)
azurerm_cosmosdb_mongo_collection - support for the index and system_index properties (#6426)
azurerm_function_app - added storage_account_id and storage_account_access_key (#6304)
azurerm_kubernetes_cluster - deprecating private_link_enabled in favour of private_cluster_enabled
(#6431)
azurerm_mysql_server - support for the public_network_access_enabled property (#6590)
azurerm_notification_hub - support for tags (#6578)
azurerm_notification_hub_namespace - support for tags (#6578)
azurerm_postgres_server - support for the create_mode property allowing replicas, point in time restores,
and geo restores to be created (#6459)
azurerm_postgres_server - support for the infrastructure_encryption_enabled ,
public_network_access_enabled , and ssl_minimal_tls_version_enforced properties (#6459)
azurerm_postgres_server - all properties in the storage_profile block have been moved to the top level
(#6459)
azurerm_postgres_server - the following properties were renamed and changed to a boolean type:
auto_grow to auto_grow_enabled (#6459)
azurerm_private_endpoint - Add support for tags (#6574)
azurerm_shared_image - support hyper_v_generation property (#6511)
azurerm_linux_virtual_machine_scale_set - support for the automatic_instance_repair property (#6346)
azurerm_windows_virtual_machine_scale_set - support for the automatic_instance_repair property (#6346)
BUG FIXES:
Data Source: azurerm_private_link_service - fixing a crash when parsing the response (#6504)
azurerm_application_gateway - prevent panic by disallowing empty values for backend_address_pool.#.fqdns
(#6549)
azurerm_application_gateway - block reordering without changes no longer causes update (#6476)
azurerm_cdn_endpoint - origin_host_header is now required (#6550)
azurerm_cdn_endpoint - setting the request_header_condition block (#6541)
azurerm_iothub_dps - fix crash when path isn't cased correctly (#6570)
azurerm_linux_virtual_machine_scale_set - fixes crash with boot_diagnositics (#6569)
azurerm_policy_assignment - allow scopes that don't start with subscription/<id> (#6576)
azurerm_postgres_server - the storage_mb property is now optional when auto_grow is enabled (#6459)
azurerm_public_ip_prefix - update prefix_length validation to accept all valid IPv4 address ranges (#6589)
azurerm_route - add validation to the name and route_table_name propeties (#6055)
azurerm_virtual_network_gateway - per api requirements, public_ip_address_id is required (#6548)
2.6.0 (April 16, 2020)

FEATURES:
New Data Source: azurerm_policy_set_definition (#6305)
DEPENDENCIES:
IMPROVEMENTS:
Data Source: azurerm_policy_definition - can now lookup with name (#6275)
Data Source: azurerm_policy_definition - the field management_group_id has been deprecated and renamed
to management_group_name (#6275)
azurerm_application_insights - support for the disable_ip_masking property (#6354)
azurerm_cdn_endpoint - support for configuring delivery_rule (#6163)
azurerm_cdn_endpoint - support for configuring global_delivery_rule (#6163)
azurerm_function_app - support for the pre_warmed_instance_count property (#6333)
azurerm_hdinsight_hadoop_cluster - support for the tls_min_version property (#6440)
azurerm_hdinsight_hbase_cluster - support for the tls_min_version property (#6440)
azurerm_hdinsight_interactive_query_cluster - support for the tls_min_version property (#6440)
azurerm_hdinsight_kafka_cluster - support for the tls_min_version property (#6440)
azurerm_hdinsight_ml_services_cluster - support for the tls_min_version property (#6440)
azurerm_hdinsight_rserver_cluster - support for the tls_min_version property (#6440)
azurerm_hdinsight_spark_cluster - support for the tls_min_version property (#6440)
azurerm_hdinsight_storm_cluster - support the threat_detection_policy property (#6437)
azurerm_kubernetes_cluster - exporting the kubelet_identity (#6393)
azurerm_kubernetes_cluster - support for updating the managed_outbound_ip_count , outbound_ip_prefix_ids
and outbound_ip_address_ids fields within the load_balancer_profile block (#5847)
azurerm_network_interface - export the internal_domain_name_suffix property (#6455)
azurerm_policy_definition - the management_group_id has been deprecated and renamed to
management_group_name (#6275)
azurerm_sql_server - support for the connection_policy property (#6438)
azurerm_virtual_network - export the guid attribute (#6445)
BUG FIXES:
Data Source: azurerm_data_factory - fixing a bug where the ID wasn't set (#6492)
Data Source: azurerm_eventhub_namespace_authorization_rule - ensuring the id field is set (#6496)
Data Source: azurerm_mariadb_server - ensuring the id field is set (#6496)
Data Source: azurerm_network_ddos_protection_plan - ensuring the id field is set (#6496)
azurerm_function_app - prevent a panic from the API returning an empty IP Security Restriction (#6442)
azurerm_machine_learning_workspace - the Enterprise sku will now properly work (#6397)
azurerm_managed_disk - fixing a bug where the machine would be stopped regardless of whether it was
currently shut down or not (#4690)
2.5.0 (April 09, 2020)
BREAKING CHANGES:
Azure Kubernetes Service
Due to a breaking change in the AKS API, the azurerm_kubernetes_cluster resource features a
significant behavioural change where creating Mixed-Mode Authentication clusters (e.g. using a
Service Principal with a Managed Identity) is no longer supported.
The AKS Team have confirmed that existing clusters will be updated by the Azure API to use only MSI
when a change is made to the Cluster (but not the Node Pool). Whilst Terraform could perform this
automatically some environments have restrictions on which tags can be added/removed - as such
this operation will need to be performed out-of-band. Instead, upon detecting a Mixed-Mode Cluster
which has not yet been updated - or upon detecting a former Mixed-Mode Cluster where the
Terraform Configuration still contains a service_principal block - Terraform will output instructions
on how to proceed.
azurerm_kubernetes_cluster_node_pool - clusters with auto-scale disabled must ensure that min_count
and max_count are set to null (or omitted) rather than 0 (since 0 isn't a valid value for these fields).
NOTES:
There's currently a bug in the Azure Kubernetes Service (AKS) API where the Tags on Node Pools are returned
in the incorrect case - this bug is being tracked in this issue. This affects the tags field within the
default_node_pool block for azurerm_kubernetes_clusters and the tags field for the
azurerm_kubernetes_cluster_node_pool resource.
IMPROVEMENTS:
dependencies: updating to use version 2020-02-01 of the Containers API (#6095)
New Resource: azurerm_private_dns_txt_record (#6309)
azurerm_kubernetes_cluster - making the service_principal block optional - so it's now possible to create
MSI-only clusters (#6095)
azurerm_kubernetes_cluster - making the windows_profile block computed as Windows credentials are now
generated by Azure if unspecified (#6095)
azurerm_kubernetes_cluster - support for outbound_type within the network_profile block (#6120)
azurerm_linux_virtual_machine - OS disk encryption settings can no be updated (#6230)
azurerm_windows_virtual_machine - OS disk encryption settings can no be updated (#6230)
BUG FIXES:
azurerm_kubernetes_cluster - requiring that min_count and max_count within the default_node_pool block
are set to null rather than 0 when auto-scaling is disabled (#6095)
azurerm_kubernetes_cluster - ensuring that a value for node_count within the default_node_pool block is
always passed to the API to match a requirement in the API (#6095)
azurerm_kubernetes_cluster - ensuring that tags are set into the state for the default_node_pool (#6095)
azurerm_kubernetes_cluster - conditionally sending the aci_connector_linux block for Azure China (#6370)
azurerm_kubernetes_cluster - conditionally sending the http_application_routing block for Azure China &
Azure US Government (#6370)
azurerm_kubernetes_cluster_node_pool - requiring that min_count and max_count are set to null rather
than 0 when auto-scaling is disabled (#6095)
azurerm_linux_virtual_machine - if the priority property on read is empty assume it to be Regular
(#6301)
azurerm_windows_virtual_machine - if the priority property on read is empty assume it to be Regular
(#6301)
2.4.0 (April 02, 2020)
FEATURES:
New Data Source: azurerm_managed_application_definition (#6211)
New Resource: azurerm_hpc_cache_nfs_target (#6191)
New Resource: azurerm_log_analytics_datasource_windows_event (#6321)
New Resource: azurerm_log_analytics_datasource_windows_performance_counter (#6274)
New Resource: azurerm_managed_application_definition (#6211)
New Resource: azurerm_spring_cloud_service (#4928)
IMPROVEMENTS:
azurerm_network_interface - always send enable_accelerated_networking to the api (#6289)
azurerm_management_group - deprecated and rename the group_id property to name to better match what it
represents (#6276)
BUGS:
azurerm_application_gateway - can now set include_path with target_url (#6175)
azurerm_policy_set_definition - mark metadata as computed (#6266)
2.3.0 (March 27, 2020)

FEATURES:
New Data Source: azurerm_mssql_database (#6083)
New Data source: azurerm_network_service_tags (#6229)
New Resource: azurerm_custom_resource_provider (#6234)
New Resource: azurerm_hpc_cache_blob_target (#6035)
New Resource: azurerm_machine_learning_workspace (#5696)
New Resource: azurerm_mssql_database (#6083)
New Resource: azurerm_mssql_virtual_machine (#5263)
New resource: azurerm_policy_remediation (#5746)
IMPROVEMENTS:
dependencies: updating github.com/terraform-providers/terraform-provider-azuread to v0.8.0 (#6134)
all resources using the location field - adding validation to ensure this is not an empty string where this
field is Required (#6242)
Data Source azurerm_storage_container - exposing the resource_manager_id field (#6170)
azurerm_automation_schedule - adding validation for the timezone field (#5759)
azurerm_cognitive_account - support for the qna_runtime_endpoint property (#5778)
azurerm_hpc_cache - exposing the mount_addresses field (#6214)
azurerm_lb - allow ipv6 addresses for the private_ip_address property (#6125)
azurerm_managed_disk - the disk_encryption_set_id field is no longer ForceNew (#6207)
azurerm_public_ip - support for Dynamic IPv6 Addresses (#6140)
azurerm_service_fabric_cluster - support for the client_certificate_common_name property (#6097)
azurerm_storage_container - exposing the resource_manager_id field (#6170)
azurerm_storage_share - exposing the resource_manager_id field (#6170)
azurerm_traffic_manager_profile - support for the custom_header property (#5923)
BUG FIXES:
azurerm_analysis_server - switching the ipv4_firewall_rule block to a Set rather than a List to handle this
being unordered (#6179)
azurerm_linux_virtual_machine - making the custom_data field sensitive (#6225)
azurerm_linux_virtual_machine_scale_set - making the custom_data field sensitive (#6225)
azurerm_managed_disk - only rebooting the attached Virtual Machine when changing the Disk Size, Disk
Encryption Set ID or Storage Account Type (#6162)
azurerm_netapp_volume - allow up to 102400 MB for the storage_quota_in_gb property (#6228)
azurerm_policy_definition - fixing a bug when parsing the Management Group ID (#5981)
azurerm_postgresql_server - updating the validation for the name field (#6064)
azurerm_sql_database - use the correct base URI for the Extended Auditing Policies Client (#6233)
azurerm_storage_management_policy - conditionally setting values within the base_blob block (#6250)
azurerm_virtual_machine_data_disk_attachment - detecting the disk attachment as gone when the VM is no
longer available (#6237)
azurerm_windows_virtual_machine - making the custom_data field sensitive (#6225)
azurerm_windows_virtual_machine_scale_set - making the custom_data field sensitive (#6225)
2.2.0 (March 18, 2020)

FEATURES:
New Data Source: azurerm_app_configuration (#6133)
New Data Source: azurerm_powerbi_embedded (#5152)
New Resource: azurerm_cost_management_export_resource_group (#6131)
New Resource: azurerm_powerbi_embedded (#5152)
New Resource: azurerm_virtual_hub_connection (#5951)
IMPROVEMENTS:
Data Source: * azurerm_logic_app_workflow - expose computed field: endpoint_configuration (#5862)
azurerm_application_gateway - support for key vault SSL certificate via the key_value_secret_id property
(#4366)
azurerm_function_app - support for configuring daily_memory_time_quota (#6100)
azurerm_logic_app_workflow - expose computed field: endpoint_configuration (#5862)
azurerm_linux_virtual_machine_scale_set - support for scale_in_policy and terminate_notification
(#5391)
azurerm_sql_database - support for the extended_auditing_policy property (#5049)
azurerm_windows_virtual_machine_scale_set - support for scale_in_policy and terminate_notification
(#5391)
BUG FIXES:
Data Source: azurerm_iothub_dps_shared_access_policy - building the primary_connection_string and
secondary_connection_string from the Service endpoint rather than the Devices endpoint (#6108)
azurerm_function_app - Add WEBSITE_CONTENT & WEBSITE_CONTENTAZUREFILECONNECTIONSTRING for premium
plans (#5761)
azurerm_iothub_dps_shared_access_policy - building the primary_connection_string and
secondary_connection_string from the Service endpoint rather than the Devices endpoint (#6108)
azurerm_linux_virtual_machine - updating the validation for name to allow periods (#5966)
azurerm_linux_virtual_machine_scale_set - updating the validation for name to allow periods (#5966)
azurerm_storage_management_policy - Fixed the use of single blob rule actions (#5803)
2.1.0 (March 11, 2020)

NOTES:
The azurerm_frontdoor resource has introduced a breaking change due to the underlying service API which
enforces location attributes must be set to 'Global' on all newly deployed Front Door services.
FEATURES:
New Data Source: azurerm_database_migration_project (#5993)
New Data Source: azurerm_database_migration_service (#5258)
New Data Source: azurerm_kusto_cluster (#5942)
New Data Source: azurerm_servicebus_topic_authorization_rule (#6017)
New Resource: azurerm_bot_channel_directline (#5445)
New Resource: azurerm_database_migration_project (#5993)
New Resource: azurerm_database_migration_service (#5258)
New Resource: azurerm_hpc_cache (#5528)
New Resource: azurerm_iotcentral_application (#5446)
New Resource: azurerm_monitor_scheduled_query_rules_alert (#5053)
New Resource: azurerm_monitor_scheduled_query_rules_log (#5053)
New Resource: azurerm_spatial_anchors_account (#6011)
IMPROVEMENTS:
batch: upgrading to API version 2019-08-01 (#5967)
containerservice: upgrading to API version 2019-11-01 (#5531)
netapp: upgrading to API version 2019-10-01 (#5531)
dependencies: temporarily switching to using a fork of github.com/Azure/go-autorest to workaround an
issue in the storage authorizer (#6050)
azurerm_application_gateway - support up to 125 for the capacity property with V2 SKU's (#5906)
azurerm_automation_dsc_configuration - support for the tags property (#5827)
azurerm_batch_pool - support for the public_ips property (#5967)
azurerm_frontdoor - exposed new attributes in backend_pool_health_probe block enabled and probe_method
(#5924)
azurerm_function_app - Added os_type field to facilitate support of linux function apps (#5839)
azurerm_kubernetes_cluster : Support for the node_labels property (#5531)
azurerm_kubernetes_cluster : Support for the tags property (#5931)
azurerm_kubernetes_cluster_node_pool : Support for the node_labels property (#5531)
azurerm_kubernetes_cluster_node_pool : Support for the tags property (#5931)
azurerm_kusto_cluster - support for enable_disk_encryption and enable_streaming_ingest properties
(#5855)
azurerm_lb - support for the private_ip_address_version property (#5590)
azurerm_mariadb_server - changing the geo_redundant_backup property now forces a new resource (#5961)
azurerm_netapp_account - support for the tags property (#5995)
azurerm_netapp_pool - support for the tags property (#5995)
azurerm_netapp_snapshot - support for the tags property (#5995)
azurerm_netapp_volume - support for the tags property (#5995)
azurerm_netapp_volume - support for the protocol_types property (#5485)
azurerm_netapp_volume - deprecated the cifs_enabled , nfsv3_enabled , and nfsv4_enabled properties in
favour of protocols_enabled (#5485)
azurerm_network_watcher_flow_log - support for the traffic analysis interval_in_minutes property (#5851)
azurerm_private_dns_a_record - export the fqdn property (#5949)
azurerm_private_dns_aaaa_record - export the fqdn property (#5949)
azurerm_private_dns_cname_record - export the fqdn property (#5949)
azurerm_private_dns_mx_record - export the fqdn property (#5949)
azurerm_private_dns_ptr_record - export the fqdn property (#5949)
azurerm_private_dns_srv_record - export the fqdn property (#5949)
azurerm_private_endpoint - exposed private_ip_address as a computed attribute (#5838)
azurerm_redis_cache - support for the primary_connection_string and secondary_connection_string
properties (#5958)
azurerm_sql_server - support for the extended_auditing_policy property (#5036)
azurerm_storage_account - support up to 50 tags (#5934)
azurerm_virtual_wan - support for the type property (#5877)
BUG FIXES:
azurerm_app_service_plan - no longer sends an empty app_service_environment_id property on update
(#5915)
azurerm_automation_schedule - fix time validation (#5876)
azurerm_batch_pool - frontend_port_range is now set correctly. (#5941)
azurerm_dns_txt_record - support records up to 1024 characters in length (#5837)
azurerm_frontdoor - fix the way backend_pool_load_balancing / backend_pool_health_probe (#5924)
azurerm_frontdoor - all new front door resources to be created in the Global location (#6015)
azurerm_frontdoor_firewall_policy - add validation for Frontdoor WAF Name Restrictions (#5943)
azurerm_linux_virtual_machine_scale_set - correct source_image_id validation (#5901)
azurerm_netapp_volume - support volmes uoto 100TB in size (#5485)
azurerm_search_service - changing the properties replica_count & partition_count properties no longer
force a new resource (#5935)
azurerm_storage_account - fixing a crash when an empty static_website block was specified (#6050)
azurerm_storage_account - using SharedKey Authorization for reading/updating the Static Website when not
using AzureAD authentication (#6050)
2.0.0 (February 24, 2020)
NOTES:
Major Version: Version 2.0 of the Azure Provider is a major version - some deprecated fields/resources
have been removed - please refer to the 2.0 upgrade guide for more information.
Provider Block : The Azure Provider now requires that a features block is specified within the Provider
block, which can be used to alter the behaviour of certain resources - more information on the features
block can be found in the documentation.
Terraform 0.10/0.11: Version 2.0 of the Azure Provider no longer supports Terraform 0.10 or 0.11 - you
must upgrade to Terraform 0.12 to use version 2.0 of the Azure Provider.
FEATURES:
Custom Timeouts: - all resources within the Azure Provider now allow configuring custom timeouts -
please see Terraform's Timeout documentation and the documentation in each data source resource for
more information.
Requires Impor t: The Azure Provider now checks for the presence of an existing resource prior to creating
it - which means that if you try and create a resource which already exists (without importing it) you'll be
prompted to import this into the state.
New Data Source: azurerm_app_service_environment (#5508)
New Data Source: azurerm_eventhub_authorization_rule (#5805)
New Resource: azurerm_app_service_environment (#5508)
New Resource: azurerm_express_route_gateway (#5523)
New Resource: azurerm_linux_virtual_machine (#5705)
New Resource: azurerm_linux_virtual_machine_scale_set (#5705)
New Resource: azurerm_network_interface_security_group_association (#5784)
New Resource: azurerm_storage_account_customer_managed_key (#5668)
New Resource: azurerm_virtual_machine_scale_set_extension (#5705)
New Resource: azurerm_windows_virtual_machine (#5705)
New Resource: azurerm_windows_virtual_machine_scale_set (#5705)
BREAKING CHANGES:
The Environment Variable DISABLE_CORRELATION_REQUEST_ID has been renamed to
ARM_DISABLE_CORRELATION_REQUEST_ID to match the other Environment Variables
The field tags is no longer computed
Data Source: azurerm_api_management - removing the deprecated sku block (#5725)
Data Source: azurerm_app_service - removing the deprecated field subnet_mask from the site_config block
(#5823)
Data Source: azurerm_app_service_plan - the deprecated properties block has been removed since these
properties have been moved to the top level (#5717)
Data Source: azurerm_azuread_application - This data source has been removed since it was deprecated
(#5748)
Data Source: azurerm_azuread_service_principal - This data source has been removed since it was
deprecated (#5748)
Data Source: azurerm_builtin_role_definition - the deprecated data source has been removed (#5844)
Data Source: azurerm_dns_zone - removing the deprecated zone_type field (#5794)
Data Source: azurerm_dns_zone - removing the deprecated registration_virtual_network_ids field (#5794)
Data Source: azurerm_dns_zone - removing the deprecated resolution_virtual_network_ids field (#5794)
Data Source: azurerm_key_vault - removing the sku block since this has been deprecated in favour of the
sku_name field (#5774)
Data Source: azurerm_key_vault_key - removing the deprecated vault_uri field (#5774)
Data Source: azurerm_key_vault_secret - removing the deprecated vault_uri field (#5774)
Data Source: azurerm_kubernetes_cluster - removing the field dns_prefix from the agent_pool_profile
block (#5823)
Data Source: azurerm_network_interface - removing the deprecated field internal_fqdn (#5823)
Data Source: azurerm_private_link_service - removing the deprecated field network_interface_ids (#5823)
Data Source: azurerm_private_link_endpoint_connection - the deprecated data source has been removed
(#5844)
Data Source: azurerm_recovery_services_protection_policy_vm has been renamed to
azurerm_backup_policy_vm (#5816)
Data Source: azurerm_role_definition - removing the alias VirtualMachineContributor which has been
deprecated in favour of the full name Virtual Machine Contributor (#5733)
Data Source: azurerm_storage_account - removing the account_encryption_source field since this is no longer
configurable by Azure (#5668)
Data Source: azurerm_storage_account - removing the enable_blob_encryption field since this is no longer
Data Source: azurerm_storage_account - removing the enable_file_encryption field since this is no longer
Data Source: azurerm_scheduler_job_collection - This data source has been removed since it was deprecated
(#5712)
Data Source: azurerm_subnet - removing the deprecated ip_configuration field (#5801)
Data Source: azurerm_virtual_network - removing the deprecated address_spaces field (#5823)
azurerm_api_management - removing the deprecated sku block (#5725)
azurerm_api_management - removing the deprecated fields in the security block (#5725)
azurerm_application_gateway - the field fqdns within the backend_address_pool block is no longer computed
(#5823)
azurerm_application_gateway - the field ip_addresses within the backend_address_pool block is no longer
computed (#5823)
azurerm_application_gateway - the deprecated field fqdn_list within the backend_address_pool block has
been removed (#5823)
azurerm_application_gateway - the deprecated field ip_address_list within the backend_address_pool block
has been removed (#5823)
azurerm_application_gateway - the deprecated field disabled_ssl_protocols has been removed (#5823)
azurerm_application_gateway - the field disabled_protocols within the ssl_policy block is no longer
computed (#5823)
azurerm_app_service - removing the field subnet_mask from the site_config block (#5823)
azurerm_app_service - the field ip_address within the site_config block now refers to a CIDR block, rather
than an IP Address to match the Azure API (#5823)
azurerm_app_service - removing the field virtual_network_name from the site_config block (#5823)
azurerm_app_service_plan - the deprecated properties block has been removed since these properties have
been moved to the top level (#5717)
azurerm_app_service_slot - removing the field subnet_mask from the site_config block (#5823)
azurerm_app_service_slot - the field ip_address within the site_config block now refers to a CIDR block,
rather than an IP Address to match the Azure API (#5823)
azurerm_app_service_slot - removing the field virtual_network_name from the site_config block (#5823)
azurerm_application_gateway - updating the default value for the body field within the match block from *
to an empty string (#5752)
azurerm_automation_account - removing the sku block which has been deprecated in favour of the sku_name
field (#5781)
azurerm_automation_credential - removing the deprecated account_name field (#5781)
azurerm_automation_runbook - removing the deprecated account_name field (#5781)
azurerm_automation_schedule - removing the deprecated account_name field (#5781)
azurerm_autoscale_setting - the deprecated resource has been removed (#5844)
azurerm_availability_set - updating the default value for managed from false to true (#5724)
azurerm_azuread_application - This resource has been removed since it was deprecated (#5748)
azurerm_azuread_service_principal_password - This resource has been removed since it was deprecated
(#5748)
azurerm_azuread_service_principal - This resource has been removed since it was deprecated (#5748)
azurerm_client_config - removing the deprecated field service_principal_application_id (#5823)
azurerm_client_config - removing the deprecated field service_principal_object_id (#5823)
azurerm_cognitive_account - removing the deprecated sku_name block (#5797)
azurerm_connection_monitor - the deprecated resource has been removed (#5844)
azurerm_container_group - removing the port field from the container block (#5823)
azurerm_container_group - removing the protocol field from the container block (#5823)
azurerm_container_group - the ports field is no longer Computed (#5823)
azurerm_container_group - the protocol field within the ports block is no longer Computed and now
defaults to TCP (#5823)
azurerm_container_group - removing the deprecated field command (#5823)
azurerm_container_registry - removing the deprecated storage_account block (#5823)
azurerm_container_service - This resource has been removed since it was deprecated (#5709)
azurerm_cosmosdb_mongo_collection - removing the deprecated indexes block (#5853)
azurerm_ddos_protection_plan - the deprecated resource has been removed (#5844)
azurerm_devspace_controller - removing the deprecated sku block (#5795)
azurerm_dns_cname_record - removing the deprecated records field (#5794)
azurerm_dns_ns_record - removing the deprecated records field (#5794)
azurerm_dns_zone - removing the deprecated zone_type field (#5794)
azurerm_dns_zone - removing the deprecated registration_virtual_network_ids field (#5794)
azurerm_dns_zone - removing the deprecated resolution_virtual_network_ids field (#5794)
azurerm_eventhub - removing the deprecated location field (#5793)
azurerm_eventhub_authorization_rule - removing the deprecated location field (#5793)
azurerm_eventhub_consumer_group - removing the deprecated location field (#5793)
azurerm_eventhub_namespace - removing the deprecated kafka_enabled field since this is now managed by
Azure (#5793)
azurerm_eventhub_namespace_authorization_rule - removing the deprecated location field (#5793)
azurerm_firewall - removing the deprecated field internal_public_ip_address_id from the
azurerm_firewall - the field public_ip_address_id within the ip_configuration block is now required
(#5823)
azurerm_frontdoor - field cache_enabled within the forwarding_configuration block now defaults to false
rather than true (#5852)
azurerm_frontdoor - the field cache_query_parameter_strip_directive within the forwarding_configuration
block now defaults to StripAll rather than StripNone . (#5852)
azurerm_frontdoor - the field forwarding_protocol within the forwarding_configuration block now defaults
to HttpsOnly rather than MatchRequest (#5852)
azurerm_function_app - removing the field virtual_network_name from the site_config block (#5823)
azurerm_function_app - updating the field ip_address within the ip_restriction block to accept a CIDR
rather than an IP Address to match the updated API behaviour (#5823)
azurerm_iot_dps - This resource has been removed since it was deprecated (#5753)
azurerm_iot_dps_certificate - This resource has been removed since it was deprecated (#5753)
azurerm_iothub - The deprecated sku.tier property will be removed. (#5790)
azurerm_iothub_dps - The deprecated sku.tier property will be removed. (#5790)
azurerm_key_vault - removing the sku block since this has been deprecated in favour of the sku_name field
(#5774)
azurerm_key_vault_access_policy - removing the deprecated field vault_name which has been superseded by
the key_vault_id field (#5774)
azurerm_key_vault_access_policy - removing the deprecated field resource_group_name which has been
superseded by the key_vault_id field (#5774)
azurerm_key_vault_certificate - removing the deprecated vault_uri field (#5774)
azurerm_key_vault_key - removing the deprecated vault_uri field (#5774)
azurerm_key_vault_secret - removing the deprecated vault_uri field (#5774)
azurerm_kubernetes_cluster - updating the default value for load_balancer_sku to Standard from Basic
(#5747)
azurerm_kubernetes_cluster - the block default_node_pool is now required (#5823)
azurerm_kubernetes_cluster - removing the deprecated agent_pool_profile block (#5823)
azurerm_kubernetes_cluster - the field enable_pod_security_policy is no longer computed (#5823)
azurerm_lb_backend_address_pool - removing the deprecated location field (#5823)
azurerm_lb_nat_pool - removing the deprecated location field (#5823)
azurerm_lb_nat_rule - removing the deprecated location field (#5823)
azurerm_lb_probe - removing the deprecated location field (#5823)
azurerm_lb_rule - removing the deprecated location field (#5823)
azurerm_log_analytics_workspace_linked_service - This resource has been removed since it was deprecated
(#5754)
azurerm_log_analytics_linked_service - The resource_id field has been moved from the
linked_service_properties block to the top-level and the deprecated field linked_service_properties will be
removed. This has been replaced by the resource_id resource (#5775)
azurerm_maps_account - the sku_name field is now case-sensitive (#5776)
azurerm_mariadb_server - removing the sku block since it's been deprecated in favour of the sku_name field
(#5777)
azurerm_metric_alertrule - the deprecated resource has been removed (#5844)
azurerm_monitor_metric_alert - updating the default value for auto_mitigate from false to true (#5773)
azurerm_monitor_metric_alertrule - the deprecated resource has been removed (#5844)
azurerm_mssql_elasticpool - removing the deprecated elastic_pool_properties block (#5744)
azurerm_mysql_server - removing the deprecated sku block (#5743)
azurerm_network_interface - removing the deprecated application_gateway_backend_address_pools_ids field
from the ip_configurations block (#5784)
azurerm_network_interface - removing the deprecated application_security_group_ids field from the
ip_configurations block (#5784)
azurerm_network_interface - removing the deprecated load_balancer_backend_address_pools_ids field from
the ip_configurations block (#5784)
azurerm_network_interface - removing the deprecated load_balancer_inbound_nat_rules_ids field from the
ip_configurations block (#5784)
azurerm_network_interface - removing the deprecated internal_fqdn field (#5784)
azurerm_network_interface - removing the network_security_group_id field in favour of a new split-out
resource azurerm_network_interface_security_group_association (#5784)
azurerm_network_interface_application_security_group_association - removing the ip_configuration_name
field associations between Network Interfaces and Application Security Groups now need to be made to all IP
Configurations (#5815)
azurerm_network_interface - the virtual_machine_id field is now computed-only since it's not setable
(#5784)
azurerm_notification_hub_namesapce - removing the sku block in favour of the sku_name argument (#5722)
azurerm_postgresql_server - removing the sku block which has been deprecated in favour of the sku_name
field (#5721)
azurerm_private_link_endpoint - the deprecated resource has been removed (#5844)
azurerm_private_link_service - removing the deprecated field network_interface_ids (#5823)
azurerm_public_ip - making the allocation_method field required (#5823)
azurerm_public_ip - removing the deprecated field public_ip_address_allocation (#5823)
azurerm_recovery_network_mapping - the deprecated resource has been removed (#5816)
azurerm_recovery_replicated_vm - the deprecated resource has been removed (#5816)
azurerm_recovery_services_fabric - the deprecated resource has been removed (#5816)
azurerm_recovery_services_protected_vm - the deprecated resource has been removed (#5816)
azurerm_recovery_services_protection_container - the deprecated resource has been removed (#5816)
azurerm_recovery_services_protection_container_mapping - the deprecated resource has been removed
(#5816)
azurerm_recovery_services_protection_policy_vm - the deprecated resource has been removed (#5816)
azurerm_recovery_services_replication_policy - the deprecated resource has been removed (#5816)
azurerm_relay_namespace - removing the sku block in favour of the sku_name field (#5719)
azurerm_scheduler_job - This resource has been removed since it was deprecated (#5712)
azurerm_scheduler_job_collection - This resource has been removed since it was deprecated (#5712)
azurerm_storage_account - updating the default value for account_kind from Storage to StorageV2 (#5850)
azurerm_storage_account - removing the deprecated account_type field (#5710)
azurerm_storage_account - removing the deprecated enable_advanced_threat_protection field (#5710)
azurerm_storage_account - updating the default value for enable_https_traffic_only from false to true
(#5808)
azurerm_storage_account - removing the account_encryption_source field since this is no longer configurable
by Azure (#5668)
azurerm_storage_account - removing the enable_blob_encryption field since this is no longer configurable by
Azure (#5668)
azurerm_storage_account - removing the enable_file_encryption field since this is no longer configurable by
Azure (#5668)
azurerm_storage_blob - making the type field case-sensitive (#5710)
azurerm_storage_blob - removing the deprecated attempts field (#5710)
azurerm_storage_blob - removing the deprecated resource_group_name field (#5710)
azurerm_storage_container - removing the deprecated resource_group_name field (#5710)
azurerm_storage_container - removing the deprecated properties block (#5710)
azurerm_storage_queue - removing the deprecated resource_group_name field (#5710)
azurerm_storage_share - removing the deprecated resource_group_name field (#5710)
azurerm_storage_table - removing the deprecated resource_group_name field (#5710)
azurerm_subnet - removing the deprecated ip_configuration field (#5801)
azurerm_subnet - removing the deprecated network_security_group_id field (#5801)
azurerm_subnet - removing the deprecated route_table_id field (#5801)
azurerm_subnet - making the actions list within the service_delegation block within the
service_endpoints block non-computed (#5801)
azurerm_virtual_network_peering - allow_virtual_network_access now defaults to true, matching the API and
Portal behaviours. (#5832)
azurerm_virtual_wan - removing the deprecated field security_provider_name (#5823)
IMPROVEMENTS:
web: updating to API version 2019-08-01 (#5823)
Data Source: azurerm_kubernetes_service_version - support for filtering of preview releases (#5662)
azurerm_dedicated_host - support for setting sku_name to DSv3-Type2 and ESv3-Type2 (#5768)
azurerm_key_vault - support for configuring purge_protection_enabled (#5344)
azurerm_key_vault - support for configuring soft_delete_enabled (#5344)
azurerm_sql_database - support for configuring zone_redundant (#5772)
azurerm_storage_account - support for configuring the static_website block (#5649)
azurerm_storage_account - support for configuring cors_rules within the blob_properties block (#5425)
azurerm_subnet - support for delta updates (#5801)
azurerm_windows_virtual_machine - fixing a bug when provisioning from a Shared Gallery image (#5661)
BUG FIXES:
azurerm_application_insights - the application_type field is now case sensitive as documented (#5817)
azurerm_api_management_api - allows blank path field (#5833)
azurerm_eventhub_namespace - the field ip_rule within the network_rulesets block now supports a
maximum of 128 items (#5831)
azurerm_eventhub_namespace - the field virtual_network_rule within the network_rulesets block now
supports a maximum of 128 items (#5831)
azurerm_linux_virtual_machine - using the delete custom timeout during deletion (#5764)
azurerm_netapp_account - allowing the - character to be used in the name field (#5842)
azurerm_network_interface - the dns_servers field now respects ordering (#5784)
azurerm_public_ip_prefix - fixing the validation for the prefix_length to match the Azure API (#5693)
azurerm_recovery_services_vault - using the requested cloud rather than the default (#5825)
azurerm_role_assignment - validating that the name is a UUID (#5624)
azurerm_signalr_service - ensuring the SignalR segment is parsed in the correct case (#5737)
azurerm_storage_account - locking on the storage account resource when updating the storage account
(#5668)
azurerm_subnet - supporting updating of the enforce_private_link_endpoint_network_policies field (#5801)
azurerm_subnet - supporting updating of the enforce_private_link_service_network_policies field (#5801)
azurerm_windows_virtual_machine - using the delete custom timeout during deletion (#5764)
entries.
Versions 1.0.0 - 1.44.0

1.44.0 (February 12, 2020)
NOTES
Preparation for 2.0: We intend for v1.44.0 to be the last release in the 1.x line - we'll be turning our
focus to 2.0 with the next release. We recommend consulting the list of changes coming in 2.0 to be
aware and trialling the Beta available in 1.x versions if you're interested.
Terraform 0.10/0.11: The upcoming version 2.0 of the Azure Provider will not support Terraform 0.10.x
& Terraform 0.11.x - you will need to upgrade to Terraform 0.12 to use version 2.0 (and above) of the
Azure Provider.
FEATURES:
New Data Source: azurerm_eventhub_consumer_group (#5518)
New Data Source: azurerm_function_app (#5642)
New Data Source: azurerm_iothub_dps_shared_access_policy (#5516)
CHANGES TO BETA RESOURCES:
azurerm_linux_virtual_machine - added validation for the SSH Key type (#5610)
azurerm_linux_virtual_machine_scale_set - support for updating VMSS's with a Automatic & Rolling
Upgrade Policy (sending health_probe_id during an update) (#5430)
azurerm_windows_virtual_machine - added validation for the SSH Key type (#5610)
azurerm_windows_virtual_machine_scale_set - support for updating VMSS's with a Automatic & Rolling
Upgrade Policy (sending health_probe_id during an update) (#5430)
IMPROVEMENTS:
azurerm_api_management - support for configuring the HTTP2 protocol (#5593)
azurerm_cognitive_account - support for the kind FormRecognizer (#5679)
azurerm_cognitive_account - support for the kind ImmersiveReader (#5604)
azurerm_databricks_workspace - support for the Trial SKU (#5652)
azurerm_function_app - support for configuring ip_restriction blocks (#5440)
azurerm_function_app - support for configuring user assigned identities (#5676)
azurerm_key_vault_key - support for not_before_date and expiration_date (#5619)
azurerm_lb - fixing a crash when the HTTP response is dropped (#5680)
azurerm_stream_analytics_job - support for importing jobs created in the portal (#5522)
azurerm_storage_blob - support for authenticating using Azure AD (#5614)
azurerm_storage_container - support for authenticating using Azure AD (#5614)
azurerm_storage_queue - support for authenticating using Azure AD (#5614)
BUGS:
azurerm_storage_account - fix hanging destroy caused by multiple network rules (#5565)
azurerm_linux_virtual_machine - fix shared_image_id parsing (#5640)
1.43.0 (February 04, 2020)

NOTES
Opt-In Beta: Version 1.43 of the Azure Provider introduces an opt-in Beta for some of the new
functionality coming in 2.0 - more information can be found in the Beta guide.
Terraform 0.10/0.11: The upcoming version 2.0 of the Azure Provider will not support Terraform 0.10.x
& Terraform 0.11.x - you will need to upgrade to Terraform 0.12 to use version 2.0 (and above) of the
Azure Provider.
FEATURES:
New Data Source: azurerm_eventhub_namespace_authorization_rule (#5489)
New Data Source: azurerm_mariadb_server (#5506)
IMPROVEMENTS:
azurerm_application_insights - support for the daily_data_cap_in_gb &
daily_data_cap_notifications_disabled properties (#5480)
azurerm_private_endpoint - expose mapping between group_id and subresource_names (#5571)
azurerm_recovery_services_vault - support for the soft_delete_enabled property (#5586)
BUGS:
azurerm_databricks_workspace - allow underscores in name (#5548)
azurerm_dns_aaaa_record - normalize IPv6 addresses (#5459)
azurerm_frontdoor - including required minimum_tls_version to the custom_https_configuration block
(#5539)
azurerm_managed_disk - correctly handles disk resizing when attached to a virtual machine (#5579)
azurerm_marketplace_agreement - recreate agreement if not accepted (#5582)
azurerm_mysql_virtual_network_rule - allow subnet_id to be in a different subscription then the database
(#5568)
azurerm_virtual_network_gateway_connection - increase routing_weight maximum to 32000 (#5540)
1.42.0 (January 27, 2020)

NOTES:
azurerm_cosmosdb_account - the capabilities is now force new as it cannot be updated once set (#5453)
FEATURES:
New Data Source: azurerm_dedicated_host (#5513)
New Data Source: azurerm_api_management_api_version_set (#5470)
New Resource: azurerm_dedicated_host (#5513)
IMPROVEMENTS:
frontdoor: updating to use API version 2019-11-01 (#5385)
azurerm_application_insights - add support for retention_in_days (#5457)
azurerm_batch_pool - support for the network_configuration property (#5392)
azurerm_cosmosdb_account - support for the EnableMongo capability (#5325)
azurerm_cosmosdb_account - support for the Parse kind (#5453)
azurerm_cosmosdb_sql_container - support for default_ttl property (#5492)
azurerm_databricks_workspace - support for the custom_parameters property and public_subnet_name ,
private_subnet_name , and virtual_network_id parameters (#3889)
azurerm_databricks_workspace - support for the no_public_ip custom parameter (#5469)
azurerm_express_route_circuit - support for the Basic and Local tiers (#5456)
azurerm_frontdoor_firewall_policy - support for exclusions (#5407)
azurerm_iothub - support for the event_hub_retention_in_days and event_hub_partition_count properties
(#5505)
azurerm_kubernetes_cluster - Add support for load_balancer_profile (#5394)
azurerm_network_watcher_flow_log - support for the version property (#5419)
azurerm_traffic_manager_profile - add the expected_status_code_ranges (#5471)
azurerm_traffic_manager_profile - switch dns_config and monitor_config to type list and limit to 1
(#5471)
azurerm_kubernetes_cluster - support updating AKS AAD RBAC profile without rebuilding cluster (#5410)
BUG FIXES:
azurerm_app_service - fixing a crash when logs was nil (#5414)
azurerm_container_group - fixing a crash when IPAddress.Ports was nil in the response from the Azure API
(#5415)
azurerm_frontdoor - fixing issue where the forwarding_configuration cache could not be disabled (#5358)
azurerm_postgresql_server - correctly validate the name property (#5443)
azurerm_postgresql_database - correctly validate the server_name property (#5443)
azurerm_postgresql_firewall - correctly validate the server_name property (#5443)
azurerm_postgresql_virtual_network_rule - correctly validate the server_name property (#5443)
azurerm_private_link_service - fixing a crash when the auto_approval and visibility blocks aren't
returned from the Azure API (#5428)
azurerm_subnet - the delegations.#.actions property is now computed to accommodate azure defaults
(#5484)
azurerm_virtual_machine - will no longer panic if network_interface_ids is missing (#5413)
1.41.0 (January 16, 2020)

