Azure VMSS manualUpgrade via Terraform azapi

Question

I need to implement the following az-cli command using TF:

az vmss update-instances --resource-group GROUP --name VMSS

I tried to upgrade an existing VMSS to the latest model using the TF azapi provider using operation "Manually updates instances to latest model of the Virtual Machine Scale Set":

data "azurerm_resources" "aks_vmss" {
  resource_group_name = local.aks_internal_rg_name
  type                = "Microsoft.Compute/virtualMachineScaleSets"
  depends_on = [
    azurerm_kubernetes_cluster_node_pool.user
  ]
}
resource "azurerm_virtual_machine_scale_set_extension" "aks_vmss_az_agent" {
  count                        = length(data.azurerm_resources.aks_vmss.resources)
  virtual_machine_scale_set_id = data.azurerm_resources.aks_vmss.resources[count.index].id

  name                       = "AzureMonitorLinuxAgent"
  publisher                  = "Microsoft.Azure.Monitor"
  type                       = "AzureMonitorLinuxAgent"
  type_handler_version       = "1.25"
  auto_upgrade_minor_version = "true"

  depends_on = [
    azurerm_kubernetes_cluster.aks,
    azurerm_log_analytics_workspace.workspace
  ]
}
resource "azapi_resource_action" "aks_vmss_model_updrade" {
  type        = "Microsoft.Compute/virtualMachineScaleSets/manualUpgrade@2023-03-01"
  count       = length(data.azurerm_resources.aks_vmss.resources)
  resource_id = data.azurerm_resources.aks_vmss.resources[count.index].id
  method      = "POST"

  lifecycle {
    replace_triggered_by = [azurerm_virtual_machine_scale_set_extension.aks_vmss_az_agent]
  }
}

but getting the following error:

│ Error: `resource_id` and `type` are not matched, expect `type` to be Microsoft.Compute/virtualMachineScaleSets, but got Microsoft.Compute/virtualMachineScaleSets/manualUpgrade

UPDATE: another approach change the updatePolicy of the VMSS did not work either:

resource "azapi_resource" "aks_vmss_model_updrade" {
  name      = "aks-vmss-model-upgrade"
  type      = "Microsoft.Compute/virtualMachineScaleSets/virtualMachines@2022-11-01"
  count     = length(data.azurerm_resources.aks_vmss.resources)
  parent_id = data.azurerm_resources.aks_vmss.resources[count.index].id
  body      = jsonencode({ properties = { upgradePolicy = { mode = "string" } } })

  lifecycle {
    replace_triggered_by = [azurerm_virtual_machine_scale_set_extension.aks_vss_az_agent]
  }
}

│ Error: embedded schema validation failed: the `body` is invalid:
│ `properties.upgradePolicy` is not expected here. Do you mean `properties.storageProfile`?
│ `location` is required, but no definition was found
│  You can try to update `azapi` provider to the latest version or disable the validation using the feature flag `schema_validation_enabled = false` within the resource block

Answer 1

I need to implement the following az-cli command using TF

Alternatively, you can use the resource "null_resource" block for executing Az-Cli commands in Terraform.

I have added Az-cli commands in the Terraform block to update the VMSS upgrade policy

Terraform Code:

resource  "null_resource"  "venkat_powershell"  {
provisioner  "local-exec"  {
command = <<EOF
az  vmss  update \
--resource-group  <Resource_Group_Name> \
--name  <VMSS_Name> \
--set  upgradePolicy.mode=Automatic
EOF
}
}

Terraform Apply:

Once the above Terraform code was run, the VMSS upgrade policy was updated successfully as below.

Reference: local-exec Provisioner