We have a setup at work where we have a single resource group intended for our Bicep deployments. Our pipeline is setup to always do complete deployments in this resource group, this is to ensure that we do not get any lingering resources when we delete code from our Bicep repository which should be the single source of truth.

I however stumbled upon some issues when I started to add VM:s into this setup.

Everything works fine for the first run, but the second time the pipeline runs and I changed OSdisk size from 30 to 256 Bicep starts complaining and reports

"details":[{"code":"OperationNotAllowed","target":"osDisk.managedDisk.storageAccountType","message":"Managed disk storage account type change through Virtual Machine 'xxx' is not allowed. Please update disk resource at /subscriptions/xxx/resourceGroups/bicep-iac-rg/providers/Microsoft.Compute/disks/xxx."}]

The VM resource looks like this

resource vm 'Microsoft.Compute/virtualMachines@2023-09-01' = {
  name: vmName
  location: location
  tags: {
    Contact: contact
    About: about
  }
  properties: {
    hardwareProfile: {
      vmSize: vmSize
    }
    storageProfile: {
      osDisk: {
        createOption: 'FromImage'
        managedDisk: {
          storageAccountType: osDiskType
        }
        diskSizeGB: osDiskSizeGB
      }
      imageReference: imageReference[ubuntuOSVersion]
    }
    networkProfile: {
      networkInterfaces: [
        {
          id: networkInterface.id
        }
      ]
    }
    osProfile: {
      computerName: vmName
      adminUsername: adminUsername
      linuxConfiguration: {
        disablePasswordAuthentication: true
        ssh: {
          publicKeys: [
            {
              path: '/home/${adminUsername}/.ssh/authorized_keys'
              keyData: sshPubKey
            }
          ]
        }
      }
    }
  }
}

And the osDisk variables are set as

ubuntuOSVersion: 'Ubuntu-2204'
vmSize: 'Standard_D16s_v4'
osDiskType: 'Premium_LRS'
osDiskSizeGB: 256

So my question is, how am I supposed to work with VM:s and OS disks in particular in Bicep when using the “Complete” deployment type and having to be able to rerun the code multiple times? What if I want to do changes to the VM but keep the disk intact, is that possible in Complete? Should I create the disk seperately and attach and detach it?