NOTES:
azurerm_managed_disk - the Azure API now requires that the storage_account_id field is specified during
import, as such this field is now required during when importing a VHD to a Managed Disk (#5250)
FEATURES:
New Data Source: azurerm_dedicated_host_group (#5307)
New Data Source: azurerm_disk_encryption_set (#5249)
New Data Source: azurerm_eventgrid_topic (#5367)
New Data Source: azurerm_iothub_dps (#5336)
New Data Source: azurerm_iothub_shared_access_policy (#5368)
New Data Source: azurerm_storage_container (#5374)
New Resource: azurerm_api_management_identity_provider_facebook (#5346)
New Resource: azurerm_api_management_identity_provider_twitter (#5306)
New Resource: azurerm_api_management_identity_provider_microsoft (#5369)
New Resource: azurerm_cosmosdb_gremlin_graph (#5301)
New Resource: azurerm_dedicated_host_group (#5307)
New Resource: azurerm_disk_encryption_set (#5249)
IMPROVEMENTS:
backup: updating to use API version 2019-05-13 (#5335 )
Data Source: azurerm_managed_disk - exposing disk_encryption_set_id (#5250)
Data Source: azurerm_managed_disk - exposing storage_account_id (#5250)
azurerm_cognitive_account - the sku block has been deprecated in favour of the sku_name property
(#5380)
azurerm_devspace_controller - the sku block has been deprecated in favour of the sku_name property
(#5379)
azurerm_batch_pool - support for the metadata property (#5309)
azurerm_function_app - convert connection_string s from a TypeList to a TypeSet (#5319)
azurerm_iothub - deprecate the sku.tier property as it is no longer required (#5382)
azurerm_iothub - add an upper range of 200 to the sku.capacify validation (#5382)
azurerm_iothub_dps - deprecate the sku.tier property as it is no longer required (#5382)
azurerm_iothub_dps - add an upper range of 200 to the sku.capacify validation (#5382)
azurerm_lb_rule - support for the enable_tcp_reset property (#5373)
azurerm_lb_nat_rule - support for the enable_tcp_reset and idle_timeout_in_minutes properties (#5373)
azurerm_managed_disk - support for configuring disk_encryption_set_id (#5250)
azurerm_managed_disk - support for configuring storage_account_id which is now required by the Azure API
during an import (#5250)
azurerm_mariadb_server - the sku block has been deprecated in favour of the sku_name property (#5378)
azurerm_mysql_server - the sku block has been deprecated in favour of the sku_name property (#5377)
azurerm_postgresql_server - the sku block has been deprecated in favour of the sku_name property
(#5376)
BUG FIXES:
azurerm_api_management_operation - will no longer panic on missing values in request (#5318)
azurerm_storage_account - fix performance issue for accounts that don't support queues (#5316)
1.40.0 (January 08, 2020)
FEATURES:
New Data Source: azurerm_netapp_volume (#4933)
New Data Source: azurerm_netapp_snapshot (#5215)
New Data Source: azurerm_signalr_service (#5276)
New Resource: azurerm_advanced_threat_protection (#4848)
New Resource: azurerm_api_management_diagnostic (#4836)
New Resource: azurerm_api_management_identity_provider_aad (#5268)
New Resource: azurerm_api_management_identity_provider_google (#5279)
New Resource: azurerm_app_service_virtual_network_swift_connection (#5214)
New Resource: azurerm_automation_certificate (#4785)
New Resource: azurerm_backup_container_storage_account (#5213)
New Resource: azurerm_backup_policy_file_share (#5213)
New Resource: azurerm_backup_protected_file_share (#5213)
New Resource: azurerm_cosmosdb_gremlin_database (#5248)
New Resource: azurerm_iothub_dps_shared_access_policy (#5171)
New Resource: azurerm_kusto_database_principal (#5242)
New Resource: azurerm_network_watcher_flow_log (#5059)
New Resource: azurerm_netapp_volume (#4933)
New Resource: azurerm_netapp_snapshot (#5215)
New Resource: azurerm_stream_analytics_reference_input_blob (#3633)
IMPROVEMENTS:
Data Source: azurerm_private_link_service - exposing the enable_proxy_protocol property (#5178)
Data Source: azurerm_virtual_network_gateway - exposing the generation property (#5198)
azurerm_application_gateway - support for the trusted_root_certificate_names property (#5204)
azurerm_api_management_operation - will no longer panic when response is missing values (#5273)
azurerm_cosmosdb_cassandra_keyspace - support for the throughput property (#5203)
azurerm_cosmosdb_sql_container - support for the throughput property (#5203)
azurerm_cosmosdb_sql_database - support for the throughput property (#5203)
azurerm_cosmosdb_table - support for the throughput property (#5203)
azurerm_dns_a_record - support for configuring target_resource_id (#5218)
azurerm_dns_aaaa_record - support for configuring target_resource_id (#5218)
azurerm_dns_cname_record - support for configuring target_resource_id (#5218)
azurerm_dns_mx_record - the name property is now optional (#5205)
azurerm_function_app - support for the ftps_state property (#5169)
azurerm_image - support for configuring hyper_v_generation (#4453)
azurerm_iothub_dps_shared_access_policy - support for the primary_connection_string &
secondary_connection_string properties (#5231)
azurerm_key_vault - the network_acls property is now computed (#5207)
azurerm_kubernetes_cluster - support for the identity property (#5168)
azurerm_kubernetes_cluster - support for private link (#5161)
azurerm_logic_app_trigger_recurrence - support for the start_time property (#5244)
azurerm_private_link_service - support for the enable_proxy_protocol property (#5178)
azurerm_recovery_services_fabric - has been deprecated and renamed to azurerm_site_recovery_fabric
(#5170)
azurerm_recovery_network_mapping - has been deprecated and renamed to
azurerm_site_recovery_network_mapping (#5170)
azurerm_recovery_services_protection_container - has been deprecated and renamed to
azurerm_site_recovery_protection_container (#5170)
azurerm_recovery_services_protection_container_mapping - has been deprecated and renamed to
azurerm_site_recovery_protection_container_mapping (#5170)
azurerm_recovery_services_replication_policy - has been deprecated and renamed to
azurerm_site_recovery_protection_policy (#5170)
azurerm_recovery_replicated_vm - has been deprecated and renamed to
azurerm_site_recovery_replicated_vm (#5170)
azurerm_recovery_services_protection_policy_vm - has been deprecated and renamed to
zurerm_backup_policy_vm (#5170)
azurerm_recovery_services_protected_vm - has been deprecated and renamed to
azurerm_backup_protected_vm (#5170)
azurerm_search_service - exposing the query_keys (#5029)
azurerm_storage_account - exposing the blob_properties block (#3807)
aaurerm_storage_account - correctly handle an empty network rules API response (#5210)
azurerm_storage_account - making the resource group name case sensitive (#5289)
azurerm_shared_image_version - support for the storage_account_type property (#5212)
azurerm_virtual_network_gateway - support for configuring generation (#5198)
azurerm_virtual_network_gateway_connection - support for the connection_protocol property (#5145)
BUG FIXES:
Data Source: azurerm_shared_image_version - change the storage_account_type property from a set to a list
(#5212)
azurerm_api_management_api - working around a behavioural change in the API detecting deleted resources
(#5054)
azurerm_api_management_api - correctly setting the soap API type when soap_pass_through is true (#5081)
azurerm_app_configuration - temporarily treating resource_group_name as case-insensitive to work around a
breaking API change (#5324)
azurerm_healthcare_service - making rhe cors_configuration block computed (#5046)
azurerm_monitor_log_profile - polling until the log profile is repeatedly available (#5194)
azurerm_storage_account_network_rules - matching the validation used for ip_rules with the validation used
by ip_rules in the network_rules block of azurerm_storage_account (#5201)
azurerm_subnet - allowing both enforce_private_link_endpoint_network_policies and
enforce_private_link_service_network_policies to be set together (#5200)
azurerm_virtual_machine - handling a crash when os_profile_secrets was nil (#5308)
azurerm_virtual_machine - handling a crash when the vault_certificates block within the
os_profile_secrets was nil (#5308)
1.39.0 (December 16, 2019)

FEATURES:
New Resource: azurerm_app_configuration (#4859)
New Resource: azurerm_bot_channel_ms_teams (#4984)
New Resource: azurerm_mssql_database_vulnerability_assessment_rule_baseline (#3806)
New Resource: azurerm_mssql_server_vulnerability_assessment (#3806)
New Resource: azurerm_mssql_server_security_alert_policy (#3806)
IMPROVEMENTS:
storage: switching to use the Authorizers from Azure/go-autorest (#5109)
azurerm_app_service - adding validation to import (#5107)
azurerm_app_service_certificate - adding validation to import (#5107)
azurerm_app_service_custom_hostname_binding - adding validation to import (#5107)
azurerm_app_service_plan - adding validation to import (#5107)
azurerm_app_service_slot - adding validation to import (#5107)
azurerm_app_service_source_control_token - adding validation to import (#5107)
azurerm_cosmos_mongo_collection - deprecate the indexes property (#5116)
azurerm_cosmos_mongo_collection - make throughput computed and remove the default to let the API handel
it (#5116)
azurerm_cosmos_mongo_database - support for the throughput property (#5116)
azurerm_function_app - support for min_tls_version (#5074)
azurerm_private_link_endpoint - has been deprecated and renamed to azurerm_private_endpoint (#5150)
BUG FIXES:
Data Source: azurerm_nat_gateway - handling a crash when the sku block was malformed (#5104)
azurerm_api_management_api - ensuring version_set_id is specified when version is (#4993)
azurerm_nat_gateway - handling a crash when the sku block was malformed (#5104)
azurerm_private_link_endpoint - fixing the validation for the subresource_names field (#5118)
azurerm_storage_account - querying all pages when listing storage accounts (#5075)
azurerm_storage_blob - querying all pages when listing storage accounts (#5075)
azurerm_storage_container - querying all pages when listing storage accounts (#5075)
azurerm_storage_file - querying all pages when listing storage accounts (#5075)
azurerm_storage_queue - querying all pages when listing storage accounts (#5075)
azurerm_storage_table - querying all pages when listing storage accounts (#5075)
1.38.0 (December 06, 2019)

FEATURES:
New Data Source: azurerm_nat_gateway (#4449)
New Data Source: azurerm_private_link_endpoint_connection (#4493)
New Data Source: azurerm_virtual_hub (#5004)
New Resource: azurerm_iothub_fallback_route (#4965)
New Resource: azurerm_nat_gateway (#4449)
New Resource: azurerm_point_to_site_vpn_gateway (#5004)
New Resource: azurerm_private_dns_mx_record (#4915)
New Resource: azurerm_private_link_endpoint (#4493)
New Resource: azurerm_storage_account_network_rules (#5082)
New Resource: azurerm_subnet_nat_gateway_association (#4449)
New Resource: azurerm_virtual_hub (#5004)
New Resource: azurerm_vpn_gateway (#5004)
New Resource: azurerm_vpn_server_configuration (#5004)
IMPROVEMENTS:
network: updating to use API version 2019-09-01 (#5004)
azurerm_application_gateway - updating the validation for min_capacity and max_capacity within the
autoscale_configuration block (#4958)
azurerm_application_gateway - fixes a crash when an empty body for probe match was used (#5056)
azurerm_dns_a_record - exposing the fqdn (#5000)
azurerm_dns_aaaa_record - exposing the fqdn (#5000)
azurerm_dns_caa_record - exposing the fqdn (#5000)
azurerm_dns_cname_record - exposing the fqdn (#5000)
azurerm_dns_mx_record - exposing the fqdn (#5000)
azurerm_dns_ns_record - exposing the fqdn (#5000)
azurerm_dns_ptr_record - exposing the fqdn (#5000)
azurerm_dns_srv_record - exposing the fqdn (#5000)
azurerm_dns_txt_record - exposing the fqdn (#5000)
azurerm_mysql_server - add support for version 8.0 (#5019)
BUG FIXES:
azurerm_mssql_elasticpool - no longer panicing when sku is nil (#5017)
azurerm_storage_account - ensuring we only lock each Virtual Network once during deletion (#4908)
azurerm_virtual_wan - deprecating the security_provider_name field since it's no longer used (#5004)
1.37.0 (November 26, 2019)

NOTES
The azurerm_kubernetes_cluster resource has undergone substantial changes in this release to work around
breaking behavioural changes in the Azure API. As such the agent_pool_profile block has been superseded by
the default_node_pool block. Multiple Node Pools can instead be configured using the
azurerm_kubernetes_cluster_node_pool resource.
FEATURES:
New Data Source: azurerm_automation_account (#4740)
New Data Source: azurerm_netapp_account (#4416)
New Data Source: azurerm_netapp_pool (#4889)
New Data Source: azurerm_private_link_service (#4426)
New Data Source: azurerm_private_link_service_endpoint_connections (#4426)
New Resource: azurerm_data_factory_trigger_schedule (#4793)
New Resource: azurerm_iothub_endpoint_eventhub (#4823)
New Resource: azurerm_iothub_endpoint_servicebus_queue (#4823)
New Resource: azurerm_iothub_endpoint_servicebus_topic (#4823)
New Resource: azurerm_iothub_endpoint_storage_container (#4823)
New Resource: azurerm_iothub_route (#4923)
New Resource: azurerm_kubernetes_cluster_node_pool (#4899)
New Resource: azurerm_netapp_account (#4416)
New Resource: azurerm_netapp_pool (#4889)
New Resource: azurerm_private_dns_aaaa_record (#4841)
New Resource: azurerm_private_dns_ptr_record (#4703)
New Resource: azurerm_private_dns_srv_record (#4783)
New Resource: azurerm_private_link_service (#4426)
New Resource: azurerm_relay_hybrid_connection (#4832)
IMPROVEMENTS:
2.0 prep: refresh functions now use custom timeouts when custom timeouts are enabled (#4838)
authentication: requesting a fresh token from the Azure CLI when the existing one expires (#4775)
networking: updating to API version 2019-07-01 (#4596)
sql: updating to API version 2017-03-01-preview (#4242)
Data Source: azurerm_monitor_action_group - support for arm_role_receiver , automation_runbook_receiver ,
azure_app_push_receiver , azure_function_receiver , itsm_receiver , logic_app_receiver and voice_receiver
(#4638)
azurerm_api_management_api - the version and version_set_id properties can now be set (#4592)
azurerm_app_service - support for JAVA container (#4897)
azurerm_app_service - support for configuring the minor version of Java (#4779)
azurerm_app_service_slot - support for auto_swap_slot_name (#4752)
azurerm_app_service_slot - support for configuring the minor version of Java (#4779)
azurerm_application_insights - support for the sampling_percentage property (#4925)
azurerm_automation_credential - deprecate account_name in favour of automation_account_name (#4777)
azurerm_cognitive_service - support for the kind LUIS.Authoring (#4888)
azurerm_eventgrid_domain - Export primary_access_key and secondary_access_key (#4876)
azurerm_firewall - allow multiple ip_configuration blocks (#4639)
azurerm_firewall_application_rule_collection - support for the protocol type Mssql (#4596)
azurerm_hdinsight_hadoop_cluster - Added edge node support (#4550)
azurerm_hdinsight_hadoop_cluster - support for gen storage_account_gen2 property (#4634)
azurerm_hdinsight_hbase_cluster - support for gen storage_account_gen2 property (#4634)
azurerm_hdinsight_kafka_cluster - support for gen storage_account_gen2 property (#4634)
azurerm_hdinsight_query_cluster - support for gen storage_account_gen2 property (#4634)
azurerm_hdinsight_spark_cluster - support for the storage_account_gen2 property (#4634)
azurerm_iot_dps - has been deprecated and renamed to azurerm_iothub_dps (#4896)
azurerm_iot_dps_certificate - has been deprecated and renamed to azurerm_iothub_dps_certificate
(#4896)
azurerm_key_vault_secret - support for not_before_date and expiration_date (#4873)
azurerm_kubernetes_cluster - introducing a new default_node_pool block which defaults to VM Scale Sets
(#4898)
azurerm_kubernetes_cluster - deprecating the agent_pool_profiles block in favour of the default_node_pool
block (#4898)
azurerm_kubernetes_cluster - support for enable_node_public_ip in agent_pool_profile (#4613)
azurerm_monitor_action_group - support for arm_role_receiver , automation_runbook_receiver ,
azure_app_push_receiver , azure_function_receiver , itsm_receiver , logic_app_receiver and voice_receiver
(#4638)
azurerm_monitor_activity_log_alert - the criteria property now supports ResourceHealth (#4944)
azurerm_servicebus_subscription - support for the forward_dead_lettered_messages_to property (#4789)
azurerm_signalr_service - support for the cors and features blocks (#4716)
azurerm_sql_server - support for the identity block (#4754)
azurerm_subnet - support for the enforce_private_link_service_network_policies property (#4426)
azurerm_template_deployment - validating the ARM Template prior to deploying it, which provides more
granular errors (#4715)
BUG FIXES:
dependencies: temporarily switching to use a fork of github.com/Azure/azure-sdk-for-go to get around a
build issue on 32-bit systems (#4979)
Data Source: azurerm_network_interface - exporting the IP Address for Dynamic Network Interfaces (#4852)
azurerm_api_management_api_policy - sending policy as Raw XML (#4140)
azurerm_bastion_host - matching the validation for name used by Azure (#4766)
azurerm_bastion_host - support for hyphens in the name field within the ip_configuration block (#4814)
azurerm_container_group - prevent empty string from being passed into commands (#4953)
azurerm_eventhub_namespace - deprecating the kafka_enabled sproperty as it is now managed by Azure
(#4743)
azurerm_kubernetes_cluster - support for conditional updates / ignore_changes on the node_count field
(#4898)
azurerm_kubernetes_cluster - working around a case sensitivity bug when upgrading clusters via the Azure
Portal (#4929)
azurerm_lb_probe - fixing a bug where protocol was force lower-cased which caused a diff in the plan
(#4631)
azurerm_lb_rule - fixing a bug where protocol was force lower-cased which caused a diff in the plan
(#4631)
azurerm_network_interface - exporting the IP Address for Dynamic Network Interfaces (#4852)
azurerm_postgresql_database - allowing dashes in the name (#4866)
azurerm_private_dns_cname_record - fixing a bug where calling Delete didn't delete the CName record
(#4804)
azurerm_storage_account - fixing an error where Advanced Threat Protection is unavailable in Azure
Germany (#4746)
azurerm_virtual_network_gateway_connection - Configure routing_weight with weight 0 (#4849)
1.36.1 (October 29, 2019)

FEATURES:
provider: adding a flag to allow users to opt-out of the default Terraform Partner ID (#4751)
1.36.0 (October 29, 2019)
FEATURES:
New Data Source: azurerm_app_service_certificate_order (#4454)
New Data Source: azurerm_data_factory (#4517)
New Data Source: azurerm_healthcare_service (#4221)
New Data Source: azurerm_resources (#3529)
New Data Source: azurerm_postgresql_server (#4732)
New Resource: azurerm_automation_job_schedule (#3386)
New Resource: azurerm_app_service_certificate_order (#4454)
New Resource: azurerm_bastion_host (#4096)
New Resource: azurerm_data_factory_integration_runtime_managed (#4342)
New Resource: azurerm_healthcare_service (#4221)
New Resource: azurerm_kusto_eventhub_data_connection (#4385)
IMPROVEMENTS:
2.0 prep: groundwork required for custom timeouts (#4475)
devspace: updating to API version 2019-04-01 (#4597)
frontdoor: updating to use API version 2019-04-01 (#4609)
provider: switching to use the Provider SDK from github.com/hashicorp/terraform-provider-sdk (#4474)
provider: sending Microsoft's Terraform Partner ID in the user agent if a custom Partner ID isn’t specified
(#4663)
storage: caching the storage account information to workaround the Storage API being unperformant
(#4709)
Data Source: azurerm_client_config - fixing a crash when using MSI authentication (#4738)
Data Source: azurerm_lb_backend_address_pool - exposing backend_ip_configurations (#4605)
azurerm_cognitive_account - support for the sku F1 (#4720)
azurerm_cosmosdb_mongo_collection - add support for the throughput property (#4467)
azurerm_firewall - support for zones (#4670)
azurerm_function_app - add support for the http2_enabled property (#4696)
azurerm_frontdoor - update custom_host to be optional, add redirect_configuration to documentation.
(#4601)
azurerm_kubernetes_cluster - allow the aci_connector_linux to be disabled by allowing the subnet property
be empty (#4541)
azurerm_kubernetes_cluster - add support for the azure_policy property in the addon_profile block
(#4498)
azurerm_monitor_action_group - add support for the use_common_alert_schema webhook property (#4483)
azurerm_network_security_rule - add support for Icmp to the protocol property (#4615)
azurerm_network_security_rule - add support for Icmp to the protocol property (#4615)
azurerm_servicebus_namespace - allow capacity to 8 for the premium SKU (#4630)
azurerm_subnet - add support for the Microsoft.DBforPostgreSQL/serversv2 and
Microsoft.StreamAnalytics/streamingJobs to the service_delegation.name property (#4690)
azurerm_subnet - add support for the Microsoft.Network/networkinterfaces/* and
Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action to the
service_delegation.action property (#4690)
BUG FIXES:
azurerm_api_management - deprecate the disable_backend_ssl30 , disable_backend_tls10 ,
disable_backend_tls11 , , disable_frontend_ssl30 , disable_frontend_tls10 ,
disable_triple_des_ciphers
disable_frontend_tls11 properties as true actually meant enable in favour of enable_backend_ssl30 ,
enable_backend_tls10 , enable_backend_tls11 , enable_triple_des_ciphers , enable_frontend_ssl30 ,
enable_frontend_tls10 , enable_frontend_tls11 (#4534)
azurerm_devspace_controller - the host_suffix field is now read-only due to a change in Azure (#4597)
azurerm_key_vault_certificate - switches the emails , dns_names , upns of the subject_alternative_names
property to use TypeSet (#4645)
azurerm_kubernetes_cluster - fixing a crash when the service_principal_profile block was nil (#4697)
azurerm_kubernetes_cluster - the log_analytics_workspace_id property is now optional (#4513)
azurerm_key_vault - temporarily making sku case insensitive to work around a breaking change in the API
(#4714)
azurerm_management_group - raising the error message when an error occurs (#4725)
azurerm_maps_account - temporarily making sku case insensitive to work around a breaking change in the
API (#4714)
azurerm_media_services_account - fixes the invalid address to set: []string{"tags"} error (#4537)
azurerm_monitor_activity_log_alert - fixing support for the category ServiceHealth (#4646)
azurerm_network_security_group_association - prevent deadlock between association and network interface
creation (#4501)
azurerm_sql_database - ensure the read_scale property is always set during initial creation (#4573)
azurere_storage_account - Ignore Advanced Threat Protection read errors in Azure Germany (#4564)
azurerm_storage_blob - making metadata a computed field (#4727)
azurerm_virtual_machine - handling the plan block being nil (#4712)
azurerm_virtual_machine_data_disk_attachment - will no longer remove the identity block when making an
update (#4538)
1.35.0 (October 04, 2019)
FEATURES:
New Data Source: azurerm_app_service_certificate (#4468)
New Data Source: azurerm_public_ip_prefix (#4340)
New Data Source: azurerm_storage_management_policy (#3819)
New Resource: azurerm_bot_channel_slack (#4367)
New Resource: azurerm_bot_channel_email (#4389)
New Resource: azurerm_bot_web_app (#4411)
New Resource: azurerm_dashboard (#4357)
New Resource: azurerm_eventhub_namespace_disaster_recovery_config (#4425)
New Resource: azurerm_storage_data_lake_gen2_filesystem (#4457)
New Resource: azurerm_storage_management_policy (#3819)
IMPROVEMENTS:
dependencies: upgrading github.com/Azure/azure-sdk-for-go to v33.2.0 (#4334)
kusto: updating to API version 2019-05-15 (#4376)
Data Source: azurerm_client_config - add object_id property (#4486)
azurerm_analysis_services_server - support for backup_blob_container_uri and server_full_name (#4397)
azurerm_api_management_api - deprecate sku in favour of the sku_name property (#3154)
azurerm_app_service_custom_hostname_binding - support for ssl_state and thumbprint (#4204)
azurerm_app_service_slot - support for logs (#4473)
azurerm_application_insights_analytics_item - Add support for App Insights Analytics Items (#4374)
azurerm_eventhub_namespace - support for the network_rulesets property (#4409)
azurerm_function_app - changes to app_service_plan_id no longer force a new resource (#4439)
azurerm_kubernetes_cluster - support for updating the Service Principal (#4469)
azurerm_servicebus_namespace - support for zone_redundant (#4432)
BUG FIXES:
provider: Ensuring the user agent is configured (#4463)
provider: Exposing the version of Terraform Core being used, rather than vendorered in User Agents (#4464)
azurerm_container_registry - checking the name is globally unique during creation (#4424)
azurerm_hdinsight_hadoop_cluster - handling the API now masking passwords (#4489)
azurerm_hdinsight_hbase_cluster - handling the API now masking passwords (#4489)
azurerm_hdinsight_interactive_query_cluster - handling the API now masking passwords (#4489)
azurerm_hdinsight_kafka_cluster - handling the API now masking passwords (#4489)
azurerm_hdinsight_ml_services_cluster - handling the API now masking passwords (#4489)
azurerm_hdinsight_rserver_cluster - handling the API now masking passwords (#4489)
azurerm_hdinsight_spark_cluster - handling the API now masking passwords (#4489)
azurerm_hdinsight_storm_cluster - handling the API now masking passwords (#4489)
azurerm_key_vault_certificate - storing the certificate data as hex (#4335)
azurerm_kubernetes_cluster - fixing a bug where upgrading to 1.34.0 would require resource recreation
(#4469)
azurerm_public_ip - ensuring that public_ip_prefix_id is read (#4344)
azurerm_role_assignment - changing the skip_service_principal_aad_check property no longer forces a new
resource (#4412)
azurerm_storage_blob - reading the properties after an update (#4452)
1.34.0 (September 18, 2019)

FEATURES:
New Data Source: azurerm_network_ddos_protection_plan (#4228)
New Data Source: azurerm_proximity_placement_group (#4020)
New Data Source: azurerm_servicebus_namespace_authorization_rule (#4294)
New Data Source: azurerm_sql_database (#4210)
New Data Source: azurerm_storage_account_blob_container_sas (#4195)
New Resource: azurerm_app_service_certificate (#4192)
New Resource: azurerm_app_service_source_control_token (#4214)
New Resource: azurerm_bot_channels_registration (#4245)
New Resource: azurerm_bot_connection (#4311)
New Resource: azurerm_frontdoor (#3933)
New Resource: azurerm_frontdoor_firewall_policy (#4125)
New Resource: azurerm_kusto_cluster (#4129)
New Resource: azurerm_kusto_database (#4149)
New Resource: azurerm_marketplace_agreement (#4305)
New Resource: azurerm_private_dns_zone_virtual_network_link (#3789)
New Resource: azurerm_proximity_placement_group (#4020)
New Resource: azurerm_stream_analytics_output_servicebus_topic (#4164)
New Resource: azurerm_web_application_firewall_policy (#4119)
IMPROVEMENTS:
dependencies: updating github.com/terraform-providers/terraform-provider-azuread to v0.6.0 (#4166)
dependencies: updating github.com/hashicorp/terraform to v0.12.8 (#4341)
compute: updating the API Version to 2019-07-01 (#4331)
network: updating to API version 2019-06-01 (#4291)
network: reverting the locking changes from #3673 (#3673)
storage: caching the Resource Group Name / Account Key (#4205)
storage: switching to use SharedKey for authentication with Blobs/Containers rather than SharedKeyLite
(#4235)
Data Source: azurerm_storage_account - gracefully degrading when there's a ReadOnly lock/the user doesn't
have permissions to list the Keys for the storage account (#4248)
Data Source: azurerm_storage_account_sas - adding an ISO8601 validator to the start and end dates
(#4064)
Data Source: azurerm_virtual_network - support for the location property (#4281)
azurerm_api_management - support for multiple additional_location blocks (#4175)
azurerm_application_gateway - allowing capacity to be set to 32 (#4189)
azurerm_application_gateway - support OWASP version 3.1 for the rule_set_version property (#4263)
azurerm_application_gateway - support for the trusted_root _certificate property (#4206)
azurerm_app_service - fixing a bug where the Application logs block would get reset when app_settings
were configured (#4243)
azurerm_app_service - support for sending HTTP Logs to Blob Storage (#4249)
azurerm_app_service - the ip_restriction.ip_address property is now optional (#4184)
azurerm_app_service_slot - the ip_restriction.ip_address property is now optional (#4184)
azurerm_availability_set - support for the proximity_placement_group_id property (#4020)
azurerm_cognitive_account - supporting CognitiveServices as a kind (#4209)
azurerm_container_registry - support for configuring Virtual Network Rules to Subnets (#4293)
azurerm_cosmosdb_account - correctly validate max_interval_in_seconds & max_staleness_prefix for geo
replicated accounts (#4273)
azurerm_cosmosdb_account - increase creation & deletion wait timeout to 3 hours (#4271)
azurerm_cosmosdb_sql_container - changing the unique_key.paths property now forces a new resource
(#4163)
azurerm_eventhub_namespace - changing the kafka_enabled property now forces a new resource (#4264)
azurerm_kubernetes_cluster - support for configuring the kube_dashboard within the addon_profile block
(#4139)
azurerm_kubernetes_cluster - prevent pod_cidr and azure network_plugin from being set at the same time
causing a new resource to be created (#4286)
azurerm_mariadb_server - support for version 10.3 (#4170)
azurerm_mariadb_server - support for configuring auto_grow (#4302)
azurerm_managed_disk - add support for the Ultra SSD disk_iops_read_write & disk_mbps_read_write
properties (#4102)
azurerm_mysql_server - support for configuring auto_grow (#4303)
azurerm_private_dns_zone - polling until the dns zone is marked as fully provisioned (#4307)
azurerm_postgresql_server - support for configuring auto_grow (#4220)
azurerm_resource_group - the name field can now be up to 90 characters (#4233)
azurerm_role_assignment - add principal_type and skip_service_principal_aad_check properties (#4168)
azurerm_storage_account - gracefully degrading when there's a ReadOnly lock/the user doesn't have
permissions to list the Keys for the storage account (#4248)
azurerm_storage_blob - switching over to use the new Storage SDK (#4179)
azurerm_storage_blob - support for Append Blobs (#4238)
azurerm_storage_blob - support for configuring the access_tier (#4238)
azurerm_storage_blob - support for specifying Block Blob content via source_content (#4238)
azurerm_storage_blob - the type field is now Required, since it had to be set anyway (#4238)
azurerm_storage_share_directory - support for upper-case characters in the name field (#4178)
azurerm_storage_table - using the correct storage account name when checking for the presence of an
existing storage table (#4234)
azurerm_stream_analytics_job - the field data_locale is now optional (#4190)
azurerm_stream_analytics_job - the field is now optional (#4190)
events_late_arrival_max_delay_in_seconds
azurerm_stream_analytics_job - the fieldevents_out_of_order_policy is now optional (#4190)
azurerm_stream_analytics_job - the fieldoutput_error_policy is now optional (#4190)
azurerm_subnet - support for the actions Microsoft.Network/virtualNetworks/subnets/join/action and
Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action (#4137)
azurerm_virtual_machine - support for UltraSSD_LRS managed disks (#3860)
azurerm_virtual_machine - support for the proximity_placement_group_id property (#4020)
azurerm_virtual_machine_scale_set - support for the proximity_placement_group_id property (#4020)
BUG FIXES:
azurerm_app_service - will no longer panic from when an access restriction rule involves a virtual network
(#4184)
azurerm_app_service_slot - will no longer panic from when an access restriction rule involves a virtual
network (#4184)
azurerm_app_service_plan and azurerm_app_service_slot crash fixes (#4184)
azurerm_container_group - make storage_account_key field in volume block sensitive (#4201)
azurerm_key_vault_certificate - prevented a panic caused by an empty element in extended_key_usage
(#4272)
azurerm_log_analytics_linked_service - will no longer panic if no items are passed into the property
linked_service_properties (#4142)
azurerm_log_analytics_workspace_linked_service - will no longer panic if no items are passed into the
property linked_service_properties (#4152)
azurerm_network_interface - changing the ip_configuration property to no longer force new resource
(#4155)
azurerm_virtual_network_peering - prevent nil object from being read (#4180)
1.33.1 (August 27, 2019)

networking: reducing the number of locks to avoid deadlock when creating 3 or more subnets with Network
Security Group/Route Table Associations (#3673)
1.33.0 (August 22, 2019)
FEATURES:
New Data Source: azurerm_dev_test_virtual_network (#3746)
New Resource: azurerm_cosmosdb_sql_container (#3871)
New Resource: azurerm_container_registry_webhook (#4112)
New Resource: azurerm_dev_test_lab_schedule (#3554)
New Resource: azurerm_mariadb_virtual_network_rule (#4048)
New Resource: azurerm_mariadb_configuration (#4060)
New Resource: azurerm_private_dns_cname_record (#4028)
New Resource: azurerm_recovery_services_fabric (#4003)
New Resource: azurerm_recovery_services_protection_container (#4003)
New Resource: azurerm_recovery_services_replication_policy (#4003)
New Resource: azurerm_recovery_services_protection_container_mapping (#4003)
New Resource: azurerm_recovery_network_mapping (#4003)
New Resource: azurerm_recovery_replicated_vm (#4003)
New Resource: azurerm_sql_failover_group (#3901)
New Resource: azurerm_virtual_wan (#4089)
IMPROVEMENTS:
all resources: increasing the maximum number of tags from 15 to 50 (#4071)
dependencies: upgrading github.com/tombuildsstuff/giovanni to v0.3.2 (#4122)
dependencies: upgrading the authorization SDK to 2018-09-01 (#4063)
dependencies: upgrading github.com/hashicorp/terraform to 0.12.6 (#4041)
internal: removing a duplicate Date/Time from the debug logs (#4024)
Data Source azurerm_dns_zone : deprecating the zone_type field (#4033)
azurerm_app_service - filesystem logging can now be set. (#4025)
azurerm_batch_pool - Support for Container Registry configurations (#4072)
azurerm_container_group - support for attaching to a (Private) Virtual Network (#3716)
azurerm_container_group - log_type can now be an empty string (#4013)
azurerm_cognitive_account - Adding 'QnAMaker' as Kind (#4126)
azurerm_dns_zone - deprecating the zone_type field (#4033)
azurerm_function_app - support for cors (#3949)
azurerm_function_app - support for the virtual_network_name property (#4078)
azurerm_iot_dps - add support for the linked_hub property (#3922)
azurerm_kubernetes_cluster - support for the enable_pod_security_policy property (#4098)
azurerm_monitor_diagnostic_setting - support for log_analytics_destination_type (#3987)
azurerm_role_assignment - now supports management groups (#4063)
azurerm_storage_account - requesting an access token using the ARM Authorizer (#4099)
azurerm_storage_account - support for BlockBlobStorage (#4131)
azurerm_subnet - support for the Service Endpoints Microsoft.BareMetal/AzureVMware ,
Microsoft.BareMetal/CrayServers , Microsoft.Databricks/workspaces and Microsoft.Web/hostingEnvironments
(#4115)
azurerm_traffic_manager_profile - support for the interval_in_seconds , timeout_in_seconds , and
tolerated_number_of_failures properties (#3473)
azurerm_user_assigned_identity - the name field can now be up to 128 characters (#4094)
BUG FIXES:
azurerm_app_service_plan - workaround for missing error on 404 (#3990)
azurerm_batch_certificate - the thumbprint_algorithm property is now case insensitive (#3977)
`azurerm_notification_hub_authorization_rule - fixing an issue when creating multiple authorization rules at
the same time (#4087)
azurerm_postgresql_server - removal of unsupported version 10.2 (#3915)
azurerm_role_definition - enture role_definition_id is correctly set if left empty during creation (#3913)
azurerm_storage_account - making default_action within the network_rules block required (#4037)
azurerm_storage_account - making the network_rules block computed (#4037)
azurerm_storage_queue - switching to using SharedKey for authentication (#4122)
azurerm_storage_share - allow up to 100TB for the quota property (#4054)
azurerm_storage_share_directory - handling the share being eventually consistent (#4122)
azurerm_storage_share_directory - allowing nested directories (#4122)
1.32.1 (July 31, 2019)

BUG FIXES:
azurerm_application_gateway fix an index out of range crash (#3966)
azurerm_api_management_backend - ensuring a nil certificates object is sent to the API instead of an empty
one (#3931)
azurerm_api_managment_product - additional validation for approval_required (#3945)
azurerm_network_ddos_protection_plan - correctly decodes the resource ID on read/delete (#3975)
azurerm_dev_test_virtual_network - generate subnet IDs in the correct format (#3717)
azurerm_iot_dps fixed deletion issue when using a service principal (#3973)
azurerm_kubernetes_cluster - the load_balancer_sku property is now case insensitive (#3958)
azurerm_postgresql_server - add missing support for version 11.0 (#3970)
azurerm_storage_* - prevent multiple panics when a storage account/resource group cannot be found
(#3986)
azurerm_storage_account - fix enable_advanced_threat_protection create/read for unsupported regions
(#3947)
azurerm_storage_table - now migrates older versions of the resource id to the new format (#3932)
azurerm_virtual_machine_scale_set - the ssh_keys property of the os_profile_linux_config block now
recognizes updates (#3837)
azurerm_virtual_machine_scale_set - changes made to the network_profile property should now be
correctly reflected during updates (#3821)
1.32.0 (July 24, 2019)
FEATURES:
New Data Source: azurerm_maps_account (#3698)
New Data Source: azurerm_mssql_elasticpool (#3824)
New Resource: azurerm_analysis_services_server (#3721)
New Resource: azurerm_api_management_backend (#3676)
New Resource: azurerm_batch_application (#3825)
New Resource: azurerm_maps_account (#3698)
New Resource: azurerm_private_dns_zone_a_record (#3849)
New Resource: azurerm_storage_table_entity (#3831)
New Resource: azurerm_storage_share_directory (#3802)
IMPROVEMENTS:
dependencies: upgrading the containerservice SDK to 2019-02-01 (#3787)
dependencies: upgrading the subscription SDK to 2018-06-01 (#3811)
authentication: showing a more helpful error when attempting to use the Azure CLI authentication when
logged in as a Service Principal (#3850)
Data Source azurerm_function_app - support for auth_settings (#3893)
Data Source azurerm_subscription - support the tenant_id property (#3811)
azurerm_app_service - support for backups (#3804)
azurerm_app_service - support for storage mounts (#3792)
azurerm_app_service - support for user assigned identities (#3637)
azurerm_app_service_slot - support for auth_settings (#3897)
azurerm_app_service_slot - support for user assigned identities (#3637)
azurerm_application_gateway - Support for Managed Identities (#3648)
azurerm_batch_pool - support for custom images with the storage_image_reference property (#3530)
azurerm_batch_account - expose required properties for when pool_allocation_mode is UserSubscription
(#3535)
azurerm_cognitive_account - add support for CustomVision.Training and CustomVision.Prediction to the
kind property (#3817)
azurerm_container_registry - support for network_rule_set property (#3194)
azurerm_cosmosdb_account - validate max_interval_in_seconds and max_staleness_prefix correctly when
using more then 1 geo_location (#3906)
azurerm_function_app - support for auth_settings (#3893)
azurerm_iothub - support for the file_upload property (#3735)
azurerm_kubernetes_cluster - support for auto scaling (#3361)
azurerm_kubernetes_cluster - support for custom_resource_group_name (#3785)
azurerm_kubernetes_cluster - support for the node_taints property (#3787)
azurerm_kubernetes_cluster - support for the windows_profile property (#3519)
kubernetes_cluster - support for specifying the load_balancer_sku property (#3890)
azurerm_recovery_services_protected_vm - changing backup_policy_id no longer forces a new resource
(#3822)
azurerm_security_center_contact - the phone property is now optional (#3761)
azurerm_storage_account - the account_kind property now supports FileStorage (#3750)
azurerm_storage_account - support for the enable_advanced_threat_protection property (#3782)
azurerm_storage_account - support for queue_properties (#3859)
azurerm_storage_blob - making metadata a computed field (#3842)
azurerm_storage_container - switching to use github.com/tombuildsstuff/giovanni (#3857)
azurerm_storage_container - adding support for metadata (#3857)
azurerm_storage_container - can now create containers with the name $web (#3896)
azurerm_storage_queue - switching to use github.com/tombuildsstuff/giovanni (#3832)
azurerm_storage_share - switching to use github.com/tombuildsstuff/giovanni (#3828)
azurerm_storage_share - support for configuring ACL's (#3830)
azurerm_storage_share - support for configuring MetaData (#3830)
azurerm_storage_table - switching to use github.com/tombuildsstuff/giovanni (#3834)
azurerm_storage_table - support for configuring ACL's (#3847)
azurerm_traffic_manager_endpoint - supper for custom_header and subnet properties (#3655)
azurerm_virtual_machine - switching over to use the github.com/tombuildsstuff/giovanni Storage SDK
(#3838)
azurerm_virtual_machine - looking up the data disks attached to the Virtual Machine when optionally
deleting them upon deletion rather than parsing them from the config (#3838)
azurerm_virtual_machine_scale_set - prevent public_ip_address_configuration from being lost during
update (#3767)
BUG FIXES:
azurerm_image - prevent crash when using data_disk (#3797)
azurerm_role_assignment - now correctly uses scope when looking up the role definition by name (#3768)
1.31.0 (June 28, 2019)

FEATURES:
increase the default timeout to 3 hours (#3737)
New Resource: azurerm_iot_dps (#3618)
New Resource: azurerm_iot_dps_certificate (#3567)
New Resource: azurerm_mariadb_firewall_rule (#3720)
New Resource: azurerm_private_dns_zone (#3718)
New Resource: azurerm_stream_analytics_output_mssql (#3567)
IMPROVEMENTS:
Data Source azurerm_key_vault - deprecated sku in favour of sku_name (#3119)
azurerm_app_service - support for shipping the application logs to blob storage (#3520)
azurerm_app_service_plan - prevent a panic during import (#3657)
azurerm_app_service_slot - updating identity no longer forces a new resource (#3702)
azurerm_automation_account - deprecated sku in favour of sku_name (#3119)
azurerm_key_vault - deprecated sku in favour of sku_name (#3119)
azurerm_key_vault_key - add support for Elliptic Curve based keys (#1814)
azurerm_traffic_manager_profile - ttl can now be 1 second (#3632)
azurerm_eventgrid_event_subscription - now retrieves the full URL for event webhooks (#3630)
azurerm_lb - support for the public_ip_prefix_id property (#3675)
azurerm_mysql_server - add validation to the name property (#3695)
azurerm_notification_hub_namespace - deprecated sku in favour of sku_name (#3119)
azurerm_redis_firewall_rule - no longer fails with multiple rules (#3731)
azurerm_relay_namespace - deprecated sku in favour of sku_name (#3119)
azurerm_service_fabric_cluster - tenant_id , cluster_application_id , and client_application_id are now
updateable (#3654)
azurerm_service_fabric_cluster - ability to set certificate_common_names (#3652)
azurerm_storage_account - ability to set default_action oi the network_rules block (#3255)
BUG FIXES:
azurerm_cosmosdb_account - will ignore responses from
500
documentdb.DatabaseAccountsClient#CheckNameExists requests to work around a broken API (#3747)
1.30.1 (June 07, 2019)

BUG FIXES:
Ensuring the authorization header is set for calls to the User Assigned Identity API's (#3613)
1.30.0 (June 07, 2019)
FEATURES:
New Data Source: azurerm_redis_cache (#3481)
New Data Source: azurerm_sql_server (#3513)
New Data Source: azurerm_virtual_network_gateway_connection (#3571)
IMPROVEMENTS:
dependencies: upgrading to Go 1.12 (#3525)
dependencies: upgrading the storage SDK to 2019-04-01 (#3578)
Data Source azurerm_app_service - support windows containers (#3566)
Data Source azurerm_app_service_plan - support windows containers (#3566)
azurerm_api_management - rename disable_triple_des_chipers to disable_triple_des_ciphers (#3539)
azurerm_application_gateway - support for the value General in the rule_group_name field within the
disabled_rule_group block (#3533)
azurerm_app_service - support for windows containers (#3566)
azurerm_app_service_plan - support for the maximum_elastic_worker_count property (#3547)
azurerm_managed_disk - support for the create_option of Restore (#3598)
azurerm_app_service_plan - support for windows containers (#3566)
1.29.0 (May 25, 2019)

