Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
- Latest
- 2025-04-01
- 2024-11-01
- 2024-07-01
- 2024-03-01
- 2023-09-01
- 2023-07-01
- 2023-03-01
- 2022-11-01
- 2022-08-01
- 2022-03-01
- 2021-11-01
- 2021-07-01
- 2021-04-01
- 2021-03-01
- 2020-12-01
- 2020-06-01
- 2019-12-01
- 2019-07-01
- 2019-03-01
- 2018-10-01
- 2018-06-01
- 2018-04-01
- 2017-12-01
- 2017-03-30
- 2016-04-30-preview
- 2016-03-30
- 2015-06-15
Bicep resource definition
The virtualMachineScaleSets resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Compute/virtualMachineScaleSets resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Compute/virtualMachineScaleSets@2015-06-15' = {
scope: resourceSymbolicName or scope
___location: 'string'
name: 'string'
properties: {
overProvision: bool
provisioningState: 'string'
upgradePolicy: {
mode: 'string'
}
virtualMachineProfile: {
extensionProfile: {
extensions: [
{
id: 'string'
name: 'string'
properties: {
autoUpgradeMinorVersion: bool
protectedSettings: any(...)
publisher: 'string'
settings: any(...)
type: 'string'
typeHandlerVersion: 'string'
}
}
]
}
networkProfile: {
networkInterfaceConfigurations: [
{
id: 'string'
name: 'string'
properties: {
ipConfigurations: [
{
id: 'string'
name: 'string'
properties: {
loadBalancerBackendAddressPools: [
{
id: 'string'
}
]
loadBalancerInboundNatPools: [
{
id: 'string'
}
]
subnet: {
id: 'string'
}
}
}
]
primary: bool
}
}
]
}
osProfile: {
adminPassword: 'string'
adminUsername: 'string'
computerNamePrefix: 'string'
customData: 'string'
linuxConfiguration: {
disablePasswordAuthentication: bool
ssh: {
publicKeys: [
{
keyData: 'string'
path: 'string'
}
]
}
}
secrets: [
{
sourceVault: {
id: 'string'
}
vaultCertificates: [
{
certificateStore: 'string'
certificateUrl: 'string'
}
]
}
]
windowsConfiguration: {
additionalUnattendContent: [
{
componentName: 'Microsoft-Windows-Shell-Setup'
content: 'string'
passName: 'OobeSystem'
settingName: 'string'
}
]
enableAutomaticUpdates: bool
provisionVMAgent: bool
timeZone: 'string'
winRM: {
listeners: [
{
certificateUrl: 'string'
protocol: 'string'
}
]
}
}
}
storageProfile: {
imageReference: {
offer: 'string'
publisher: 'string'
sku: 'string'
version: 'string'
}
osDisk: {
caching: 'string'
createOption: 'string'
image: {
uri: 'string'
}
name: 'string'
osType: 'string'
vhdContainers: [
'string'
]
}
}
}
}
sku: {
capacity: int
name: 'string'
tier: 'string'
}
tags: {
{customized property}: 'string'
}
}
Property Values
Microsoft.Compute/virtualMachineScaleSets
Name | Description | Value |
---|---|---|
___location | Resource ___location | string (required) |
name | The resource name | string (required) |
properties | Describes the properties of a Virtual Machine Scale Set. | VirtualMachineScaleSetProperties |
scope | Use when creating a resource at a scope that is different than the deployment scope. | Set this property to the symbolic name of a resource to apply the extension resource. |
sku | The virtual machine scale set sku. | Sku |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
AdditionalUnattendContent
Name | Description | Value |
---|---|---|
componentName | The component name. Currently, the only allowable value is Microsoft-Windows-Shell-Setup. | 'Microsoft-Windows-Shell-Setup' |
content | Specifies the XML formatted content that is added to the unattend.xml file for the specified path and component. The XML must be less than 4KB and must include the root element for the setting or feature that is being inserted. | string |
passName | The pass name. Currently, the only allowable value is OobeSystem. | 'OobeSystem' |
settingName | Specifies the name of the setting to which the content applies. Possible values are: FirstLogonCommands and AutoLogon. | 'AutoLogon' 'FirstLogonCommands' |
ApiEntityReference
Name | Description | Value |
---|---|---|
id | The ARM resource id in the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/... | string |
ImageReference
Name | Description | Value |
---|---|---|
offer | Specifies the offer of the platform image or marketplace image used to create the virtual machine. | string |
publisher | The image publisher. | string |
sku | The image SKU. | string |
version | Specifies the version of the platform image or marketplace image used to create the virtual machine. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available. | string |
LinuxConfiguration
Name | Description | Value |
---|---|---|
