Ensure automatic OS image patching is enabled for Virtual Machine scale sets
Error: Automatic OS image patching is disabled for Virtual Machine scale sets
Bridgecrew Policy ID: BC_AZR_GENERAL_67
Checkov Check ID: CKV_AZURE_95
Severity: LOW
Automatic OS image patching is disabled for Virtual Machine scale sets
Description
This policy enforces enabling automatic OS image patching on Virtual Machine Scale Sets to always keep Virtual Machines secure by safely applying latest security patches every month.
Fix - Buildtime
Terraform
- Resource: azurerm_virtual_machine_scale_set
- Argument: automatic_os_upgrade
resource "azurerm_virtual_machine_scale_set" "example" {
...
+ automatic_os_upgrade = true
...
}
Updated 12 months ago