FEATURES:
New Resource: azurerm_application_insights_web_test (#3331)
IMPROVEMENTS:
dependencies: upgrading to v0.12.0 of github.com/hashicorp/terraform (#3417)
sdk: configuring the Correlation Request ID (#3253)
azurerm_application_gateway - support for rewrite rules (#3423)
azurerm_application_gateway - support for ssl_policy blocks and deprecating disabled_ssl_protocols
(#3360)
azurerm_app_service - support for configuring authentication settings (#2831)
azurerm_kubernetes_cluster - updating the casing on the SubnetName field to match a change in the AKS API
(#3484)
azurerm_kubernetes_cluster - support for multiple agent pools (#3491)
BUG FIXES:
Data Source azurerm_virtual_network : add network_space property to match resource while deprecating
network_spaces (#3494)
azurerm_automation_module - now polls to wait until the module's finished provisioning (#3482)
azurerm_api_management_api - correct validation to allow empty and strings 400 characters long (#3475)
azurerm_dev_test_virtual_network - correctly manages subnets on the initial creation (#3501)
azurerm_express_route_circuit - no longer removes circuit subresources on update (#3496)
azurerm_role_assignment - making the role_definition_name field case-insensitive (#3499)
1.28.0 (May 17, 2019)

FEATURES:
New Data Source: azurerm_automation_variable_bool (#3310)
New Data Source: azurerm_automation_variable_datetime (#3310)
New Data Source: azurerm_automation_variable_int (#3310)
New Data Source: azurerm_automation_variable_string (#3310)
New Data Source: zurerm_kubernetes_service_versions (#3382)
New Data Source: azurerm_user_assigned_identity (#3343)
New Resource: azurerm_automation_variable_bool (#3310)
New Resource: azurerm_automation_variable_datetime (#3310)
New Resource: azurerm_automation_variable_int (#3310)
New Resource: azurerm_automation_variable_string (#3310)
New Resource: azurerm_api_management_api_operation_policy (#3374)
New Resource: azurerm_api_management_api_policy (#3367)
New Resource: azurerm_api_management_product_policy (#3325)
New Resource: azurerm_api_management_schema (#3357)
New Resource: azurerm_cosmosdb_table (#3442)
New Resource: azurerm_cosmosdb_cassandra_keyspace (#3442)
New Resource: azurerm_cosmosdb_mongo_collection (#3459)
New Resource: azurerm_cosmosdb_mongo_database (#3442)
New Resource: azurerm_cosmosdb_sql_database (#3442)
New Resource: azurerm_firewall_nat_rule_collection (#3218)
New Resource: azurerm_data_factory_linked_service_data_lake_storage_gen2 (#3425)
New Resource: azurerm_network_profile (#2636)
IMPROVEMENTS:
Data Source azurerm_kubernetes_cluster - exposing the type field within the agent_pool_profile block
(#3424)
azurerm_application_gateway - support for the autoscale_configuration property (#3353)
azurerm_application_gateway added validation to ensure redirect_configuration_name must not be set if
either backend_address_pool_name or backend_http_settings_name is set (#3340)
azurerm_application_gateway - support for affinity_cookie_name (#3434)
azurerm_application_gateway - support for disabled_rule_groups (#3394)
azurerm_app_service_slot - exporting the site_credential block (#3444)
azurerm_batch_pool support for the container_configuration property (#3311)
azurerm_kubernetes_cluster - support for the api_server_authorized_ip_ranges property (#3262)
azurerm_kubernetes_cluster - support for setting type within the agent_pool_profile block (Agent Pools via
Virtual Machine Scale Sets) (#3424)
azurerm_redis_cache - support for disabling authentication (#3389)
azurerm_redis_cache - make the redis_configuration block optional (#3397)
azurerm_sql_database - support for the read_scale property (#3377)
azurerm_stream_analytics_job - tags can now be set on the property (#3329)
azurerm_virtual_network_peering - retrying provisioning the peering of the virtual network (#3392)
azurerm_virtual_machine_scale_set - support for the provision_after_extensions property to chain multiple
extensions togeather (#2937)
BUG FIXES:
Data Source: azurerm_api_management - correctly returning the hostname portal and proxy values (#3385)
azurerm_application_gateway - will no longer prevent default_backend_address_pool_name and
redirect_configuration_name from being set at the same time (#3286)
azurerm_application_gateway prevent a potential panic in backend and probe validation (#3438)
azurerm_eventhub - decrease minimum partition_count to correct value of 1 (#3439)
azurerm_eventhub_namespace - decrease maximum maximum_throughput_units to correct value of 20 (#3440)
azurerm_firewall - ensuring that the value for subnet_id within the ip_configuration block has the name
AzureFirewallSubnet (#3406)
azurerm_managed_disk - can now actually create UltraSSD_LRS disks (#3453)
azurerm_redis_configuration - correctly display http errors encoutered during creation (#3397)
azurerm_sql_database - making the collation field case insensitive to work around a bug in the API (#3137)
azurerm_stream_analytics_output_eventhub will now correctly set format for JSON output (#3318)
azurerm_app_service_plan - supports elastic for the sku tier (#3402)
azurerm_application_gateway - supports disabled_rule_group for waf configurations (#3394)
azurerm_application_gateway - supports exclusion for waf configurations (#3407)
azurerm_application_gateway - supports updating a gateway_ip_configuration.x.subnet_id (#3437)
1.27.1 (April 26, 2019)

BUG FIXES:
provider will now only register available resource providers (#3313)
1.27.0 (April 26, 2019)
NOTES:
This release includes a Terraform SDK upgrade with compatibility for Terraform v0.12. The provider remains
backwards compatible with Terraform v0.11 and there should not be any significant behavioural changes.
(#2968)
1.26.0 (April 25, 2019)
IMPROVEMENTS:
azurerm_app_service - support for Java 11 (#3270)
azurerm_app_service_slot - support for Java 11 (#3270)
azurerm_container_group - support for the identity block (#3243)
BUG FIXES:
provider will work through proxies again (#3301)
1.25.0 (April 17, 2019)
FEATURES:
New Data Source: azurerm_batch_certificate (#3097)
New Data Source: azurerm_express_route_circuit (#3158)
New Data Source: azurerm_firewall (#3235)
New Data Source: azurerm_hdinsight_cluster (#3196)
New Data Source: azurerm_stream_analytics_job (#3227)
New Resource: azurerm_batch_certificate (#3097)
New Resource: azurerm_data_factory (#3159)
New Resource: azurerm_data_factory_dataset_mysql (#3267)
New Resource: azurerm_data_factory_dataset_postgresql (#3267)
New Resource: azurerm_data_factory_dataset_sql_server_table (#3236)
New Resource: azurerm_data_factory_linked_service_sql_server (#3205)
New Resource: azurerm_data_factory_linked_service_mysql (#3265)
New Resource: azurerm_data_factory_linked_service_postgresql (#3266)
New Resource: azurerm_data_factory_pipeline (#3244)
New Resource: azurerm_hdinsight_kafka_cluster (#3196)
New Resource: azurerm_hdinsight_kbase_cluster (#3196)
New Resource: azurerm_hdinsight_hadoop_cluster (#3196)
New Resource: azurerm_hdinsight_interactive_query_cluster (#3196)
New Resource: azurerm_hdinsight_ml_services_cluster (#3196)
New Resource: azurerm_hdinsight_rserver_cluster (#3196)
New Resource: azurerm_hdinsight_spark_cluster (#3196)
New Resource: azurerm_hdinsight_storm_cluster (#3196)
New Resource: azurerm_iothub_shared_access_policy (#3009)
New Resource: azurerm_public_ip_prefix (#3139)
New Resource: azurerm_stream_analytics_job (#3227)
New Resource: azurerm_stream_analytics_function_javascript_udf (#3249)
New Resource: azurerm_stream_analytics_stream_input_blob (#3250)
New Resource: azurerm_stream_analytics_stream_input_eventhub (#3250)
New Resource: azurerm_stream_analytics_stream_input_iothub (#3250)
New Resource: azurerm_stream_analytics_output_blob (#3250)
New Resource: azurerm_stream_analytics_output_eventhub (#3250)
New Resource: azurerm_stream_analytics_output_servicebus_queue (#3250)
IMPROVEMENTS:
dependencies: updating github.com/hashicorp/terraform to 44702fa6c163 (#3181)
Data Source: azurerm_batch_pool - adding the resource_file block to the start_task block (#3192)
Data Source: azurerm_subnet - exposing the service_endpoint field (#3184)
azurerm_batch_pool - adding the resource_file block to the start_task block (#3192)
azurerm_container_group - support for specifying liveness_probe and readiness_probe blocks (#3118)
azurerm_key_vault_access_policy - support for setting storage_permissions (#3153)
azurerm_kubernetes_cluster - network_policy now supports azure (#3213)
azurerm_iothub - support for configuring ip_filter_rule (#3173)
azurerm_public_ip - support for attaching a azurerm_public_ip_prefix (#3139)
azurerm_redis_cache - support for setting aof_backup_enabled , aof_storage_connection_string_0 and
aof_storage_connection_string_1 (#3155)
azurerm_storage_blob - support for the metadata property (#3206)
azurerm_traffic_manager_profile - support the MultiValue and Weighted values for the
traffic_routing_method property (#3207)
azurerm_virtual_network_gateway - support for the VpnGw1AZ , VpnGw2AZ , and VpnGw3AZ SKU's (#3171)
BUG FIXES:
dependencies: downgrading the Security API to 2017-08-01-preview to work around a breaking API change
(#3269)
azurerm_app_service - removing Computed from the use_32_bit_worker_process property in the
site_config block (#3219)
azurerm_app_service_slot - removing Computed from the use_32_bit_worker_process property in the
site_config block (#3219)
azurerm_batch_account - temporarily treating the Resource Group Name as case insensitive to work around
an API bug (#3260)
azurerm_batch_pool - temporarily treating the Resource Group Name as case insensitive to work around an
API bug (#3260)
azurerm_app_service - ensuring deleted App Services are detected correctly (#3198)
azurerm_function_app - ensuring deleted Function Apps are detected correctly (#3198)
azurerm_virtual_machine - adding validation for the identity_ids field (#3183)
1.24.0 (April 03, 2019)
UPGRADE NOTES:
azurerm_kubernetes_cluster - ssh_key is now limited to a single element to reflect what the API expects
(#3099)
FEATURES:
New Data Source: azurerm_api_management_api (#3010)
New Resource: azurerm_api_management_api (#3010)
New Resource: azurerm_api_management_api_operation (#3121)
New Resource: azurerm_api_management_api_version_set (#3073)
New Resource: azurerm_api_management_authorization_server (#3123)
New Resource: azurerm_api_management_certificate (#3141)
New Resource: azurerm_api_management_logger (#2994)
New Resource: azurerm_api_management_openid_connect_provider (#3143)
New Resource: azurerm_api_management_product_api (#3066)
New Resource: azurerm_api_management_subscription (#3103)
IMPROVEMENTS:
Data Source: azurerm_app_service - exporting the cors headers (#2870)
Data Source: azurerm_storage_account - exposing the Hierarchical Namespace state (#3032)
azurerm_api_management - support for sign_in , sign_up and policy blocks (#3151)
azurerm_app_service - support for migrating between App Service Plans (#3048)
azurerm_app_service - support for additional types for the scm_type field in the site_config block (#3019)
azurerm_app_service - support for specifying cors headers (#2870)
azurerm_app_service_slot - support for specifying cors headers (#2870)
azurerm_app_service_slot - support for additional types for the scm_type field in the site_config block
(#3019)
azurerm_application_gateway - support for WAF configuration properties request_body_check and
max_request_body_size_kb (#3093)
azurerm_application_gateway - support for the hostname property (#2990)
azurerm_application_gateway - support for redirect rules (#2908)
azurerm_application_gateway - support for zones (#3144)
azurerm_batch_account - now exports the primary_access_key , secondary_access_key , and account_endpoint
properties (#3071)
azurerm_container_group - support for attaching GPU's (#3053)
azurerm_eventhub - support for the skip_empty_archives property (#3074)
azurerm_eventhub_namespace - increase maximum maximum_throughput_units to 100 (#3049)
azurerm_function_app - exporting possible_outbound_ip_addresses (#3043)
azurerm_iothub - properties batch_frequency_in_seconds , max_chunk_size_in_bytes , encoding ,
container_name , file_name_format are now correctly diff'd depending on the type (#2951)
azurerm_image - support for the zone_resilient property (#3100)
azurerm_kubernetes_cluster - support for the network_profile property (#2987)
azurerm_key_vault - support for the storage_permissions property (#3081)
azurerm_managed_disk - support for managed disks up to 32TB (#3062)
azurerm_mssql_elasticpool - support setting the zone_redundant property (#3104)
azurerm_redis_cache - support for the minimum_tls_version property (#3111)
azurerm_storage_account - support for configuring the Hierarchical Namespace state (#3032)
azurerm_storage_account - exposing the DFS File Secondary and Web endpoints (#3110)
azurerm_virtual_machine - support for managed disks up to 32TB (#3062)
azurerm_virtual_machine_scale_set - support for managed disks up to 32TB (#3062)
BUG FIXES:
azurerm_application_gateway - correctly populating backend addresses from both new and deprecated
properties fqdns / fqdn_list (#3085)
azurerm_key_vault_certificate - making contents and password within the certificate block sensitive
(#3064)
monitor_metric_alert - support for setting aggregation to count (#3047)
azurerm_virtual_network_gateway - fixing a crash when bgp_settings had no elements (#3038)
azurerm_virtual_machine_scale_set - support setting zones to an empty list (#3142)
1.23.0 (March 08, 2019)

FEATURES:
New Data Source: azurerm_api_management_group (#2809)
New Data Source: azurerm_api_management_product (#2953)
New Data Source: azurerm_api_management_user (#2954)
New Data Source: azurerm_availability_set (#2850)
New Data Source: azurerm_network_watcher (#2791)
New Data Source: azurerm_recovery_services_protection_policy_vm (#2974)
New Resource: azurerm_api_management_group (#2809)
New Resource: azurerm_api_management_group_user (#2972)
New Resource: azurerm_api_management_product (#2953)
New Resource: azurerm_api_management_product_group (#2984)
New Resource: azurerm_api_management_property (#2986)
New Resource: azurerm_api_management_user (#2954)
New Resource: azurerm_connection_monitor (#2791)
New Resource: azurerm_eventgrid_domain (#2884)
New Resource: azurerm_eventgrid_event_subscription (#2967)
New Resource: azurerm_lb_outbound_rule (#2912)
New Resource: azurerm_media_service_account (#2711)
IMPROVEMENTS:
dependencies: upgrading to v11.4.0 of github.com/Azure/go-autorest (#2886)
azurerm_application_gateway - support for setting path within the backend_http_settings block (#2879)
azurerm_application_gateway - support for setting connection_draining to the backend_http_settings
(#2778)
azurerm_container_group - support for specifying the diagnostics block (#2763)
azurerm_iothub - support for the fallback_route property (#2764)
azurerm_key_vault - support for 1024 access_policy blocks (#2866)
azurerm_redis_cache - support for configuring the maxfragmentationmemory_reserved in the
redis_configuration block (#2887)
azurerm_servicebus_namespace - allowing capacity to be set to 0 for non-Premium SKU's (#2920)
azurerm_service_fabric_cluster - support for setting capacities and placement_properties (#2936)
azurerm_storage_account - exposing primary/secondary _host attributes (#2792)
BUG FIXES:
azurerm_api_management - switching to use API version 2018-01-01 rather than 2018-06-01-preview (#2958)
azurerm_application_gateway - updating the default value for file_upload_limit_mb within the
waf_configuration block to be 100 to match the documentation (#3012)
azurerm_batch_pool - updating max_tasks_per_node to be ForceNew (#2856)
azurerm_key_vault_access_policy - no longer silenty fails on creation of the key_vault_id property is
invalid/doesn't exist (#2922)
azurerm_policy_definition - making the metadata field to computed (#2939)
azurerm_redis_firewall_rule - allowing underscores in the name field (#2906)
azurerm_iothub - marking the connection_string property as sensitive (#3007)
azurerm_iothub - ensuring the type property is alwaysa set (#3007)
1.22.1 (February 14, 2019)

BUG FIXES:
azurerm_key_vault_access_policy - will no longer fail to find the Key Vault if key_vault_id is empty (#2874)
azurerm_key_vault_certificate - will no longer fail to find the Key Vault if key_vault_id is (#2874)
azurerm_key_vault_key - will no longer fail to find the Key Vault if key_vault_id is (#2874)
azurerm_key_vault_secret - will no longer fail to find the Key Vault if key_vault_id is (#2874)
azurerm_storage_container - support for large numbers of containers within a storage account (#2873)
1.22.0 (February 11, 2019)

UPGRADE NOTES:
The v1.22 release includes a few new resources which are duplicates of existing resources, the purpose of
this is to correct some invalid naming so that we can remove the mis-named resources in the next major
version of the Provider. Please see the upgrade guide for more information on how to migrate between these
resources.
The azurerm_builtin_role_definition Data Source has been deprecated in favour of the
azurerm_role_definition Data Source, which now provides the same functionality and will be removed in the
next major version of the AzureRM Provider (2.0) (#2798)
The azurerm_log_analytics_workspace_linked_service resource has been deprecated in favour of the (new)
azurerm_log_analytics_linked_service resource and will be removed in the next major version of the
AzureRM Provider (2.0) (#2768)
The azurerm_autoscale_setting resource has been deprecated in favour of the (new)
azurerm_monitor_autoscale_setting resource and will be removed in the next major version of the AzureRM
Provider (2.0) (#2768)
The azurerm_metric_alertrule resource has been deprecated in favour of the (new)
azurerm_monitor_metric_alertrule resource and will be removed in the next major version of the AzureRM
Provider (2.0) (#2762)
FEATURES:
New Data Source: azurerm_policy_definition (#2788)
New Data Source: azurerm_servicebus_namespace (#2841)
New Resource: azurerm_ddos_protection_plan (#2654)
New Resource: azurerm_log_analytics_linked_service (#2768)
New Resource: azurerm_monitor_autoscale_setting (#2768)
New Resource: azurerm_monitor_metric_alertrule (#2762)
New Resource: azurerm_network_interface_application_security_group_association (#2789)
DEPRECATIONS:
Data Source azurerm_key_vault_key - deprecating the vault_uri property in favour of key_vault_id
(#2820)
Data Source azurerm_key_vault_secret - deprecating the vault_uri property in favour of key_vault_id
(#2820)
azurerm_key_vault_certificate - deprecating the vault_uri property in favour of key_vault_id (#2820)
azurerm_key_vault_key - deprecating the vault_uri property in favour of key_vault_id (#2820)
azurerm_key_vault_access_policy - deprecating the vault_name and resource_group_name properties in
favour of key_vault_id (#2820)
azurerm_key_vault_secret - deprecating the vault_uri property in favour of key_vault_id (#2820)
azurerm_application_gateway - deprecating the fqdn_list field in favour of fqdns (#2768)
azurerm_application_gateway - deprecating the ip_address_list field in favour of ip_addresses (#2768)
azurerm_builtin_role_definition - deprecating in favour of the azurerm_role_definition data source, which
now provides the same functionality (#2798)
azurerm_log_analytics_workspace_linked_service - deprecating in favour of the (renamed)
azurerm_log_analytics_linked_service resource (#2768)
azurerm_monitor_autoscale_setting - deprecating in favour of the (renamed) azurerm_autoscale_setting
resource (#2768)
azurerm_network_interface - deprecating the application_security_group_ids field in favour of the new
azurerm_network_interface_application_security_group_association resource (#2789)
IMPROVEMENTS:
dependencies: switching to Go Modules (#2705)
dependencies: upgrading to v11.3.2 of github.com/Azure/go-autorest (#2744)
Data Source: azurerm_role_definition - support for finding roles by name (#2798)
azurerm_application_gateway - support for the http2 property (#2735)
azurerm_application_gateway - support for the file_upload_limit_mb property (#2666)
azurerm_application_gateway - support for the custom_error_configuration property (#2783)
azurerm_application_gateway - Support for pick_host_name_from_backend_address and
pick_host_name_from_backend_http_settings properties (#2658)
azurerm_app_service - support for the client_cert_enabled property (#2765)
azurerm_autoscale_setting - support values from 0 to 1000 for the minimum , maximum and default
properties (#2815)
azurerm_batch_pool - support for the max_tasks_per_node property (#2805)
azurerm_cognitive_account - exporting primary_access_key and secondary_access_key (#2825)
azurerm_cosmosdb_account - support for the EnableAggregationPipeline , MongoDBv3.4 and
mongoEnableDocLevelTTL capabilities (#2715)
azurerm_data_lake_store_file - support file uploads greater then 4 megabytes (#2633)
azurerm_function_app - support for linux via the linux_fx_version property (#2767)
azurerm_mssql_elasticpool - support for setting max_size_bytes (#2346)
azurerm_mssql_elasticpool - support for setting max_size_gb (#2695)
azurerm_postgresql_server - support for version 10 and 10.2 (#2768)
azurerm_kubernetes_cluster - add addtional validation (#2772)
azurerm_signalr_service - exporting primary_access_key , secondary_access_key , primary_connection_string
and secondary_connection_string and secondary access keys and connection strings (#2655)
azurerm_subnet - support for additional subnet delegation types (#2667)
BUG FIXES:
azurerm_azuread_application - fixing a bug where reply_uris was set incorrectly (#2729)
azurerm_batch_pool - can now set multiple environment variables (#2685)
azurerm_cosmosdb_account - prevent occasional error when deleting the resource (#2702)
azurerm_cosmosdb_account - allow empty values for the ip_range_filter property (#2713)
azurerm_express_route_circuit - added the premium SKU back to validation logic (#2692)
azurerm_firewall - ensuring rules aren't removed during an update (#2663)
azurerm_notification_hub_namespace - now polls on creation to handle eventual consistency (#2701)
azurerm_redis_cache - locking on the Virtual Network/Subnet name to avoid a race condition (#2725)
azurerm_service_bus_subscription - name's can now start with a digit (#2672)
azurerm_security_center - increase the creation timeout to 30m (#2724)
azurerm_service_fabric_cluster - no longer pass reverse_proxy_endpoint_port to the API when not specified
(#2747)
azurerm_subnet - fixing a crash when service endpoints was nil (#2742)
azurerm_subnet - will no longer lose service endpoints during a virtual network update (#2738)
1.21.0 (January 11, 2019)

FEATURES:
New Data Source: azurerm_application_insights (#2625)
New Data Source: azurerm_batch_account (#2428)
New Data Source: azurerm_batch_pool (#2461)
New Data Source: azurerm_lb (#2354)
New Data Source: azurerm_lb_backend_address_pool (#2354)
New Data Source: azurerm_virtual_machine (#2463)
New Resource: azurerm_application_insights_api_key (#2556)
New Resource: azurerm_batch_account (#2428)
New Resource: azurerm_batch_pool (#2461)
New Resource: azurerm_firewall_application_rule_collection (#2532)
New Resource: azurerm_policy_set_definition (#2535)
IMPROVEMENTS:
config: support for specifying the partner_id for partner resource attribution (#2643)
dependencies: updating to v24.0.0 of Azure/azure-sdk-for-go (#2572)
dependencies: upgrading the network SDK to 2018-08-01 (#2433)
Data Source: azurerm_app_service - exporting the possible_outbound_ip_addresses (#2513)
Data Source: azurerm_azuread_application - deprecating in favour of the split-out AzureAD Provider (#2632)
Data Source: azurerm_azuread_service_principal - deprecating in favour of the split-out AzureAD Provider
(#2632)
Data Source: azurerm_container_registry - now exports tags (#2607)
Data Source: azurerm_network_interface - now exports ip_configuration.private_ip_address_version
(#2646)
Data Source: azurerm_public_ip - now exports location , sku , allocation_method , reverse_fqdn and
zones (#2576)
azurerm_app_service - exporting the possible_outbound_ip_addresses (#2513)
azurerm_azuread_application - deprecating in favour of the split-out AzureAD Provider (#2632)
azurerm_azuread_service_principal - deprecating in favour of the split-out AzureAD Provider (#2632)
azurerm_azuread_service_principal_password - deprecating in favour of the split-out AzureAD Provider
(#2632)
azurerm_cognitive_account - support for the SpeechServices kind (#2583)
azurerm_container_group - deprecated container properties port and protocol for ports allowing for
multiple ports (#1930)
azurerm_eventhub_namespace - support for kafka_enabled (#2395)
azurerm_firewall - renaming the public_ip_address_id property to ip_address_id (#2433)
azurerm_kubernetes_cluster - support for Virtual Nodes (#2641)
azurerm_kubernetes_cluster - the dns_prefix now forces a new resource and is properly validated (#2611)
azurerm_log_analytics_workspace_linked_service - now correctly handels uppcase workspace_name values
(#2594)
azurerm_network_interface - support for IPv6 addresses (#2548)
azurerm_policy_assignment - support for Managed Service Identity (#2549)
azurerm_policy_assignment - support exclusions with the not_scopes property (#2620)
azurerm_policy_definition - polices can now be assigned to a management group (#2490)
azurerm_policy_set_definition - policy sets can now be assigned to a management group (#2618)
azurerm_public_ip - deprecated public_ip_address_allocation in favour of allocation_method to better
match the SDK (#2576)
azurerm_redis_cache - add availability zone support (#2580)
azurerm_service_fabric_cluster - support for azure_active_directory (#2553)
azurerm_service_fabric_cluster - support for reverse_proxy_certificate (#2544)
azurerm_service_fabric_cluster - support for reverse_proxy_endpoint_port (#2544)
azurerm_subnet - support for delegation (#2042)
BUG FIXES:
Data Source: azurerm_managed_disk - exposing the create_option field (#2597)
Data Source: azurerm_network_interface - exposing application_security_group_ids within the
Data Source: azurerm_snapshot - ensuring disk_size_gb is set (#2596)
Data Source: azurerm_storage_account - ensuring the account_replication_type field is set correctly (#2595)
azurerm_app_service - handling connection strings being in any order (#2609)
azurerm_app_service_slot - handling connection strings being in any order (#2609)
azurerm_network_security_rule - the properties source_application_security_group_ids and
destination_application_security_group_ids are now correctly read & imported (#2558)
azurerm_role_assignment - retrieving the role definition name during import (#2565)
azurerm_template_deployment - fixing regression and supportting nested template deployments (#2514)
1.20.0 (December 12, 2018)

FEATURES:
New Data Source: azurerm_monitor_action_group (#2430)
New Resource: azurerm_mariadb_database (#2445)
New Resource: azurerm_mariadb_server (#2406)
New Resource: azurerm_signalr_service (#2410)
IMPROVEMENTS:
authentication: switching to use the shared Azure authentication library (#2355)
authentication: support for authenticating using a Service Principal with a Client Certificate (#2471)
authentication: requesting a token using the audience address (#2381)
authentication: switching to request tokens from the Azure CLI (#2387)
sdk: upgrading to version 2018-05-01 of the Policy API (#2386)
Data Source: azurerm_kubernetes_cluster - support for Role Based Access Control without Azure AD (#2495)
Data Source: azurerm_kubernetes_cluster - exposing the clusterAdmin credentials (#2495)
Data Source: azurerm_subscriptions - ability to filtering by prefix/contains on the Display Name (#2429)
azurerm_app_service - support for configuring app_command_line in the site_config block (#2350)
azurerm_app_service_plan - deprecated the properties and moved app_service_environment_id ,
per_site_scaling and reserved to the top level (#2442)
azurerm_app_service_slot - support for configuring app_command_line in the site_config block (#2350)
azurerm_application_insights - added Node.JS application type (#2407)
azurerm_container_registry - support for geo-replication via the georeplication_locations property
(#2055)
azurerm_key_vault - exposed backup and restore permissions made key_permissions and
secret_permissions optional (#2363)
azurerm_kubernetes_cluster - support for Role Based Access Control without Azure AD (#2495)
azurerm_kubernetes_cluster - exposing the clusterAdmin credentials (#2495)
azurerm_mssql_elasticpool - deprecated the elastic_pool_properties property and moved max_size_bytes
and zone_redundant to the top level (#2378)
azurerm_mysql_server - support for new skus GP_Gen5_64 and MO_Gen5_32 (#2446)
azurerm_postgresql_server support for new skus GP_Gen5_64 and MO_Gen5_32 - (#2447)
BUG FIXES:
Data Source: azurerm_logic_app_workflow - ensuing the parameters are a string prior to flattening (#2348)
Data Source: azurerm_public_ip - ensuing properties always exist (#2448)
Data Source: azurerm_route_table - validation updated to prevent empty and blank property values from
causing a panic (#2467)
azurerm_key_vault - fixing a deadlock situation where multiple subnets are used from the same virtual
network (#2324)
azurerm_eventhub - making the partition_count field ForceNew (#2400)
azurerm_eventhub - now validates that the storage_account_id is a proper resource ID (#2374)
azurerm_mssql_elasticpool - relaxed validation of the name property (#2398)
azurerm_recovery_services_protection_policy_vm - added the timezone property (#2404)
azurerm_route_table - validation updated to prevent empty and blank property values from causing a panic
(#2467)
azurerm_sql_server - only updating the admin_login_password when it's changed, allowing this to be
managed outside of Terraform (#2263)
azurerm_virtual_machine - nil-checking properties prior to accessing (#2365)
1.19.0 (November 15, 2018)

FEATURES:
New Data Source: azurerm_key_vault_key (#2231)
New Data Source: azurerm_monitor_diagnostic_setting (#1291)
New Resource: azurerm_iothub_consumer_group (#2243)
New Resource: azurerm_monitor_diagnostic_setting (#1291)
New Resource: azurerm_mssql_elasticpool (#2071)
IMPROVEMENTS:
dependencies: switching to Go 1.11 (#2229)
authentication: refactoring to allow authentication modes to be feature-toggled (#2199)
Data Source: azurerm_kubernetes_cluster - support for role_based_access_control (#1820)
azurerm_app_service - support for PHP 7.2 (#2308)
azurerm_app_service_slot - support for PHP 7.2 (#2308)
azurerm_databricks_workspace - fixing validation on the name field (#2221)
azurerm_function_app - support for the enable_builtin_logging property (#2268)
azurerm_kubernetes_cluster - support for role_based_access_control (#1820)
azurerm_network_interface - deprecating internal_fqdn since it's no longer setable/returned by Azure
(#2253)
azurerm_shared_image_version - allowing larger numbers for versions (#2301)
azurerm_virtual_machine - support for assigning both a system and a user managed identity (#2188)
azurerm_virtual_machine_scale_set - support for assigning both a system and a user managed identity
(#2188)
azurerm_virtual_machine_scale_set - support for setting eviction_policy (#2226)
azurerm_virtual_network_gateway - support for Zone Redundant Gateways (#2260)
BUG FIXES:
Data Source: azurerm_api_management - ensuring the public_ip_addresses field is set (#2310)
azurerm_api_management - ensuring the public_ip_addresses field is set (#2310)
azurerm_application_gateway - refactoring to ensure all fields are set (#2054)
azurerm_application_gateway - SSL certificates no longer continually diff (#2054)
azurerm_azuread_application - fix regression and allow http for identifier_uris and reply_urls
properties (#2320)
azurerm_cosmosdb_account - the ip_range_filter range filter now allows /32 ip addresses (#2222)
azurerm_public_ip - fixing the casing of the ip_version / public_ip_address_allocation fields (#2296)
azurerm_recovery_services_protected_vm - VM can now be in a different resource group then the vault
(#2287)
azurerm_role_assignment - will now wait after a Service Principal is created (#2204)
azurerm_route - allowing setting next_hop_in_ip_address to an empty value (#2184)
azurerm_route_table - allowing setting next_hop_in_ip_address to an empty value (#2184)
azurerm_virtual_network_gateway - plan is now empty when bgp_settings is omitted (#2304)
azurerm_virtual_network - add valdiation to prevent panics (#2305)
1.18.0 (November 02, 2018)

FEATURES:
New Resource: azurerm_devspace_controller (#2086)
New Resource: azurerm_log_analytics_workspace_linked_service (#2139)
IMPROVEMENTS:
authentication: decoupling the authentication methods from the provider to enable splitting out the
authentication library (#2197)
authentication: using the Proxy from the Environment, if set (#2133)
refactoring: decoupling Resource Provider Registration to enable splitting out the authentication library
(#2197)
sdk: upgrading to 2018-10-01 of the containerinstance sdk (#2174)
azurerm_automation_account - exposing dsc_server_endpoint , dsc_primary_access_key ,
dsc_secondary_access_key properties (#2166)
azurerm_automation_account - support for the free SKU (#2166)
azurerm_client_config - ensuring the service_principal_application_id and service_principal_object_id
are always set (#2120)
azurerm_cosmosdb_account - support for the enable_multiple_write_locations property (#2109)
azurerm_eventhub_namespace - allow maximum_throughput_units to be zero (#2124)
azurerm_key_vault_certificate - support for setting extended_key_usage (#2128)
azurerm_key_vault_certificate - support for setting subject_alternative_names (#2123)
azurerm_managed_disk - support for the UltraSSD_LRS storage account type (#2118)
azurerm_monitor_activity_log_alert - support the criteria fields resource_provider , resource_type ,
resource_group (#2150)
azurerm_recovery_services_protected_vm - backup_policy_id is now required (#2154)
azurerm_sql_database - adding validation to requested_service_objective_name (#2125)
azurerm_virtual_network_gateway - support for OpenVPN as a client protocol option (#2126)
azurerm_virtual_machine_scale_set - support for the application_security_group_ids property of
ip_configuration (#2009)
azurerm_virtual_machine_scale_set - support for a Rolling Upgrade Policy with Automatic OS upgrades
(#922)
BUG FIXES:
security: removing the Authorization header from the debug logs (#2131)
azurerm_api_management - validating the Key Vault Secret ID for the key_vault_id field in the
hostname_configuration block (#2189)
azurerm_function_app - correctly marking the resource as missing upon manual deletion (#2111)
azurerm_kubernetes_cluster - changing os_disk_size_gb to computed as the API now returns a valid default
(#2117)
azurerm_public_ip - domain_name_label validation now allows 63 characters (#2122)
azurerm_virtual_machine - making availability_set_id conflict with zones (#2185)
1.17.0 (October 18, 2018)

UPGRADE NOTES:
azurerm_virtual_machine_scale_set - the field primary within the ip_configuration block within the
network_profile block is now Required, to match behavioural changes in the Azure API. (#2035)
FEATURES:
New Data Source: azurerm_monitor_log_profile (#1792)
New Resource: azurerm_api_management (#1516)
New Resource: azurerm_automation_dsc_configuration (#1512)
New Resource: azurerm_automation_dsc_nodeconfiguration (#1512)
New Resource: azurerm_automation_module (#1512)
New Resource: azurerm_cognitive_account (#962)
New Resource: azurerm_databricks_workspace (#1134)
New Resource: azurerm_dev_test_policy (#2070)
New Resource: azurerm_dev_test_linux_virtual_machine (#2058)
New Resource: azurerm_dev_test_windows_virtual_machine (#2058)
New Resource: azurerm_monitor_activitylog_alert (#1989)
New Resource: azurerm_monitor_metric_alert (#2026)
New Resource: azurerm_monitor_log_profile (#1792)
New Resource: azurerm_network_interface_application_gateway_backend_address_pool_association (#2079)
New Resource: azurerm_network_interface_backend_address_pool_association (#2079)
New Resource: azurerm_network_interface_nat_rule_association (#2079)
New Resource: azurerm_recovery_services_protection_policy_vm (#1978)
New Resource: azurerm_recovery_services_protected_vm (#1637)
New Resource: azurerm_security_center_contact (#2045)
New Resource: azurerm_security_center_subscription_pricing (#2043)
New Resource: azurerm_security_center_workspace (#2072)
New Resource: azurerm_subnet_network_security_group_association (#1933)
New Resource: azurerm_subnet_route_table_association (#1933)
BUG FIXES:
Data Source azurerm_subnet - fixing the ordering of the resource group name and network name in the error
message (#2017)
azurerm_kubernetes_cluster - using the correct casing for the addon_profile oms_agent property (#1995)
azurerm_service_bus_queue - support for max_delivery_count (#2028)
azurerm_redis_cache - capcity can now be successfully changed (#2088)
azurerm_virtual_machine_scale_set - primary is now required within the ip_configuration block within
network_profile (matching a behavioural change with the Azure API) (#2035)
IMPROVEMENTS:
azurerm_application_gateway - support for the StandardV2 and WAFV2 skus and tiers (#2015)
azurerm_container_group - adding the secure_environment_variables property (#2024)
azurerm_dev_test_virtual_network - support for managing the Subnet (#2041)
azurerm_key_vault - support for Virtual Network Rules (#2027)
azurerm_kubernetes_cluster - changing the oms_agent property no longer forces a new resource (#2021)
azurerm_postgresql_virtual_network_rule - support for the ignore_missing_vnet_service_endpoint (#2056)
azurerm_public_ip - support for IPv6 addresses (#2019)
azurerm_search_service - adding the administrative primary_key and secondary_key propeties (#2074)
azurerm_role_definition - adding the data_actions and not_data_actions to the data source (#2110)
azurerm_storage_container - changing container_access_type no longer forces a new resource (#2075)
azurerm_user_assigned_identity - now exports the client_id property (#2078)
1.16.0 (October 01, 2018)

UPGRADE NOTES:
azurerm_azuread_application - the properties homepage , identifier_uris and reply_urls are now required
to be https as required by Azure (#1960)
FEATURES:
New Data Source: azurerm_dev_test_lab (#1944)
New Data Source: azurerm_shared_image (#1987)
New Data Source : azurerm_shared_image_gallery (#1987)
New Data Source: azurerm_shared_image_version (#1987)
New Resource: azurerm_dev_test_lab (#1944)
New Resource: azurerm_dev_test_virtual_network (#1944)
New Resource: azurerm_shared_image (#1987)
New Resource : azurerm_shared_image_gallery (#1987)
New Resource: azurerm_shared_image_version (#1987)
IMPROVEMENTS:
azurerm_cosmosdb_account - adding the is_virtual_network_filter_enabled and virtual_network_rule
propeties (#1961)
BUG FIXES:
Data Source : support for data_actions and not_data_actions (#2000)
azurerm_builtin_role_definition
azurerm_app_service_plan - exposing additional information on failure (#1926)
azurerm_app_service_custom_hostname_binding - handling multiple bindings being created in parallel (#1970)
azurerm_lb_rule - allow 0 for frontend_port and backend_port again (#1951)
azurerm_public_ip - correctly reading and importing the idle_timeout_in_minutes property (#1925)
azurerm_role_assignment - only retry on errors when they are retryable (#1934)
azurerm_role_definition - support for the data_actions and not_data_action blocks (#1971)
azurerm_service_fabric_cluster - allow two client_certificate_thumbprint blocks (#1938)
azurerm_service_fabric_cluster - support for specifying the cluster_code_version field (#1945)
azurerm_virtual_network - exposing the id of each subnet (#1913)
azurerm_virtual_machine - handling the Managed Disk ID being nil (#1947)
azurerm_virtual_machine_data_disk_attachment - supporting data disk attachments when a VM Extension is
installed (#1950)
azurerm_virtual_machine_scale_set - making admin_password in the os_profile block optional again
(#1958)
1.15.0 (September 14, 2018)
FEATURES:
New Resource: azurerm_firewall (#1627)
New Resource: azurerm_firewall_network_rule_collection (#1627)
New Resource: azurerm_mysql_virtual_network_rule (#1879)
IMPROVEMENTS:
dependencies: upgrading to v10.15.4 of github.com/Azure/go-autorest (#1861) (#1909)
sdk: upgrading to version 2018-06-01 of the Compute API's (#1861)
azurerm_automation_runbook - support for specifying the content field (#1696)
azurerm_app_service - adding the virtual_network_name property (#1896)
azurerm_app_service_slot - adding the virtual_network_name property (#1896)
azurerm_key_vault_certificate - adding the thumbprint property (#1904)
azurerm_servicebus_queue - adding validation for ISO8601 Durations (#1921)
azurerm_servicebus_topic - adding validation for ISO8601 Durations (#1921)
azurerm_sql_database - adding the threat_detection_policy property (#1628)
azurerm_virtual_network - adding validation to name preventing empty values (#1898)
azurerm_virtual_machine - support for the managed_disk_type of StandardSSD_LRS (#1901)
azurerm_virtual_machine_scale_set - support for the managed_disk_type of StandardSSD_LRS (#1901)
azurerm_virtual_network_gateway - additional validation (#1899)
BUG FIXES:
Data Source: azurerm_azuread_service_principal - passing a filter containing the name to Azure rather than
querying locally (#1862)
Data Source: azurerm_azuread_service_principal - passing a filter containing the name to Azure rather than
querying locally (#1862)
azurerm_logic_app_trigger_http_request - relative_path property now allows / s and {} s (#1918)
azurerm_role_assignment - parsing the Resource ID during deletion (#1887)
azurerm_role_definition - parsing the Resource ID during deletion (#1887)
azurerm_servicebus_namespace - polling for the deletion of the namespace (#1908)
1.14.0 (September 06, 2018)

