Hi there

Today I’m demonstrating how to register programmatic deployment for CIS benchmark based VM’s images from Azure marketplace to your Azure Subscription.

Some VM’s image vendors are not available for CI/CD deployment (automatically) without accepting its vendor terms before you can use it and your deployment will fail. Then you can ask, how do we solve this.

Error you might face trying to automatically deploy Marketplace available images without accepting vendors’ terms.

Adding your preferred VM’s vendor images to your azure subscription programmatic deployment.

Go to your Azure portal 

Under your Azure subscription blade check settings \ programmatic deployment blade

You should see nothing there.

Adding not available VM’s vendor images to your programmatic deployment

One way to find an image in a location is to run the Get-AzVMImagePublisherGet-AzVMImageOffer, and Get-AzVMImageSku cmdlets in order:

  1. List the image publishers.
  2. For a given publisher, list their offers.
  3. For a given offer, list their SKUs.

Open your Azure Cloud Shell

List the publishers:


$locName="<Azure location, such as West US>"
Get-AzVMImagePublisher -Location $locName | Select PublisherName

Fill in your chosen publisher name and list the offers:

$pubName="<publisher>"
Get-AzVMImageOffer -Location $locName -PublisherName $pubName | Select Offer

Fill in your chosen offer name and list the SKUs:
$offerName="<offer>"
Get-AzVMImageSku -Location $locName -PublisherName $pubName -Offer $offerName | Select Skus

Fill in your chosen SKU name and get the image version:
$skuName="<SKU>"
Get-AzVMImage -Location $locName -PublisherName $pubName -Offer $offerName -Sku $skuName | Select Version

$agreementTerms=Get-AzMarketplaceterms -Publisher "microsoft-ads" -Product "windows-data-science-vm" -Name "windows2016"

Set-AzMarketplaceTerms -Publisher "microsoft-ads" -Product "windows-data-science-vm" -Name "windows2016" -Terms $agreementTerms -Accept

Now you’re able to see the CIS image XXX available at programmatic deployment blade under your subscription. You should be good to run the deployment without issues.

You can continue and add available marketplace VM’s vendor images to your programmatic deployment by doing the following

Go to Azure portal 

Go to Azure Marketplace

Search for cis ubuntu (select ubuntu 1804 available option)

At the CIS Ubuntu Linux 18.04 LTS Benchmark L1 check the “Get started” at Want to deploy programmatically? and click on it.

Wait a few seconds to Azure load the next blade (wizard)

Scroll down until you find your Subscription Name, Subscription ID and Status

 

By default Status is set to default, toggle it to Enable and click Save (blue button)

Wait for the wizard to complete (Configuration updates completed is shown) and check the new VM under programmatic deployment at your Subscription blade.

All this effort it’s to standardize your environment planning, deployment, troubleshooting and continuous monitoring on this cycle to keep your Azure environment safe and sound.

References
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/cli-ps-findimage

Thanks,

Thiago Beier
TwitterLinkedInFacebookRSS