hashicorp/azure-image-builder
packer/builders/skills/azure-image-builder/SKILL.md
Build Azure managed images and Azure Compute Gallery images with Packer. Use when creating custom images for Azure VMs.
$ install --global
skillsauthnpx skillsauth add hashicorp/agent-skills azure-image-builderInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
70%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 20, 2026, 3:14 PM213.3s1 file scanned
SKILL.md
- name:
- azure-image-builder
- description:
- Build Azure managed images and Azure Compute Gallery images with Packer. Use when creating custom images for Azure VMs.
Azure Image Builder
Build Azure managed images and Azure Compute Gallery images using Packer's azure-arm builder.
Reference: Azure ARM Builder
Note: Building Azure images incurs costs (compute, storage, data transfer). Builds typically take 15-45 minutes depending on provisioning and OS.
Basic Managed Image
packer {
required_plugins {
azure = {
source = "github.com/hashicorp/azure"
version = "~> 2.0"
}
}
}
variable "client_id" {
type = string
sensitive = true
}
variable "client_secret" {
type = string
sensitive = true
}
variable "subscription_id" {
type = string
}
variable "tenant_id" {
type = string
}
variable "resource_group" {
type = string
default = "packer-images-rg"
}
locals {
timestamp = regex_replace(timestamp(), "[- TZ:]", "")
}
source "azure-arm" "ubuntu" {
client_id = var.client_id
client_secret = var.client_secret
subscription_id = var.subscription_id
tenant_id = var.tenant_id
managed_image_resource_group_name = var.resource_group
managed_image_name = "my-app-${local.timestamp}"
os_type = "Linux"
image_publisher = "Canonical"
image_offer = "0001-com-ubuntu-server-jammy"
image_sku = "22_04-lts-gen2"
location = "East US"
vm_size = "Standard_B2s"
azure_tags = {
Name = "my-app"
BuildDate = local.timestamp
}
}
build {
sources = ["source.azure-arm.ubuntu"]
provisioner "shell" {
inline = [
"sudo apt-get update",
"sudo apt-get upgrade -y",
]
}
}
Azure Compute Gallery
source "azure-arm" "ubuntu" {
client_id = var.client_id
client_secret = var.client_secret
subscription_id = var.subscription_id
tenant_id = var.tenant_id
os_type = "Linux"
image_publisher = "Canonical"
image_offer = "0001-com-ubuntu-server-jammy"
image_sku = "22_04-lts-gen2"
location = "East US"
vm_size = "Standard_B2s"
shared_image_gallery_destination {
resource_group = "gallery-rg"
gallery_name = "myImageGallery"
image_name = "ubuntu-webapp"
image_version = "1.0.${formatdate("YYYYMMDD", timestamp())}"
replication_regions = ["East US", "West US 2"]
storage_account_type = "Standard_LRS"
}
}
Authentication
Service Principal
# Create service principal
az ad sp create-for-rbac \
--name "packer-sp" \
--role Contributor \
--scopes /subscriptions/<subscription-id>
# Set environment variables
export ARM_CLIENT_ID="<client-id>"
export ARM_CLIENT_SECRET="<client-secret>"
export ARM_SUBSCRIPTION_ID="<subscription-id>"
export ARM_TENANT_ID="<tenant-id>"
Managed Identity
source "azure-arm" "ubuntu" {
use_azure_cli_auth = true
subscription_id = var.subscription_id
# ... rest of configuration
}
Build Commands
# Set authentication
export ARM_CLIENT_ID="your-client-id"
export ARM_CLIENT_SECRET="your-client-secret"
export ARM_SUBSCRIPTION_ID="your-subscription-id"
export ARM_TENANT_ID="your-tenant-id"
# Initialize plugins
packer init .
# Validate template
packer validate .
# Build image
packer build .
Common Issues
Authentication Failed
- Verify service principal credentials
- Ensure Contributor role on resource group
- Check subscription and tenant IDs
Compute Gallery Version Exists
- Image versions are immutable
- Use unique version numbers with date/build number
- Cannot overwrite existing versions
Timeout During Provisioning
- Check network connectivity from build VM
- Verify NSG rules allow required traffic
- Increase timeout if needed
References
- Azure ARM Builder
- Azure Compute Gallery
Related Skills
hashicorp/terraform-style-guide
development
VerifiedTrustedOfficial
Generate Terraform HCL code following HashiCorp's official style conventions and best practices. Use when writing, reviewing, or generating Terraform configurations.
571SKILL.mdUpdated Mar 19, 2026
hashicorp/provider-docs
tools
VerifiedTrustedOfficial
Create, update, and review Terraform provider documentation for Terraform Registry using HashiCorp-recommended patterns, tfplugindocs templates, and schema descriptions. Use when adding or changing provider configuration, resources, data sources, ephemeral resources, list resources, functions, or guides; when validating generated docs; and when troubleshooting missing or incorrect Registry documentation.
543SKILL.mdUpdated Apr 2, 2026
hashicorp/new-terraform-provider
devops
VerifiedTrustedOfficial
Use this when scaffolding a new Terraform provider.
509SKILL.mdUpdated Mar 19, 2026
hashicorp/terraform-test
testing
VerifiedTrustedOfficial
Comprehensive guide for writing and running Terraform tests. Use when creating test files (.tftest.hcl), writing test scenarios with run blocks, validating infrastructure behavior with assertions, mocking providers and data sources, testing module outputs and resource configurations, or troubleshooting Terraform test syntax and execution.
509SKILL.mdUpdated Mar 19, 2026