FEATURES:
New Data Source: azurerm_management_group (#1877)
New Resource: azurerm_management_group (#1788)
New Resource: azurerm_postgresql_virtual_network_rule (#1774)
IMPROVEMENTS:
authentication: making the client registration consistent (#1845)
azurerm_application_insights - support for the MobileCenter kind (#1878)
azurerm_function_app - removing validation from the version field (#1872)
azurerm_iothub - exporting the event_hub_events_endpoint , event_hub_events_path ,
event_hub_operations_endpoint and event_hub_operations_path fields (#1789)
azurerm_iothub - support for endpoint and route blocks (#1693)
azurerm_kubernetes_cluster - making linux_profile optional (#1821)
azurerm_storage_blob - support for import (#1816)
azurerm_storage_container - support for import (#1816)
azurerm_storage_queue - support for import (#1816)
azurerm_storage_table - support for import (#1816)
BUG FIXES:
azurerm_data_lake_store_file - updating the Resource ID to match the file path (#1856)
azurerm_eventhub - updating the validation to support periods, hyphens and underscores (#1795)
azurerm_eventhub_authorization_rule - updating the validation error (#1795)
azurerm_eventhub_consumer_group - updating the validation to support periods, hyphens and underscores
(#1795)
azurerm_eventhub_namespace - updating the validation error (#1795)
azurerm_function_app - support for names in upper-case (#1835)
azurerm_kubernetes_cluster - removing validation for the pod_cidr field when network_plugin is set to
azure (#1798)
azurerm_logic_app_workflow - ensuring parameters are strings (#1843)
azurerm_virtual_machine - setting the image_uri property within the storage_os_disk block (#1799)
azurerm_virtual_machine_data_disk_attachment - obtaining a basic view, rather than the entire instance view
of the Virtual Machine to work around an issue in the API (#1855)
1.13.0 (August 15, 2018)
FEATURES:
New Data Source: azurerm_log_analytics_workspace (#1755)
New Resource: azurerm_monitor_action_group (#1725)
IMPROVEMENTS:
dependencies: upgrading to 2018-04-01 of the IoTHub SDK (#1717)
Azure CLI Auth - using the USERPROFILE environment variable to locate the users home directory, if set
(#1718)
Data Source azurerm_kubernetes_cluster - exposing the max_pods field within the agent_pool_profile block
(#1753)
Data Source: azurerm_kubernetes_cluster - exposing the add_on_profile block (#1751)
azurerm_automation_schedule - adding the week_days , month_days and monthly_occurrence properties
(#1626)
azurerm_container_group - adding a new commands field / deprecating the command field (#1740)
azurerm_iothub - support for the Basic SKU (#1717)
azurerm_kubernetes_cluster - support for max_pods within the agent_pool_profile block (#1753)
azurerm_kubernetes_cluster - support for the add_on_profile block (#1751)
azurerm_kubernetes_cluster - validation for when pod_cidr is set with a network_plugin set to azure
(#1763)
azurerm_kubernetes_cluster - client_id and client_secret in the service_principal block are now
ForceNew (#1737)
azurerm_kubernetes_cluster - docker_bridge_cidr , dns_service_ip and service_cidr are now conditionally
set (#1715)
azurerm_lb_nat_rule - protocol property now supports All (#1736)
azurerm_lb_nat_pool - protocol property now supports All (#1748)
azurerm_lb_probe - protocol property now supports Https (#1742)
azurerm_lb_rule - support for the All protocol / adding validation (#1754)
BUG FIXES:
azurerm_application_insights - handling a HTTP 201 being returned from the Create API which working
around a breaking change in the API (#1769)
azurerm_autoscale_setting - filtering out the $tags tag (#1770)
azurerm_eventhub - allowing underscores in the name field (#1768)
azurerm_eventhub_authorization_rule - allowing underscores in the name field (#1768)
azurerm_eventhub_consumer_group - allowing underscores in the name field (#1768)
1.12.0 (August 03, 2018)
UPGRADE NOTES:
Please Note: When upgrading to v1.12.0 of the Azure Provider, you may need to specify the priority of
any VM Scale Sets created between v1.6 of the Provider and v1.12. (#1586)
FEATURES:
New Data Source: azurerm_container_registry (#1642)
New Resource: azurerm_service_fabric_cluster (#4)
IMPROVEMENTS:
sdk: switching from WaitForCompletion -> WaitForCompletionRef when polling Future's (#1660)
Data Source: azurerm_kubernetes_cluster - support for specifying the network_profile block (#1479)
Data Source: azurerm_kubernetes_cluster - outputting the node_resource_group field (#1649)
azurerm_kubernetes_cluster - support for specifying the network_profile block (#1479)
azurerm_kubernetes_cluster - outputting the node_resource_group field (#1649)
azurerm_role_assignment - retrying resource creation to match the Azure CLI's behaviour (#1647)
azurerm_virtual_machine - setting the connection information for Provisioners (#1646)
BUG FIXES:
azurerm_virtual_machine_scale_set - removing the default of priority , since this isn't set on older instances.
(#1586)
1.11.0 (July 25, 2018)
FEATURES:
New Resource: azurerm_data_lake_store_file (#1261)
IMPROVEMENTS:
azurerm_app_service - support for min_tls_version in the site_config block (#1601)
azurerm_app_service_slot - support for min_tls_version in the site_config block (#1601)
azurerm_data_lake_store - support for enabling/disabling encryption (#1623)
azurerm_data_lake_store - support for managing the firewall state (#1623)
BUG FIXES:
azurerm_servicebus_topic - the name property now allows the ~ character (#1640)
1.10.0 (July 21, 2018)
FEATURES:
New Data Source: azurerm_azuread_application (#1552)
New Data Source: azurerm_logic_app_workflow (#1266)
New Data Source: azurerm_notification_hub (#1589)
New Data Source: azurerm_notification_hub_namespace (#1589)
New Data Source: azurerm_service_principal (#1564)
New Resource: azurerm_autoscale_setting (#1140)
New Resource: azurerm_data_lake_analytics_account (#1618)
New Resource: azurerm_data_lake_analytics_firewall_rule (#1618)
New Resource: azurerm_eventhub_namespace_authorization_rule (#1572)
New Resource: azurerm_logic_app_action_custom (#1266)
New Resource: azurerm_logic_app_action_http (#1266)
New Resource: azurerm_logic_app_trigger_custom (#1266)
New Resource: azurerm_logic_app_trigger_http_request (#1266)
New Resource: azurerm_logic_app_trigger_recurrence (#1266)
New Resource: azurerm_logic_app_workflow (#1266)
New Resource: azurerm_notification_hub (#1589)
New Resource: azurerm_notification_hub_authorization_rule (#1589)
New Resource: azurerm_notification_hub_namespace (#1589)
New Resource: azurerm_servicebus_queue_authorization_rule (#1543)
New Resource: azurerm_service_principal (#1564)
New Resource: azurerm_service_principal_password (#1564)
IMPROVEMENTS:
authentication: Refreshing the Service Principal Token before using it (#1544)
dependencies: updating to 2018-02-01 of the App Service SDK (#1436)
azurerm_app_service - support for setting ftps_settings in the site_config block (#1577)
azurerm_app_service - support for running containers (#1578)
azurerm_app_service_slot - support for Managed Service Identity (#1579)
azurerm_app_service_slot - Slots can now be updated in-place (#1436)
azurerm_container_group - support for images hosted in a private registry (#1529)
azurerm_function_app - adding support for the site_credential block (#1567)
azurerm_function_app - only setting WEBSITE_CONTENTSHARE and WEBSITE_CONTENTAZUREFILECONNECTIONSTRING for
Consumption Apps (#1515)
azurerm_mysql_server - changing tier or family in sku property no longer destroys existing resource
(#1598)
azurerm_network_security_rule - a maximum of 1 Application Security Group can be set per Security Rule
(#1587)
azurerm_postgresql_server - changing tier or family in sku property no longer destroys existing
resource (#1598)
azurerm_virtual_machine_scale_set - sku property is now a list #1558 (#1558)
BUG FIXES:
azurerm_application_insights - fixing a bug where application_type was set to other (#1563)
azurerm_lb - allow subnet_id to be set to an empty value (#1588)
azurerm_servicebus_subscription - only sending correlation_filter values if they're set (#1565)
azurerm_servicebus_subscription - setting the default_message_ttl field (#1568)
azurerm_snapshot - allowing dashes in the name field (#1574)
azurerm_traffic_manager_endpoint - working around a bug in the API by setting target to nil when a
target_resource_id is specified (#1546)
1.9.0 (July 11, 2018)

FEATURES:
New Resource: azurerm_azuread_application (#1269)
New Resource: azurerm_data_lake_store_firewall_rule (#1499)
New Resource: azurerm_key_vault_access_policy (#1149)
New Resource: azurerm_scheduler_job (#1172)
New Resource: azurerm_servicebus_namespace_authorization_rule (#1498)
New Resource: azurerm_user_assigned_identity (#1448)
IMPROVEMENTS:
dependencies: updating the containerservice SDK to 2018-03-31 to support AKS GA (#1474)
dependencies: updating to v18.0.0 of Azure/azure-sdk-for-go (#1487)
dependencies: updating to v10.12.0 of Azure/go-autorest (#1487)
azurerm_application_gateway - adding minimum_servers to the probe resource (#1510)
azurerm_cdn_profile - support for Standard_ChinaCdn and Standard_Microsoft SKU's (#1465)
azurerm_cosmosdb_account - checking to see if the name is in use before creating (#1464)
azurerm_cosmosdb_account - fixing the validation on the ip_range_filter field (#1463)
azurerm_dns_zone - support for Private DNS Zones (#1404)
azurerm_image - change os_disk property to a list and add additional property validation (#1443)
azurerm_lb - allow private_ip_address to be set to an empty value (#1481)
azurerm_mysql_server - changing the storage_mb property no longer forces a new resource (#1532)
azurerm_postgresql_server - changing the storage_mb property no longer forces a new resource (#1532)
azurerm_servicebus_queue - enable_partitioning can now be enabled for Basic and Standard tiers (#1391)
azurerm_virtual_machine - support for specifying user assigned identities (#1448)
azurerm_virtual_machine - making the content field in the additional_unattend_config block (within
os_profile_windows_config ) sensitive (#1471)
azurerm_virtual_machine_data_disk_attachment - adding support for write_accelerator_enabled (#1473)
azurerm_virtual_machine_scale_set - ensuring we set the vhd_containers field to fix a crash (#1411)
azurerm_virtual_machine_scale_set - support for specifying user assigned identities (#1448)
azurerm_virtual_machine_scale_set - making the content field in the additional_unattend_config block
(within os_profile_windows_config ) sensitive (#1471)
azurerm_virtual_network_gateway - adding support for the radius_server_address , radius_server_secret and
vpn_client_protocols fields to the Data Source (#1505)
BUG FIXES:
azurerm_key_vault_key - handling the parent Key Vault being deleted (#1535)
azurerm_sql_database - fix requested_service_objective_name updates (#1503)
azurerm_storage_account - limiting the tags field to 128 characters to match the service (#1524)
azurerm_virtual_network_gateway - fix azurerm_virtual_network_gateway crashing when
vpn_client_configuration was not supplied (#1505)
1.8.0 (June 28, 2018)

FEATURES:
New Resource: azurerm_dns_caa_record support (#1450)
New Resource: azurerm_virtual_machine_data_disk_attachment (#1207)
IMPROVEMENTS:
dependencies: upgrading to v10.11.4 of Azure/go-autorest (#1418)
dependencies: upgrading to v17.4.0 of Azure/azure-sdk-for-go (#1418)
azurerm_lb - additional validation on properties (#1403)
azurerm_application_gateway - support for the match block for Probes (#1446)
azurerm_log_analytics_solution - support for Sovereign Clouds (#1410)
azurerm_log_analytics_workspace - support for Sovereign Clouds (#1410)
azurerm_log_analytics_workspace - support for the PerGB2018 SKU (#1079)
azurerm_mysql_server - GeneralPurpose and MemoryOptimized sku tiers now allow 4tb for the storage_mb
property (#1449)
azurerm_network_interface - additional validation on properties (#1403)
azurerm_postgresql_server - GeneralPurpose and MemoryOptimized sku tiers now allow 4tb for the
storage_mb property (#1449)
azurerm_postgresql_server - adding support for version 10.0 (#1457)
azurerm_route_table - adding the disable BGP propagation property (#1435)
azurerm_sql_database - support for importing from a bacpac backup (#972)
azurerm_virtual_machine - support for setting the TimeZone on Windows (#1265)
BUG FIXES:
validation: ensuring IPv4/MAC addresses are detected correctly (#1431)
1.7.0 (June 16, 2018)
UPGRADE NOTES:
~> Please Note: The field overprovision on the azurerm_virtual_machine_scale_set resource has changed
from false to true to match the behaviour of Azure in this release. (#1322)
BUG FIXES:
azurerm_key_vault - respecting the proxy environment varibles terraform does and now can create vaults
when behind a proxy (#1393)
azurerm_kubernetes_cluster - dns_prefix is now required (#1333)
azurerm_network_interface - ensuring that Public IP's/Private IP Addresses can be removed once assigned
(#1295)
azurerm_public_ip - setting the domain_name_label property into state (#1287)
azurerm_storage_account - file and blob encryption is now explicity true by default (#1380)
azurerm_servicebus_namespace - the capacity propety no longer unnecessarily forces a new resource when
changed (#1382)
azurerm_virtual_machine_scale_set - the field overprovision is now true by default (#1322)
azurerm_app_service_plan - the name property validation now allows understores (#1351)
IMPROVEMENTS:
azurerm_automation_schedule - adding the interval property and supporting recurring schedules (#1384)
azurerm_dns_ns_record - deprecated record properties in favour of a records list (#991)
azurerm_function_app - adding the identity property (#1369)
azurerm_role_definition - the role_definition_id property is now optional. The resource will now generate
a random UUID if it is ommited (#1378)
azurerm_storage_account - adding the network_rules property (#1334)
azurerm_storage_account - adding the identity property (#1323)
azurerm_storage_blob - adding the content_type property (#1304)
azurerm_virtual_machine - support for write_accelerator_enabled property on Premium disks attached to
MS-series machines (#964)
azurerm_virtual_machine_scale_set - adding the dns_settings and dns_servers property (#1209)
azurerm_virtual_machine_scale_set - adding the ip_forwarding property (#1209)
azurerm_virtual_network_gateway - adding the properties vpn_client_protocols , radius_server_address and
radius_server_secret(#946)
dependencies: migrating to the un-deprecated Preview's for Container Instance, EventGrid, Log Analytics and
SQL (#1322)
dependencies: upgrading to 2018-01-01 of the EventGrid API (#1322)
dependencies: upgrading to 2018-03-01 of the Monitor API (#1322)
1.6.0 (May 24, 2018)
UPGRADE NOTES:
~> Please Note: The azurerm_mysql_server resource has been updated from the Preview API's to the GA API's -
which requires code changes in your Terraform Configuration to use the new Pricing SKU's. Upon updating to
v1.6.0 - you'll need to update the configuration from the Preview SKU's to the GA SKU's.
~> Please Note: The azurerm_postgresql_server resource has been updated from the Preview API's to the GA
API's - which requires code changes in your Terraform Configuration to use the new Pricing SKU's. Upon
updating to v1.6.0 - you'll need to update the configuration from the Preview SKU's to the GA SKU's.
azurerm_scheduler_job_collection - the property max_retry_interval on both the resource and datasource
has been deprecated in favour of max_recurrence_interval to better match Azure (#1218)
FEATURES:
New Data Source: azurerm_storage_account_sas (#1011)
New Resource: azurerm_data_lake_store (#1219)
New Resource: azurerm_relay_namespace (#1233)
BUG FIXES:
across data-sources and resources: making Connection Strings, Keys and Passwords sensitive fields (#1242)
azurerm_virtual_machine_scale_set - an empty os_profile_windows_config block no longer causes a panic
([#12* azurerm_app_service - adding validation to import (#5107)
azurerm_app_service_certificate - adding validation to import (#5107)
azurerm_app_service_custom_hostname_binding - adding validation to import (#5107)
azurerm_app_service_plan - adding validation to import (#5107)
azurerm_app_service_slot - adding validation to import (#5107)
azurerm_app_service_source_control_token - adding validation to import (#5107)
1.5.0 (May 14, 2018)

UPGRADE NOTES:
~> Please Note: Prior to v1.5 Data Sources in the AzureRM Provider returned nil rather than an error
message when a Resource didn't exist, which was a bug. In order to bring this into line with other Providers -
starting in v1.5 the AzureRM Provider will return an error message when a resource doesn't exist.
~> Please Note: This release fixes a bug in the azurerm_redis_cache resource where changes to fields weren't
detected; as such you may see changes in the redis_configuration block, particularly with the
rdb_storage_connection_string field. There's a bug tracking this inconsistency in the Azure Rest API Specs
Repository.
FEATURES:
New Data Source: azurerm_cosmosdb_account (#1056)
New Data Source: azurerm_kubernetes_cluster (#1204)
New Data Source: azurerm_key_vault (#1202)
New Data Source: azurerm_key_vault_secret (#1202)
New Data Source: azurerm_route_table (#1203)
BUG FIXES:
azurerm_redis_cache- changes to the redis_configuration block are now detected - please see the note
above for more information (#1211)
IMPROVEMENTS:
dependencies - upgrading to v16.2.1 of Azure/azure-sdk-for-go (#1198)
dependencies - upgrading to v10.8.1 of Azure/go-autorest (#1198)
azurerm_app_service - support for HTTP2 (#1188)
azurerm_app_service - support for Managed Service Identity (#1130)
azurerm_app_service_slot - support for HTTP2 (#1205)
azurerm_cosmosdb_account - added support for the connection_strings property (#1194)
azurerm_key_vault_certificate - exposing the certificate_data (#1200)
azurerm_kubernetes_cluster - making kube_config_raw a sensitive field (#1225)
azurerm_redis_cache - Redis Caches can now be Imported (#1211)
azurerm_redis_firewall_rule - Redis Firewall Rules can now be Imported (#1211)
azurerm_virtual_network - guarding against nil-objects in the response (#1208)
azurerm_virtual_network_gateway - ignoring the case of the GatewaySubnet (#1141)
1.4.0 (April 26, 2018)

UPGRADE NOTES:
azurerm_cosmosdb_account - the field failover_policy has been deprecated in favour of geo_locations to
better match Azure
FEATURES:
New Data Source: azurerm_recovery_services_vault (#995)
New Resource: azurerm_recovery_services_vault (#995)
New Resource: azurerm_servicebus_subscription_rule (#1124)
IMPROVEMENTS:
azurerm_app_service - support for updating in-place (#1125)
azurerm_app_service_plan - support for kind being app (#1156)
azurerm_cosmosdb_account - support for enable_automatic_failover (#1055)
azurerm_cosmosdb_account - support for the ConsistentPrefix consistncy level (#1055)
azurerm_cosmosdb_account - prefixes can now be configured for locations (#1055)
azurerm_function_app - support for updating in-place (#1125)
azurerm_key_vault - adding cert permissions for Purge and Recover (#1132)
azurerm_key_vault - polling to ensure the Key Vault is resolvable via DNS (#1081] [#1164)
azurerm_kubernetes_cluster - only setting the Subnet ID when it's not an empty string (#1158)
azurerm_kubernetes_cluster - exposing the clusters credentials as kube_config (#953)
azurerm_metric_alertrule - filtering out tags prefixed with $type (#1107)
azurerm_virtual_machine - loading managed disk information from Azure when the machine is stopped
(#1100)
azurerm_virtual_machine - make the vm_size property case insensitive (#1131)
BUG FIXES:
azurerm_cosmosdb_account - locations can now be modified in-place (without requiring multiple apply's)
(#1055)
1.3.3 (April 17, 2018)
FEATURES:
New Data Source: azurerm_app_service (#1071)
New Resource: azurerm_app_service_custom_hostname_binding (#1087)
IMPROVEMENTS:
dependencies: upgrading to v15.1.0 of Azure/azure-sdk-for-go (#1099)
dependencies: upgrading to v10.6.0 of Azure/go-autorest (#1077)
azurerm_app_service - added support for the https_only field (#1080)
azurerm_app_service_slot - added support for the https_only field (#1080)
azurerm_function_app - added support for the https_only field (#1080)
azurerm_key_vault_certificate - exposing the certificate's associated secret_id (#1096)
azurerm_redis_cache - support for clusters on the internal network (#1086)
azurerm_servicebus_queue - support for setting requires_session (#1111)
azurerm_sql_database - changes to collation force a new resource (#1066)
1.3.2 (April 04, 2018)

FEATURES:
New Resource: azurerm_packet_capture (#1044)
New Resource: azurerm_policy_assignment (#1051)
IMPROVEMENTS:
azurerm_virtual_machine_scale_set - adds support for MSI (#1018)
1.3.1 (March 29, 2018)
FEATURES:
New Data Source: azurerm_scheduler_job_collection (#990)
New Data Source: azurerm_traffic_manager_geographical_location (#987)
New Resource: azurerm_express_route_circuit_authorization (#992)
New Resource: azurerm_express_route_circuit_peering (#1033)
New Resource: azurerm_iothub (#887)
New Resource: azurerm_policy_definition (#1010)
New Resource: azurerm_sql_virtual_network_rule (#978)
IMPROVEMENTS:
azurerm_app_service - allow changing client_affinity_enabled without requiring a resource recreation
(#993)
azurerm_app_service - support for configuring LocalSCM source control (#826)
azurerm_app_service - returning a clearer error message when the name (which needs to be globally unique)
is in use (#1037)
azurerm_cosmosdb_account - increasing the maximum value for max_interval_in_seconds from 100s to
86400s (1 day) [#1000]
azurerm_function_app - returning a clearer error message when the name (which needs to be globally
unique) is in use (#1037)
azurerm_network_interface - support for attaching to Application Gateways (#1027)
azurerm_traffic_manager_endpoint - adding support for geo_mappings (#986)
azurerm_traffic_manager_profile - adding support for the traffic_routing_method Geographic (#986)
azurerm_virtual_machine_scale_sets - support for attaching to Application Gateways (#1027)
azurerm_virtual_network_gateway - changes to peering_address now force a new resource (#1040)
1.3.0 (March 15, 2018)

FEATURES:
New Data Source: azurerm_cdn_profile (#950)
New Data Source: azurerm_network_interface (#854)
New Data Source: azurerm_public_ips (#304)
New Data Source: azurerm_subscriptions (#940)
New Resource: azurerm_log_analytics_solution (#952)
New Resource: azurerm_sql_active_directory_administrator (#765)
New Resource: azurerm_scheduler_job_collection (#963)
BUG FIXES:
azurerm_application_gateway - fixes a crash where ssl_policy isn't returned from the Azure API when
importing existing resources (#935)
azurerm_app_service - supporting client_affinity_enabled being false (#973)
azurerm_kubernetes_cluster - exporting the FQDN (#907)
azurerm_sql_elasticpool - fixing a crash where location isn't returned for legacy resources (#982)
IMPROVEMENTS:
Data Source: azurerm_builtin_role_definition - loading available role definitions from Azure (#770)
Data Source: azurerm_managed_disk - adding support for Availability Zones (#811)
Data Source: azurerm_network_security_group - support for security rules including Application Security
Groups (#925)
azurerm_app_service_plan - support for provisioning Consumption Plans (#981)
azurerm_cdn_endpoint - adding support for GeoFilters, ProbePaths (#967)
azurerm_cdn_endpoint - making the origin block ForceNew to match Azure (#967)
azurerm_function_app - adding client_affinity_enabled , use_32_bit_worker_process and
websockets_enabled (#886)
azurerm_load_balancer - adding support for Availability Zones (#811)
azurerm_managed_disk - adding support for Availability Zones (#811)
azurerm_network_interface - setting internal_fqdn if it's not nil (#977)
azurerm_network_security_group - support for security rules including Application Security Groups (#925)
azurerm_network_security_rule - support for security rules including Application Security Groups (#925)
azurerm_public_ip - adding support for Availability Zones (#811)
azurerm_redis_cache - add support for notify-keyspace-events (#949)
azurerm_template_deployment - support for specifying parameters via parameters_body (#404)
azurerm_virtual_machine - adding support for Availability Zones (#811)
azurerm_virtual_machine_scale_set - adding support for Availability Zones (#811)
1.2.0 (March 02, 2018)
FEATURES:
New Data Source: azurerm_application_security_group (#914)
New Resource: azurerm_application_security_group (#905)
New Resource: azurerm_servicebus_topic_authorization_rule (#736)
BUG FIXES:
azurerm_kubernetes_cluster - an empty linux_profile.ssh_key.keydata no longer causes a crash (#903)
azurerm_kubernetes_cluster - the linux_profile.admin_username and linux_profile.ssh_key.keydata fields
now force a new resource (#895)
azurerm_network_interface - the subnet_id field is now case insensitive (#866)
azurerm_network_security_group - reverting security_rules to a set to fix an ordering issue (#893)
azurerm_virtual_machine_scale_set - the computer_name_prefix field now forces a new resource (#871)
IMPROVEMENTS:
authentication: adding support for Managed Service Identity (#639)
azurerm_container_group - added dns_name_label and FQDN properties (#877)
azurerm_network_interface - support for attaching to Application Security Groups (#911)
azurerm_network_security_group - support for augmented security rules (#781)
azurerm_servicebus_subscription - added support for the forward_to property (#861)
azurerm_storage_account - adding support for account_kind being StorageV2 (#851)
azurerm_virtual_network_gateway_connection - support for IPsec/IKE Policies (#834)
1.1.2 (February 19, 2018)

FEATURES:
New Resource: azurerm_kubernetes_cluster (#693)
New Resource: azurerm_app_service_active_slot (#818)
New Resource: azurerm_app_service_slot (#818)
BUG FIXES:
Data Source: azurerm_app_service_plan : handling a 404 not being returned as an error (#849)
Data Source: azurerm_virtual_network - Fixing a crash when the DhcpOptions aren't specified (#803)
azurerm_application_gateway - fixing crashes due to schema mismatches for existing resources (#848)
azurerm_storage_container - add a retry for creation (#846)
IMPROVEMENTS:
authentication: pulling the Environment key from the Azure CLI Config (#842)
core: upgrading to v12.5.0-beta of the Azure SDK for Go (#830)
compute: upgrading to use the 2017-12-01 API Version (#797)
azurerm_app_service_plan : support for attaching to an App Service Environment (#850)
azurerm_container_group - adding restart_policy (#827)
azurerm_managed_disk - updated the validation on disk_size_gb / made it computed (#800)
azurerm_role_assignment - add role_definition_name (#775)
azurerm_subnet - add support for Service Endpoints (#786)
azurerm_virtual_machine - changing managed_disk_id and create_option to be not ForceNew (#813)
1.1.1 (February 06, 2018)
BUG FIXES:
azurerm_public_ip - Setting the ip_address field regardless of the DNS Settings (#772)
azurerm_virtual_machine - ignores the case of the Managed Data Disk ID's to work around an Azure Portal
bug (#792)
FEATURES:
New Data Source: azurerm_storage_account (#794)
New Data Source: azurerm_virtual_network_gateway (#796)
1.1.0 (January 26, 2018)
UPGRADE NOTES:
Data Source: azurerm_builtin_role_definition - now returns the correct UUID/GUID for the
Virtual Machines Contributor role (previously the ID for the Classic Virtual Machine Contributor role was
returned) (#762)
azurerm_snapshot - source_uri now forces a new resource on changes due to behavioural changes in the
Azure API (#744)
FEATURES:
New Data Source: azurerm_dns_zone (#702)
New Resource: azurerm_metric_alertrule (#478)
New Resource: azurerm_virtual_network_gateway (#133)
New Resource: azurerm_virtual_network_gateway_connection (#133)
IMPROVEMENTS:
core: upgrading to v12.2.0-beta of Azure/azure-sdk-for-go (#684)
core: upgrading to v9.7.0 of Azure/go-autorest (#684)
Data Source: azurerm_builtin_role_definition - adding extra role definitions (#762)
azurerm_app_service - exposing the outbound_ip_addresses field (#700)
azurerm_function_app - exposing the outbound_ip_addresses field (#706)
azurerm_function_app - add support for the always_on and connection_string fields (#695)
azurerm_image - add support for filtering images by a regex on the name (#642)
azurerm_lb - adding support for the Standard SKU (in Preview) (#665)
azurerm_public_ip - adding support for the Standard SKU (in Preview) (#665)
azurerm_network_security_rule - add support for augmented security rules (#692)
azurerm_role_assignment - generating a name if one isn't specified (#685)
azurerm_traffic_manager_profile - adding support for setting protocol to TCP (#742)
1.0.1 (January 12, 2018)

FEATURES:
New Data Source: azurerm_app_service_plan (#668)
New Data Source: azurerm_eventhub_namespace (#673)
New Resource: azurerm_function_app (#647)
IMPROVEMENTS:
core: adding a cache to the Storage Account Keys (#634)
azurerm_eventhub - added support for capture_description (#681)
azurerm_eventhub_consumer_group - adding validation for the user metadata field (#641)
azurerm_lb - adding the computed field public_ip_addresses (#633)
azurerm_local_network_gateway - add support for tags (#638)
azurerm_network_interface - support for Accelerated Networking (#672)
azurerm_storage_account - expose primary_connection_string and secondary_connection_string (#647)
1.0.0 (December 15, 2017)

FEATURES:
New Data Source: azurerm_network_security_group (#623)
New Data Source: azurerm_virtual_network (#533)
New Resource: azurerm_management_lock (#575)
New Resource: azurerm_network_watcher (#571)
IMPROVEMENTS:
authentication - add support for the latest Azure CLI configuration (#573)
authentication - conditional loading of the Subscription ID / Tenant ID / Environment (#574)
core - appending additions to the User Agent, so we don't overwrite the Go SDK User Agent info (#587)
core - Upgrading Azure/azure-sdk-for-go to v11.2.2-beta (#594)
core - upgrading Azure/go-autorest to v9.5.2 (#617)
core - skipping Resource Provider Registration in AutoRest when opted-out (#630)
azurerm_app_service - exposing the Default Hostname as a Computed field
Versions 0.1.0 - 0.3.3

0.3.3 (November 14, 2017)
FEATURES:
New Resource: azurerm_redis_firewall_rule (#529)
IMPROVEMENTS:
authentication: allow using multiple subscriptions for Azure CLI auth (#445)
core: appending the CloudShell version to the user agent when running within CloudShell (#483)
azurerm_app_service / azurerm_app_service_plan - adding validation for the name fields (#528)
azurerm_container_registry - Migration: Fixing a crash when the storage_account block is nil (#551)
azurerm_lb_nat_rule : support for floating IP's (#542)
azurerm_public_ip - Clarify the error message for the validation of domain name label (#485)
azurerm_network_security_group - fixing a crash when changes were made outside of Terraform (#492)
azurerm_redis_cache : support for Patch Schedules (#540)
azurerm_virtual_machine - ensuring vhd_uri is validated (#470)
azurerm_virtual_machine_scale_set : fixing a crash where accelerated networking isn't returned by the API
(#480)
0.3.2 (October 30, 2017)
FEATURES:
New Resource: azurerm_application_gateway (#413)
IMPROVEMENTS:
azurerm_virtual_machine_scale_set - Add nil check to os disk (#436)
azurerm_key_vault - Increased timeout on dns availability (#457)
azurerm_route_table - Fix issue when routes are computed (#450)
0.3.1 (October 21, 2017)
IMPROVEMENTS:
azurerm_virtual_machine_scale_set - Updating this resource with the v11 of the Azure SDK for Go (#448)
0.3.0 (October 17, 2017)
UPGRADE NOTES:
azurerm_automation_account - the SKU Free has been replaced with Basic .
azurerm_container_registry - Azure has updated the SKU from Basic to Classic , with new Basic ,
Standard and Premium SKU's introduced.
azurerm_container_registry - the storage_account block is now storage_account_id and is only required for
Classic SKU's
azurerm_key_vault - certificate_permissions , key_permissions and secret_permissions have all had the
All option removed by Azure. Each permission now needs to be specified manually.
azurerm_route_table - route is no longer computed
azurerm_servicebus_namespace - The capacity field can only be set for Premium SKU's
azurerm_servicebus_queue - The enable_batched_operations and support_ordering fields have been
deprecated by Azure.
azurerm_servicebus_subscription - The dead_lettering_on_filter_evaluation_exceptions has been removed
by Azure.
azurerm_servicebus_topic - The enable_filtering_messages_before_publishing field has been removed by
Azure.
FEATURES:
New Data Source: azurerm_builtin_role_definition (#384)
New Data Source: azurerm_image (#382)
New Data Source: azurerm_key_vault_access_policy (#423)
New Data Source: azurerm_platform_image (#375)
New Data Source: azurerm_role_definition (#414)
New Data Source: azurerm_snapshot (#420)
New Data Source: azurerm_subnet (#411)
New Resource: azurerm_key_vault_certificate (#408)
New Resource: azurerm_role_assignment (#414)
New Resource: azurerm_role_definition (#414)
New Resource: azurerm_snapshot (#420)
IMPROVEMENTS:
Upgrading to v11 of the Azure SDK for Go (#367)
azurerm_client_config - updating the data source to work when using AzureCLI auth (#393)
azurerm_container_group - add support for volume mounts (#366)
azurerm_key_vault - fix a crash when no certificate_permissions are defined (#374)
azurerm_key_vault - waiting for the DNS to propagate (#401)
azurerm_managed_disk - support for creating Managed Disks from Platform Images by supporting
"FromImage" (#399)
azurerm_managed_disk - support for creating Encrypted Managed Disks (#399)
azurerm_mysql_* - Ensuring we register the MySQL Resource Provider (#397)
azurerm_network_interface - exposing all of the Private IP Addresses assigned to the NIC (#409)
azurerm_network_security_group / azurerm_network_security_rule - refactoring (#405)
azurerm_route_table - removing routes when none are specified (#403)
azurerm_route_table - refactoring route from a Set to a List (#402)
azurerm_route - refactoring route from a Set to a List (#402)
azurerm_storage_account - support for File Encryption (#363)
azurerm_storage_account - support for Custom Domain (#363)
azurerm_storage_account - splitting the storage account Tier and Replication out into separate fields (#363)
- returning a user friendly error when trying to provision a Blob Storage Account
azurerm_storage_account
with ZRS redundancy (#421)
azurerm_subnet - making it possible to remove Network Security Groups / Route Tables (#411)
azurerm_virtual_machine - fixing a bug where additional_unattend_config.content was being updated
unintentionally (#377)
azurerm_virtual_machine - switching to use Lists instead of Sets (#426)
azurerm_virtual_machine_scale_set - fixing a bug where additional_unattend_config.content was being
updated unintentionally (#377)
azurerm_virtual_machine_scale_set - support for multiple network profiles (#378)
0.2.2 (September 28, 2017)

FEATURES:
New Resource: azurerm_key_vault_key (#356)
New Resource: azurerm_log_analytics_workspace (#331)
New Resource: azurerm_mysql_configuration (#352)
New Resource: azurerm_mysql_database (#352)
New Resource: azurerm_mysql_firewall_rule (#352)
New Resource: azurerm_mysql_server (#352)
IMPROVEMENTS:
Updating the provider initialization & adding a skip_credentials_validation field to the provider for some
advanced scenarios (#322)
0.2.1 (September 25, 2017)
FEATURES:
New Resource: azurerm_automation_account (#257)
New Resource: azurerm_automation_credential (#257)
New Resource: azurerm_automation_runbook (#257)
New Resource: azurerm_automation_schedule (#257)
New Resource: azurerm_app_service (#344)
IMPROVEMENTS:
azurerm_client_config - adding service_principal_application_id (#348)
azurerm_key_vault - adding application_id and certificate_permissions (#348)
BUG FIXES:
azurerm_virtual_machine_scale_set - fix panic with additional_unattend_config block (#266)
0.2.0 (September 15, 2017)
FEATURES:
Suppor t for authenticating using the Azure CLI (#316)
New Resource: azurerm_container_group (#333] [#311] [#338)
IMPROVEMENTS:
azurerm_app_service_plan - support for Linux App Service Plans (#332)
azurerm_postgresql_server - supporting additional storage sizes (#239)
azurerm_public_ip - verifying the ID is valid before importing (#320)
azurerm_sql_server - verifying the name is valid before creating (#323)
resource_group_name - validation has been added to all resources that use this attribute (#330)
0.1.7 (September 11, 2017)

FEATURES:
New Resource: azurerm_postgresql_configuration (#210)
New Resource: azurerm_postgresql_database (#210)
New Resource: azurerm_postgresql_firewall_rule (#210)
New Resource: azurerm_postgresql_server (#210)
IMPROVEMENTS:
azurerm_cdn_endpoint - defaulting the http_port and https_port (#301)
azurerm_cosmos_db_account : allow setting the Kind to MongoDB/GlobalDocumentDB (#299)
0.1.6 (August 31, 2017)

FEATURES:
New Data Source : azurerm_subscription (#285)
New Resource: azurerm_app_service_plan (#1)
New Resource: azurerm_eventgrid_topic (#260)
New Resource: azurerm_key_vault_secret (#269)
IMPROVEMENTS:
azurerm_image - added a default to the caching field (#259)
azurerm_key_vault - validation for the name field (#270)
azurerm_network_interface - support for multiple IP Configurations / setting the Primary IP Configuration
(#245)
azurerm_resource_group - poll until the resource group is created (by migrating to the Azure SDK for Go)
(#289)
azurerm_search_service - migrating to use the Azure SDK for Go (#283)
azurerm_sql_* - ensuring deleted resources are detected (#289] / [#255)
azurerm_sql_database - Import Support (#289)
azurerm_sql_database - migrating to using the Azure SDK for Go (#289)
azurerm_sql_firewall_rule - migrating to using the Azure SDK for Go (#289)
azurerm_sql_server - added checks to handle name not being globally unique (#189)
azurerm_sql_server - making administrator_login ForceNew (#189)
azurerm_sql_server - migrate to using the azure-sdk-for-go (#189)
azurerm_virtual_machine - Force recreation if storage_data_disk . create_option changes (#240)
azurerm_virtual_machine_scale_set - Fix address issue when setting the winrm block (#271)
updating to v10.3.0-beta of the Azure SDK for Go (#258)
Removing the (now unused) Riviera SDK (#289] [#291)
BUG FIXES:
azurerm_cosmosdb_account - fixing the validation on the name field (#263)
azurerm_sql_server - handle deleted servers correctly (#189)
Fixing the Microsoft.Insights Resource Provider Registration (#282)
0.1.5 (August 09, 2017)
IMPROVEMENTS:
azurerm_sql_* - upgrading to version 2014-04-01 of the SQL API's (#201)
azurerm_virtual_machine - support for the Windows_Client Hybrid Use Benefit type (#212)
azurerm_virtual_machine_scale_set - support for custom images and managed disks (#203)
BUG FIXES:
azurerm_sql_database - fixing creating a DB with a PointInTimeRestore (#197)
azurerm_virtual_machine - fix a crash when the properties for a network inteface aren't returned (#208)
azurerm_virtual_machine - changes to custom data should force new resource (#211)
azurerm_virtual_machine - fixes a crash caused by an empty os_profile_windows_config block (#222)
Checking to ensure the HTTP Response isn't nil before accessing it (fixes (#200]) [#204)
0.1.4 (July 26, 2017)
BUG FIXES:
azurerm_dns_*- upgrading to version 2016-04-01 of the Azure DNS API by switching from Riviera -> Azure
SDK for Go (#192)
0.1.3 (July 21, 2017)
FEATURES:
New Resource: azurerm_dns_ptr_record (#141)
New Resource: azurerm_image (#8)
New Resource: azurerm_servicebus_queue (#151)
IMPROVEMENTS:
azurerm_client_config - added a service_principal_object_id attribute to the data source (#175)
azurerm_search_service - added import support (#172)
azurerm_servicebus_topic - added a status field to allow disabling the topic (#150)
azurerm_storage_account - Added support for Require secure transfer (#167)
azurerm_storage_table - updating the name validation (#143)
azurerm_virtual_machine - making admin_password optional for Linux VM's (#154)
azurerm_virtual_machine_scale_set - adding a plan block for Marketplace images (#161)
0.1.2 (June 29, 2017)
FEATURES:
New Data Source: azurerm_managed_disk (#121)
New Resource: azurerm_application_insights (#3)
New Resource: azurerm_cosmosdb_account (#108)
azurerm_network_interface now supports import (#119)
IMPROVEMENTS:
Ensuring consistency in when storing the location field in the state for the azurerm_availability_set ,
azurerm_express_route_circuit , azurerm_load_balancer , azurerm_local_network_gateway ,
azurerm_managed_disk , azurerm_network_security_group azurerm_public_ip , azurerm_resource_group ,
azurerm_route_table , azurerm_storage_account , azurerm_virtual_machine and azurerm_virtual_network
resources (#123)
azurerm_redis_cache - now supports backup settings for Premium Redis Cache's (#130)
azurerm_storage_account - exposing a formatted Connection String for Blob access (#142)
BUG FIXES:
azurerm_cdn_endpoint - fixing update of the origin_host_header (#134)
azurerm_container_service - exposes the FQDN of the master_profile as a computed field (#125)
azurerm_key_vault - fixing import / the validation on Access Policies (#124)
azurerm_network_interface - Normalizing the location field in the state (#122)
azurerm_network_interface - fixing a crash when importing a NIC with a Public IP (#128)
azurerm_network_security_rule : network_security_group_name is now ForceNew (#138)
azurerm_subnet now correctly detects changes to Network Securtiy Groups and Routing Table's (#113)
azurerm_virtual_machine_scale_set - making storage_profile_os_disk . name optional (#129)
0.1.1 (June 21, 2017)

BUG FIXES:
Sort ResourceID.Path keys for consistent output (#116)
0.1.0 (June 20, 2017)
BACKWARDS INCOMPATIBILITIES / NOTES:
FEATURES:
New Data Source: azurerm_resource_group [#15022](https://github.com/hashicorp/terraform/pull/15022)
IMPROVEMENTS:
Add diff supress func to endpoint_location [#15094](https://github.com/hashicorp/terraform/pull/15094)
BUG FIXES:
Fixing the Deadlock issue (#6)
Quickstart: Install and Configure Terraform
Terraform enables the definition, preview, and deployment of cloud infrastructure. Using Terraform, you create
configuration files using HCL syntax. The HCL syntax allows you to specify the cloud provider - such as Azure -
and the elements that make up your cloud infrastructure. After you create your configuration files, you create an
execution plan that allows you to preview your infrastructure changes before they're deployed. Once you verify
the changes, you apply the execution plan to deploy the infrastructure.
Configure in Azure Cloud Shell with Bash
Configure in Azure Cloud Shell with PowerShell
Configure in Windows with Bash
Configure in Windows with PowerShell
Prerequisites
Azure subscription : If you don't have an Azure subscription, create a free account before you begin.
Configure in Azure Cloud Shell with Bash

Azure Cloud Shell includes Terraform and automatically updates to the latest version of Terraform. However, the
updates come within a couple of weeks of release. The following article shows you how to download and install
the current version of Terraform using Bash within the Cloud Shell environment.
Configure in Azure Cloud Shell with PowerShell

Azure Cloud Shell includes Terraform and automatically updates to the latest version of Terraform. However, the
updates come within a couple of weeks of release. The following article shows you how to download and install
the current version of Terraform using PowerShell within the Cloud Shell environment.
Configure in Windows with Bash

The following article shows you how to install and test Terraform in Windows using a Bash emulator.
Configure in Windows with PowerShell

The following article shows you how to install and test Terraform in Windows using PowerShell.
Troubleshoot Terraform on Azure

Troubleshoot common problems when using Terraform on Azure
Next steps
Create Azure resource group
Install the Azure Terraform Visual Studio Code
extension
The Visual Studio Code Terraform extension enables you to work with Terraform from the editor. With this
extension, you can author, test, and run Terraform configurations.
In this article, you learn how to:
Install the Azure Terraform Visual Studio Code extension

Use the extension to create an Azure resource group
Verify the resource group was created
Delete the resource group when finished testing using the extension
1. Configure your environment

options:
Install Node.js.
2. Install the Azure Terraform Visual Studio Code extension

1. Launch Visual Studio Code.
2. From the left menu, select Extensions , and enter Azure Terraform in the search text box.
3. From the list of extensions, locate the Azure Terraform extension. (It should be the first extension listed.)
4. If the extension isn't yet installed, select the extension's Install option.
Key points:
When you select Install for the Azure Terraform extension, Visual Studio Code automatically installs
the Azure Account extension.
Azure Account is a dependency file for the Azure Terraform extension. This file is used to authenticate
to Azure and Azure-related code extensions.
5. To confirm the installation of the extensions, enter @installed in the search text box. Both the Azure
Terraform extension and the Azure Account extension will appear in the list of installed extensions.
You can now run all supported Terraform commands in your Cloud Shell environment from within Visual Studio
Code.
3. Implement the Terraform code

1. Create a directory in which to test the sample Terraform code and open that directory in Visual Studio.
The files you create in this section should be created in your new directory.
2. Create a file named main.tf and insert the following code:
resource "random_pet" "rg_name" {

prefix = var.resource_group_name_prefix
}
resource "azurerm_resource_group" "rg" {

location = var.resource_group_location
name = random_pet.rg_name.id
}
3. Create a file named variables.tf to contain the project variables and insert the following code:
variable "resource_group_location" {
default = "eastus"
description = "Location of the resource group."
}
variable "resource_group_name_prefix" {
default = "rg"
description = "Prefix of the resource group name that's combined with a random ID so name is unique
in your Azure subscription."
}
Key points:
The resource_group_name and resource_group_location values are shown with test values. You can set
these values to whatever makes sense for your environment.
4. Create a file named outputs.tf to contain the project variables and insert the following code:
output "resource_group_name" {
value = azurerm_resource_group.rg.name
}
Key points:
The outputs.tf file displays the randomized resource group name.
4. Push your code to Cloud Shell

1. From the View menu, select Command Palette....
2. In the Command Palette text box, start entering Azure Terraform: Push and select it when it displays.
3. Select OK to confirm the opening of Cloud Shell.
Key points:
Your workspace files that meet the filter defined in the azureTerraform.files setting in your
configuration are copied to Cloud Shell.
5. Initialize Terraform within Visual Studio Code

2. In the Command Palette text box, start entering Azure Terraform: Init and select it when it displays.
Key points:
Selecting this option is the same as running terraform init from the command line and will initialize
your Terraform deployment.
This command downloads the Azure modules required to create an Azure resource group.
3. Follow the prompts to install any dependencies - such as the latest supported version of nodejs.
4. If this is the first time you're using Cloud Shell with your default Azure subscription, follow the prompts to
configure the environment.
6. Create a Terraform execution plan within Visual Studio Code

2. In the Command Palette text box, start entering Azure Terraform: Plan and select it when it displays.
Key points:
This command runs terraform plan to create an execution plan from the Terraform configuration files
in the current directory.
7. Apply a Terraform execution plan within Visual Studio Code

2. In the Command Palette text box, start entering Azure Terraform: Apply and select it when it displays.
3. When prompted for confirmation, enter yes and press <Enter> .
8. Verify the results

Azure CLI
Azure PowerShell

2. In the Command Palette text box, start entering Azure: Open Bash in Cloud Shell and select it when it
displays.
3. Run az group show to display the resource group. Replace the <resource_group_name> placeholder with
the randomly generated name of the resource group displayed after applying the Terraform execution
plan.
az group show --name <resource_group_name>
9. Clean up resources
2. In the Command Palette text box, start entering Azure Terraform: Destroy and select it when it displays.
3. When prompted for confirmation, enter yes and press <Enter> .
4. To confirm that Terraform successfully destroyed your new resource group, run the steps in the section,
Verify the results.