disablePasswordAuthentication | Specifies whether password authentication should be disabled. | bool |
ssh | Specifies the ssh key configuration for a Linux OS. | SshConfiguration |
ResourceTags
Name | Description | Value |
---|
Sku
Name | Description | Value |
---|---|---|
capacity | Specifies the number of virtual machines in the scale set. | int |
name | The sku name. | string |
tier | Specifies the tier of virtual machines in a scale set. Possible Values: Standard Basic |
string |
SshConfiguration
Name | Description | Value |
---|---|---|
publicKeys | The list of SSH public keys used to authenticate with linux based VMs. | SshPublicKey[] |
SshPublicKey
Name | Description | Value |
---|---|---|
keyData | SSH public key certificate used to authenticate with the VM through ssh. The key needs to be at least 2048-bit and in ssh-rsa format. For creating ssh keys, see Create SSH keys on Linux and Mac for Linux VMs in Azure. |
string |
path | Specifies the full path on the created VM where ssh public key is stored. If the file already exists, the specified key is appended to the file. Example: /home/user/.ssh/authorized_keys | string |
SubResource
Name | Description | Value |
---|---|---|
id | Resource Id | string |
UpgradePolicy
Name | Description | Value |
---|---|---|
mode | Specifies the mode of an upgrade to virtual machines in the scale set. Possible values are: Manual - You control the application of updates to virtual machines in the scale set. You do this by using the manualUpgrade action. Automatic - All virtual machines in the scale set are automatically updated at the same time. |
'Automatic' 'Manual' |
VaultCertificate
Name | Description | Value |
---|---|---|
certificateStore | For Windows VMs, specifies the certificate store on the Virtual Machine to which the certificate should be added. The specified certificate store is implicitly in the LocalMachine account. For Linux VMs, the certificate file is placed under the /var/lib/waagent directory, with the file name <UppercaseThumbprint>.crt for the X509 certificate file and <UppercaseThumbprint>.prv for private key. Both of these files are .pem formatted. |
string |
certificateUrl | This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8: { "data":"<Base64-encoded-certificate>", "dataType":"pfx", "password":"<pfx-file-password>" } |
string |
VaultSecretGroup
Name | Description | Value |
---|---|---|
sourceVault | The relative URL of the Key Vault containing all of the certificates in VaultCertificates. | SubResource |
vaultCertificates | The list of key vault references in SourceVault which contain certificates. | VaultCertificate[] |
VirtualHardDisk
Name | Description | Value |
---|---|---|
uri | Specifies the virtual hard disk's uri. | string |
VirtualMachineScaleSetExtension
Name | Description | Value |
---|---|---|
id | Resource Id | string |
name | The name of the extension. | string |
properties | Describes the properties of a Virtual Machine Scale Set Extension. | VirtualMachineScaleSetExtensionProperties |
VirtualMachineScaleSetExtensionProfile
Name | Description | Value |
---|---|---|
extensions | The virtual machine scale set child extension resources. | VirtualMachineScaleSetExtension[] |
VirtualMachineScaleSetExtensionProperties
Name | Description | Value |
---|---|---|
autoUpgradeMinorVersion | Whether the extension handler should be automatically upgraded across minor versions. | bool |
protectedSettings | Json formatted protected settings for the extension. | any |
publisher | The name of the extension handler publisher. | string |
settings | Json formatted public settings for the extension. | any |
type | The type of the extension handler. | string |
typeHandlerVersion | The type version of the extension handler. | string |
VirtualMachineScaleSetIPConfiguration
Name | Description | Value |
---|---|---|
id | Resource Id | string |
name | The IP configuration name. | string (required) |
properties | Describes a virtual machine scale set network profile's IP configuration properties. | VirtualMachineScaleSetIPConfigurationProperties |
VirtualMachineScaleSetIPConfigurationProperties
Name | Description | Value |
---|---|---|
loadBalancerBackendAddressPools | The load balancer backend address pools. | SubResource[] |
loadBalancerInboundNatPools | The load balancer inbound nat pools. | SubResource[] |
subnet | The subnet. | ApiEntityReference (required) |
VirtualMachineScaleSetNetworkConfiguration
Name | Description | Value |
---|---|---|
