You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/governance/policy/how-to/guest-configuration-create.md
+10-9Lines changed: 10 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -80,10 +80,11 @@ the boolean is `$true` then `Get-TargetResource` isn't called.
80
80
81
81
#### Configuration requirements
82
82
83
-
The only requirement for Guest Configuration to use a custom configuration is for the name
84
-
of the configuration to be consistent everywhere it is used. This includes the name of the .zip file
85
-
for the content package, the configuration name in the mof file stored inside the content package,
86
-
and the configuration name used in ARM as the guest assignment name.
83
+
The only requirement for Guest Configuration to use a custom configuration is for the name of the
84
+
configuration to be consistent everywhere it's used. This name requirement includes the name of the
85
+
.zip file for the content package, the configuration name in the MOF file stored inside the content
86
+
package, and the configuration name used in a Resource Manager template as the guest assignment
87
+
name.
87
88
88
89
#### Get-TargetResource requirements
89
90
@@ -236,7 +237,7 @@ and not communicating with the service.
236
237
In Azure Policy Guest Configuration, the optimal way to manage secrets used at run time is to store
237
238
them in Azure Key Vault. This design is implemented within custom DSC resources.
238
239
239
-
1.First, create a user-assigned managed identity in Azure.
240
+
1.Create a user-assigned managed identity in Azure.
240
241
241
242
The identity is used by machines to access secrets stored in Key Vault. For detailed steps, see
242
243
[Create, list or delete a user-assigned managed identity using Azure PowerShell](../../../active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-powershell.md).
@@ -252,12 +253,12 @@ them in Azure Key Vault. This design is implemented within custom DSC resources.
252
253
253
254
For detailed steps, see
254
255
[Configure managed identities for Azure resources on an Azure VM using PowerShell](../../../active-directory/managed-identities-azure-resources/qs-configure-powershell-windows-vm.md#user-assigned-managed-identity).
255
-
At scale, assign this identity using Azure Resource Manager via Azure Policy. For detailed steps,
256
+
Assign this identity using Azure Resource Manager via Azure Policy at scale. For detailed steps,
256
257
see
257
258
[Configure managed identities for Azure resources on an Azure VM using a template](../../../active-directory/managed-identities-azure-resources/qs-configure-template-windows-vm.md#assign-a-user-assigned-managed-identity-to-an-azure-vm).
258
259
259
-
1.Finally, within your custom resource use the client ID generated above to access Key Vault using
260
-
the token available from the machine.
260
+
1.Use the client ID generated above within your custom resource to access Key Vault using the token
261
+
available from the machine.
261
262
262
263
The `client_id` and url to the Key Vault instance can be passed to the resource as
263
264
[properties](/powershell/scripting/dsc/resources/authoringresourcemof#creating-the-mof-schema) so
@@ -395,7 +396,7 @@ New-GuestConfigurationPolicy
395
396
```
396
397
397
398
For Linux policies, include the property **AttributesYmlContent** in your configuration and
398
-
overwrite the values accordingly. The Guest Configuration agent automatically creates the YaML file
399
+
overwrite the values as needed. The Guest Configuration agent automatically creates the YAML file
399
400
used by InSpec to store attributes. See the example below.
0 commit comments