Next steps
Read more about the Azure Terraform Visual Studio Code extension
Authenticate Terraform to Azure
To use Terraform commands against your Azure subscription, you must first authenticate Terraform to that
subscription. This article covers some common scenarios for authenticating to Azure.
Understand common Terraform and Azure authentication scenarios

Authenticate via a Microsoft account from Cloud Shell (using Bash or PowerShell)
Authenticate via a Microsoft account from Windows (using Bash or PowerShell)
Create a service principal using the Azure CLI
Create a service principal using Azure PowerShell
Specify service principal credentials in environment variables
Specify service principal credentials in a Terraform provider block

options:
2. Authenticate Terraform to Azure

Terraform and Azure authentication scenarios
Terraform only supports authenticating to Azure via the Azure CLI. Authenticating using Azure PowerShell isn't
supported. Therefore, while you can use the Azure PowerShell module when doing your Terraform work, you
first need to authenticate to Azure using the Azure CLI.
This article explains how to authenticate Terraform to Azure for the following scenarios. For more information
about options to authenticate Terraform to Azure, see Authenticating using the Azure CLI.
Authenticating via a Microsoft account using Cloud Shell (with Bash or PowerShell) and
Authenticating via a Microsoft account using Windows (with Bash or PowerShell)
Authenticating via a service principal:
1. If you don't have a service principal, create a service principal.
2. Authenticate to Azure using environment variables or authenticate to Azure using the Terraform
provider block
Authenticate to Azure via a Microsoft account
A Microsoft account is a username (associated with an email and its credentials) that is used to sign in to
Microsoft services - such as Azure. A Microsoft account can be associated with one or more Azure subscriptions,
with one of those subscriptions being the default.
The following steps show you how to sign in to Azure interactively using a Microsoft account, list the account's
associated Azure subscriptions (including the default), and set the current subscription.
1. Open a command line that has access to the Azure CLI.
2. Run az login without any parameters and follow the instructions to sign in to Azure.
az login
Key points:
Upon successful sign in, az login displays a list of the Azure subscriptions associated with the
logged-in Microsoft account, including the default subscription.
3. To confirm the current Azure subscription, run az account show.
az account show
4. To view all the Azure subscription names and IDs for a specific Microsoft account, run az account list.
az account list --query "[?user.name=='<microsoft_account_email>'].{Name:name, ID:id,

Default:isDefault}" --output Table
Key points:
Replace the <microsoft_account_email> placeholder with the Microsoft account email address whose
Azure subscriptions you want to list.
With a Live account - such as a Hotmail or Outlook - you might need to specify the fully qualified
email address. For example, if your email address is admin@hotmail.com , you might need to replace the
placeholder with live.com#admin@hotmail.com .
5. To use a specific Azure subscription, run az account set.
az account set --subscription "<subscription_id_or_subscription_name>"
Key points:
Replace the <subscription_id_or_subscription_name> placeholder with the ID or name of the
subscription you want to use.
Calling az account set doesn't display the results of switching to the specified Azure subscription.
However, you can use az account show to confirm that the current Azure subscription has changed.
If you run the az account list command from the previous step, you see that the default Azure
subscription has changed to the subscription you specified with az account set .
Create a service principal
Automated tools that deploy or use Azure services - such as Terraform - should always have restricted
permissions. Instead of having applications sign in as a fully privileged user, Azure offers service principals.
The most common pattern is to interactively sign in to Azure, create a service principal, test the service principal,
and then use that service principal for future authentication (either interactively or from your scripts).
Bash
Azure PowerShell
1. To create a service principal, sign in to Azure. After authenticating to Azure via a Microsoft account, return
here.
2. If you're creating a service principal from Git Bash, set the MSYS_NO_PATHCONV environment variable. (This
step isn't necessary if you're using Cloud Shell.)
export MSYS_NO_PATHCONV=1
Key points:
You can set the MSYS_NO_PATHCONV environment variable globally (for all terminal sessions) or locally
(for just the current session). As creating a service principal isn't something you do often, the sample
sets the value for the current session. To set this environment variable globally, add the setting to the
~/.bashrc file.
3. To create a service principal, run az ad sp create-for-rbac.
az ad sp create-for-rbac --name <service_principal_name> --role Contributor --scopes

/subscriptions/<subscription_id>
Key points:
You can replace the <service-principal-name> with a custom name for your environment or omit the
parameter entirely. If you omit the parameter, the service principal name is generated based on the
current date and time.
Upon successful completion, az ad sp create-for-rbac displays several values. The appId , password ,
and tenant values are used in the next step.
The password can't be retrieved if lost. As such, you should store your password in a safe place. If you
forget your password, you can reset the service principal credentials.
For this article, a service principal with a Contributor role is being used. For more information about
Role-Based Access Control (RBAC) roles, see RBAC: Built-in roles.
The output from creating the service principal includes sensitive credentials. Be sure that you don't
include these credentials in your code or check the credentials into your source control.
For more information about options when creating a service principal with the Azure CLI, see the
article Create an Azure service principal with the Azure CLI.
Specify service principal credentials in environment variables
Once you create a service principal, you can specify its credentials to Terraform via environment variables.
Bash
Azure PowerShell
1. Edit the ~/.bashrc file by adding the following environment variables.

export ARM_SUBSCRIPTION_ID="<azure_subscription_id>"
export ARM_TENANT_ID="<azure_subscription_tenant_id>"
export ARM_CLIENT_ID="<service_principal_appid>"
export ARM_CLIENT_SECRET="<service_principal_password>"
2. To execute the ~/.bashrc script, run source ~/.bashrc (or its abbreviated equivalent . ~/.bashrc ). You
can also exit and reopen Cloud Shell for the script to run automatically.
. ~/.bashrc
3. Once the environment variables have been set, you can verify their values as follows:
printenv | grep ^ARM*
Key points:
As with any environment variable, to access an Azure subscription value from within a Terraform script, use
the following syntax: ${env.<environment_variable>} . For example, to access the ARM_SUBSCRIPTION_ID value,
specify ${env.ARM_SUBSCRIPTION_ID} .
Creating and applying Terraform execution plans makes changes on the Azure subscription associated with
the service principal. This fact can sometimes be confusing if you're logged into one Azure subscription and
the environment variables point to a second Azure subscription. Let's look at the following example to
explain. Let's say you have two Azure subscriptions: SubA and SubB. If the current Azure subscription is SubA
(determined via az account show ) while the environment variables point to SubB, any changes made by
Terraform are on SubB. Therefore, you would need to log in to your SubB subscription to run Azure CLI
commands or Azure PowerShell commands to view your changes.
Specify service principal credentials in a Terraform provider block
The Azure provider block defines syntax that allows you to specify your Azure subscription's authentication
information.
terraform {
azurerm = {
source = "hashicorp/azurerm"
version = "~>2.0"
}
}
}
provider "azurerm" {
features {}
subscription_id = "<azure_subscription_id>"
tenant_id = "<azure_subscription_tenant_id>"
client_id = "<service_principal_appid>"
client_secret = "<service_principal_password>"
}
# Your code goes here
Cau t i on
The ability to specify your Azure subscription credentials in a Terraform configuration file can be convenient -
especially when testing. However, it isn't advisable to store credentials in a clear-text file that can be viewed by
non-trusted individuals.
Verify that you've authenticated to the Azure subscription by displaying the current subscription.
Bash
Azure PowerShell
To confirm the current Azure subscription via the Azure CLI, run az account show.
az account show
Next steps
Create an Azure resource group
Store Terraform state in Azure Storage
Terraform state is used to reconcile deployed resources with Terraform configurations. State allows Terraform to
know what Azure resources to add, update, or delete.
By default, Terraform state is stored locally, which isn't ideal for the following reasons:
Local state doesn't work well in a team or collaborative environment.
Terraform state can include sensitive information.
Storing state locally increases the chance of inadvertent deletion.
Create an Azure storage account

Use Azure storage to store remote Terraform state.
Understand state locking
Understand encryption at rest

options:
2. Configure remote state storage account

Before you use Azure Storage as a backend, you must create a storage account.
Run the following commands or configuration to create an Azure storage account and container:
Azure CLI
PowerShell
Terraform
#!/bin/bash
RESOURCE_GROUP_NAME=tfstate
STORAGE_ACCOUNT_NAME=tfstate$RANDOM
CONTAINER_NAME=tfstate
# Create resource group

az group create --name $RESOURCE_GROUP_NAME --location eastus
# Create storage account

az storage account create --resource-group $RESOURCE_GROUP_NAME --name $STORAGE_ACCOUNT_NAME --sku
Standard_LRS --encryption-services blob
# Create blob container

az storage container create --name $CONTAINER_NAME --account-name $STORAGE_ACCOUNT_NAME
Key points:
Public access is allowed to Azure storage account for storing Terraform state.
Azure storage accounts require a globally unique name. To learn more about troubleshooting storage
account names, see Resolve errors for storage account names.
3. Configure terraform backend state

To configure the backend state, you need the following Azure storage information:
storage_account_name : The name of the Azure Storage account.
container_name : The name of the blob container.
key : The name of the state store file to be created.
access_key : The storage access key.
Each of these values can be specified in the Terraform configuration file or on the command line. We
recommend that you use an environment variable for the access_key value. Using an environment variable
prevents the key from being written to disk.
Run the following commands to get the storage access key and store it as an environment variable:
Azure CLI
PowerShell
Terraform
ACCOUNT_KEY=$(az storage account keys list --resource-group $RESOURCE_GROUP_NAME --account-name

$STORAGE_ACCOUNT_NAME --query '[0].value' -o tsv)
export ARM_ACCESS_KEY=$ACCOUNT_KEY
Key points:
To further protect the Azure Storage account access key, store it in Azure Key Vault. The environment
variable can then be set by using a command similar to the following. For more information on Azure Key
Vault, see the Azure Key Vault documentation.
export ARM_ACCESS_KEY=$(az keyvault secret show --name terraform-backend-key --vault-name myKeyVault

--query value -o tsv)
Create a Terraform configuration with a backend configuration block.

terraform {
azurerm = {
version = "=2.46.0"
}
}
backend "azurerm" {
resource_group_name = "tfstate"
storage_account_name = "<storage_account_name>"
container_name = "tfstate"
key = "terraform.tfstate"
}
features {}
}
resource "azurerm_resource_group" "state-demo-secure" {

name = "state-demo"
location = "eastus"
}
Replace <storage_account_name> with the name of your Azure storage account.

Run the following command to initialize the configuration:
terraform init
Run the following command to run the configuration:
terraform apply
You can now find the state file in the Azure Storage blob.
4. Understand state locking

Azure Storage blobs are automatically locked before any operation that writes state. This pattern prevents
concurrent state operations, which can cause corruption.
For more information, see State locking in the Terraform documentation.
You can see the lock when you examine the blob through the Azure portal or other Azure management tooling.
5. Understand encryption-at-rest
Data stored in an Azure blob is encrypted before being persisted. When needed, Terraform retrieves the state
from the backend and stores it in local memory. Using this pattern, state is never written to your local disk.
For more information on Azure Storage encryption, see Azure Storage service encryption for data at rest.

Next steps
Learn more about using Terraform in Azure
Quickstart: Create an Azure resource group using
Terraform
Article tested with the following Terraform and Terraform provider versions:
Terraform v1.1.7
AzureRM Provider v.2.99.0
This article shows how to create an Azure resource group using Terraform.
Create an Azure resource group to hold other Azure resources

Verify (using Azure CLI and Azure PowerShell) the resource group was created
Delete the resource group when finished using it
NOTE
The example code in this article is located in the Microsoft Terraform GitHub repo.
Prerequisites
options:
Implement the Terraform code

1. Create a directory in which to test the sample Terraform code and make it the current directory.
2. Create a file named providers.tf and insert the following code:
terraform {
required_version = ">=0.12"
azurerm = {
version = "~>2.0"
}
random = {
source = "hashicorp/random"
version = "~>3.0"
}
}
}
features {}
}

}

}
4. Create a file named variables.tf and insert the following code:
default = "eastus"
}
default = "rg"
}
5. Create a file named outputs.tf and insert the following code:
}
Initialize Terraform
Run terraform init to initialize the Terraform deployment. This command downloads the Azure modules required
to manage your Azure resources.
terraform init
Create a Terraform execution plan
Run terraform plan to create an execution plan.
terraform plan -out main.tfplan
Key points:
The terraform plan command creates an execution plan, but doesn't execute it. Instead, it determines what
actions are necessary to create the configuration specified in your configuration files. This pattern allows you
to verify whether the execution plan matches your expectations before making any changes to actual
resources.
The optional -out parameter allows you to specify an output file for the plan. Using the -out parameter
ensures that the plan you reviewed is exactly what is applied.
To read more about persisting execution plans and security, see the security warning section.
Apply a Terraform execution plan

Run terraform apply to apply the execution plan to your cloud infrastructure.
terraform apply main.tfplan
Key points:
The terraform apply command above assumes you previously ran terraform plan -out main.tfplan .
If you specified a different filename for the -out parameter, use that same filename in the call to
terraform apply .
If you didn't use the -out parameter, call terraform apply without any parameters.
Verify the results

To see the resource group name, run the following command:
echo "$(terraform output resource_group_name)"
Azure CLI
Azure PowerShell
Run az group show to display the resource group.
az group show --name <resource_group_name>
Clean up resources
When you no longer need the resources created via Terraform, do the following steps:
1. Run terraform plan and specify the destroy flag.
terraform plan -destroy -out main.destroy.tfplan
Key points:
The terraform plan command creates an execution plan, but doesn't execute it. Instead, it determines
what actions are necessary to create the configuration specified in your configuration files. This
pattern allows you to verify whether the execution plan matches your expectations before making any
changes to actual resources.
The optional -out parameter allows you to specify an output file for the plan. Using the -out
parameter ensures that the plan you reviewed is exactly what is applied.
2. Run terraform apply to apply the execution plan.
terraform apply main.destroy.tfplan

Next steps
Quickstart: Deploy your first Azure resource with
the AzAPI Terraform provider
Terraform v1.1.8
AzAPI Provider v.0.1.0
In this article, you learn how to use the AzAPI Terraform provider to manage an Azure service that is not
currently supported by the AzureRM provider. The azapi_resource will be used to manage an Azure Lab
Services account as well as a lab.
Define and configure the AzureRM and AzAPI providers.

Use the AzureRM provider to create an Azure resource group
Use the AzureRM provider to register the "Microsoft.LabServices" provider in your subscription
Use the AzAPI provider to create the Azure Lab Services resources
NOTE
The example code in this article is located in the Azure Terraform GitHub repo.
Prerequisites
options:

terraform {
azapi = {
source = "azure/azapi"
version = "=0.1.0"
}
azurerm = {
version = "=3.0.2"
}
}
}
provider "azapi" {
default_location = "eastus"
default_tags = {
team = "Azure deployments"
}
}
features {}
}
resource "azurerm_resource_group" "qs101" {

name = "rg-qs101"
}
4. Create a file named main-generic.tf and insert the following code:
# Provision a Lab Service Account and a Lab that are in public preview
resource "azapi_resource" "qs101-account" {
type = "Microsoft.LabServices/labaccounts@2018-10-15"
name = "qs101LabAccount"
parent_id = azurerm_resource_group.qs101.id
body = jsonencode({
properties = {
enabledRegionSelection = false
}
})
}
resource "azapi_resource" "qs101-lab" {

type = "Microsoft.LabServices/labaccounts/labs@2018-10-15"
name = "qs101Lab"
parent_id = azapi_resource.qs101-account.id
body = jsonencode({
properties = {
maxUsersInLab = 10
userAccessMode = "Restricted"
}
})
}
terraform init

Key points:
resources.

Key points:
terraform apply .
Verify the results

1. In your Azure subscription browse to the rg-qs101 resource group.
2. A new Lab Services account named qs101LabAccount displays as a member of the resource group.
Clean up resources
Key points:

Next steps
Quickstart: Deploy your first Azure update resource
with the AzAPI Terraform provider
Terraform v1.1.8
AzAPI Provider v.0.1.0
In this article, you learn how to use the AzAPI Terraform provider to manage a new feature of an Azure service
that isn't currently supported by the AzureRM provider. The azapi_update_resource will be used to manage an
Azure EventHub network rule set.
Define and configure the AzureRM and AzAPI providers

Generate a random name for the Event Hubs namespace
Use the AzureRM provider to create an Azure resource group and the required networking and Event
Hubs resources
Use the AzAPI provider to add a network rule set to the azurerm_eventhub_namespace resources
NOTE
Prerequisites
options:

terraform {
azapi = {
source = "azure/azapi"
version = "=0.1.0"
}
azurerm = {
version = "=3.0.2"
}
random = {
version = "=3.1.2"
}
}
}
provider "azapi" {
}
features {}
}
provider "random" {
}

resource "azurerm_resource_group" "qs101" {
name = "rg-qs101-eh-rules"
}
resource "azurerm_virtual_network" "qs101" {

name = "myvnet"
location = azurerm_resource_group.qs101.location
resource_group_name = azurerm_resource_group.qs101.name
address_space = ["172.17.0.0/16"]
dns_servers = ["10.0.0.4", "10.0.0.5"]
}
resource "azurerm_subnet" "qs101" {

name = "default"
virtual_network_name = azurerm_virtual_network.qs101.name
address_prefixes = ["172.17.0.0/24"]
service_endpoints = ["Microsoft.EventHub"]
}
resource "random_pet" "qs101_namespace" {

length = 3
separator = ""
}
resource "azurerm_eventhub_namespace" "qs101" {

name = random_pet.qs101_namespace.id
location = azurerm_resource_group.qs101.location
sku = "Standard"
capacity = 2
}
4. Create a file named main-generic.tf and insert the following code:

# AzAPI update resource is used to enable Network Rule sets on Event Hub namespace
resource "azapi_update_resource" "qs101" {
type = "Microsoft.EventHub/namespaces/networkRuleSets@2021-11-01"
name = "default"
parent_id = azurerm_eventhub_namespace.qs101.id
body = jsonencode({
properties = {
defaultAction = "Deny"
publicNetworkAccess = "Enabled"
virtualNetworkRules = [
{
ignoreMissingVnetServiceEndpoint = false
subnet = {
# API bug, returned id replaced `resourceGroups` with `resourcegroups`
id = replace(azurerm_subnet.qs101.id, "resourceGroups", "resourcegroups")
}
}
]
ipRules = [
{
action = "Allow"
ipMask = "1.1.1.1"
}
]
}
})
}
terraform init

Key points:
resources.

Key points:
terraform apply .
Verify the results

Azure CLI
Azure PowerShell
Run az eventhubs namespace network-rule list to display the Event Hubs Namespace network rules.
az eventhubs namespace network-rule list --name <resource_group_name> --namespace-name <namespace_name>
Key points:
The resource group name and Event Hubs namespace name are displayed in the terraform apply output.
Clean up resources
Key points:

Next steps
Quickstart: Create a Kubernetes cluster with Azure
Kubernetes Service using Terraform
Terraform v1.2.7
Azure Kubernetes Service (AKS) manages your hosted Kubernetes environment. AKS allows you to deploy and
manage containerized applications without container orchestration expertise. AKS also enables you to do many
common maintenance operations without taking your app offline. These operations include provisioning,
upgrading, and scaling resources on demand.
Use HCL (HashiCorp Language) to define a Kubernetes cluster

Use Terraform and AKS to create a Kubernetes cluster
Use the kubectl tool to test the availability of a Kubernetes cluster
NOTE
Prerequisites
options:
Azure ser vice principal: If you don't have a service principal, create a service principal. Make note of
the appId , display_name , password , and tenant .
SSH key pair : Use one of the following articles:
Portal
Windows
Linux/MacOS
Kubernetes command-line tool (kubectl): Download kubectl.

terraform {
azurerm = {
version = "~>3.0"
}
random = {
version = "~>3.0"
}
}
}
features {}
}
# Generate random resource group name

}

}
resource "random_id" "log_analytics_workspace_name_suffix" {

byte_length = 8
}
resource "azurerm_log_analytics_workspace" "test" {

location = var.log_analytics_workspace_location
# The WorkSpace name has to be unique across the whole of azure;
# not just the current subscription/tenant.
name = "${var.log_analytics_workspace_name}-
${random_id.log_analytics_workspace_name_suffix.dec}"
resource_group_name = azurerm_resource_group.rg.name
sku = var.log_analytics_workspace_sku
}
resource "azurerm_log_analytics_solution" "test" {

location = azurerm_log_analytics_workspace.test.location
solution_name = "ContainerInsights"
workspace_name = azurerm_log_analytics_workspace.test.name
workspace_resource_id = azurerm_log_analytics_workspace.test.id
plan {
product = "OMSGallery/ContainerInsights"
publisher = "Microsoft"
}
}
}
resource "azurerm_kubernetes_cluster" "k8s" {

location = azurerm_resource_group.rg.location
name = var.cluster_name
dns_prefix = var.dns_prefix
tags = {
Environment = "Development"
}
default_node_pool {
name = "agentpool"
vm_size = "Standard_D2_v2"
node_count = var.agent_count
}
linux_profile {
admin_username = "ubuntu"
ssh_key {
key_data = file(var.ssh_public_key)
}
}
network_profile {
network_plugin = "kubenet"
load_balancer_sku = "standard"
}
service_principal {
client_id = var.aks_service_principal_app_id
client_secret = var.aks_service_principal_client_secret
}
}

variable "agent_count" {
default = 3
}
# The following two variable declarations are placeholder references.

# Set the values for these variable in terraform.tfvars
variable "aks_service_principal_app_id" {
default = ""
}
variable "aks_service_principal_client_secret" {
default = ""
}
variable "cluster_name" {
default = "k8stest"
}
variable "dns_prefix" {
default = "k8stest"
}
# Refer to https://azure.microsoft.com/global-infrastructure/services/?products=monitor for available

Log Analytics regions.
variable "log_analytics_workspace_location" {
default = "eastus"
}
variable "log_analytics_workspace_name" {
default = "testLogAnalyticsWorkspaceName"
}
# Refer to https://azure.microsoft.com/pricing/details/monitor/ for Log Analytics pricing

variable "log_analytics_workspace_sku" {
default = "PerGB2018"
}
default = "eastus"
}
default = "rg"
}
variable "ssh_public_key" {
default = "~/.ssh/id_rsa.pub"
}

output "client_certificate" {
value = azurerm_kubernetes_cluster.k8s.kube_config[0].client_certificate
sensitive = true
}
output "client_key" {
value = azurerm_kubernetes_cluster.k8s.kube_config[0].client_key
sensitive = true
}
output "cluster_ca_certificate" {
value = azurerm_kubernetes_cluster.k8s.kube_config[0].cluster_ca_certificate
sensitive = true
}
output "cluster_password" {
value = azurerm_kubernetes_cluster.k8s.kube_config[0].password
sensitive = true
}
output "cluster_username" {
value = azurerm_kubernetes_cluster.k8s.kube_config[0].username
sensitive = true
}
output "host" {
value = azurerm_kubernetes_cluster.k8s.kube_config[0].host
sensitive = true
}
output "kube_config" {
value = azurerm_kubernetes_cluster.k8s.kube_config_raw
sensitive = true
}
}
6. Create a file named terraform.tfvars and insert the following code.
aks_service_principal_app_id = "<service_principal_app_id>"
aks_service_principal_client_secret = "<service_principal_password>"
terraform init

Key points:
resources.

Key points:
terraform apply .
Verify the results

1. Get the resource group name.
2. Browse to the Azure portal.

3. Under Azure ser vices , select Resource groups and locate your new resource group to see the
following resources created in this demo:
Solution: By default, the demo names this solution ContainerInsights . The portal will show the
solution's workspace name in parenthesis.
Kubernetes ser vice: By default, the demo names this service k8stest . (A Managed Kubernetes
Cluster is also known as an AKS / Azure Kubernetes Service.)
Log Analytics Workspace: By default, the demo names this workspace with a prefix of
TestLogAnalyticsWorkspaceName- followed by a random number.
4. Get the Kubernetes configuration from the Terraform state and store it in a file that kubectl can read.
echo "$(terraform output kube_config)" > ./azurek8s
5. Verify the previous command didn't add an ASCII EOT character.
cat ./azurek8s
Key points:
If you see << EOT at the beginning and EOT at the end, remove these characters from the file.
Otherwise, you could receive the following error message:
error: error loading config file "./azurek8s": yaml: line 2: mapping values are not allowed in this
context
6. Set an environment variable so that kubectl picks up the correct config.
export KUBECONFIG=./azurek8s
7. Verify the health of the cluster.
kubectl get nodes
Key points:
When the AKS cluster was created, monitoring was enabled to capture health metrics for both the cluster
nodes and pods. These health metrics are available in the Azure portal. For more information on container
health monitoring, see Monitor Azure Kubernetes Service health.
Several key values were output when you applied the Terraform execution plan. For example, the host
address, AKS cluster user name, and AKS cluster password are output.
To view all of the output values, run terraform output .
To view a specific output value, run echo "$(terraform output <output_value_name>)" .
Clean up resources
Delete AKS resources
Key points:
Delete service principal

Cau t i on
Delete the service principal you used in this demo only if you're not using it for anything else.
1. Run az ad sp list to get the object ID of the service principal.
az ad sp list --display-name "<display_name>" --query "[].{\"Object ID\":id}" --output table
2. Run az ad sp delete to delete the service principal.
az ad sp delete --id <service_principal_object_id>

Next steps
Testing Terraform code
Terraform is an Infrastructure as Code (IaC) tool. This category of tool refers to the fact that you treat your
Terraform files as you would the project's source code. Part of that process includes versioning and source code
control. Also, testing should also be a part of your process. This article gives an overview of the different types
of tests that can be run against a Terraform project.
Implement integration testing

Integration tests validate that a newly introduced code change doesn't break existing code. In DevOps,
continuous integration (CI) refers to a process that builds the entire system whenever the code base is changed -
such as someone wanting to merge a PR into a Git repo. The following list contains common examples of
integration tests:
Static code analysis tools such as lint and format.
Run terraform validate to verify the syntax of the configuration file.
Run terraform plan to ensure the configuration will work as expected.
Learn more about integration testing
Implement unit testing

Unit tests ensure a specific part or function of a program behave correctly. Unit tests are written by the
developer of the functionality. Sometimes called test-driven development, or TDD, this type of testing involves
continuous short development cycles. In the context of Terraform projects, unit testing can take the form of
using terraform plan to ensure that the actual values available in the generated plan equal the expected values.
Unit testing can be especially beneficial when your Terraform modules start to become more complex:
Generate dynamic blocks
Use loops
Calculate local variables
As with integration tests, many times unit tests are included in the continuous integration process.
Implement compliance testing

Compliance testing is used to ensure the configuration follows the policies you've defined for the project. For
example, you might define geopolitical naming conventions for your Azure resources. Or you might want virtual
machines to be created from a defined subset of images. Compliance testing would be used to enforce these
rules.
Compliance testing is also typically defined as part of the continuous integration process.
Learn more about compliance testing
Implement end-to-end (E2E) testing
E2E tests validate a program works before deploying to production. An example scenario might be a Terraform
module deploying two virtual machines into a virtual network. You might want to prevent the two machines
from pinging each other. In this example, you could define a test to verify the intended outcome before
deployment.
E2E testing is typically a three-step process. First, the configuration is applied to a test environment. Code would
then be run to verify the results. Finally, the test environment is either reinitialized or taken down (such as
deallocating a virtual machine).
Learn more about end-to-end Testing
Comparing Terraform and Bicep
Integration features
Usability features
To achieve scale, DevOps teams are always looking for ways to quickly deploy code with a trusted and
repeatable process. When it comes to the cloud and infrastructure, this process is increasingly accomplished
with infrastructure-as-code (IaC). IaC tools range from general-purpose tools intended for specific
environments. Terraform is an example of the former, while Bicep is designed to handle Azure-related tasks.
In this article, we'll compare nine infrastructure and integration features of Bicep and Terraform. Understanding
these differences will help you decide which tool best supports your infrastructure and processes.
State and backend

Both Terraform and Bicep are desired state configuration (DSC) which makes it easy to manage IT and
development infrastructure as code. Terraform stores state about your managed infrastructure and
configuration. Terraform uses this information to map real-world resources to your configuration, track
metadata, and improve the performance of larger infrastructures. State is stored in a local file named
terraform.tfstate , but can also be stored remotely. It's critical to back up and secure your state files. Like
Terraform, Bicep is declarative and goal-seeking. However, Bicep doesn't store state. Instead, Bicep relies on
incremental deployment.
Infrastructure targets
When comparing Bicep to Terraform for managing cloud infrastructure, it's important to consider your target
cloud environment:
Azure-only
Multi or hybrid-clouds
Bicep is Azure-specific and not designed to work with other cloud services.
If your goal is to automate deployments to any of the following environments, Terraform will likely be a better
option:
Virtualization environments
Multi-cloud scenarios - such as Azure and other cloud(s)
On-premises workloads
Terraform interacts with other cloud providers or APIs using plugins called providers. There are several
Terraform Azure providers that enable the management of Azure infrastructure. When coding a Terraform
configuration, you specify the required providers you'll be using. When you run terraform init, the specified
provider is installed and usable from your code.
CLI tools
Command Line Interface (CLI) tools play a key role in orchestration through the implementation and
management of automation technology. Both Bicep and Terraform offer CLI tools.
Bicep integrates with Azure CLI, allowing developers to use az commands such as:
az bicep : The az bicep commands allow you to perform such tasks as installing Bicep, and building and
publishing Bicep files.
az deployment : The article How to deploy resources with Bicep and Azure CLI explains how to use Azure CLI
with Bicep files to deploy your resources to Azure.
The Terraform CLI allows you to perform such tasks as validate and format your Terraform code, and create and
apply an execution plan.
The article Quickstart: Create an Azure resource group using Terraform shows you how to use several of the
Terraform commands to create an Azure resource group.
Bicep also provides a feature that makes it easy to integrate Bicep with Azure Pipelines. There's a similar feature
available for Terraform but you must download and install the Azure Pipelines Terraform Tasks extension for
Visual Studio. Once installed, you can run Terraform CLI commands from Azure Pipelines. Moreover, both
Terraform and Bicep support GitHub Actions to automate software builds, tests, and deployments.
Processing
There are some important differences between Bicep and Terraform in terms of the efficiency and optimizations
of deployments. With Bicep, processing occurs within the core Azure infrastructure service side. This feature
offers advantages such as preflight processing to check policy or the availability for deploying multiple instances
within a region. With Terraform, processing is done within the Terraform client. Thus, pre-processing involves no
calls to Azure since it uses state and HCL (HashiCorp Language) to determine the required changes.
Authentication
The Azure authentication features vary between Bicep and Terraform. With Bicep, an authorization token is
supplied during the request to submit a Bicep file and ARM Template. ARM will ensure that you have permission
to both create the deployment and deploy resources within the specified template. Terraform authenticates each
API based on provider credentials – such as Azure CLI, service principal, or managed identities for Azure
resources. Moreover, multiple provider credentials can be utilized in a single configuration.
Azure integrations
You should also consider your use of Azure features such as Azure Policy and how each will interact with other
tools and languages. Bicep's preflight validation features can determine whether a resource will be denied by
policy and fail before a deployment. Thus, developers can remediate resources with policy using provided ARM
templates. The ARM template can be used to create a policy assignment to another resource for automated
remediation. Terraform, however, will fail when a resource is deployed that is disallowed by policy.
Portal integration
One major advantage that Bicep has over Terraform is the ability to automate portal actions. With Bicep, you can
use the Azure portal to export templates. Exporting a template helps you to understand the JSON syntax and
properties that deploy your resources. You can automate future deployments by starting with the exported
template and modifying it to meet your needs. But note that you'll need to decompile the exported ARM
template until Bicep templates are supported.
Although Terraform doesn't provide the same portal integrations as Bicep, existing Azure infrastructure can be
taken under Terraform management using Azure Terrafy. (Azure Terrafy is an open-source tool owned and
maintained by Microsoft.)
Out-of-band changes
Out-of-band configuration changes are changes made to a device configuration outside the context of the tool.
For example, let's say you deploy a virtual machine scale set using Bicep or Terraform. If you change that virtual
machine scale set using the portal, the change would be "out-of-band" and unknown to your IaC tool.
If you're using Bicep, out-of-band changes should be reconciled with Bicep and the ARM Template code to avoid
having those changes overwritten on the next deployment. These changes won't block the deployment.
If you're using Terraform, you need to import the out-of-band changes into the Terraform state and update the
HCL.
Thus, if an environment involves frequent out-of-band changes, Bicep is more user-friendly. When you use
Terraform, you should minimize out-of-band changes.
Cloud frameworks
The Cloud Adoption Framework (CAF) is a collection of documentation, best practices, and tools to accelerate
cloud adoption throughout your cloud journey. Azure provides native services for deploying landing zones.
Bicep simplifies this process with a portal experience based on ARM templates and landing-zone
implementation. Terraform utilizes an Enterprise-Scale Landing Zones module to deploy, manage, and
operationalize with Azure.
Summary
Bicep and Terraform offer many user-friendly infrastructure and integration features. These features make it
easier to implement and manage automation technology. When deciding which is best for your environment, it's
important to consider whether you'll be deploying to more than one cloud or whether your infrastructure will
consist of a multi or hybrid-cloud environment. Moreover, be sure to consider the nine features discussed in this
article to make the best choice for your organization.
Configure an Azure Attestation provider using
Terraform
Terraform v1.1.7
This article shows how to use Terraform create an Attestation provider on Azure.
Configure an Azure Attestation provider
NOTE

options:
Policy Signing Cer tificate: A PEM file defines a set of trusted signing keys. As there are many scenarios in
which to have a PEM file, this article assumes you have access to one. For example, you can download a PEM
during the process of creating a virtual machine in the Azure portal.

terraform {
azurerm = {
version = "~>2.0"
}
random = {
version = "~>3.0"
}
}
}
features {}
}

}

}
resource "azurerm_attestation_provider" "corp_attestation" {

name = var.attestation_provider_name
policy_signing_certificate_data = file(var.policy_file)
}
variable "attestation_provider_name" {
default = "attestationprovider007"
}
variable "policy_file" {
default = "~/.certs/cert.pem"
}
default = "eastus"
}
default = "rg"
}
Key points:
Adjust the policy_file field as needed to point to your PEM file.
}
3. Initialize Terraform
terraform init
4. Create a Terraform execution plan

Key points:
resources.
5. Apply a Terraform execution plan

Key points:
terraform apply .

1. Get the Azure resource name in which the Attestation provider was created.
2. Run the az attestation list command to list the providers for the specified resource group name.
az attestation list --resource-group <resource_group_name>

Key points:

Next steps
Implement compliance testing with Terraform and
Azure
Many times, compliance testing is part of the continuous integration process and is used to ensure that user-
defined policies are followed. For example, you might define geopolitical naming conventions for your Azure
resources. Another common example is creating virtual machines from a defined subset of images. Compliance
testing would be used to enforce rules in these and many other scenarios.
Understand when to use compliance testing

Learn how to do a compliance test
See and run an example compliance test

options:
Docker : Install Docker.
Python: Install Python.
Terraform-compliance tool: Install the Terraform compliance tool by running the following command:
pip install terraform-compliance .
Example code and resources: Using the DownGit tool, download from GitHub the compliance-testing
project and unzip into a new directory to contain the example code. This directory is referred to as the
example directory.
2. Understand compliance testing and checks

Compliance testing is a nonfunctional testing technique to determine if a system meets prescribed standards.
Compliance testing is also known as conformance testing.
Most software teams do an analysis to check that the standards are properly enforced and implemented. Often
working simultaneously to improve the standards that, in turn, lead to increased quality.
With compliance testing, there are two important concepts to consider: compliance testing and compliance
checks.
Compliance testing ensures that the output of each development lifecycle phase conforms to agreed-upon
requirements.
Compliance checks should be integrated into the development cycle at the beginning of the projects.
Attempting to add compliance checks at a later stage becomes increasingly more difficult when the
requirement itself isn't adequately documented.
Doing compliance checks is straight forward. A set of standards and procedures is developed and documented
for each phase of the development lifecycle. The output of each phase is compared against the documented
requirements. The results of the test are any "gaps" in not conforming to the predetermined standards.
Compliance testing is done through the inspection process and the outcome of the review process should be
documented.
Let's take a look at a specific example.
A common problem is environments that break when multiple developers apply incompatible changes. Let's say
one person works on a change and applies resources such as creating a VM in a test environment. Another
person then applies a different version of the code that provisions different version of that VM. What is needed
here is oversight to ensure conformity to stated rules.
One way to address this issue would be to define a policy of tagging the resources - such as with role and
creator tags. Once you define the policies, a tool like Terraform-compliance is used to ensure the policies are
followed.
Terraform-compliance focuses on negative testing. Negative testing is the process of ensuring that a system can
gracefully handle unexpected input or unwanted behavior. Fuzzing is an example of negative testing. With
fuzzing, a system that receives input is tested to ensure that it can safely handle unexpected input.
Fortunately, Terraform is an abstraction layer for any API that creates, updates, or destroys cloud-infrastructure
entities. Terraform also ensures the local configuration and the remote API responses are in synch. Since
Terraform is mostly used against Cloud APIs, we still need a way to ensure the code deployed against the
infrastructure follows specific policies. Terraform-compliance - a free and open-source tool - provides this
functionality for Terraform configurations.
Using the VM example, a compliance policy might be as follows: "If you're creating an Azure resource, it must
contain a tag".
The Terraform-compliance tool provides a test framework where you create policies like the example. You then
run those policies against your Terraform execution plan.
Terraform-compliance allows you to apply BDD, or behavior-driven development, principles. BDD is a
collaborative process where all stakeholders work together to define what a system should do. These
stakeholders generally include the developers, testers, and anyone with a vested interest in - or who will be
impacted by - the system being developed. The goal of BDD is to encourage teams to build concrete examples
that express a common understanding of how the system should behave.
3. Examine a compliance-test example

Previously in this article, you read about a compliance-testing example of creating a VM for a test environment.
This section shows how to translate that example into a BDD Feature and Scenario. The rule is first expressed
using Cucumber, which is a tool used to support BDD.
when creating Azure resources, every new resource should have a tag
The previous rule is translated as follows:
If the resource supports tags

Then it must contain a tag
And its value must not be null
The Terraform HCL code would then adhere to the rule as follows.
resource "random_uuid" "uuid" {}

name = "rg-hello-tf-${random_uuid.uuid.result}"
location = var.location
tags = {
environment = "dev"
application = "Azure Compliance"
}
}
The first policy could be written as a BDD feature scenario as follows:
Feature: Test tagging compliance # /target/src/features/tagging.feature

Scenario: Ensure all resources have tags
Then it must contain a tag
And its value must not be null
The following code shows a test for a specific tag:
Scenario Outline: Ensure that specific tags are defined

Then it must contain a tag <tags>
And its value must match the "<value>" regex
Examples:
| tags | value |
| Creator | .+ |
| Application | .+ |
| Role | .+ |
| Environment | ^(prod\|uat\|dev)$ |
4. Run the compliance-test example

In this section, you download and test the example.
1. Within the example directory, navigate to the src directory.
2. Run terraform init to initialize the working directory.
terraform init
3. Run terraform validate to validate the syntax of the configuration files.
terraform validate
Key points:
You see a message indicating that the Terraform configuration is valid.
4. Run terraform plan to create an execution plan.
5. Run terraform show to convert the execution plan to JSON for the compliance step.
terraform show -json main.tfplan > main.tfplan.json
6. Run docker pull to download the terraform-compliance image.
docker pull eerkunt/terraform-compliance
7. Run docker run to run the tests in a docker container.
docker run --rm -v $PWD:/target -it eerkunt/terraform-compliance -f features -p main.tfplan.json
Key points:
The test will fail because - while the first rule requiring existence of tags succeeds - the second rule
fails in that the Role and Creator tags are missing.
8. Fix the error by modifying main.tf as follows (where a Role and Creator tag are added).
tags = {
Environment = "dev"
Application = "Azure Compliance"
Creator = "Azure Compliance"
Role = "Azure Compliance"
}
Key points:
The configuration is now in compliance with the policy.

