PlatformResourcesSign inSign Up

Ensure automatic OS image patching is enabled for Virtual Machine scale sets

Error: Automatic OS image patching is disabled for Virtual Machine scale sets

Bridgecrew Policy ID: BC_AZR_GENERAL_67
Checkov Check ID: CKV_AZURE_95
Severity: LOW

Suggest Edits

Automatic OS image patching is disabled for Virtual Machine scale sets

Description

This policy enforces enabling automatic OS image patching on Virtual Machine Scale Sets to always keep Virtual Machines secure by safely applying latest security patches every month.

Fix - Buildtime

Terraform

  • Resource: azurerm_virtual_machine_scale_set
  • Argument: automatic_os_upgrade
resource "azurerm_virtual_machine_scale_set" "example" {
          ...
 +        automatic_os_upgrade = true
          ...
        }

Updated 4 months ago