The Features Block

The Azure Provider allows the behaviour of certain resources to be configured using the features block.

This allows different users to select the behaviour they require, for example some users may wish for the OS Disks for a Virtual Machine to be removed automatically when the Virtual Machine is destroyed - whereas other users may wish for these OS Disks to be detached but not deleted.

Example Usage

If you wish to use the default behaviours of the Azure Provider, then you only need to define an empty features block as below:

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
new azurerm.provider.AzurermProvider(this, "azurerm", {
  features: [{}],
});

Each of the blocks defined below can be optionally specified to configure the behaviour as needed - this example shows all the possible behaviours which can be configured:

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
new azurerm.provider.AzurermProvider(this, "azurerm", {
  features: [
    {
      api_management: [
        {
          purge_soft_delete_on_destroy: true,
          recover_soft_deleted: true,
        },
      ],
      app_configuration: [
        {
          purge_soft_delete_on_destroy: true,
          recover_soft_deleted: true,
        },
      ],
      application_insights: [
        {
          disable_generated_rule: false,
        },
      ],
      cognitive_account: [
        {
          purge_soft_delete_on_destroy: true,
        },
      ],
      key_vault: [
        {
          purge_soft_delete_on_destroy: true,
          recover_soft_deleted_key_vaults: true,
        },
      ],
      log_analytics_workspace: [
        {
          permanently_delete_on_destroy: true,
        },
      ],
      managed_disk: [
        {
          expand_without_downtime: true,
        },
      ],
      resource_group: [
        {
          prevent_deletion_if_contains_resources: true,
        },
      ],
      template_deployment: [
        {
          delete_nested_items_during_deletion: true,
        },
      ],
      virtual_machine: [
        {
          delete_os_disk_on_deletion: true,
          graceful_shutdown: false,
          skip_shutdown_and_force_delete: false,
        },
      ],
      virtual_machine_scale_set: [
        {
          force_delete: false,
          roll_instances_when_required: true,
          scale_to_zero_before_deletion: true,
        },
      ],
    },
  ],
});

Arguments Reference

The features block supports the following:

apiManagement - (Optional) An apiManagement block as defined below.
appConfiguration - (Optional) An appConfiguration block as defined below.
applicationInsights - (Optional) An applicationInsights block as defined below.
cognitiveAccount - (Optional) A cognitiveAccount block as defined below.
keyVault - (Optional) A keyVault block as defined below.
logAnalyticsWorkspace - (Optional) A logAnalyticsWorkspace block as defined below.
managedDisk - (Optional) A managedDisk block as defined below.
resourceGroup - (Optional) A resourceGroup block as defined below.
templateDeployment - (Optional) A templateDeployment block as defined below.
virtualMachine - (Optional) A virtualMachine block as defined below.
virtualMachineScaleSet - (Optional) A virtualMachineScaleSet block as defined below.

The apiManagement block supports the following:

purgeSoftDeleteOnDestroy - (Optional) Should the azurermApiManagement resources be permanently deleted (e.g. purged) when destroyed? Defaults to true.
recoverSoftDeleted - (Optional) Should the azurermApiManagement resources recover a Soft-Deleted API Management service? Defaults to true

The appConfiguration block supports the following:

purgeSoftDeleteOnDestroy - (Optional) Should the azurermAppConfiguration resources be permanently deleted (e.g. purged) when destroyed? Defaults to true.
recoverSoftDeleted - (Optional) Should the azurermAppConfiguration resources recover a Soft-Deleted App Configuration service? Defaults to true

*

The applicationInsights block supports the following:

disableGeneratedRule - (Optional) Should the azurermApplicationInsights resources disable the Azure generated Alert Rule during the create step? Defaults to false.

The cognitiveAccount block supports the following:

purgeSoftDeleteOnDestroy - (Optional) Should the azurermCognitiveAccount resources be permanently deleted (e.g. purged) when destroyed? Defaults to true.

The keyVault block supports the following:

purgeSoftDeleteOnDestroy - (Optional) Should the azurermKeyVault resource be permanently deleted (e.g. purged) when destroyed? Defaults to true.