1. Run terraform validate again to verify the syntax.
terraform validate
2. Run terraform plan again to create a new execution plan.
3. Run terraform show to convert the execution plan to JSON for the compliance step.
terraform show -json main.tfplan > main.tfplan.json
4. Run docker run again to test the configuration. If the full spec has been implemented, the test succeeds.
docker run --rm -v $PWD:/target -it eerkunt/terraform-compliance -f features -p main.tfplan.json
terraform apply main.tfplan -target=random_uuid.uuid
Key points:
A resource group is created with a name following the pattern: rg-hello-tf-<random_number> .

Next steps
Implement end-to-end Terratest testing on
Terraform projects
End-to-end (E2E) testing is used to validate a program works before deploying it to production. An example
scenario might be a Terraform module deploying two virtual machines into a virtual network. You might want to
prevent the two machines from pinging each other. In this example, you could define a test to verify the intended
outcome before deployment.
E2E testing is typically a three-step process.
1. A configuration is applied to a test environment.
2. Code is run to verify the results.
3. The test environment is either reinitialized or taken down (such as deallocating a virtual machine).
Understand the basics of end-to-end testing with Terratest

Learn how to write end-to-end test using Golang
Learn how to use Azure DevOps to automatically trigger end-to-end tests when code is committed to
your repo

options:
Go programming language : Install Go.
Example code and resources: Using the DownGit tool, download from GitHub the end-to-end-testing
example directory.
2. Understand end-to-end testing

End-to-end tests validate a system works as a collective whole. This type of testing is as opposed to testing
specific modules. For Terraform projects, end-to-end testing allows for the validation of what has been deployed.
This type of testing differs from many other types that test pre-deployment scenarios. End-to-end tests are
critical for testing complex systems that include multiple modules and act on multiple resources. In such
scenarios, end-to-end testing is the only way to determine if the various modules are interacting correctly.
This article focuses on using Terratest to implement end-to-end testing. Terratest provides all the plumbing that
is required to do the following task:
Deploy a Terraform configuration
Enables you to write a test using the Go language to validate what has been deployed
Orchestrate the tests into stages
Tear down the deployed infrastructure
3. Understand the test example

For this article, we're using a sample available in the Azure/terraform sample repo.
This sample defines a Terraform configuration that deploys two Linux virtual machines into the same virtual
network. One VM - named vm-linux-1 - has a public IP address. Only port 22 is opened to allow SSH
connections. The second VM - vm-linux-2 - has no defined public IP address.
The test validates the following scenarios:
The infrastructure is deployed correctly
Using port 22, it's possible to open an SSH session to vm-linux-1
Using the SSH session on vm-linux-1 , it's possible to ping vm-linux-2
If you downloaded the sample, the Terraform configuration for this scenario can be found in the src/main.tf
file. The main.tf file contains everything necessary to deploy the Azure infrastructure represented in the
preceding figure.
If you're unfamiliar with how to create a virtual machine, see Create a Linux VM with infrastructure in Azure
using Terraform.
Cau t i on
The sample scenario presented in this article is for illustration purposes only. We've purposely kept things
simple in order to focus on the steps of an end-to-end test. We don't recommend having production virtual
machines that exposes SSH ports over a public IP address.
4. Examine the test example
The end-to-end test is written in the Go language and uses the Terratest framework. If you downloaded the
sample, the test is defined in the src/test/end2end_test.go file.
The following source code shows the standard structure of a Golang test using Terratest:
package test
import (
"testing"
"github.com/gruntwork-io/terratest/modules/terraform"
test_structure "github.com/gruntwork-io/terratest/modules/test-structure"
)
func TestEndToEndDeploymentScenario(t *testing.T) {

t.Parallel()
fixtureFolder := "../"
// Use Terratest to deploy the infrastructure

test_structure.RunTestStage(t, "setup", func() {
terraformOptions := &terraform.Options{
// Indicate the directory that contains the Terraform configuration to deploy
TerraformDir: fixtureFolder,
}
// Save options for later test stages

test_structure.SaveTerraformOptions(t, fixtureFolder, terraformOptions)
// Triggers the terraform init and terraform apply command

terraform.InitAndApply(t, terraformOptions)
})
test_structure.RunTestStage(t, "validate", func() {

// run validation checks here
terraformOptions := test_structure.LoadTerraformOptions(t, fixtureFolder)
publicIpAddress := terraform.Output(t, terraformOptions, "public_ip_address")
})
// When the test is completed, teardown the infrastructure by calling terraform destroy
test_structure.RunTestStage(t, "teardown", func() {
terraformOptions := test_structure.LoadTerraformOptions(t, fixtureFolder)
terraform.Destroy(t, terraformOptions)
})
}
As you can see in the previous code snippet, the test is composed by three stages:
setup : Runs Terraform to deploy the configuration
validate `: Does the validation checks and assertions
teardown : Cleans up the infrastructure after the test has run
The following list shows some of the key functions provided by the Terratest framework:
terraform.InitAndApply : Enables running terraform init and terraform apply from Go code
terraform.Output : Retrieves the value of the deployment output variable.
terraform.Destroy : Runs the terraform destroy command from Go code.
test_structure.LoadTerraformOptions : Loads Terraform options - such as configuration and variables -
from the state
test_structure.SaveTerraformOptions : Saves Terraform options - such as configuration and variables - to
the state
5. Run the test example

The following steps run the test against the sample configuration and deployment.
1. Open a bash/terminal window.
2. Log in to your Azure account.
3. To run this sample test, you need an SSH private/public key pair name id_rsa and id_rsa.pub in your
home directory. Replace <your_user_name> with the name of your home directory.
export TEST_SSH_KEY_PATH="~/.ssh/id_rsa"
4. Within the example directory, navigate to the src/test directory.

5. Run the test.
go test -v ./ -timeout 10m

After successfully running go test , you see results similar to the following output:
--- PASS: TestEndToEndDeploymentScenario (390.99s)

PASS
ok test 391.052s

Next steps
Implement integration tests for Terraform projects in
Azure
Integration tests validate that a newly introduced code change doesn't break existing code. In DevOps,
continuous integration (CI) refers to a process that builds the entire system whenever the code base is changed -
such as someone wanting to merge a PR into a Git repo. The following list contains common examples of
integration tests:
Static code analysis tools such as lint and format.
Run terraform validate to verify the syntax of the configuration file.
Run terraform plan to ensure the configuration will work as expected.
Learn the basics of integration testing for Terraform projects.

Use Azure DevOps to configure a continuous integration pipeline.
Run static code analysis on Terraform code.
Run terraform validate to validate Terraform configuration files on the local machine.
Run terraform plan to validate that Terraform configuration files from a remote services perspective.
Use an Azure Pipeline to automate continuous integration.

options:
Azure DevOps organization and project : If you don't have one, create an Azure DevOps organization.
Terraform Build & Release Tasks extension : Install the Terraform build/release tasks extension into
your Azure DevOps organization.
Grant Azure DevOps access to your Azure Subscription : Create an Azure service connection
named terraform-basic-testing-azure-connection to allow Azure Pipelines to connect to your Azure
subscriptions
Example code and resources: Using the DownGit tool, download from GitHub the integration-testing
example directory.
2. Validate a local Terraform configuration

The terraform validate command is run from the command line in the directory containing your Terraform files.
This commands main goal is validating syntax.
1. Within the example directory, navigate to the src directory.
2. Run terraform init to initialize the working directory.
terraform init
3. Run terraform validate to validate the syntax of the configuration files.
terraform validate
Key points:
You see a message indicating that the Terraform configuration is valid.
4. Edit the main.tf file.
5. On line 5, insert a typo that invalidates the syntax. For example, replace var.location with var.loaction
6. Save the file.

7. Run validation again.
terraform validate
Key points:
You see an error message indicating the line of code in error and a description of the error.
As you can see, Terraform has detected an issue in the syntax of the configuration code. This issue prevents the
configuration from being deployed.
It is a good practice to always run terraform validate against your Terraform files before pushing them to your
version control system. Also, this level of validation should be a part of your continuous integration pipeline.
Later in this article, we'll explore how to configure an Azure pipeline to automatically validate.
3. Validate Terraform configuration

In the previous section, you saw how to validate a Terraform configuration. That level of testing was specific to
syntax. That test didn't take into consideration what might already be deployed on Azure.
Terraform is a declarative language meaning that you declare what you want as an end-result. For example, let's
say you have 10 virtual machines in a resource group. Then, you create a Terraform file defining three virtual
machines. Applying this plan doesn't increment the total count to 13. Instead, Terraform deletes seven of the
virtual machines so that you end with three. Running terraform plan allows you to confirm the potential results
of applying an execution plan to avoid surprises.
To generate the Terraform execution plan, you run terraform plan. This command connects to the target Azure
subscription to check what part of the configuration is already deployed. Terraform then determines the
necessary changes to meet the requirements stated in the Terraform file. At this stage, Terraform isn't deploying
anything. It's telling you what will happen if you apply the plan.
If you're following along with the article and you've done the steps in the previous section, run the
terraform plan command:
terraform plan
After running terraform plan , Terraform displays the potential outcome of applying the execution plan. The
output indicates the Azure resources that will be added, changed, and destroyed.
By default, Terraform stores state in the same local directory as the Terraform file. This pattern works well in
single-user scenarios. However, when multiple people work on the same Azure resources, local state files can get
out of sync. To remedy this issue, Terraform supports writing state files to a remote data store (such as Azure
Storage). In this scenario, it might be problematic to run terraform plan on a local machine and target a remote
machine. As a result, it might make sense to automate this validation step as part of your continuous integration
pipeline.
4. Run static code analysis

Static code analysis can be done directly on the Terraform configuration code, without executing it. This analysis
can be useful to detect issues such as security problems and compliance inconsistency.
The following tools provide static analysis for Terraform files:
Checkov
Terrascan
tfsec
Deepsource
Static analysis is often executed part of a continuous integration pipeline. These tests don't require the creation
of an execution plan or deployment. As a result, they run faster than other tests and are generally run first in the
continuous integration process.
5. Automate integration tests using Azure Pipeline

Continuous integration involves testing an entire system when a change is introduced. In this section, you see an
Azure Pipeline configuration used to implement continuous integration.
1. Using your editor of choice, browse to the local clone of the Terraform sample project on GitHub.
2. Open the samples/integration-testing/src/azure-pipeline.yaml file.
3. Scroll down to the steps section where you see a standard set of steps used to run various installation
and validation routines.
4. Review the line that reads, Step 1: run the Checkov Static Code Analysis . In this step, the Checkov
project mentioned earlier runs a static code analysis on the sample Terraform configuration.
- bash: $(terraformWorkingDirectory)/checkov.sh $(terraformWorkingDirectory)

displayName: Checkov Static Code Analysis
Key points:
This script is responsible for running Checkov in the Terraform workspace mounted inside a Docker
container. Microsoft-managed agents are Docker enabled. Running tools inside a Docker container is
easier and removes the need to install Checkov on the Azure Pipeline agent.
The $(terraformWorkingDirectory) variable is defined in the azure-pipeline.yaml file.
5. Review the line that reads, Step 2: install Terraform on the Azure Pipelines agent . The Terraform
Build & Release Task extension that you installed earlier has a command to install Terraform on the agent
running the Azure Pipeline. This task is what is being done in this step.
- task: charleszipp.azure-pipelines-tasks-terraform.azure-pipelines-tasks-terraform-
installer.TerraformInstaller@0
displayName: 'Install Terraform'
inputs:
terraformVersion: $(terraformVersion)
Key points:
The version of Terraform to install is specified via an Azure Pipeline variable named terraformVersion
and defined in the azure-pipeline.yaml file.
6. Review the line that reads, Step 3: run Terraform init to initialize the workspace . Now that
Terraform is installed on the agent, the Terraform directory can be initialized.
cli.TerraformCLI@0
displayName: 'Run terraform init'
inputs:
command: init
workingDirectory: $(terraformWorkingDirectory)
Key points:
The command input specifies which Terraform command to run.
The workingDirectory input indicates the path of the Terraform directory.
The $(terraformWorkingDirectory) variable is defined in the azure-pipeline.yaml file.
7. Review the line that reads, Step 4: run Terraform validate to validate HCL syntax . Once the project
directory is initialized, terraform validate is run to validate the configuration on the server.
cli.TerraformCLI@0
displayName: 'Run terraform validate'
inputs:
command: validate
8. Review the line that reads, Step 5: run Terraform plan to validate HCL syntax . As explained earlier,
generating the execution plan is done to verify if the Terraform configuration is valid before deployment.
cli.TerraformCLI@0
displayName: 'Run terraform plan'
inputs:
command: plan
environmentServiceName: $(serviceConnection)
commandOptions: -var location=$(azureLocation)
Key points:
The environmentServiceName input refers to the name of the Azure service connection created in
Configure your environment. The connection allows Terraform to access your Azure subscription.
The commandOptions input is used to pass arguments to the Terraform command. In this case, a
location is being specified. The $(azureLocation) variable is defined earlier in the YAML file.
Import the pipeline into Azure DevOps
1. Open your Azure DevOps project and go into the Azure Pipelines section.
2. Select Create Pipeline button.
3. For the Where is your code? option, select GitHub (YAML) .
4. At this point, you might have to authorize Azure DevOps to access your organization. For more
information on this topic, see the article, Build GitHub repositories.
5. In the repositories list, select the fork of the repository you created in your GitHub organization.
6. In the Configure your pipeline step, choose to start from an existing YAML pipeline.
7. When the Select existing YAML pipeline page displays, specify the branch master and enter the path
to the YAML pipeline: samples/integration-testing/src/azure-pipeline.yaml .
8. Select Continue to load the Azure YAML pipeline from GitHub.

9. When the Review your pipeline YAML page displays, select Run to create and manually trigger the
pipeline for the first time.
Verify the results

You can run the pipeline manually from the Azure DevOps UI. However, the point of the article is to show
automated continuous integration. Test the process by committing a change to the
samples/integration-testing/src folder of your forked repository. The change will automatically trigger a new
pipeline on the branch on which you're pushing the code.
Once you've done that step, access the details in Azure DevOps to ensure that everything ran correctly.

Next steps
Troubleshoot common problems when using
Terraform on Azure
This article lists common problems and possible solutions when using Terraform on Azure.
If you encounter a problem that is specific to Terraform, use one of HashiCorp's community support channels.
Unable to list provider registration status
VPN errors
HashiCorp Terraform specific support channels

Questions, use-cases, and useful patterns: Terraform section of the HashiCorp community portal
Provider-related questions: Terraform Providers section of the HashiCorp community portal
Unable to list provider registration status

Error message:
Error: Unable to list provider registration status, it is possible that this is due to invalid credentials or the service
principal does not have permission to use the Resource Manager API, Azure error:
resources.ProvidersClient#List: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure:
Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client '00000000-0000-0000-
0000-000000000000' with object id '00000000-0000-0000-0000-000000000000' does not have authorization
to perform action 'Microsoft.Resources/subscriptions/providers/read' over scope '/subscriptions/00000000-
0000-0000-0000-000000000000' or the scope is invalid. If access was recently granted, please refresh your
credentials."
Background: If you're running Terraform commands from the Cloud Shell and you've defined
certain Terraform/Azure environment variables, you can sometimes see conflicts. The environment variables and
the Azure value they represent are listed in the following table:
EN VIRO N M EN T VA RIA B L E A Z URE VA L UE
ARM_SUBSCRIPTION_ID Azure subscription ID
ARM_TENANT_ID Microsoft account tenant ID
ARM_CLIENT_ID Azure service principal app ID
ARM_CLIENT_SECRET Azure service principal password
Cause : As of this writing, the Terraform script that runs in Cloud Shell overwrites the ARM_SUBSCRIPTION_ID and
ARM_TENANT_ID environment variables using values from the current Azure subscription. As a result, if the
service principal referenced by the environment variables doesn't have rights to the current Azure subscription,
any Terraform operations will fail.
Error acquiring the state lock

Error message:
Error: Error acquiring the state lock; Error message: 2 errors occurred:
* state blob is already locked
* blob metadata "terraformlockid" was empty
Terraform acquires a state lock to protect the state from being written by multiple users at the same time. Please
resolve the issue above and try again. For most commands, you can disable locking with the "-lock=false" flag,
but this is not recommended.
Background: If you're running Terraform commands against a Terraform state file and this error is the only
message that appears, the following causes might apply. Applies to local and remote state files.
Cause: There are two potential causes for this error. The first is that a Terraform command is already running
against the state file and it has forced a lock on the file, so nothing breaks. The second potential cause is that a
connection interruption occurred between the state file and the CLI when commands were running. This
interruption most commonly occurs when you're using remote state files.
Resolution: First, make sure that you aren't already running any commands against the state file. If you're
working with a local state file, check to see whether you have terminals running any commands. Alternatively,
check your deployment pipelines to see whether something running might be using the state file. If this doesn't
resolve the issue, it's possible that the second cause triggered the error. For a remote state file stored in an Azure
Storage account container, you can locate the file and use the Break lease button.
If you're using other back ends to store your state file, for recommendations, see the HashiCorp documentation.
VPN errors
For information about resolving VPN errors, see the article, Troubleshoot a hybrid VPN connection.
Provision infrastructure with Azure deployment slots
using Terraform
You can use Azure deployment slots to swap between different versions of your app. That ability helps you
minimize the impact of broken deployments.
This article illustrates an example use of deployment slots by walking you through the deployment of two apps
via GitHub and Azure. One app is hosted in a production slot. The second app is hosted in a staging slot. (The
names "production" and "staging" are arbitrary. They can be whatever is appropriate for your scenario.) After
you configure your deployment slots, you use Terraform to swap between the two slots as needed.
Create an App Service

Create an App Service slot
Swap in and out of the example deployment slots

options:
GitHub account : You need a GitHub account to fork and use the test GitHub repo.
2. Create and apply the Terraform plan

2. Open Azure Cloud Shell. If you didn't select an environment previously, select Bash as your environment.
3. Change directories to the clouddrive directory.

cd clouddrive
4. Create a directory named deploy .
mkdir deploy
5. Create a directory named swap .
mkdir swap
6. Use the ls bash command to verify that you successfully created both directories.
7. Change directories to the deploy directory.
cd deploy
8. In Cloud Shell, create a file named deploy.tf .
code deploy.tf
9. Insert the following code into the editor:

# Configure the Azure provider
# The "feature" block is required for AzureRM provider 2.x.
# If you're using version 1.x, the "features" block is not allowed.
version = "~>2.0"
features {}
}
resource "azurerm_resource_group" "slotDemo" {

name = "slotDemoResourceGroup"
}
resource "azurerm_app_service_plan" "slotDemo" {

name = "slotAppServicePlan"
location = azurerm_resource_group.slotDemo.location
resource_group_name = azurerm_resource_group.slotDemo.name
sku {
tier = "Standard"
size = "S1"
}
}
resource "azurerm_app_service" "slotDemo" {

name = "slotAppService"
app_service_plan_id = azurerm_app_service_plan.slotDemo.id
}
resource "azurerm_app_service_slot" "slotDemo" {

name = "slotAppServiceSlotOne"
app_service_plan_id = azurerm_app_service_plan.slotDemo.id
app_service_name = azurerm_app_service.slotDemo.name
}
10. Save the file (<Ctrl>S ) and exit the editor (<Ctrl>Q ).
11. Now that you've created the file, verify its contents.
cat deploy.tf
12. Initialize Terraform.
terraform init
13. Create the Terraform plan.
terraform plan
14. Provision the resources that are defined in the deploy.tf configuration file. (Confirm the action by
entering yes at the prompt.)
terraform apply
15. Close the Cloud Shell window.

16. On the main menu of the Azure portal, select Resource groups .
17. On the Resource groups tab, select slotDemoResourceGroup .
You now see all the resources that Terraform has created.
3. Fork the test project

Before you can test the creation and swapping in and out of the deployment slots, you need to fork the test
project from GitHub.
1. Browse to the awesome-terraform repo on GitHub.
2. Fork the awesome-terraform repo.
3. Follow any prompts to fork to your environment.
4. Deploy from GitHub to your deployment slots

After you fork the test project repo, configure the deployment slots via the following steps:
2. Select slotDemoResourceGroup .
3. Select slotAppSer vice .
4. Select Deployment options .
5. On the Deployment option tab, select Choose Source , and then select GitHub .
6. After Azure makes the connection and displays all the options, select Authorization .
7. On the Authorization tab, select Authorize , and supply the credentials that Azure needs to access your
GitHub account.
8. After Azure validates your GitHub credentials, a message appears and says that the authorization process
has finished. Select OK to close the Authorization tab.
9. Select Choose your organization and select your organization.
10. Select Choose project .
11. On the Choose project tab, select the awesome-terraform project.
12. Select Choose branch .
13. On the Choose branch tab, select master .
14. On the Deployment option tab, select OK .
At this point, you've deployed the production slot. To deploy the staging slot, do the previous steps with the
following modifications:
In step 3, select the slotAppSer viceSlotOne resource.
In step 13, select the working branch.
5. Test the app deployments
In the previous sections, you set up two slots--slotAppSer vice and slotAppSer viceSlotOne --to deploy from
different branches in GitHub. Let's preview the web apps to validate that they were successfully deployed.
2. Select slotDemoResourceGroup .
3. Select either slotAppSer vice or slotAppSer viceSlotOne .
4. On the overview page, select URL .
5. Depending on the selected app, you see the following results:

slotAppSer vice web app - Blue page with a page title of Slot Demo App 1 .
slotAppSer viceSlotOne web app - Green page with a page title of Slot Demo App 2 .
6. Swap the two deployment slots
To test swapping the two deployment slots, do the following steps:
1. Switch to the browser tab that's running slotAppSer vice (the app with the blue page).
2. Return to the Azure portal on a separate tab.
3. Open Cloud Shell.
4. Change directories to the clouddrive/swap directory.
cd clouddrive/swap
5. In Cloud Shell, create a file named swap.tf .
code swap.tf
6. Insert the following code into the editor:
# Configure the Azure provider

# The "feature" block is required for AzureRM provider 2.x.
# If you're using version 1.x, the "features" block is not allowed.
version = "~>2.0"
features {}
}
# Swap the production slot and the staging slot

resource "azurerm_app_service_active_slot" "slotDemoActiveSlot" {
resource_group_name = "slotDemoResourceGroup"
app_service_name = "slotAppService"
app_service_slot_name = "slotappServiceSlotOne"
}
7. Save the file (<Ctrl>S ) and exit the editor (<Ctrl>Q ).

8. Initialize Terraform.
terraform init
9. Create the Terraform plan.
terraform plan
10. Provision the resources that are defined in the swap.tf configuration file. (Confirm the action by
entering yes at the prompt.)
terraform apply
11. After Terraform has swapped the slots, return to the browser. Refresh the page.
The web app in your slotAppSer viceSlotOne staging slot has been swapped with the production slot and is
now rendered in green.
To return to the original production version of the app, reapply the Terraform plan that you created from the
swap.tf configuration file.
terraform apply
After the app is swapped, you see the original configuration.

Next steps
Create an Application Gateway Ingress Controller in
Azure Kubernetes Service using Terraform
Terraform v1.1.4
Azure Kubernetes Service (AKS) manages your hosted Kubernetes environment. AKS makes it quick and easy to
deploy and manage containerized applications without container orchestration expertise. AKS also eliminates
the burden of taking applications offline for operational and maintenance tasks. Using AKS, you can do such
tasks as provisioning, upgrading, and scaling resources on-demand.
An Application Gateway Ingress Controller (AGIC) provides various features for Kubernetes services. These
features include reverse proxy, configurable traffic routing, and TLS termination. Kubernetes Ingress resources
are used to configure the Ingress rules for individual Kubernetes services. An Ingress controller allows a single
IP address to route traffic to multiple services in a Kubernetes cluster. All this functionality is provided by Azure
Application Gateway, making it an ideal Ingress controller for Kubernetes on Azure.
In this article, you learn how:
Create a Kubernetes cluster using AKS with Application Gateway as Ingress controller
Define a Kubernetes cluster
Create Application Gateway resource
Create a Kubernetes cluster
Test the availability of a Kubernetes cluster
NOTE

options:
Azure ser vice principal : The demo requires a service principal that can assign roles. If you already
have a service principal that can assign roles, you can use that service principal. If you need to create a
service principal, you have two options:
Specify the "Owner" role when you create a service principal. As a recommended practice, you should
grant the least privilege needed to perform a given job. Therefore, only use the "Owner" role if the
service principal is meant to be used in that capacity.
Create a custom role and specify that role when you create a service principal.
You'll need the following service principal values for the demo code: appId , displayName , password ,
tenant .
Ser vice principal object ID : Run the following command to get the object ID of the service principal:
az ad sp list --display-name "<display_name>" --query "[].{\"Object ID\":objectId}" --output table
SSH key pair : Use one of the following articles:

Portal
Windows
Linux/MacOS
Install Helm : Helm is the Kubernetes package manager.
Install GNU wget : Ensure you have access to wget by running wget at any command line without any
parameters. You can install wget from the official GNU wget website.
2. Configure Azure storage to store Terraform state

Terraform tracks state locally via the terraform.tfstate file. This pattern works well in a single-person
environment. However, in a more practical multi-person environment, you need to track state on the server
using Azure storage. In this section, you learn to retrieve the necessary storage account information and create a
storage container. The Terraform state information is then stored in that container.
1. Use one of the following options to create an Azure storage account:
Create a storage account (via the Azure portal)
Create a storage account (via Azure CLI)
Create a storage account (via Azure PowerShell)
3. Under Azure ser vices , select Storage accounts . (If the Storage accounts option isn't visible on the
main page, select More ser vices to locate the option.)
4. On the Storage accounts page, On the Storage accounts page, select the storage account where
Terraform will store the state information.
5. On the Storage account page, in the left menu, in the Security + networking section, select Access
keys .
6. On the Access keys page, select Show keys to display the key values.
7. Locate the key1 key on the page and select the icon to its right to copy the key value to the clipboard.
8. From a command line prompt, run az storage container create. This command creates a container in your
Azure storage account. Replace the placeholders with the appropriate values for your Azure storage
account.
az storage container create -n tfstate \

--account-name <storage_account_name> \
--account-key <storage_account_key>
9. When the command successfully completes, it displays a JSON block with a key of "created" and a value
of true . You can also run az storage container list to verify the container was successfully created.
az storage container list \

--account-name <storage_account_name> \
--account-key <storage_account_key>

2. Create a file named providers.tf and insert the following code.
terraform {
azurerm = {
version = "~>2.0"
}
}
backend "azurerm" {
resource_group_name = "<storage_account_resource_group>"
storage_account_name = "<storage_account_name>"
container_name = "tfstate"
key = "codelab.microsoft.tfstate"
}
}
features {}
}
Key points:
Set resource_group_name to the resource group of the storage account.
Set storage_account_name to the storage account name.
resource "random_pet" "rg-name" {

}

name = random_pet.rg-name.id
}
# Locals block for hardcoded names

locals {
backend_address_pool_name = "${azurerm_virtual_network.test.name}-beap"
frontend_port_name = "${azurerm_virtual_network.test.name}-feport"
frontend_ip_configuration_name = "${azurerm_virtual_network.test.name}-feip"
http_setting_name = "${azurerm_virtual_network.test.name}-be-htst"
listener_name = "${azurerm_virtual_network.test.name}-httplstn"
request_routing_rule_name = "${azurerm_virtual_network.test.name}-rqrt"
app_gateway_subnet_name = "appgwsubnet"
}
# User Assigned Identities

resource "azurerm_user_assigned_identity" "testIdentity" {
name = "identity1"
tags = var.tags
}
resource "azurerm_virtual_network" "test" {

name = var.virtual_network_name
address_space = [var.virtual_network_address_prefix]
subnet {
subnet {
name = var.aks_subnet_name
address_prefix = var.aks_subnet_address_prefix
}
subnet {
name = "appgwsubnet"
address_prefix = var.app_gateway_subnet_address_prefix
}
tags = var.tags
}
data "azurerm_subnet" "kubesubnet" {

name = var.aks_subnet_name
virtual_network_name = azurerm_virtual_network.test.name
depends_on = [azurerm_virtual_network.test]
}
data "azurerm_subnet" "appgwsubnet" {

name = "appgwsubnet"
}
# Public Ip
resource "azurerm_public_ip" "test" {
name = "publicIp1"
allocation_method = "Static"
sku = "Standard"
tags = var.tags
}
resource "azurerm_application_gateway" "network" {

name = var.app_gateway_name
sku {
name = var.app_gateway_sku
tier = "Standard_v2"
capacity = 2
}
gateway_ip_configuration {
name = "appGatewayIpConfig"
subnet_id = data.azurerm_subnet.appgwsubnet.id
}
frontend_port {
name = local.frontend_port_name
port = 80
}
frontend_port {
name = "httpsPort"
port = 443
}
frontend_ip_configuration {
name = local.frontend_ip_configuration_name
public_ip_address_id = azurerm_public_ip.test.id
}
backend_address_pool {
name = local.backend_address_pool_name
}
backend_http_settings {
name = local.http_setting_name
cookie_based_affinity = "Disabled"
port = 80
protocol = "Http"
request_timeout = 1
}
http_listener {
name = local.listener_name
frontend_ip_configuration_name = local.frontend_ip_configuration_name
frontend_port_name = local.frontend_port_name
protocol = "Http"
}
request_routing_rule {
name = local.request_routing_rule_name
rule_type = "Basic"
http_listener_name = local.listener_name
backend_address_pool_name = local.backend_address_pool_name
backend_http_settings_name = local.http_setting_name
}
tags = var.tags
depends_on = [azurerm_virtual_network.test, azurerm_public_ip.test]

}
resource "azurerm_role_assignment" "ra1" {

scope = data.azurerm_subnet.kubesubnet.id
role_definition_name = "Network Contributor"
principal_id = var.aks_service_principal_object_id
}

scope = azurerm_user_assigned_identity.testIdentity.id
role_definition_name = "Managed Identity Operator"
principal_id = var.aks_service_principal_object_id
depends_on = [azurerm_user_assigned_identity.testIdentity]
}

scope = azurerm_application_gateway.network.id
role_definition_name = "Contributor"
principal_id = azurerm_user_assigned_identity.testIdentity.principal_id
depends_on = [azurerm_user_assigned_identity.testIdentity,
azurerm_application_gateway.network]
}

scope = azurerm_resource_group.rg.id
role_definition_name = "Reader"
principal_id = azurerm_user_assigned_identity.testIdentity.principal_id
depends_on = [azurerm_user_assigned_identity.testIdentity,
azurerm_application_gateway.network]
}
resource "azurerm_kubernetes_cluster" "k8s" {

name = var.aks_name
dns_prefix = var.aks_dns_prefix
http_application_routing_enabled = false
linux_profile {
admin_username = var.vm_user_name
ssh_key {
key_data = file(var.public_ssh_key_path)
}
}
default_node_pool {
name = "agentpool"
node_count = var.aks_agent_count
vm_size = var.aks_agent_vm_size
os_disk_size_gb = var.aks_agent_os_disk_size
vnet_subnet_id = data.azurerm_subnet.kubesubnet.id
}
service_principal {
client_id = var.aks_service_principal_app_id
client_secret = var.aks_service_principal_client_secret
}
network_profile {
network_plugin = "azure"
dns_service_ip = var.aks_dns_service_ip
docker_bridge_cidr = var.aks_docker_bridge_cidr
service_cidr = var.aks_service_cidr
}
role_based_access_control {
enabled = var.aks_enable_rbac
}
depends_on = [azurerm_virtual_network.test, azurerm_application_gateway.network]

tags = var.tags
}
default = "rg"
}
default = "eastus"
}
variable "aks_service_principal_app_id" {
description = "Application ID/Client ID of the service principal. Used by AKS to manage AKS
related resources on Azure like vms, subnets."
}
variable "aks_service_principal_client_secret" {
description = "Secret of the service principal. Used by AKS to manage Azure."
}
variable "aks_service_principal_object_id" {
description = "Object ID of the service principal."
}
variable "virtual_network_name" {
description = "Virtual network name"
default = "aksVirtualNetwork"
default = "aksVirtualNetwork"
}
variable "virtual_network_address_prefix" {
description = "VNET address prefix"
default = "192.168.0.0/16"
}
variable "aks_subnet_name" {
description = "Subnet Name."
default = "kubesubnet"
}
variable "aks_subnet_address_prefix" {
description = "Subnet address prefix."
default = "192.168.0.0/24"
}
variable "app_gateway_subnet_address_prefix" {
description = "Subnet server IP address."
default = "192.168.1.0/24"
}
variable "app_gateway_name" {
description = "Name of the Application Gateway"
default = "ApplicationGateway1"
}
variable "app_gateway_sku" {
description = "Name of the Application Gateway SKU"
default = "Standard_v2"
}
variable "app_gateway_tier" {
description = "Tier of the Application Gateway tier"
default = "Standard_v2"
}
variable "aks_name" {
description = "AKS cluster name"
default = "aks-cluster1"
}
variable "aks_dns_prefix" {
description = "Optional DNS prefix to use with hosted Kubernetes API server FQDN."
default = "aks"
}
variable "aks_agent_os_disk_size" {
description = "Disk size (in GB) to provision for each of the agent pool nodes. This value ranges
from 0 to 1023. Specifying 0 applies the default disk size for that agentVMSize."
default = 40
}
variable "aks_agent_count" {
description = "The number of agent nodes for the cluster."
default = 3
}
variable "aks_agent_vm_size" {
description = "VM size"
default = "Standard_D3_v2"
}
variable "kubernetes_version" {
description = "Kubernetes version"
default = "1.11.5"
}
variable "aks_service_cidr" {
description = "CIDR notation IP range from which to assign service cluster IPs"
description = "CIDR notation IP range from which to assign service cluster IPs"
default = "10.0.0.0/16"
}
variable "aks_dns_service_ip" {
description = "DNS server IP address"
default = "10.0.0.10"
}
variable "aks_docker_bridge_cidr" {
description = "CIDR notation IP for Docker bridge."
default = "172.17.0.1/16"
}
variable "aks_enable_rbac" {
description = "Enable RBAC on the AKS cluster. Defaults to false."
default = "false"
}
variable "vm_user_name" {
description = "User name for the VM"
default = "vmuser1"
}
variable "public_ssh_key_path" {
description = "Public key path for SSH."
default = "~/.ssh/id_rsa.pub"
}
variable "tags" {
type = map(string)
default = {
source = "terraform"
}
}
5. Create a file named output.tf and insert the following code.

}
output "client_key" {
value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_key
}
output "client_certificate" {
value = azurerm_kubernetes_cluster.k8s.kube_config.0.client_certificate
}
output "cluster_ca_certificate" {
value = azurerm_kubernetes_cluster.k8s.kube_config.0.cluster_ca_certificate
}
output "cluster_username" {
value = azurerm_kubernetes_cluster.k8s.kube_config.0.username
}
output "cluster_password" {
value = azurerm_kubernetes_cluster.k8s.kube_config.0.password
}
output "kube_config" {
value = azurerm_kubernetes_cluster.k8s.kube_config_raw
sensitive = true
}
output "host" {
value = azurerm_kubernetes_cluster.k8s.kube_config.0.host
}
output "identity_resource_id" {
value = azurerm_user_assigned_identity.testIdentity.id
}
output "identity_client_id" {
value = azurerm_user_assigned_identity.testIdentity.client_id
}
output "application_ip_address" {
value = azurerm_public_ip.test.ip_address
}
6. Create a file named terraform.tfvars and insert the following code.
aks_service_principal_app_id = "<service_principal_app_id>"
aks_service_principal_client_secret = "<service_principal_password>"
aks_service_principal_object_id = "<service_principal_object_id>"
Key points:
Set aks_service_principal_app_id to the service principal appId value.
Set aks_service_principal_client_secret to the service principal password value.
Set aks_service_principal_object_id to the service principal object ID. (The Azure CLI command for
obtaining this value is in the Configure your environment section.)
terraform init

Key points:
resources.

Key points:
terraform apply .
7. Verify the results: Test the Kubernetes cluster

The Kubernetes tools can be used to verify the newly created cluster.
1. Run az aks get-credentials to get the Kubernetes configuration and access credentials from Azure.
az aks get-credentials --name <aks_cluster_name> \

--resource-group <resource_group_name> \
--overwrite-existing
Key points:
Replace the <aks_cluster_name> placeholder with the aks_name block's default value (from the
variables.tf file).
Replace the <resource_group_name> placeholder with the randomly generated resource group name.
Get the resource group name by running echo "$(terraform output resource_group_name)" .
2. Verify the health of the cluster.
kubectl get nodes
Key points:
The details of your worker nodes are displayed with a status of Ready .
8. Install Azure AD Pod Identity

Azure Active Directory Pod Identity provides token-based access to Azure Resource Manager.
Azure AD Pod Identity adds the following components to your Kubernetes cluster:
Kubernetes CRDs: AzureIdentity , AzureAssignedIdentity , AzureIdentityBinding
Managed Identity Controller (MIC) component
Node Managed Identity (NMI) component
To install Azure AD Pod Identity to your cluster, you need to know if RBAC is enabled or disabled. RBAC is
disabled by default for this demo. Enabling or disabling RBAC is done in the variables.tf file via the
aks_enable_rbac block's default value.
If RBAC is enabled , run the following command:
kubectl create -f https://raw.githubusercontent.com/Azure/aad-pod-

identity/master/deploy/infra/deployment-rbac.yaml
If RBAC is disabled , run the following command:
kubectl create -f https://raw.githubusercontent.com/Azure/aad-pod-

identity/master/deploy/infra/deployment.yaml
9. Install Helm
Use Helm to install the application-gateway-kubernetes-ingress package:
1. Run the following helm commands to add the AGIC Helm repo.
helm repo add application-gateway-kubernetes-ingress

https://appgwingress.blob.core.windows.net/ingress-azure-helm-package/
2. Update the AGIC Helm repo.
helm repo update
10. Install AGIC Helm Chart

1. Download helm-config.yaml to configure AGIC. (If you don't have access to wget , see the Configure your
environment section.)
wget https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-
ingress/master/docs/examples/sample-helm-config.yaml -O helm-config.yaml
2. Open the helm-config.yaml file in a text editor.

3. Enter values for the top level keys.
verbosityLevel : Specify the verbosity level of the AGIC logging infrastructure. For more information
about logging levels, see the Logging Levels section of the Application Gateway Kubernetes Ingress
document.
4. Enter values for the appgw block.
appgw.subscriptionId : Specify the Azure subscription ID used to create the App Gateway.
appgw.resourceGroup : Specify the randomly generated resource group name. Get the resource group
name by running echo "$(terraform output resource_group_name)"
appgw.name : Specify the name of the Application Gateway. This value is set in the variables.tf file via
the app_gateway_name block's default value.
appgw.shared : This boolean flag defaults to false . Set it to true if you need a Shared App Gateway.
5. Enter values for the kubernetes block.
kubernetes.watchNamespace : Specify the name space, which AGIC should watch. The namespace can be
a single string value, or a comma-separated list of namespaces. Leaving this variable commented out,
or setting it to a blank or an empty string results in the Ingress controller observing all accessible
namespaces.
6. Enter values for the armAuth block.
If you specify armAuth.type as aadPodIdentity :
armAuth.identityResourceID : Get the identity resource ID by running
echo "$(terraform output identity_resource_id)" .
armAuth.identityClientId : Get the identity client ID by running
echo "$(terraform output identity_client_id)" .
If you specify armAuth.type as servicePrincipal , see Using a service principal.
7. Install the Application Gateway Ingress controller package:
helm install -f helm-config.yaml application-gateway-kubernetes-ingress/ingress-azure --generate-name
8. To get the key values from your identity, you can run az identity show .
az identity show -g <resource_group_name> -n <identity_name>
Key points:
Replace the <resource_group_name> placeholder with the randomly generated resource group name.
Get the resource group name by running echo "$(terraform output resource_group_name)" .
Replace the <identity_name> placeholder with the identity name for this demo. The identity name
defaults to identity1 in the main.tf file.
All identities for a given subscription can be by running az identity list .
11. Install a sample app
Once you have the App Gateway, AKS, and AGIC installed, install a sample app.
1. Use the curl command to download the YAML file:
curl https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-
ingress/master/docs/examples/aspnetapp.yaml -o aspnetapp.yaml
2. Apply the YAML file:
kubectl apply -f aspnetapp.yaml
12. Verify the results: Test the sample app

1. Run the following Terraform command to get the app's IP address.
echo "$(terraform output application_ip_address)"
2. Using a browser, go to the IP address indicated in the previous step.

Delete App Gateway, AKS, and AGIC resources
Key points:
Delete storage account

Cau t i on
Only delete the resource group containing storage account you used in this demo if you're not using either for
anything else.
Run az group delete to delete the resource group (and its storage account you used in this demo).
az group delete --name <storage_resource_group_name> --yes
Key points:
Replace the storage_resource_group_name placeholder with the resource_group_name value in the
providers.tf file.
Delete service principal
Cau t i on
Only delete the service principal you used in this demo if you're not using it for anything else.
az ad sp delete --id <service_principal_object_id>

If you receive a "403 error" when applying the Terraform execution plan during the role assignment, it usually
means your service principal role doesn't include permission to assign roles in Azure RBAC. For more
information about the built-in roles, see Azure built-in roles. The following options will enable you to resolve the
error:
Create the service principal with the "Owner" role. As a recommended practice, you should grant the least
privilege needed to perform a given job. Therefore, only use the "Owner" role if the service principal is meant
to be used in that capacity.
Create a custom role based on the role you want - such as Contributor. Depending on the base role you use,
either add the Microsoft.Authorization/*/Write action to the Actions block or remove it from the
NotActions block. For more information on custom roles, see Azure custom roles.
Next steps
Application Gateway Ingress Controller
Quickstart: Deploy an Azure Cosmos DB to Azure
Container Instances
Terraform v1.2.7
This article shows how to use Terraform to deploy an Azure Cosmos DB to Azure Container Instances.
Create an Azure Cosmos DB instance

Create an Azure Container Instance
Create an app that works across these two resources
NOTE
Prerequisites
options:

terraform {
azurerm = {
version = "~>3.0"
}
random = {
version = "~>3.0"
}
}
}
features {}
}

}

}
resource "random_integer" "ri" {

min = 10000
max = 99999
}
resource "azurerm_cosmosdb_account" "vote_cosmos_db" {

name = "tfex-cosmos-db-${random_integer.ri.result}"
offer_type = "Standard"
kind = "GlobalDocumentDB"
consistency_policy {
consistency_level = "BoundedStaleness"
max_interval_in_seconds = 10
max_staleness_prefix = 200
}
geo_location {
failover_priority = 0
}
}
4. Create a file named aci.tf and insert the following code:

resource "azurerm_container_group" "vote_aci" {
name = "vote-aci"
ip_address_type = "public"
dns_name_label = "vote-aci-${random_integer.ri.result}"
os_type = "linux"
container {
name = "vote-aci"
image = "mcr.microsoft.com/azuredocs/azure-vote-front:cosmosdb"
cpu = "0.5"
memory = "1.5"
ports {
port = 80
protocol = "TCP"
}
secure_environment_variables = {
"COSMOS_DB_ENDPOINT" = azurerm_cosmosdb_account.vote_cosmos_db.endpoint
"COSMOS_DB_MASTERKEY" = azurerm_cosmosdb_account.vote_cosmos_db.primary_key
"TITLE" = "Azure Voting App"
"VOTE1VALUE" = "Cats"
"VOTE2VALUE" = "Dogs"
}
}
}
default = "eastus"
}
default = "rg"
}
}
output "cosmosdb_account_name" {
value = azurerm_cosmosdb_account.vote_cosmos_db.name
}
output "dns" {
value = azurerm_container_group.vote_aci.fqdn
}
terraform init

Key points:
resources.