id | Resource Id | string |
name | The network configuration name. | string (required) |
properties | Describes a virtual machine scale set network profile's IP configuration. | VirtualMachineScaleSetNetworkConfigurationProperties |
VirtualMachineScaleSetNetworkConfigurationProperties
Name | Description | Value |
---|---|---|
ipConfigurations | The virtual machine scale set IP Configuration. | VirtualMachineScaleSetIPConfiguration[] (required) |
primary | Whether this is a primary NIC on a virtual machine. | bool |
VirtualMachineScaleSetNetworkProfile
Name | Description | Value |
---|---|---|
networkInterfaceConfigurations | The list of network configurations. | VirtualMachineScaleSetNetworkConfiguration[] |
VirtualMachineScaleSetOSDisk
Name | Description | Value |
---|---|---|
caching | Specifies the caching requirements. Possible values are: None ReadOnly ReadWrite Default: None for Standard storage. ReadOnly for Premium storage |
'None' 'ReadOnly' 'ReadWrite' |
createOption | Specifies how the virtual machines in the scale set should be created. The only allowed value is: FromImage \u2013 This value is used when you are using an image to create the virtual machine. If you are using a platform image, you also use the imageReference element described above. If you are using a marketplace image, you also use the plan element previously described. |
'Attach' 'Empty' 'FromImage' (required) |
image | The Source User Image VirtualHardDisk. This VirtualHardDisk will be copied before using it to attach to the Virtual Machine. If SourceImage is provided, the destination VirtualHardDisk should not exist. | VirtualHardDisk |
name | The disk name. | string (required) |
osType | This property allows you to specify the type of the OS that is included in the disk if creating a VM from user-image or a specialized VHD. Possible values are: Windows Linux |
'Linux' 'Windows' |
vhdContainers | The list of virtual hard disk container uris. | string[] |
VirtualMachineScaleSetOSProfile
Name | Description | Value |
---|---|---|
adminPassword | Specifies the password of the administrator account. Minimum-length (Windows): 8 characters Minimum-length (Linux): 6 characters Max-length (Windows): 123 characters Max-length (Linux): 72 characters Complexity requirements: 3 out of 4 conditions below need to be fulfilled Has lower characters Has upper characters Has a digit Has a special character (Regex match [\W_]) Disallowed values: "abc@123", "P@$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!" For resetting the password, see How to reset the Remote Desktop service or its login password in a Windows VM For resetting root password, see Manage users, SSH, and check or repair disks on Azure Linux VMs using the VMAccess Extension |
string |
adminUsername | Specifies the name of the administrator account. Windows-only restriction: Cannot end in "." Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". Minimum-length (Linux): 1 character Max-length (Linux): 64 characters Max-length (Windows): 20 characters <li> For root access to the Linux VM, see Using root privileges on Linux virtual machines in Azure <li> For a list of built-in system users on Linux that should not be used in this field, see Selecting User Names for Linux on Azure |
string |
computerNamePrefix | Specifies the computer name prefix for all of the virtual machines in the scale set. Computer name prefixes must be 1 to 15 characters long. | string |
customData | A base-64 encoded string of custom data. | string |
linuxConfiguration | The Linux Configuration of the OS profile. | LinuxConfiguration |
secrets | The List of certificates for addition to the VM. | VaultSecretGroup[] |
windowsConfiguration | The Windows Configuration of the OS profile. | WindowsConfiguration |
VirtualMachineScaleSetProperties
Name | Description | Value |
---|---|---|
overProvision | Specifies whether the Virtual Machine Scale Set should be overprovisioned. | bool |
provisioningState | The provisioning state, which only appears in the response. | string |
upgradePolicy | The upgrade policy. | UpgradePolicy |
virtualMachineProfile | The virtual machine profile. | VirtualMachineScaleSetVMProfile |
VirtualMachineScaleSetStorageProfile
Name | Description | Value |
---|---|---|
imageReference | The image reference. | ImageReference |
osDisk | The OS disk. | VirtualMachineScaleSetOSDisk |
VirtualMachineScaleSetVMProfile
Name | Description | Value |