\~> Note: When purge protection is enabled, a key vault or an object in the deleted state cannot be purged until the retention period (7-90 days) has passed.

purgeSoftDeletedCertificatesOnDestroy - (Optional) Should the azurermKeyVaultCertificate resource be permanently deleted (e.g. purged) when destroyed? Defaults to true.
purgeSoftDeletedKeysOnDestroy - (Optional) Should the azurermKeyVaultKey resource be permanently deleted (e.g. purged) when destroyed? Defaults to true.
purgeSoftDeletedSecretsOnDestroy - (Optional) Should the azurermKeyVaultSecret resource be permanently deleted (e.g. purged) when destroyed? Defaults to true.
purgeSoftDeletedHardwareSecurityModulesOnDestroy - (Optional) Should the azurermKeyVaultManagedHardwareSecurityModule resource be permanently deleted (e.g. purged) when destroyed? Defaults to true.
recoverSoftDeletedCertificates - (Optional) Should the azurermKeyVaultCertificate resource recover a Soft-Deleted Certificate? Defaults to true.
recoverSoftDeletedKeyVaults - (Optional) Should the azurermKeyVault resource recover a Soft-Deleted Key Vault? Defaults to true.
recoverSoftDeletedKeys - (Optional) Should the azurermKeyVaultKey resource recover a Soft-Deleted Key? Defaults to true.
recoverSoftDeletedSecrets - (Optional) Should the azurermKeyVaultSecret resource recover a Soft-Deleted Secret? Defaults to true.

\~> Note: When recovering soft-deleted Key Vault items (Keys, Certificates, and Secrets) the Principal used by Terraform needs the "recover" permission.

The logAnalyticsWorkspace block supports the following:

permanentlyDeleteOnDestroy - (Optional) Should the azurermLogAnalyticsWorkspace be permanently deleted (e.g. purged) when destroyed? Defaults to true.

-> Note: This will be defaulted to false in the next major version of the Azure Provider (4.0).

The managedDisk block supports the following:

expandWithoutDowntime - (Optional) Specifies whether Managed Disks which can be Expanded without Downtime (on either a Linux VM or a Windows VM) should be expanded without restarting the associated Virtual Machine. Defaults to true.

\~> Note: Expand Without Downtime requires a specific configuration for the Managed Disk and Virtual Machine - Terraform will use Expand Without Downtime when the Managed Disk and Virtual Machine meet these requirements, and shut the Virtual Machine down as needed if this is inapplicable. More information on when Expand Without Downtime is applicable can be found in the Linux VM or Windows VM documentation.

The resourceGroup block supports the following:

preventDeletionIfContainsResources - (Optional) Should the azurermResourceGroup resource check that there are no Resources within the Resource Group during deletion? This means that all Resources within the Resource Group must be deleted prior to deleting the Resource Group. Defaults to true.

The templateDeployment block supports the following:

deleteNestedItemsDuringDeletion - (Optional) Should the azurermResourceGroupTemplateDeployment resource attempt to delete resources that have been provisioned by the ARM Template, when the Resource Group Template Deployment is deleted? Defaults to true.

The virtualMachine block supports the following:

deleteOsDiskOnDeletion - (Optional) Should the azurermLinuxVirtualMachine and azurermWindowsVirtualMachine resources delete the OS Disk attached to the Virtual Machine when the Virtual Machine is destroyed? Defaults to true.

\~> Note: This does not affect the older azurermVirtualMachine resource, which has its own flags for managing this within the resource.

gracefulShutdown - (Optional) Should the azurermLinuxVirtualMachine and azurermWindowsVirtualMachine request a graceful shutdown when the Virtual Machine is destroyed? Defaults to false.

\~> Note: When using a graceful shutdown, Azure gives the Virtual Machine a 5 minutes window in which to complete the shutdown process, at which point the machine will be force powered off - more information can be found in this blog post.

skipShutdownAndForceDelete - Should the azurermLinuxVirtualMachine and azurermWindowsVirtualMachine skip the shutdown command and forceDelete, this provides the ability to forcefully and immediately delete the VM and detach all sub-resources associated with the virtual machine. This allows those freed resources to be reattached to another VM instance or deleted. Defaults to false.

\~> Note: Support for Force Delete is in an opt-in Preview.

The virtualMachineScaleSet block supports the following:

forceDelete - Should the azurermLinuxVirtualMachineScaleSet and azurermWindowsVirtualMachineScaleSet resources forceDelete, this provides the ability to forcefully and immediately delete the VM and detach all sub-resources associated with the virtual machine. This allows those freed resources to be reattached to another VM instance or deleted. Defaults to false.

\~> Note: Support for Force Delete is in an opt-in Preview.

rollInstancesWhenRequired - (Optional) Should the azurermLinuxVirtualMachineScaleSet and azurermWindowsVirtualMachineScaleSet resources automatically roll the instances in the Scale Set when Required (for example when updating the Sku/Image). Defaults to true.
scaleToZeroBeforeDeletion - (Optional) Should the azurermLinuxVirtualMachineScaleSet and azurermWindowsVirtualMachineScaleSet resources scale to 0 instances before deleting the resource. Defaults to true.