Key points:
terraform apply .
Verify the results

1. Get the resource group name.
2. Get the Azure Cosmos DB account name.
echo "$(terraform output cosmosdb_account_name)"
3. Run az cosmosdb sql database list/
az cosmosdb sql database list \

--resource-group <resource_group_name> \
--account-name <cosmosdb_account_name>
Test application
1. Get the Azure Cosmos DB account name.
echo "$(terraform output dns)"
2. Browse to the URL indicated in the previous step. You should see results similar to the following output:
Clean up resources
Key points:

Next steps
Deploy a PostgreSQL Flexible Server Database
using Terraform
Terraform v1.1.4
This article shows how to deploy a PostgreSQL Flexible Server Database using Terraform.
Create an Azure resource group using azurerm_resource_group

Create an Azure virtual network (VNet) using azurerm_virtual_network
Create an Azure Network Security Group (NSG) using azurerm_network_security_group
Create an Azure subnet azurerm_subnet
Create an Azure subnet Network Security Group (NSG) using
azurerm_subnet_network_security_group_association
Define a private DNS zone within an Azure DNS using azurerm_private_dns_zone
Define a private DNS zone VNet link using using azurerm_private_dns_zone_virtual_network_link
Deploy an Azure PostgreSQL Flexible Server on which the database runs using
azurerm_postgresql_flexible_server
Instantiate an Azure PostgreSQL database using azurerm_postgresql_flexible_server_database
NOTE

options:
1. Create a directory in which to test and run the sample Terraform code and make it the current directory.
terraform {
azurerm = {
version = "~>2.0"
}
}
}
features {}
}
3. Create a file named main.tf and insert the following code to deploy the PostgreSQL Flexible Server on
which the database runs.
resource "random_pet" "rg-name" {

prefix = var.name_prefix
}
resource "azurerm_resource_group" "default" {

name = random_pet.rg-name.id
}
resource "azurerm_virtual_network" "default" {

name = "${var.name_prefix}-vnet"
location = azurerm_resource_group.default.location
resource_group_name = azurerm_resource_group.default.name
address_space = ["10.0.0.0/16"]
}
resource "azurerm_network_security_group" "default" {

name = "${var.name_prefix}-nsg"
security_rule {
name = "test123"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}
resource "azurerm_subnet" "default" {

name = "${var.name_prefix}-subnet"
virtual_network_name = azurerm_virtual_network.default.name
service_endpoints = ["Microsoft.Storage"]
delegation {
name = "fs"
service_delegation {
name = "Microsoft.DBforPostgreSQL/flexibleServers"
actions = [
"Microsoft.Network/virtualNetworks/subnets/join/action",
]
}
}
}
resource "azurerm_subnet_network_security_group_association" "default" {

subnet_id = azurerm_subnet.default.id
network_security_group_id = azurerm_network_security_group.default.id
}
resource "azurerm_private_dns_zone" "default" {

name = "${var.name_prefix}-pdz.postgres.database.azure.com"
depends_on = [azurerm_subnet_network_security_group_association.default]
}
resource "azurerm_private_dns_zone_virtual_network_link" "default" {

name = "${var.name_prefix}-pdzvnetlink.com"
private_dns_zone_name = azurerm_private_dns_zone.default.name
virtual_network_id = azurerm_virtual_network.default.id
}
resource "azurerm_postgresql_flexible_server" "default" {

name = "${var.name_prefix}-server"
version = "13"
delegated_subnet_id = azurerm_subnet.default.id
private_dns_zone_id = azurerm_private_dns_zone.default.id
administrator_login = "adminTerraform"
administrator_password = "QAZwsx123"
zone = "1"
storage_mb = 32768
sku_name = "GP_Standard_D2s_v3"
backup_retention_days = 7
depends_on = [azurerm_private_dns_zone_virtual_network_link.default]
}
4. Create a file named postgresql-fs-db.tf and insert the following code to instantiate the database:
resource "azurerm_postgresql_flexible_server_database" "default" {

name = "${var.name_prefix}-db"
server_id = azurerm_postgresql_flexible_server.default.id
collation = "en_US.UTF8"
charset = "UTF8"
}

variable "name_prefix" {
default = "postgresqlfs"
description = "Prefix of the resource name."
}
variable "location" {
default = "eastus"
description = "Location of the resource."
}
6. Create a file named output.tf and insert the following code to output the resource group name, Azure
PostgreSQL server name, and Azure PostgreSQL database name:
value = azurerm_resource_group.default.name
}
output "azurerm_postgresql_flexible_server" {
value = azurerm_postgresql_flexible_server.default.name
}
output "postgresql_flexible_server_database_name" {
value = azurerm_postgresql_flexible_server_database.default.name
}
terraform init

Key points:
resources.


Key points:
terraform apply .

Azure CLI
Azure PowerShell
Run az postgres flexible-server db show to display the Azure PostgreSQL database.
az postgres flexible-server db show --resource-group <resource_group_name> --server-name <server_name> --

database-name <database_name>
Key points:
The values for the <resource_group_name> , <server_name> , and <database_name> are displayed in the
terraform apply output.
Key points:

Next steps
Learn more about PostgreSQL Flexible Server
Configure an Azure Network Watcher Connection
using Terraform
This article shows example Terraform code for setting up Network Watcher on Azure to monitor the network
health for a Network Security Group.
Configure an Azure Network Watcher and flow logs

options:
2. Configure an Azure Network Watcher and flow logs

provider azurerm {
version = "~>2.0"
features {}
}
resource "azurerm_resource_group" "application1" {

name = "app1_rg"
location = "northcentralus"
}
# Networking components to be monitored

resource "azurerm_network_security_group" "application1" {
name = "application1"
location = azurerm_resource_group.application1.location
resource_group_name = azurerm_resource_group.application1.name
security_rule {
name = "test123"
priority = 110
priority = 110
access = "Deny"
protocol = "Tcp"
destination_port_range = "22"
}
}
# Log collection components

resource "azurerm_storage_account" "network_log_data" {
name = "app1logdata"
account_tier = "Standard"
account_replication_type = "GRS"
min_tls_version = "TLS1_2"
}
resource "azurerm_log_analytics_workspace" "traffic_analytics" {

name = "app007-traffic-analytics"
retention_in_days = 90
daily_quota_gb = 10
}
# The Network Watcher Instance & network log flow

# There can only be one Network Watcher per subscription and region
resource "azurerm_network_watcher" "app1_traffic" {

name = "NetworkWatcher_northcentralus"
}
resource "azurerm_network_watcher_flow_log" "app1_network_logs" {

network_watcher_name = azurerm_network_watcher.app1_traffic.name
resource_group_name = azurerm_network_watcher.app1_traffic.resource_group_name
network_security_group_id = azurerm_network_security_group.application1.id
storage_account_id = azurerm_storage_account.network_log_data.id
enabled = true
retention_policy {
enabled = true
days = 90
}
traffic_analytics {
enabled = true
workspace_id = azurerm_log_analytics_workspace.traffic_analytics.workspace_id
workspace_region = azurerm_log_analytics_workspace.traffic_analytics.location
workspace_resource_id = azurerm_log_analytics_workspace.traffic_analytics.id
interval_in_minutes = 10
}
}
terraform init

Key points:
resources.

Key points:
terraform apply .

Next steps
Network security group flow logging
Migrate Azure Firewall Standard to Premium using
Terraform
If you use Terraform to deploy standard Azure Firewall with classic rules, you can modify your Terraform
configuration file to migrate your firewall to Azure Firewall Premium using a Premium firewall policy.
Deploy a standard Azure Firewall with classic rules using Terraform

Import the firewall rules into a premium firewall policy
Edit the Terraform configuration file to migrate the firewall

options:

terraform {
azurerm = {
version = ">=2.46.0"
}
}
}
features {}
}

name = "test-resources"
}
resource "azurerm_virtual_network" "vnet" {

name = "testvnet"
address_space = ["10.0.0.0/16"]
}
resource "azurerm_subnet" "subnet" {

name = "AzureFirewallSubnet"
virtual_network_name = azurerm_virtual_network.vnet.name
}
resource "azurerm_public_ip" "pip" {

name = "testpip"
sku = "Standard"
}
resource "azurerm_firewall" "fw" {

name = "testfirewall"
ip_configuration {
name = "configuration"
subnet_id = azurerm_subnet.subnet.id
public_ip_address_id = azurerm_public_ip.pip.id
}
}
resource "azurerm_firewall_application_rule_collection" "app-rc" {

name = "apptestcollection"
azure_firewall_name = azurerm_firewall.fw.name
priority = 100
action = "Allow"
rule {
name = "testrule"
source_addresses = [
"10.0.0.0/16",
]
target_fqdns = [
"*.google.com",
]
protocol {
port = "443"
type = "Https"
}
}
}
resource "azurerm_firewall_network_rule_collection" "net-rc" {

name = "nettestcollection"
priority = 100
action = "Allow"
action = "Allow"
rule {
name = "dnsrule"
"10.0.0.0/16",
]
destination_ports = [
"53",
]
destination_addresses = [
"8.8.8.8",
"8.8.4.4",
]
protocols = [
"TCP",
"UDP",
]
}
}
default = "eastus"
}
terraform init

Key points:
resources.

Key points:
terraform apply .
6. Import the firewall rules into a premium policy

Now you have a standard firewall with classic rules. Next, create a premium Firewall Policy and import the rules
from the firewall.
1. On the Azure portal, select Create a resource .
2. Search for firewall policy and select it.
3. Select Create .
4. For Resource group select test-resources .
5. For Name, type prem-pol .
6. For Region, select East US .
7. For Policy tier, select Premium .
8. Select Next: DNS Settings , and continue until you reach the Rules page.
9. On the Rules page, select Impor t rules from an Azure Firewall .
10. Select testfirewall , and then select Impor t .
11. Select Review + create .
12. Select Create .
7. Edit the Terraform configuration file to migrate the firewall

Open the main.tf file, and make the following changes:
1. Add the following 'data' section:
data "azurerm_firewall_policy" "prem-pol" {

name = "prem-pol"
}
2. Modify the firewall resource:

resource "azurerm_firewall" "fw" {
name = "testfirewall"
firewall_policy_id = data.azurerm_firewall_policy.prem-pol.id
sku_tier = "Premium"
ip_configuration {
name = "configuration"
public_ip_address_id = azurerm_public_ip.pip.id
}
}
3. Delete the classic rule collections:

resource "azurerm_firewall_application_rule_collection" "app-rc" {
name = "apptestcollection"
priority = 100
action = "Allow"
rule {
name = "testrule"
"10.0.0.0/16",
]
target_fqdns = [
"*.google.com",
]
protocol {
port = "443"
type = "Https"
}
}
}
resource "azurerm_firewall_network_rule_collection" "net-rc" {

name = "nettestcollection"
priority = 100
action = "Allow"
rule {
name = "dnsrule"
"10.0.0.0/16",
]
destination_ports = [
"53",
]
destination_addresses = [
"8.8.8.8",
"8.8.4.4",
]
protocols = [
"TCP",
"UDP",
]
}
}
8. Apply the modified Terraform execution plan

1. terraform plan -out main.tfplan
2. terraform apply main.tfplan

1. Select the test-resources resource group.
2. Select the testfirewall resource.
3. Verify the Firewall sku is Premium .
4. Verify the firewall is using the prem-pol firewall policy.

Key points:

Next steps
Deploy an Azure Application Gateway v2 using
Terraform to direct web traffic
Terraform v1.1.7
In this article, you deploy an Azure Application Gateway v2 and two Windows Server 2019 Datacenter test
servers for the backend pool
Deploy an Application Gateway v2 using Terraform

Deploy two virtual machines in the Application Gateway backend pool to test
Test the Application Gateway to verify the deployment
NOTE

options:

terraform {
azurerm = {
version = ">=2.97.0"
}
}
}
features {}
}
resource "azurerm_resource_group" "rg1" {

name = "myResourceGroupAG"
location = "eastus"
}
resource "azurerm_virtual_network" "vnet1" {

name = "myVNet"
resource_group_name = azurerm_resource_group.rg1.name
location = azurerm_resource_group.rg1.location
address_space = ["10.21.0.0/16"]
}
resource "azurerm_subnet" "frontend" {

name = "myAGSubnet"
virtual_network_name = azurerm_virtual_network.vnet1.name
}
resource "azurerm_subnet" "backend" {

name = "myBackendSubnet"
virtual_network_name = azurerm_virtual_network.vnet1.name
}
resource "azurerm_public_ip" "pip1" {

name = "myAGPublicIPAddress"
sku = "Standard"
}
resource "azurerm_application_gateway" "network" {

name = "myAppGateway"
sku {
name = "Standard_v2"
tier = "Standard_v2"
capacity = 2
}
gateway_ip_configuration {
name = "my-gateway-ip-configuration"
subnet_id = azurerm_subnet.frontend.id
}
frontend_port {
name = var.frontend_port_name
port = 80
}
name = var.frontend_ip_configuration_name
public_ip_address_id = azurerm_public_ip.pip1.id
}
name = var.backend_address_pool_name
}
backend_http_settings {
name = var.http_setting_name
cookie_based_affinity = "Disabled"
port = 80
protocol = "Http"
request_timeout = 60
}
http_listener {
name = var.listener_name
frontend_ip_configuration_name = var.frontend_ip_configuration_name
frontend_port_name = var.frontend_port_name
protocol = "Http"
}
request_routing_rule {
name = var.request_routing_rule_name
rule_type = "Basic"
http_listener_name = var.listener_name
backend_address_pool_name = var.backend_address_pool_name
backend_http_settings_name = var.http_setting_name
}
}
resource "azurerm_network_interface" "nic" {

count = 2
name = "nic-${count.index+1}"
ip_configuration {
name = "nic-ipconfig-${count.index+1}"
subnet_id = azurerm_subnet.backend.id
private_ip_address_allocation = "Dynamic"
}
}
resource "azurerm_network_interface_application_gateway_backend_address_pool_association" "nic-

assoc01" {
count = 2
network_interface_id = azurerm_network_interface.nic[count.index].id
ip_configuration_name = "nic-ipconfig-${count.index+1}"
backend_address_pool_id = azurerm_application_gateway.network.backend_address_pool[0].id
}
resource "random_password" "password" {

length = 16
special = true
lower = true
upper = true
number = true
number = true
}
resource "azurerm_windows_virtual_machine" "vm" {

count = 2
name = "myVM${count.index+1}"
size = "Standard_DS1_v2"
admin_username = "azureadmin"
admin_password = random_password.password.result
network_interface_ids = [
azurerm_network_interface.nic[count.index].id,
]
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2019-Datacenter"
version = "latest"
}
}
resource "azurerm_virtual_machine_extension" "vm-extensions" {

count = 2
name = "vm${count.index+1}-ext"
virtual_machine_id = azurerm_windows_virtual_machine.vm[count.index].id
publisher = "Microsoft.Compute"
type = "CustomScriptExtension"
type_handler_version = "1.10"
settings = <<SETTINGS
{
"commandToExecute": "powershell Add-WindowsFeature Web-Server; powershell Add-Content -Path
\"C:\\inetpub\\wwwroot\\Default.htm\" -Value $($env:computername)"
}
SETTINGS

variable "backend_address_pool_name" {
default = "myBackendPool"
}
variable "frontend_port_name" {
default = "myFrontendPort"
}
variable "frontend_ip_configuration_name" {
default = "myAGIPConfig"
}
variable "http_setting_name" {
default = "myHTTPsetting"
}
variable "listener_name" {
default = "myListener"
}
variable "request_routing_rule_name" {
default = "myRoutingRule"
}
variable "redirect_configuration_name" {
default = "myRedirectConfig"
}
terraform init

Key points:
resources.

Key points:
terraform apply .

2. Under Azure ser vices , select Resource groups .
3. Select the myResourceGroupAG resource group.
4. Select the myAppGateway resource.
5. On the Over view page, copy the Frontend public IP address to the clipboard.
6. Paste the public IP address into the address bar of your web browser. Refresh the browser to see the name of
the virtual machine. A valid response verifies the application gateway is successfully created and can connect
with the backend.
Key points:

Next steps
Learn more about using Application Gateway
Create a hub and spoke hybrid network topology in
Azure using Terraform
This articles series shows how to use Terraform to implement in Azure a hub and spoke network topology.
A hub and spoke topology is a way to isolate workloads while sharing common services. These services include
identity and security. The hub is a virtual network (VNet) that acts as a central connection point to an on-
premises network. The spokes are VNets that peer with the hub. Shared services are deployed in the hub, while
individual workloads are deployed inside spoke networks.
Lay out hub and spoke hybrid network reference architecture resources
Create hub network appliance resources
Create hub network in Azure to act as common point for all resources
Create individual workloads as spoke VNets in Azure
Establish gateways and connections between on premises and Azure networks
Create VNet peerings to spoke networks

options:
2. Understand hub and spoke topology architecture

In the hub and spoke topology, the hub is a VNet. The VNet acts as a central point of connectivity to your on-
premises network. The spokes are VNets that peer with the hub, and can be used to isolate workloads. Traffic
flows between the on-premises datacenter and the hub through an ExpressRoute or VPN gateway connection.
The following image demonstrates the components in a hub and spoke topology:
Benefits of the hub and spoke topology
A hub and spoke network topology is a way to isolate workloads while sharing common services. These services
include identity and security. The hub is a VNet that acts as a central connection point to an on-premises
network. The spokes are VNets that peer with the hub. Shared services are deployed in the hub, while individual
workloads are deployed inside spoke networks. Here are some benefits of the hub and spoke network topology:
Cost savings by centralizing services in a single location that can be shared by multiple workloads. These
workloads include network virtual appliances and DNS servers.
Overcome subscriptions limits by peering VNets from different subscriptions to the central hub.
Separation of concerns between central IT (SecOps, InfraOps) and workloads (DevOps).
Typical uses for the hub and spoke architecture
Some of the typical uses for a hub and spoke architecture include:
Many customers have workloads that are deployed in different environments. These environments include
development, testing, and production. Many times, these workloads need to share services such as DNS, IDS,
NTP, or AD DS. These shared services can be placed in the hub VNet. That way, each environment is deployed
to a spoke to maintain isolation.
Workloads that don't require connectivity to each other, but require access to shared services.
Enterprises that require central control over security aspects.
Enterprises that require segregated management for the workloads in each spoke.
3. Preview the demo components

As you work through each article in this series, various components are defined in distinct Terraform scripts. The
demo architecture created and deployed consists of the following components:
On-premises network . A private local-area network running with an organization. For hub and spoke
reference architecture, a VNet in Azure is used to simulate an on-premises network.
VPN device . A VPN device or service provides external connectivity to the on-premises network. The
VPN device may be a hardware appliance or a software solution.
Hub VNet . The hub is the central point of connectivity to your on-premises network and a place to host
services. These services can be consumed by the different workloads hosted in the spoke VNets.
Gateway subnet . The VNet gateways are held in the same subnet.
Spoke VNets . Spokes can be used to isolate workloads in their own VNets, managed separately from
other spokes. Each workload might include multiple tiers, with multiple subnets connected through Azure
load balancers.
VNet peering . Two VNets can be connected using a peering connection. Peering connections are non-
transitive, low latency connections between VNets. Once peered, the VNets exchange traffic by using the
Azure backbone, without needing a router. In a hub and spoke network topology, VNet peering is used to
connect the hub to each spoke. You can peer VNets in the same region, or different regions.

1. Create a directory to contain the example code for the entire multi-article series.
terraform {
azurerm = {
version = "~>2.0"
}
}
}
features {}
}
description = "Location of the network"
default = "eastus"
}
variable "username" {
description = "Username for Virtual Machines"
default = "azureuser"
}
variable "password" {
description = "Password for Virtual Machines"
}
variable "vmsize" {
description = "Size of the VMs"
default = "Standard_DS1_v2"
}
Key points:
This article uses a password you enter when you call terraform plan . In a real-world app, you might
consider using a SSH public/private key pair.
For more information about SSH keys and Azure, see How to use SSH keys with Windows on Azure.

Next steps
Create on-premises virtual network with Terraform in Azure
Create on-premises virtual network in Azure using
Terraform
This article shows how to implement an on-premises network in Azure. You can replace the sample network
with a private virtual network. To do so, modify the subnet IP addresses to suit your environment.
Implement an on-premises VNet in hub-spoke topology

Create hub network appliance resources
Create on-premises virtual machine
Create on-premises virtual private network gateway

options:
Create a hub and spoke hybrid network topology with Terraform in Azure.

1. Make the example directory created in the first article of this series the current directory.
2. Create a file named on-prem.tf and insert the following code:
locals {
onprem-location = "eastus"
onprem-resource-group = "onprem-vnet-rg"
prefix-onprem = "onprem"
}
resource "azurerm_resource_group" "onprem-vnet-rg" {

name = local.onprem-resource-group
location = local.onprem-location
}
resource "azurerm_virtual_network" "onprem-vnet" {

name = "onprem-vnet"
name = "onprem-vnet"
location = azurerm_resource_group.onprem-vnet-rg.location
resource_group_name = azurerm_resource_group.onprem-vnet-rg.name
address_space = ["192.168.0.0/16"]
tags = {
environment = local.prefix-onprem
}
}
resource "azurerm_subnet" "onprem-gateway-subnet" {

name = "GatewaySubnet"
virtual_network_name = azurerm_virtual_network.onprem-vnet.name
}
resource "azurerm_subnet" "onprem-mgmt" {

name = "mgmt"
virtual_network_name = azurerm_virtual_network.onprem-vnet.name
}
resource "azurerm_public_ip" "onprem-pip" {

name = "${local.prefix-onprem}-pip"
allocation_method = "Dynamic"
tags = {
}
}
resource "azurerm_network_interface" "onprem-nic" {

name = "${local.prefix-onprem}-nic"
enable_ip_forwarding = true
ip_configuration {
name = local.prefix-onprem
subnet_id = azurerm_subnet.onprem-mgmt.id
public_ip_address_id = azurerm_public_ip.onprem-pip.id
}
}
# Create Network Security Group and rule

resource "azurerm_network_security_group" "onprem-nsg" {
name = "${local.prefix-onprem}-nsg"
security_rule {
name = "SSH"
priority = 1001
access = "Allow"
protocol = "Tcp"
}
tags = {
environment = "onprem"
}
}
}
resource "azurerm_subnet_network_security_group_association" "mgmt-nsg-association" {

subnet_id = azurerm_subnet.onprem-mgmt.id
network_security_group_id = azurerm_network_security_group.onprem-nsg.id
}
resource "azurerm_virtual_machine" "onprem-vm" {

name = "${local.prefix-onprem}-vm"
network_interface_ids = [azurerm_network_interface.onprem-nic.id]
vm_size = var.vmsize
storage_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "16.04-LTS"
version = "latest"
}
storage_os_disk {
name = "myosdisk1"
create_option = "FromImage"
managed_disk_type = "Standard_LRS"
}
os_profile {
computer_name = "${local.prefix-onprem}-vm"
admin_username = var.username
admin_password = var.password
}
os_profile_linux_config {
disable_password_authentication = false
}
tags = {
}
}
resource "azurerm_public_ip" "onprem-vpn-gateway1-pip" {

name = "${local.prefix-onprem}-vpn-gateway1-pip"
}
resource "azurerm_virtual_network_gateway" "onprem-vpn-gateway" {

name = "onprem-vpn-gateway1"
type = "Vpn"
vpn_type = "RouteBased"
active_active = false
enable_bgp = false
sku = "VpnGw1"
ip_configuration {
name = "vnetGatewayConfig"
public_ip_address_id = azurerm_public_ip.onprem-vpn-gateway1-pip.id
subnet_id = azurerm_subnet.onprem-gateway-subnet.id
}
}
depends_on = [azurerm_public_ip.onprem-vpn-gateway1-pip]

Next steps
Create a hub virtual network with Terraform in Azure
Create a hub virtual network in Azure by using
Terraform
The hub virtual network acts as the central point of connectivity to the on-premises network. The virtual
network hosts shared services consumed by workloads hosted in the spoke virtual networks. For demo
purposes, no shared services are implemented in this article.
Implement the hub virtual network in a hub-and-spoke topology.

Create a hub jumpbox virtual machine.
Create a hub virtual private network gateway.
Create hub and on-premises gateway connections.

options:
Create a hub-and-spoke hybrid network topology with Terraform in Azure.
Create an on-premises virtual network with Terraform in Azure.

The hub network consists of the following components:
A hub virtual network
A hub virtual network gateway
Hub gateway connections
2. In the example directory, create a file named hub-vnet.tf .
3. Insert the following code:
locals {
locals {
prefix-hub = "hub"
hub-location = "eastus"
hub-resource-group = "hub-vnet-rg"
shared-key = "4-v3ry-53cr37-1p53c-5h4r3d-k3y"
}
resource "azurerm_resource_group" "hub-vnet-rg" {

name = local.hub-resource-group
location = local.hub-location
}
resource "azurerm_virtual_network" "hub-vnet" {

name = "${local.prefix-hub}-vnet"
location = azurerm_resource_group.hub-vnet-rg.location
resource_group_name = azurerm_resource_group.hub-vnet-rg.name
address_space = ["10.0.0.0/16"]
tags = {
environment = "hub-spoke"
}
}
resource "azurerm_subnet" "hub-gateway-subnet" {

name = "GatewaySubnet"
virtual_network_name = azurerm_virtual_network.hub-vnet.name
}
resource "azurerm_subnet" "hub-mgmt" {

name = "mgmt"
}
resource "azurerm_subnet" "hub-dmz" {

name = "dmz"
}
resource "azurerm_network_interface" "hub-nic" {

name = "${local.prefix-hub}-nic"
ip_configuration {
name = local.prefix-hub
subnet_id = azurerm_subnet.hub-mgmt.id
}
tags = {
environment = local.prefix-hub
}
}
#Virtual Machine
resource "azurerm_virtual_machine" "hub-vm" {
name = "${local.prefix-hub}-vm"
network_interface_ids = [azurerm_network_interface.hub-nic.id]
sku = "16.04-LTS"
version = "latest"
}
storage_os_disk {
name = "myosdisk1"
}
os_profile {
computer_name = "${local.prefix-hub}-vm"
}
}
tags = {
environment = local.prefix-hub
}
}
# Virtual Network Gateway

resource "azurerm_public_ip" "hub-vpn-gateway1-pip" {
name = "hub-vpn-gateway1-pip"
}
resource "azurerm_virtual_network_gateway" "hub-vnet-gateway" {

name = "hub-vpn-gateway1"
type = "Vpn"
vpn_type = "RouteBased"
active_active = false
enable_bgp = false
sku = "VpnGw1"
ip_configuration {
name = "vnetGatewayConfig"
public_ip_address_id = azurerm_public_ip.hub-vpn-gateway1-pip.id
subnet_id = azurerm_subnet.hub-gateway-subnet.id
}
depends_on = [azurerm_public_ip.hub-vpn-gateway1-pip]
}
resource "azurerm_virtual_network_gateway_connection" "hub-onprem-conn" {

name = "hub-onprem-conn"
type = "Vnet2Vnet"
routing_weight = 1
virtual_network_gateway_id = azurerm_virtual_network_gateway.hub-vnet-gateway.id
peer_virtual_network_gateway_id = azurerm_virtual_network_gateway.onprem-vpn-gateway.id
shared_key = local.shared-key
}
resource "azurerm_virtual_network_gateway_connection" "onprem-hub-conn" {

name = "onprem-hub-conn"
type = "Vnet2Vnet"
routing_weight = 1
virtual_network_gateway_id = azurerm_virtual_network_gateway.onprem-vpn-gateway.id
peer_virtual_network_gateway_id = azurerm_virtual_network_gateway.hub-vnet-gateway.id
shared_key = local.shared-key
}

Next steps
Create a hub virtual network appliance with Terraform in Azure
Create a hub virtual network appliance in Azure
using Terraform
A VPN device is a device that provides external connectivity to an on-premises network. The VPN device may be
a hardware device or a software solution. One example of a software solution is Routing and Remote Access
Service (RRAS) in Windows Server 2012. For more information about VPN appliances, see About VPN devices
for Site-to-Site VPN Gateway connections.
Azure supports a broad variety of network virtual appliances from which to select. For this article, an Ubuntu
image is used. To learn more about the broad variety of device solutions supported in Azure, see the Network
Appliances home page.
Implement the Hub VNet in hub-spoke topology

Create Hub Network Virtual Machine which acts as appliance
Enable routes using CustomScript extensions
Create Hub and Spoke gateway route tables

options:
Create on-premises virtual network with Terraform in Azure.
Create a hub virtual network with Terraform in Azure.

2. Create a file named hub-nva.tf and insert the following code:
locals {
prefix-hub-nva = "hub-nva"
prefix-hub-nva = "hub-nva"
hub-nva-location = "eastus"
hub-nva-resource-group = "hub-nva-rg"
}
resource "azurerm_resource_group" "hub-nva-rg" {

name = "${local.prefix-hub-nva}-rg"
location = local.hub-nva-location
tags = {
environment = local.prefix-hub-nva
}
}
resource "azurerm_network_interface" "hub-nva-nic" {

name = "${local.prefix-hub-nva}-nic"
location = azurerm_resource_group.hub-nva-rg.location
resource_group_name = azurerm_resource_group.hub-nva-rg.name
ip_configuration {
name = local.prefix-hub-nva
subnet_id = azurerm_subnet.hub-dmz.id
private_ip_address_allocation = "Static"
private_ip_address = "10.0.0.36"
}
tags = {
}
}
resource "azurerm_virtual_machine" "hub-nva-vm" {

name = "${local.prefix-hub-nva}-vm"
network_interface_ids = [azurerm_network_interface.hub-nva-nic.id]
sku = "16.04-LTS"
version = "latest"
}
storage_os_disk {
name = "myosdisk1"
}
os_profile {
computer_name = "${local.prefix-hub-nva}-vm"
}
}
tags = {
}
}
resource "azurerm_virtual_machine_extension" "enable-routes" {

name = "enable-iptables-routes"
name = "enable-iptables-routes"
virtual_machine_id = azurerm_virtual_machine.hub-nva-vm.id
publisher = "Microsoft.Azure.Extensions"
type = "CustomScript"
{
"fileUris": [
"https://raw.githubusercontent.com/mspnp/reference-architectures/master/scripts/linux/enable-
ip-forwarding.sh"
],
"commandToExecute": "bash enable-ip-forwarding.sh"
}
SETTINGS
tags = {
}
}
resource "azurerm_route_table" "hub-gateway-rt" {

name = "hub-gateway-rt"
disable_bgp_route_propagation = false
route {
name = "toHub"
address_prefix = "10.0.0.0/16"
next_hop_type = "VnetLocal"
}
route {
name = "toSpoke1"
next_hop_type = "VirtualAppliance"
next_hop_in_ip_address = "10.0.0.36"
}
route {
name = "toSpoke2"
}
tags = {
}
}
resource "azurerm_subnet_route_table_association" "hub-gateway-rt-hub-vnet-gateway-subnet" {

subnet_id = azurerm_subnet.hub-gateway-subnet.id
route_table_id = azurerm_route_table.hub-gateway-rt.id
depends_on = [azurerm_subnet.hub-gateway-subnet]
}
resource "azurerm_route_table" "spoke1-rt" {

name = "spoke1-rt"
route {
name = "toSpoke2"
}
route {
name = "default"
next_hop_type = "vnetlocal"
}
tags = {
}
}
resource "azurerm_subnet_route_table_association" "spoke1-rt-spoke1-vnet-mgmt" {

subnet_id = azurerm_subnet.spoke1-mgmt.id
route_table_id = azurerm_route_table.spoke1-rt.id
depends_on = [azurerm_subnet.spoke1-mgmt]
}
resource "azurerm_subnet_route_table_association" "spoke1-rt-spoke1-vnet-workload" {

subnet_id = azurerm_subnet.spoke1-workload.id
depends_on = [azurerm_subnet.spoke1-workload]
}
resource "azurerm_route_table" "spoke2-rt" {

name = "spoke2-rt"
route {
name = "toSpoke1"
}
route {
name = "default"
next_hop_type = "vnetlocal"
}
tags = {
}
}
resource "azurerm_subnet_route_table_association" "spoke2-rt-spoke2-vnet-mgmt" {

depends_on = [azurerm_subnet.spoke2-mgmt]
}
resource "azurerm_subnet_route_table_association" "spoke2-rt-spoke2-vnet-workload" {

subnet_id = azurerm_subnet.spoke2-workload.id
depends_on = [azurerm_subnet.spoke2-workload]
}

Next steps
Create a spoke virtual networks with Terraform in Azure
Create a spoke network in Azure using Terraform
In this article, you implement two separate spoke networks to demonstrate separation of workloads. The
networks share common resources using hub virtual network. Spokes can be used to isolate workloads in their
own VNets, managed separately from other spokes. Each workload might include multiple tiers, with multiple
subnets connected through Azure load balancers.
Implement the Spoke VNets in hub-spoke topology

Create Virtual machines in the spoke networks
Establish virtual network peerings with the hub networks

options:
Create on-premises virtual network with Terraform in Azure.
Create a hub virtual network with Terraform in Azure.
Create a hub virtual network appliance with Terraform in Azure.

Two spoke scripts are created in this section. Each script defines a spoke virtual network and a virtual machine
for the workload. A peered virtual network from hub to spoke is then created.
2. Create a file named spoke1.tf and insert the following code:
locals {
spoke1-location = "eastus"
spoke1-resource-group = "spoke1-vnet-rg"
prefix-spoke1 = "spoke1"
}
}
resource "azurerm_resource_group" "spoke1-vnet-rg" {

name = local.spoke1-resource-group
location = local.spoke1-location
}
resource "azurerm_virtual_network" "spoke1-vnet" {

name = "spoke1-vnet"
location = azurerm_resource_group.spoke1-vnet-rg.location
resource_group_name = azurerm_resource_group.spoke1-vnet-rg.name
address_space = ["10.1.0.0/16"]
tags = {
environment = local.prefix-spoke1
}
}
resource "azurerm_subnet" "spoke1-mgmt" {

name = "mgmt"
virtual_network_name = azurerm_virtual_network.spoke1-vnet.name
}
resource "azurerm_subnet" "spoke1-workload" {

name = "workload"
}
resource "azurerm_virtual_network_peering" "spoke1-hub-peer" {

name = "spoke1-hub-peer"
remote_virtual_network_id = azurerm_virtual_network.hub-vnet.id
allow_virtual_network_access = true
allow_forwarded_traffic = true
allow_gateway_transit = false
use_remote_gateways = true
depends_on = [azurerm_virtual_network.spoke1-vnet, azurerm_virtual_network.hub-vnet ,
azurerm_virtual_network_gateway.hub-vnet-gateway]
}
resource "azurerm_network_interface" "spoke1-nic" {

name = "${local.prefix-spoke1}-nic"
ip_configuration {
name = local.prefix-spoke1
}
}
resource "azurerm_virtual_machine" "spoke1-vm" {

name = "${local.prefix-spoke1}-vm"
network_interface_ids = [azurerm_network_interface.spoke1-nic.id]
sku = "16.04-LTS"
sku = "16.04-LTS"
version = "latest"
}
storage_os_disk {
name = "myosdisk1"
}
os_profile {
computer_name = "${local.prefix-spoke1}-vm"
}
}
tags = {
}
}
resource "azurerm_virtual_network_peering" "hub-spoke1-peer" {

name = "hub-spoke1-peer"
remote_virtual_network_id = azurerm_virtual_network.spoke1-vnet.id
allow_gateway_transit = true
use_remote_gateways = false
depends_on = [azurerm_virtual_network.spoke1-vnet, azurerm_virtual_network.hub-vnet,
}
3. Create a file named spoke2.tf and insert the following code:
locals {
spoke2-location = "eastus"
spoke2-resource-group = "spoke2-vnet-rg"
prefix-spoke2 = "spoke2"
}
resource "azurerm_resource_group" "spoke2-vnet-rg" {

name = local.spoke2-resource-group
location = local.spoke2-location
}
resource "azurerm_virtual_network" "spoke2-vnet" {

name = "${local.prefix-spoke2}-vnet"
address_space = ["10.2.0.0/16"]
tags = {
}
}
resource "azurerm_subnet" "spoke2-mgmt" {

name = "mgmt"
}
resource "azurerm_subnet" "spoke2-workload" {

name = "workload"
}
resource "azurerm_virtual_network_peering" "spoke2-hub-peer" {

name = "${local.prefix-spoke2}-hub-peer"
remote_virtual_network_id = azurerm_virtual_network.hub-vnet.id
allow_gateway_transit = false
use_remote_gateways = true
}
resource "azurerm_network_interface" "spoke2-nic" {

name = "${local.prefix-spoke2}-nic"
ip_configuration {
name = local.prefix-spoke2
}
tags = {
}
}
resource "azurerm_virtual_machine" "spoke2-vm" {

name = "${local.prefix-spoke2}-vm"
network_interface_ids = [azurerm_network_interface.spoke2-nic.id]
sku = "16.04-LTS"
version = "latest"
}
storage_os_disk {
name = "myosdisk1"
}
os_profile {
computer_name = "${local.prefix-spoke2}-vm"
}
}
tags = {
}
}
resource "azurerm_virtual_network_peering" "hub-spoke2-peer" {

name = "hub-spoke2-peer"
remote_virtual_network_id = azurerm_virtual_network.spoke2-vnet.id
allow_gateway_transit = true
use_remote_gateways = false
}

Next steps
Validate a hub and spoke network with Terraform in Azure
Validate a hub and spoke network in Azure using
Terraform
In this article, you execute the terraform files created in the previous article in this series. The result is a
validation of the connectivity between the demo virtual networks.
Implement the Hub VNet in hub-spoke topology

Verify the resources to be deployed
Create the resources in Azure
Verify the connectivity between different networks

options:
Create a hub and spoke hybrid network topology with Terraform in Azure
Create on-premises virtual network with Terraform in Azure
Create a hub virtual network with Terraform in Azure
Create a hub virtual network appliance with Terraform in Azure
Create a spoke virtual networks with Terraform in Azure
2. Verify your configuration

In the example directory, verify that all the files created in this article series are present:
F IL E N A M E A RT IC L E IN W H IC H F IL E IS C REAT ED
main.tf Create a hub and spoke hybrid network topology with

Terraform in Azure
F IL E N A M E A RT IC L E IN W H IC H F IL E IS C REAT ED
variables.tf Create a hub and spoke hybrid network topology with

Terraform in Azure
on-prem.tf Create on-premises virtual network with Terraform in Azure
hub-vnet.tf Create a hub virtual network with Terraform in Azure
hub-nva.tf Create a hub virtual network appliance with Terraform in

Azure
spoke1.tf Create a spoke virtual networks with Terraform in Azure
spoke2.tf Create a spoke virtual networks with Terraform in Azure
terraform init

Key points:
resources.

Key points:
terraform apply .
This section shows how to test connectivity from the simulated on-premises environment to the hub VNet.
2. In the Azure portal, browse to the onprem-vnet-rg resource group.
3. In the onprem-vnet-rg tab, select the VM named onprem-vm .
4. Note the Public IP Address value.
5. Return to the command line and run ssh to connect to the simulated on-premises environment.
ssh azureuser@<onprem_vm_ip_address>
Key points:
If you changed the user name from azureuser in the variables.tf file, make sure to insert that value
in the ssh command.
Use the password you specified when you ran terraform plan .
6. Once connected to the onprem-vm virtual machine, run the ping command to test connectivity to the
jumpbox VM in the hub VNet:
ping 10.0.0.68
7. Run the ping command to test connectivity to the jumpbox VMs in each spoke:
ping 10.1.0.68
ping 10.2.0.68
8. To exit the ssh session on the onprem-vm virtual machine, enter exit and press <Enter>.
Key points:

Next steps
Create a Terraform base template in Azure using
Yeoman
In this article, you learn how to use the combination of Terraform and Yeoman. Terraform is a tool for creating
infrastructure on Azure. Yeoman makes it easy to create Terraform modules.
In this article, you learn how to do the following tasks:
Create a base Terraform template using the Yeoman module generator.

Test the Terraform template using two different methods.
Run the Terraform module using a Docker file.
Run the Terraform module natively in Azure Cloud Shell.

options:
Visual Studio Code : Download Visual Studio Code for your platform.
Docker : Install Docker to run the module created by the Yeoman generator.
Go programming language : Install Go as Yeoman-generated test cases are code using the Go
language.
Nodejs: Install Node.js
Install Yeoman: Run the following command: npm install -g yo .
Yeoman template: Run the following command to install the Yeoman template for Terraform module:
npm install -g generator-az-terra-module .
2. Create directory for Yeoman-generated module

The Yeoman template generates files in the current directory. For this reason, you need to create a directory.
This empty directory is required to be put under $GOPATH/src. For more information about this path, see the
article Setting GOPATH.
1. Navigate to the parent directory from which to create a new directory.
2. Run the following command replacing the placeholder. For this example, a directory name of
GeneratorDocSample is used.
mkdir <new-directory-name>
3. Navigate to the new directory:
cd <new-directory-name>
3. Create base module template

1. Run the following command:
yo az-terra-module
2. Follow the on-screen instructions to provide the following information:

Terraform module project Name - A value of doc-sample-module is used for the example.
Would you like to include the Docker image file? - Enter y . If you enter n , the generated
module code will support running only in native mode.
3. List the directory contents to view the resulting files that are created:
ls
4. Review the generated module code
1. Launch Visual Studio Code
2. From the menu bar, select File > Open Folder and select the folder you created.
The following files were created by the Yeoman module generator:

main.tf - Defines a module called random-shuffle . The input is a string_list . The output is the count of
the permutations.
variables.tf - Defines the input and output variables used by the module.
outputs.tf - Defines what the module outputs. Here, it's the value returned by random_shuffle , which is a
built-in, Terraform module.
Rakefile - Defines the build steps. These steps include:
build - Validates the formatting of the main.tf file.
unit - The generated module skeleton doesn't include code for a unit test. If you want to specify a
unit test scenario, you would you add that code here.
e2e - Runs an end-to-end test of the module.
test
Test cases are written in Go.
All codes in test are end-to-end tests.
End-to-end tests attempt to provision all of the items defined under fixture . The results in the
template_output.go file are compared with the pre-defined expected values.
Gopkg.lock and Gopkg.toml : Defines the dependencies.
For more information about the Yeoman generator for Azure https://github.com/Azure/generator-az-terra-
module, see the Terratest documentation.
5. Test the Terraform module using a Docker file

This section shows how to test a Terraform module using a Docker file.
NOTE
This example runs the module locally; not on Azure.
Confirm Docker is installed and running

From a command prompt, enter docker version .
The resulting output confirms that Docker is installed.

To confirm that Docker is actually running, enter docker info .
Set up a Docker container
1. From a command prompt, enter
docker build --build-arg BUILD_ARM_SUBSCRIPTION_ID= --build-arg BUILD_ARM_CLIENT_ID= --build-arg
BUILD_ARM_CLIENT_SECRET= --build-arg BUILD_ARM_TENANT_ID= -t terra-mod-example .
.
The message Successfully built will be displayed.
2. From the command prompt, enter docker image ls to see your created module terra-mod-example
listed.
3. Enter docker run -it terra-mod-example /bin/sh . After running the docker run command, you're in the
Docker environment. At that point, you can discover the file by using the ls command.
Build the module

bundle install
rake build
Run the end-to -end test
rake e2e
2. After a few moments, the PASS message will appear.
3. Enter exit to complete the test and exit the Docker environment.
6. Use Yeoman generator to create and test a module

In this section, the Yeoman generator is used to create and test a module in Cloud Shell. Using Cloud Shell
instead of using a Docker file greatly simplifies the process. Using Cloud Shell, the following products are all
pre-installed:
Node.js
Yeoman
Terraform
Start a Cloud Shell session
1. Start an Azure Cloud Shell session via either the Azure portal, shell.azure.com, or the Azure mobile app.
2. The Welcome to Azure Cloud Shell page opens. Select Bash (Linux) .
3. If you have not already set up an Azure storage account, the following screen appears. Select Create
storage .
4. Azure Cloud Shell launches in the shell you previously selected and displays information for the cloud
drive it just created for you.
Prepare a directory to hold your Terraform module

1. At this point, Cloud Shell will have already configured GOPATH in your environment variables for you. To
see the path, enter go env .
2. Create the $GOPATH directory, if one doesn't already exist: Enter mkdir ~/go .
3. Create a directory within the $GOPATH directory. This directory is used to hold the different project
directories created in this example.
mkdir ~/go/src
4. Create a directory to hold your Terraform module replacing the placeholder. For this example, a directory
name of my-module-name is used.
mkdir ~/go/src/<your-module-name>
5. Navigate to your module directory:
cd ~/go/src/<your-module-name>
Create and test your Terraform module

1. Run the following command and follow the instructions. When asked if you want to create the Docker
files, you enter N .
yo az-terra-module
2. Run the following command to install the dependencies:
bundle install
3. Run the following command to build the module:
rake build
4. Run the following command to run the test:
rake e2e

Next steps
Install and use the Azure Terraform Visual Studio Code extension.
Configure Azure Virtual Desktop with Terraform
Terraform v1.1.7
This article provides an overview of how to use Terraform to deploy an ARM Azure Virtual Desktop
environment, not AVD Classic.
There are several pre-requisites requirements for Azure Virtual Desktop
New to Azure Virtual Desktop? Start with What is Azure Virtual Desktop?
It is assumed that an appropriate platform foundation is already setup which may or may not be the Enterprise
Scale Landing Zone platform foundation.
Use Terraform to create an Azure Virtual Desktop workspace

Use Terraform to create an Azure Virtual Desktop host pool
Use Terraform to create an Azure Desktop Application Group
Associate a Workspace and a Desktop Application Group

options:

terraform {
azurerm = {
version = "~>2.0"
}
azuread = {
source = "hashicorp/azuread"
}
}
}
features {}
}

# Resource group name is output when execution plan is applied.
resource "azurerm_resource_group" "sh" {
name = var.rg_name
}
# Create AVD workspace

resource "azurerm_virtual_desktop_workspace" "workspace" {
name = var.workspace
resource_group_name = azurerm_resource_group.sh.name
location = azurerm_resource_group.sh.location
friendly_name = "${var.prefix} Workspace"
description = "${var.prefix} Workspace"
}
# Create AVD host pool

resource "azurerm_virtual_desktop_host_pool" "hostpool" {
name = var.hostpool
friendly_name = var.hostpool
validate_environment = true
custom_rdp_properties = "audiocapturemode:i:1;audiomode:i:0;"
description = "${var.prefix} Terraform HostPool"
type = "Pooled"
maximum_sessions_allowed = 16
load_balancer_type = "DepthFirst" #[BreadthFirst DepthFirst]
}
resource "azurerm_virtual_desktop_host_pool_registration_info" "registrationinfo" {

hostpool_id = azurerm_virtual_desktop_host_pool.hostpool.id
expiration_date = var.rfc3339
}
# Create AVD DAG

resource "azurerm_virtual_desktop_application_group" "dag" {
host_pool_id = azurerm_virtual_desktop_host_pool.hostpool.id
type = "Desktop"
name = "${var.prefix}-dag"
friendly_name = "Desktop AppGroup"
description = "AVD application group"
depends_on = [azurerm_virtual_desktop_host_pool.hostpool,
azurerm_virtual_desktop_workspace.workspace]
}
# Associate Workspace and DAG

resource "azurerm_virtual_desktop_workspace_application_group_association" "ws-dag" {
application_group_id = azurerm_virtual_desktop_application_group.dag.id
workspace_id = azurerm_virtual_desktop_workspace.workspace.id
}

default = "eastus"
}
variable "rg_name" {
type = string
default = "rg-avd-resources"
description = "Name of the Resource group in which to deploy service objects"
}
variable "workspace" {
type = string
description = "Name of the Azure Virtual Desktop workspace"
default = "AVD TF Workspace"
}
variable "hostpool" {
type = string
description = "Name of the Azure Virtual Desktop host pool"
default = "AVD-TF-HP"
}
variable "rfc3339" {
type = string
default = "2022-03-30T12:43:13Z"
description = "Registration token expiration"
}
variable "prefix" {
type = string
default = "avdtf"
description = "Prefix of the name of the AVD machine(s)"
}
1. Create a file named output.tf and insert the following code:

output "azure_virtual_desktop_compute_resource_group" {
description = "Name of the Resource group in which to deploy session host"
value = azurerm_resource_group.sh.name
}
output "azure_virtual_desktop_host_pool" {
description = "Name of the Azure Virtual Desktop host pool"
value = azurerm_virtual_desktop_host_pool.hostpool.name
}
output "azurerm_virtual_desktop_application_group" {
description = "Name of the Azure Virtual Desktop DAG"
value = azurerm_virtual_desktop_application_group.dag.name
}
output "azurerm_virtual_desktop_workspace" {
description = "Name of the Azure Virtual Desktop workspace"
value = azurerm_virtual_desktop_workspace.workspace.name
}
output "location" {
description = "The Azure region"
value = azurerm_resource_group.rg.location
}
output "AVD_user_groupname" {
description = "Azure Active Directory Group for AVD users"
value = azuread_group.aad_group.display_name
}
terraform init

Key points:
resources.

Key points:
terraform apply .

1. On the Azure portal, Select Azure Vir tual Desktop .
2. Select Host pools and then the Name of the pool created resource.
3. Select Session hosts and then verify the session host is listed.
Key points:

Next steps
Configure Azure Virtual Desktop session hosts using
Terraform
This article shows you how to build Session Hosts and deploy them to an AVD Host Pool with Terraform. This
article assumes you've already deployed the Azure Virtual Desktop Infrastructure.
Terraform v1.1.7
Use Terraform to create NIC for each session host

Use Terraform to create VM for session host
Join VM to domain
Register VM with Azure Virtual Desktop
Use variables file

options:

terraform {
azurerm = {
version = "~>2.0"
}
azuread = {
}
}
}
features {}
}
Key points:
Use count to indicate how many resources will be created
References resources that were created when the infrastructure was built - such as
azurerm_subnet.subnet.id and azurerm_virtual_desktop_host_pool.hostpool.name . If you changed the
name of these resources from that section, you also need to update the references here.
locals {
registration_token = azurerm_virtual_desktop_host_pool_registration_info.registrationinfo.token
}
resource "random_string" "AVD_local_password" {

count = var.rdsh_count
length = 16
special = true
min_special = 2
override_special = "*!@#?"
}

name = var.rg
}
resource "azurerm_network_interface" "avd_vm_nic" {

name = "${var.prefix}-${count.index + 1}-nic"
ip_configuration {
name = "nic${count.index + 1}_config"
private_ip_address_allocation = "dynamic"
}
depends_on = [
azurerm_resource_group.rg
]
}
resource "azurerm_windows_virtual_machine" "avd_vm" {

name = "${var.prefix}-${count.index + 1}"
size = var.vm_size
network_interface_ids = ["${azurerm_network_interface.avd_vm_nic.*.id[count.index]}"]
network_interface_ids = ["${azurerm_network_interface.avd_vm_nic.*.id[count.index]}"]
provision_vm_agent = true
admin_username = var.local_admin_username
admin_password = var.local_admin_password
os_disk {
name = "${lower(var.prefix)}-${count.index + 1}"
}
source_image_reference {
publisher = "MicrosoftWindowsDesktop"
offer = "Windows-10"
sku = "20h2-evd"
version = "latest"
}
depends_on = [
azurerm_resource_group.rg,
azurerm_network_interface.avd_vm_nic
]
}
resource "azurerm_virtual_machine_extension" "domain_join" {

name = "${var.prefix}-${count.index + 1}-domainJoin"
virtual_machine_id = azurerm_windows_virtual_machine.avd_vm.*.id[count.index]
publisher = "Microsoft.Compute"
type = "JsonADDomainExtension"
auto_upgrade_minor_version = true
{
"Name": "${var.domain_name}",
"OUPath": "${var.ou_path}",
"User": "${var.domain_user_upn}@${var.domain_name}",
"Restart": "true",
"Options": "3"
}
SETTINGS
protected_settings = <<PROTECTED_SETTINGS
{
"Password": "${var.domain_password}"
}
PROTECTED_SETTINGS
lifecycle {
ignore_changes = [settings, protected_settings]
}
depends_on = [
azurerm_virtual_network_peering.peer1,
azurerm_virtual_network_peering.peer2
]
}
resource "azurerm_virtual_machine_extension" "vmext_dsc" {

name = "${var.prefix}${count.index + 1}-avd_dsc"
virtual_machine_id = azurerm_windows_virtual_machine.avd_vm.*.id[count.index]
publisher = "Microsoft.Powershell"
type = "DSC"
auto_upgrade_minor_version = true
settings = <<-SETTINGS
{
"modulesUrl":
"https://wvdportalstorageblob.blob.core.windows.net/galleryartifacts/Configuration_09-08-2022.zip",
"configurationFunction": "Configuration.ps1\\AddSessionHost",
"properties": {
"HostPoolName":"${azurerm_virtual_desktop_host_pool.hostpool.name}"
}
}
SETTINGS
protected_settings = <<PROTECTED_SETTINGS
{
"properties": {
"registrationInfoToken": "${local.registration_token}"
}
}
PROTECTED_SETTINGS
depends_on = [
azurerm_virtual_machine_extension.domain_join,
azurerm_virtual_desktop_host_pool.hostpool
]
}

default = "eastus"
}
variable "rg" {
type = string
default = "rg-avd-compute"
description = "Name of the Resource group in which to deploy session host"
}
variable "rdsh_count" {
description = "Number of AVD machines to deploy"
default = 2
}
variable "prefix" {
type = string
default = "avdtf"
}
variable "domain_name" {
type = string
default = "infra.local"
description = "Name of the domain to join"
}
variable "domain_user_upn" {
type = string
default = "domainjoineruser" # do not include domain name as this is appended
description = "Username for domain join (do not include domain name as this is appended)"
}
variable "domain_password" {
type = string
default = "ChangeMe123!"
description = "Password of the user to authenticate with the domain"
sensitive = true
}
variable "vm_size" {
description = "Size of the machine to deploy"
default = "Standard_DS2_v2"
}
variable "ou_path" {
default = ""
}
variable "local_admin_username" {
type = string
default = "localadm"
description = "local admin username"
}
variable "local_admin_password" {
type = string
default = "ChangeMe123!"
description = "local admin password"
sensitive = true
}

output "location" {
}
output "session_host_count" {
description = "The number of VMs created"
value = var.rdsh_count
}
output "dnsservers" {
description = "Custom DNS configuration"
value = azurerm_virtual_network.vnet.dns_servers
}
output "vnetrange" {
description = "Address range for deployment vnet"
value = azurerm_virtual_network.vnet.address_space
}
1. Create a file named terraform.tfvars and insert the following code:
# Customized the sample values below for your environment and either rename to terraform.tfvars or
env.auto.tfvars
deploy_location = "west europe"

rg_name = "avd-resources-rg"
prefix = "avdtf"
local_admin_username = "localadm"
local_admin_password = "ChangeMe123$"
vnet_range = ["10.1.0.0/16"]
subnet_range = ["10.1.0.0/24"]
dns_servers = ["10.0.1.4", "168.63.129.16"]
aad_group_name = "AVDUsers"
domain_name = "infra.local"
domain_user_upn = "admin" # do not include domain name as this is appended
domain_password = "ChangeMe123!"
ad_vnet = "infra-network"
ad_rg = "infra-rg"
avd_users = [
"avduser01@infra.local",
"avduser01@infra.local"
]
terraform init

Key points:
resources.

Key points:
terraform apply .

Key points:

Next steps
Configure Azure Virtual Desktop role-based access
control using Terraform
Terraform v1.1.4
This article will walk through adding our users and Azure AD group and then assign the group to the "Desktop
Virtualization User" role, scoped to our host pool.
Use Terraform to read Azure Active Directory existing users

Use Terraform to create Azure Active Directory group
Role assignment for Azure Virtual Desktop

options:

terraform {
azurerm = {
version = "~>2.0"
}
azuread = {
}
}
}
features {}
}
data "azuread_user" "aad_user" {

for_each = toset(var.avd_users)
user_principal_name = format("%s", each.key)
}
data "azurerm_role_definition" "role" { # access an existing built-in role

name = "Desktop Virtualization User"
}
resource "azuread_group" "aad_group" {

display_name = var.aad_group_name
security_enabled = true
}
resource "azuread_group_member" "aad_group_member" {

for_each = data.azuread_user.aad_user
group_object_id = azuread_group.aad_group.id
member_object_id = each.value["id"]
}
resource "azurerm_role_assignment" "role" {

scope = azurerm_virtual_desktop_application_group.dag.id
role_definition_id = data.azurerm_role_definition.role.id
principal_id = azuread_group.aad_group.id
}
variable "avd_users" {
description = "AVD users"
default = [
"avduser01@contoso.net",
"avduser02@contoso.net"
]
}
variable "aad_group_name" {
type = string
default = "AVDUsers"
}

}
terraform init

Key points:
resources.

Key points:
terraform apply .
You are now ready to build and deploy your infrastructure with role based access control.

Key points:

Next steps
Learn more about Configuring Azure Virtual Desktop session hosts using Terraform in Azure
Configure Azure Virtual Desktop Network Settings
with Terraform
Terraform v1.1.7
This article provides an overview of how to use Terraform to configure the network settings for Azure Virtual
Desktop.
Use Terraform to create a virtual network

Use Terraform to create a subnet
Use Terraform to create an NSG
Peering the Azure Virtual Desktop vnet with hub vnet

options:

terraform {
azurerm = {
version = "~>2.0"
}
azuread = {
}
}
}
features {}
}

resource "azurerm_virtual_network" "vnet" {
name = "${var.prefix}-VNet"
address_space = var.vnet_range
dns_servers = var.dns_servers
location = var.deploy_location
resource_group_name = var.rg_name
depends_on = [azurerm_resource_group.rg]
}
resource "azurerm_subnet" "subnet" {

name = "default"
address_prefixes = var.subnet_range
}
resource "azurerm_network_security_group" "nsg" {

name = "${var.prefix}-NSG"
security_rule {
name = "HTTPS"
priority = 1001
access = "Allow"
protocol = "Tcp"
}
}
resource "azurerm_subnet_network_security_group_association" "nsg_assoc" {

network_security_group_id = azurerm_network_security_group.nsg.id
}
data "azurerm_virtual_network" "ad_vnet_data" {

name = var.ad_vnet
resource_group_name = var.ad_rg
}
resource "azurerm_virtual_network_peering" "peer1" {

name = "peer_avdspoke_ad"
remote_virtual_network_id = data.azurerm_virtual_network.ad_vnet_data.id
}
resource "azurerm_virtual_network_peering" "peer2" {
name = "peer_ad_avdspoke"
resource_group_name = var.ad_rg
virtual_network_name = var.ad_vnet
remote_virtual_network_id = azurerm_virtual_network.vnet.id
}

default = "eastus"
}
variable "rg_name" {
type = string
default = "rg-avd-resources"
description = "Name of the Resource group in which to deploy service objects"
}
variable "rg_shared_name" {
type = string
default = "rg-shared-resources"
description = "Name of the Resource group in which to deploy shared resources"
}
variable "deploy_location" {
type = string
default = "eastus"
description = "The Azure Region in which all resources in this example should be created."
}
variable "ad_vnet" {
type = string
default = "infra-network"
description = "Name of domain controller vnet"
}
variable "dns_servers" {
type = list(string)
default = ["10.0.1.4", "168.63.129.16"]
}
variable "vnet_range" {
type = list(string)
default = ["10.2.0.0/16"]
description = "Address range for deployment VNet"
}
variable "subnet_range" {
type = list(string)
default = ["10.2.0.0/24"]
description = "Address range for session host subnet"
}
variable "prefix" {
type = string
default = "avdtf"
}

output "location" {
}
output "dnsservers" {
value = azurerm_virtual_network.vnet.dns_servers
}
output "vnetrange" {
description = "Address range for deployment vnet"
value = azurerm_virtual_network.vnet.address_space
}
terraform init

Key points:
resources.

Key points:
terraform apply .

Key points:

Next steps
Configure Azure Files using Terraform
Terraform v1.1.7
Azure offers multiple storage solutions that you can use to store your FSLogix profiles container. This article
covers configuring Azure Files storage solutions for Azure Virtual Desktop FSLogix user profile containers using
Terraform
Use Terraform to Azure File Storage account

Use Terraform to configure File Share
Use Terraform to configure RBAC permission on Azure File Storage

options:

terraform {
azurerm = {
version = "~>2.0"
}
azuread = {
}
}
}
features {}
}
## Create a Resource Group for Storage

resource "azurerm_resource_group" "rg_storage" {
name = var.rg_stor
}
# generate a random string (consisting of four characters)

# https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string
resource "random_string" "random" {
length = 4
upper = false
special = false
}
## Azure Storage Accounts requires a globally unique names

## https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview
## Create a File Storage Account
resource "azurerm_storage_account" "storage" {
name = "stor${random_string.random.id}"
resource_group_name = azurerm_resource_group.rg_storage.name
location = azurerm_resource_group.rg_storage.location
account_tier = "Premium"
account_replication_type = "LRS"
account_kind = "FileStorage"
}
resource "azurerm_storage_share" "FSShare" {

name = "fslogix"
storage_account_name = azurerm_storage_account.storage.name
depends_on = [azurerm_storage_account.storage]
}
## Azure built-in roles

## https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
data "azurerm_role_definition" "storage_role" {
name = "Storage File Data SMB Share Contributor"
}
resource "azurerm_role_assignment" "af_role" {

scope = azurerm_storage_account.storage.id
role_definition_id = data.azurerm_role_definition.storage_role.id
principal_id = azuread_group.aad_group.id
}

type = string
default = "eastus"
}
variable "rg_stor" {
type = string
default = "rg-avd-storage"
description = "Name of the Resource group in which to deploy storage"
}
variable "avd_users" {
description = "AVD users"
default = [
"avduser01@contoso.net",
"avduser02@contoso.net"
]
}
variable "aad_group_name" {
type = string
default = "AVDUsers"
}
output "location" {
value = azurerm_resource_group.rg_storage.location
}
output "storage_account" {
description = "Storage account for Profiles"
value = azurerm_storage_account.storage.name
}
output "storage_account_share" {
description = "Name of the Azure File Share created for FSLogix"
value = azurerm_storage_share.FSShare.name
}
}
terraform init

Key points:
resources.

Key points:
terraform apply .
Key points:

Next steps
Configure Azure Compute Gallery with Terraform
This article shows you how to configure Azure Compute Gallery.
Use Terraform to configure Azure Compute Gallery (formerly Shared Image Gallery)

options:

terraform {
azurerm = {
version = "~>2.0"
}
azuread = {
}
}
}
features {}
}

resource "azurerm_resource_group" "sigrg" {
name = var.rg_shared_name
}
# generate a random string (consisting of four characters)

# https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string
resource "random_string" "rando" {
length = 4
upper = false
special = false
}
# Creates Shared Image Gallery

#
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/shared_image_gallery
resource "azurerm_shared_image_gallery" "sig" {
name = "sig${random_string.random.id}"
resource_group_name = azurerm_resource_group.sigrg.name
location = azurerm_resource_group.sigrg.location
description = "Shared images"
tags = {
Environment = "Demo"
Tech = "Terraform"
}
}
#Creates image definition

# https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/shared_image
resource "azurerm_shared_image" "example" {
name = "avd-image"
gallery_name = azurerm_shared_image_gallery.sig.name
resource_group_name = azurerm_resource_group.sigrg.name
location = azurerm_resource_group.sigrg.location
os_type = "Windows"
identifier {
publisher = "MicrosoftWindowsDesktop"
offer = "office-365"
sku = "20h2-evd-o365pp"
}
}
type = string
default = "eastus"
}
type = string
}

output "location" {
value = azurerm_resource_group.sigrg.location
}
output "Compute_Gallery" {
description = "Azure Compute Gallery"
value = azurerm_shared_image_gallery.sig.name
}

Key points:
resources.

Key points:
terraform apply .
Key points:

Next steps
Create an Azure Log Analytics Workspace using
Terraform
Terraform v1.1.7
Azure offers multiple storage solutions that you can use to store your FSLogix profiles container. This article
covers configuring Azure Files storage solutions for Azure Virtual Desktop FSLogix user profile containers using
Terraform. This article shows you how to create a Log Analytics workspace using Terraform.
Use Terraform to configure Azure Log Analytics Workspace

options:

terraform {
azurerm = {
version = "~>2.0"
}
azuread = {
}
}
}
features {}
}
resource "azurerm_resource_group" "log" {

name = var.rg_shared_name
}
# Creates Log Anaylytics Workspace

#
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_workspa
ce
resource "azurerm_log_analytics_workspace" "law" {
name = "log${random_string.random.id}"
location = azurerm_resource_group.log.location
resource_group_name = azurerm_resource_group.log.name
sku = "PerGB2018"
retention_in_days = 30
}
type = string
default = "eastus"
}
type = string
}
output "location" {
value = azurerm_resource_group.log.location
}
output "log_analytics" {
description = "Log Analytics Workspace"
value = azurerm_log_analytics_workspace.law.name
}
terraform init

Key points:
resources.

Key points:
terraform apply .
Key points:

Next steps
Configure an Azure VM cluster using Terraform
This article shows example Terraform code for creating a VM cluster on Azure.
Configure an Azure VM cluster

options:
2. Implement the code

module "windowsservers" {
source = "Azure/compute/azurerm"
is_windows_image = true
vm_hostname = "mywinvm" // Line can be removed if only one VM
module per resource group
admin_password = "ComplxP@ssw0rd!" // See note following code about storing
passwords in config files
vm_os_simple = "WindowsServer"
public_ip_dns = ["winsimplevmips"] // Change to a unique name per data center
region
vnet_subnet_id = module.network.vnet_subnets[0]
}
module "network" {
source = "Azure/network/azurerm"
subnet_prefixes = ["10.0.1.0/24"]
subnet_names = ["subnet1"]
}
output "windows_vm_public_name" {
value = module.windowsservers.public_ip_dns_name
}
output "vm_public_ip" {
value = module.windowsservers.public_ip_address
}
output "vm_private_ips" {
value = module.windowsservers.network_interface_private_ip
}
Key points:
In the preceding code example, the variable admin_password is assigned a literal value for the sake of
simplicity. There are many ways in which to store sensitive data such as passwords. The decision as to
how you want to protect your data comes down to individual choices involving your particular
environment and comfort level exposing this data. As an example of the risk, storing a file like this in
source control could potentially result in the password being seen by others. For more information on
this subject, HashiCorp has documented various ways to declare input variables and techniques for
managing sensitive data (such as passwords).
terraform init

Key points:
resources.

Key points:
terraform apply .

Next steps
Create an Azure VM cluster with Terraform and
HCL
In this article, you see how to create a small compute cluster using HCL.
Set up Azure authentication.

Create a Terraform configuration file.
Use a Terraform configuration file to create a load balancer.
Use a Terraform configuration file to deploy two Linux VMs in an availability set.
Initialize Terraform.
Create a Terraform execution plan.
Apply the Terraform execution plan to create the Azure resources.

options:
2. Implement the code

terraform {
azurerm = {
version = "~>2.0"
}
}
}
features {}
}
resource "azurerm_resource_group" "test" {

name = "acctestrg"
location = "West US 2"
}
resource "azurerm_virtual_network" "test" {

name = "acctvn"
address_space = ["10.0.0.0/16"]
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
}
resource "azurerm_subnet" "test" {

name = "acctsub"
}
resource "azurerm_public_ip" "test" {

name = "publicIPForLB"
}
resource "azurerm_lb" "test" {

name = "loadBalancer"
name = "publicIPAddress"
public_ip_address_id = azurerm_public_ip.test.id
}
}
resource "azurerm_lb_backend_address_pool" "test" {

loadbalancer_id = azurerm_lb.test.id
name = "BackEndAddressPool"
}
resource "azurerm_network_interface" "test" {

count = 2
name = "acctni${count.index}"
ip_configuration {
name = "testConfiguration"
subnet_id = azurerm_subnet.test.id
}
}
resource "azurerm_managed_disk" "test" {

count = 2
name = "datadisk_existing_${count.index}"
create_option = "Empty"
disk_size_gb = "1023"
}
resource "azurerm_availability_set" "avset" {

name = "avset"
name = "avset"
platform_fault_domain_count = 2
platform_update_domain_count = 2
managed = true
}
resource "azurerm_virtual_machine" "test" {

count = 2
name = "acctvm${count.index}"
availability_set_id = azurerm_availability_set.avset.id
network_interface_ids = [element(azurerm_network_interface.test.*.id, count.index)]
vm_size = "Standard_DS1_v2"
# Uncomment this line to delete the OS disk automatically when deleting the VM
# delete_os_disk_on_termination = true
# Uncomment this line to delete the data disks automatically when deleting the VM
# delete_data_disks_on_termination = true
sku = "16.04-LTS"
version = "latest"
}
storage_os_disk {
name = "myosdisk${count.index}"
}
# Optional data disks

storage_data_disk {
name = "datadisk_new_${count.index}"
lun = 0
disk_size_gb = "1023"
}
storage_data_disk {
name = element(azurerm_managed_disk.test.*.name, count.index)
managed_disk_id = element(azurerm_managed_disk.test.*.id, count.index)
create_option = "Attach"
lun = 1
disk_size_gb = element(azurerm_managed_disk.test.*.disk_size_gb, count.index)
}
os_profile {
computer_name = "hostname"
admin_username = "testadmin"
admin_password = "Password1234!"
}
}
tags = {
environment = "staging"
}
}
terraform init

Key points:
resources.

Key points:
terraform apply .

Run the az vm list command with a JMESPath query to display the VMs created in the resource group.
az vm list -g acctestrg --query "[].{\"VM Name\":name}" -o table

Key points:

Next steps
Create an Azure virtual machine scale set using Terraform
Create an Azure virtual machine scale set using
Terraform
Azure virtual machine scale sets allow you to configure identical VMs. The number of VM instances can adjust
based on demand or a schedule. For more information, see Automatically scale a virtual machine scale set in the
Azure portal.
Set up a Terraform deployment

Use variables and outputs for Terraform deployment
Create and deploy network infrastructure
Create and deploy a virtual machine scale set and attach it to the network
Create and deploy a jumpbox to connect to the VMs via SSH

options:
Create an SSH key pair : For more information, see How to create and use an SSH public and private key
pair for Linux VMs in Azure.

terraform {
azurerm = {
version = "~>2.0"
}
}
}
}
features {}
}
resource "azurerm_resource_group" "vmss" {

name = var.resource_group_name
tags = var.tags
}
resource "random_string" "fqdn" {

length = 6
special = false
upper = false
number = false
}
resource "azurerm_virtual_network" "vmss" {

name = "vmss-vnet"
address_space = ["10.0.0.0/16"]
resource_group_name = azurerm_resource_group.vmss.name
tags = var.tags
}
resource "azurerm_subnet" "vmss" {

name = "vmss-subnet"
virtual_network_name = azurerm_virtual_network.vmss.name
}
resource "azurerm_public_ip" "vmss" {

name = "vmss-public-ip"
domain_name_label = random_string.fqdn.result
tags = var.tags
}
resource "azurerm_lb" "vmss" {

name = "vmss-lb"
name = "PublicIPAddress"
public_ip_address_id = azurerm_public_ip.vmss.id
}
tags = var.tags
}
resource "azurerm_lb_backend_address_pool" "bpepool" {

loadbalancer_id = azurerm_lb.vmss.id
}
resource "azurerm_lb_probe" "vmss" {

name = "ssh-running-probe"
port = var.application_port
}
resource "azurerm_lb_rule" "lbnatrule" {

name = "http"
protocol = "Tcp"
frontend_port = var.application_port
backend_port = var.application_port
backend_address_pool_id = azurerm_lb_backend_address_pool.bpepool.id
frontend_ip_configuration_name = "PublicIPAddress"
probe_id = azurerm_lb_probe.vmss.id
}
resource "azurerm_virtual_machine_scale_set" "vmss" {

name = "vmscaleset"
upgrade_policy_mode = "Manual"
sku {
name = "Standard_DS1_v2"
tier = "Standard"
capacity = 2
}
storage_profile_image_reference {
sku = "16.04-LTS"
version = "latest"
}
storage_profile_os_disk {
name = ""
}
storage_profile_data_disk {
lun = 0
disk_size_gb = 10
}
os_profile {
computer_name_prefix = "vmlab"
admin_username = var.admin_user
admin_password = var.admin_password
custom_data = file("web.conf")
}
}
network_profile {
name = "terraformnetworkprofile"
primary = true
ip_configuration {
name = "IPConfiguration"
subnet_id = azurerm_subnet.vmss.id
load_balancer_backend_address_pool_ids = [azurerm_lb_backend_address_pool.bpepool.id]
primary = true
}
}
tags = var.tags
}
}
resource "azurerm_public_ip" "jumpbox" {

name = "jumpbox-public-ip"
domain_name_label = "${random_string.fqdn.result}-ssh"
tags = var.tags
}
resource "azurerm_network_interface" "jumpbox" {

name = "jumpbox-nic"
ip_configuration {
public_ip_address_id = azurerm_public_ip.jumpbox.id
}
tags = var.tags
}
resource "azurerm_virtual_machine" "jumpbox" {

name = "jumpbox"
network_interface_ids = [azurerm_network_interface.jumpbox.id]
sku = "16.04-LTS"
version = "latest"
}
storage_os_disk {
name = "jumpbox-osdisk"
}
os_profile {
computer_name = "jumpbox"
}
}
tags = var.tags
}
variable "resource_group_name" {
description = "Name of the resource group in which the resources will be created"
default = "myResourceGroup"
}
default = "eastus"
description = "Location where resources will be created"
}
variable "tags" {
description = "Map of the tags to use for the resources that are deployed"
type = map(string)
default = {
environment = "codelab"
}
}
variable "application_port" {
description = "Port that you want to expose to the external load balancer"
default = 80
}
variable "admin_user" {
description = "User name to use as the admin account on the VMs that will be part of the VM scale
set"
}
variable "admin_password" {
description = "Default password for admin account"
}
4. Create a file named output.tf to specify what values Terraform displays and insert the following code:
output "vmss_public_ip_fqdn" {
value = azurerm_public_ip.vmss.fqdn
}
output "jumpbox_public_ip_fqdn" {
value = azurerm_public_ip.jumpbox.fqdn
}
output "jumpbox_public_ip" {
value = azurerm_public_ip.jumpbox.ip_address
}
5. Create a file named web.conf and insert the following code:
#cloud-config
packages:
- nginx
terraform init
Key points:
resources.

Key points:
terraform apply .

1. From the output of the terraform apply command, you see values for the following:
Virtual machine FQDN
Jumpbox FQDN
Jumpbox IP address
2. Browse to the virtual machine URL to confirm a default page with the text Welcome to nginx! .
3. Use SSH to connect to the jumpbox VM using the user name defined in the variables file and the
password you specified when you ran terraform apply . For example: ssh azureuser@<ip_address> .
Key points:

Next steps
Create an Azure virtual machine scale set from a
Packer custom image by using Terraform
Azure virtual machine scale sets allow you to configure identical VMs. The number of VM instances can adjust
based on demand or a schedule. For more information, see Automatically scale a virtual machine scale set in the
Azure portal.
Set up your Terraform deployment

Use variables and outputs for Terraform deployment
Create and deploy a network infrastructure
Create a custom virtual machine image by using Packer
Create and deploy a virtual machine scale set by using the custom image
Create and deploy a jumpbox

options:
2. Create a Packer image

1. Install Packer.
Key points:
To confirm that you have access to the Packer executable, run the following command: packer -v .
Depending on your environment, you might need to set your path and reopen the command-line.
2. Run az group create to create a resource group to hold the Packer image.
az group create -n myPackerImages -l eastus
3. Run az ad sp create-for-rbac to enable Packer to authenticate to Azure using a service principal.

az ad sp create-for-rbac --role Contributor --scopes /subscriptions/<subscription_id> --query "{
client_id: appId, client_secret: password, tenant_id: tenant }"
Key points:
Make note of the output values ( appId , client_secret , tenant_id ).
4. Run az account show to display the current Azure subscription.
az account show --query "{ subscription_id: id }"
5. Create a Packer template file named ubuntu.json and insert the following code:
{
"builders": [{
"type": "azure-arm",
"client_id": "0bfc2293-4d69-49b5-83f7-bf0d60d20c45",
"client_secret": "G3.6ytCh44Kcla~_JRPBDLkzsXLOa3edDL",
"tenant_id": "c3fd441d-b8ad-487e-aa27-453079018fca",
"subscription_id": "b162117f-53fa-4f42-8c77-6a65ca966c40",
"managed_image_resource_group_name": "myPackerImages",
"managed_image_name": "myPackerImage",
"os_type": "Linux",
"image_publisher": "Canonical",
"image_offer": "UbuntuServer",
"image_sku": "16.04-LTS",
"azure_tags": {
"dept": "Engineering",
"task": "Image deployment"
},
"location": "East US",

"vm_size": "Standard_DS2_v2"
}],
"provisioners": [{
"execute_command": "chmod +x {{ .Path }}; {{ .Vars }} sudo -E sh '{{ .Path }}'",
"inline": [
"apt-get update",
"apt-get upgrade -y",
"apt-get -y install nginx",
"/usr/sbin/waagent -force -deprovision+user && export HISTSIZE=0 && sync"

],
"inline_shebang": "/bin/sh -x",
"type": "shell"
}]
}
Key points:
Set the client_id , client_secret , and tenant_id fields to the respective values from your service
principal.
Set the subscription_id field to the Azure subscription ID.
6. Build the Packer image.
packer build ubuntu.json

terraform {
azurerm = {
version = "~>2.0"
}
}
}
features {}
}
resource "azurerm_resource_group" "vmss" {

name = var.resource_group_name
tags = var.tags
}
resource "random_string" "fqdn" {

length = 6
special = false
upper = false
number = false
}
resource "azurerm_virtual_network" "vmss" {

name = "vmss-vnet"
address_space = ["10.0.0.0/16"]
tags = var.tags
}
resource "azurerm_subnet" "vmss" {

name = "vmss-subnet"
virtual_network_name = azurerm_virtual_network.vmss.name
}
resource "azurerm_public_ip" "vmss" {

name = "vmss-public-ip"
domain_name_label = random_string.fqdn.result
tags = var.tags
}
resource "azurerm_lb" "vmss" {

name = "vmss-lb"
name = "PublicIPAddress"
public_ip_address_id = azurerm_public_ip.vmss.id
}
}
tags = var.tags
}
resource "azurerm_lb_backend_address_pool" "bpepool" {

}
resource "azurerm_lb_probe" "vmss" {

name = "ssh-running-probe"
port = var.application_port
}

name = "http"
protocol = "Tcp"
frontend_port = var.application_port
backend_port = var.application_port
backend_address_pool_id = azurerm_lb_backend_address_pool.bpepool.id
frontend_ip_configuration_name = "PublicIPAddress"
probe_id = azurerm_lb_probe.vmss.id
}
data "azurerm_resource_group" "image" {

name = var.packer_resource_group_name
}
data "azurerm_image" "image" {

name = var.packer_image_name
resource_group_name = data.azurerm_resource_group.image.name
}
resource "azurerm_virtual_machine_scale_set" "vmss" {

name = "vmscaleset"
upgrade_policy_mode = "Manual"
sku {
name = "Standard_DS1_v2"
tier = "Standard"
capacity = 2
}
storage_profile_image_reference {
id=data.azurerm_image.image.id
}
storage_profile_os_disk {
name = ""
}
storage_profile_data_disk {
lun = 0
disk_size_gb = 10
}
os_profile {
computer_name_prefix = "vmlab"
}
disable_password_authentication = true
ssh_keys {
path = "/home/azureuser/.ssh/authorized_keys"
key_data = file("~/.ssh/id_rsa.pub")
}
}
network_profile {
name = "terraformnetworkprofile"
primary = true
ip_configuration {
load_balancer_backend_address_pool_ids = [azurerm_lb_backend_address_pool.bpepool.id]
primary = true
}
}
tags = var.tags
}
resource "azurerm_public_ip" "jumpbox" {

name = "jumpbox-public-ip"
domain_name_label = "${random_string.fqdn.result}-ssh"
tags = var.tags
}
resource "azurerm_network_interface" "jumpbox" {

name = "jumpbox-nic"
ip_configuration {
public_ip_address_id = azurerm_public_ip.jumpbox.id
}
tags = var.tags
}
resource "azurerm_virtual_machine" "jumpbox" {

name = "jumpbox"
network_interface_ids = [azurerm_network_interface.jumpbox.id]
sku = "16.04-LTS"
version = "latest"
}
storage_os_disk {
name = "jumpbox-osdisk"
}
os_profile {
computer_name = "jumpbox"
}
disable_password_authentication = true
ssh_keys {
path = "/home/azureuser/.ssh/authorized_keys"
key_data = file("~/.ssh/id_rsa.pub")
}
}
tags = var.tags
}
variable "packer_resource_group_name" {
description = "Name of the resource group in which the Packer image will be created"
default = "myPackerImages"
}
variable "packer_image_name" {
description = "Name of the Packer image"
default = "myPackerImage"
}
description = "Name of the resource group in which the Packer image will be created"
default = "myPackerImages"
}
description = "Name of the resource group in which the resources will be created"
default = "myResourceGroup"
}
default = "eastus"
description = "Location where resources will be created"
}
variable "tags" {
description = "Map of the tags to use for the resources that are deployed"
type = map(string)
default = {
environment = "codelab"
}
}
variable "application_port" {
description = "Port that you want to expose to the external load balancer"
default = 80
}
variable "admin_user" {
description = "User name to use as the admin account on the VMs that will be part of the VM scale
set"
}
variable "admin_password" {
description = "Default password for admin account"
}
4. Create a file named output.tf to specify what values Terraform displays and insert the following code:
output "vmss_public_ip_fqdn" {
value = azurerm_public_ip.vmss.fqdn
}
output "jumpbox_public_ip_fqdn" {
value = azurerm_public_ip.jumpbox.fqdn
}
output "jumpbox_public_ip" {
value = azurerm_public_ip.jumpbox.ip_address
}
terraform init

Key points:
resources.

Key points:
terraform apply .

1. From the output of the terraform apply command, you see values for the following:
Virtual machine FQDN
Jumpbox FQDN
Jumpbox IP address
2. Browse to the virtual machine URL to confirm a default page with the text Welcome to nginx! .
3. Use SSH to connect to the jumpbox VM using the user name defined in the variables file and the
password you specified when you ran terraform apply . For example: ssh azureuser@<ip_address> .
Delete virtual machine scale set
Key points:
Delete Packer image and resource group

Run az group delete to delete the resource group used to contain the Packer image. The Packer image is also
deleted.
az group delete --name myPackerImages --yes

Next steps

87695a5a6dfa0b0649650d5ccf468a15

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

87695a5a6dfa0b0649650d5ccf468a15

Uploaded by

Copyright:

Available Formats

Contents

Terraform on Azure documentation

Terraform providers for Azure infrastructure

Benefits of Terraform with Azure

RESO URC E N A M E DESC RIP T IO N

azapi_resource Used to fully manage any Azure (control plane) resource

azapi_update_resource Used to manage resources or parts of resources that don't

Resource configuration examples

resource "azapi_resource" "publicip" {

Authentication using the AzAPI provider

Benefits of using the AzAPI provider

Experience and lifecycle of the AzAPI provider

AzAPI2AzureRM migration tool

Using the AzAPI provider

resource "azapi_resource" "example" {

Versions 3.0.0 - Current

3.20.0 (August 25, 2022)

3.19.1 (August 19, 2022)

3.19.0 (August 18, 2022)

3.18.0 (August 11, 2022)

3.17.0 (August 04, 2022)

3.16.0 (July 28, 2022)

3.15.1 (July 25, 2022)

3.15.0 (July 21, 2022)

3.14.0 (July 14, 2022)

3.13.0 (July 08, 2022)

3.12.0 (June 30, 2022)

3.11.0 (June 23, 2022)

3.10.0 (June 09, 2022)

3.9.0 (June 02, 2022)

3.8.0 (May 26, 2022)

3.7.0 (May 19, 2022)

3.6.0 (May 12, 2022)

3.5.0 (May 05, 2022)

3.4.0 (April 28, 2022)

3.3.0 (April 21, 2022)

3.2.0 (April 14, 2022)

3.1.0 (April 07, 2022)

3.0.2 (March 26, 2022)

3.0.1 (March 24, 2022)

3.0.0 (March 24, 2022)

Versions 2.0.0 - 2.99.0

2.98.0 (February 25, 2022)

2.97.0 (February 18, 2022)

2.96.0 (February 11, 2022)

2.94.0 (January 28, 2022)

2.92.0 (January 14, 2022)

2.91.0 (January 07, 2022)

2.88.0 (December 02, 2021)

2.86.0 (November 19, 2021)

2.84.0 (November 05, 2021)

2.82.0 (October 21, 2021)

2.81.0 (October 14, 2021)

2.80.0 (October 08, 2021)

2.79.1 (October 01, 2021)

2.78.0 (September 23, 2021)

2.77.0 (September 17, 2021)

2.76.0 (September 10, 2021)

2.75.0 (September 02, 2021)

2.74.0 (August 27, 2021)

2.73.0 (August 20, 2021)

2.71.0 (August 06, 2021)

2.69.0 (July 23, 2021)

2.68.0 (July 16, 2021)