---|---|---|
extensionProfile | The virtual machine scale set extension profile. | VirtualMachineScaleSetExtensionProfile |
networkProfile | The virtual machine scale set network profile. | VirtualMachineScaleSetNetworkProfile |
osProfile | The virtual machine scale set OS profile. | VirtualMachineScaleSetOSProfile |
storageProfile | The virtual machine scale set storage profile. | VirtualMachineScaleSetStorageProfile |
WindowsConfiguration
Name | Description | Value |
---|---|---|
additionalUnattendContent | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. | AdditionalUnattendContent[] |
enableAutomaticUpdates | Indicates whether virtual machine is enabled for automatic updates. | bool |
provisionVMAgent | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. |
bool |
timeZone | Specifies the time zone of the virtual machine. e.g. "Pacific Standard Time" | string |
winRM | Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. | WinRMConfiguration |
WinRMConfiguration
Name | Description | Value |
---|---|---|
listeners | The list of Windows Remote Management listeners | WinRMListener[] |
WinRMListener
Name | Description | Value |
---|---|---|
certificateUrl | This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8: { "data":"<Base64-encoded-certificate>", "dataType":"pfx", "password":"<pfx-file-password>" } |
string |
protocol | Specifies the protocol of listener. Possible values are: http https |
'Http' 'Https' |
Usage Examples
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
Module | Description |
---|---|
Virtual Machine Scale Set | AVM Resource Module for Virtual Machine Scale Set |
Azure Quickstart Samples
The following Azure Quickstart templates contain Bicep samples for deploying this resource type.
Bicep File | Description |
---|---|
Azure Game Developer Virtual Machine Scale Set | Azure Game Developer Virtual Machine Scale Set includes Licencsed Engines like Unreal. |
Deploy a 5 Node Secure Cluster | This template allows you to deploy a secure 5 node Service Fabric Cluster running Windows Server 2019 Datacenter on a Standard_D2_v2 Size VMSS. |
Deploy a Nextflow genomics cluster | This template deploys a scalable Nextflow cluster with a Jumpbox, n cluster nodes, docker support and shared storage. |
Deploy a trusted launch capable Windows VM Scale Set | This template allows you to deploy a trusted launch capable VM Scale Set of Windows VMs using the latest patched version of Windows Server 2016, Windows Server 2019 or Windows Server 2022 Azure Edition. These VMs are behind a load balancer with NAT rules for RDP connections. If you enable Secureboot and vTPM, the Guest Attestation extension will be installed on your VMSS. This extension will perform remote attestation by the cloud. |
Deploy a VM Scale Set with Windows VMs and Auto Scale | This template allows you to deploy a simple VM Scale Set of Windows VMs using the latest patched version of Windows 2008-R2-SP1, 2012-Datacenter, or 2012-R2-Datacenter. These VMs are behind a load balancer with NAT rules for RDP connections. They also have Auto Scale integrated |
Deploy a VMSS that connects each VM to an Azure Files share | This template deploys an Ubuntu Virtual Machine Scale Set and uses a custom script extension to connect each VM to an Azure Files share |
Deploy a Windows VM scale set with Azure Application Gateway | This template allows you to deploy a simple Windows VM Scale Set integrated with Azure Application Gateway, and supports up to 1000 VMs |
Deploy VM Scale Set with Python Bottle server & AutoScale | Deploy a VM Scale Set behind a load balancer/NAT & each VM running a simple Python Bottle app that does work. With Autoscale configured Scale Set will scale out & in as needed |
VM Scale Set with autoscale running an IIS WebApp | Deploys a Windows VM Scale Set running IIS and a very basic .NET MVC web app. The VMSS PowerShell DSC Extension is leveraged to do the IIS install and WebDeploy package deployment. |
VMSS Flexible Orchestration Mode Quickstart Linux | This template deploys a simple VM Scale Set with instances behind an Azure Load Balancer. The VM Scale set is in Flexible Orchestration Mode. Use the os parameter to choose Linux (Ubuntu) or Windows (Windows Server Datacenter 2019) deployment. NOTE: This quickstart template enables network access to VM management ports (SSH, RDP) from any internet address, and should not be used for production deployments. |
VMSS with Public IP Prefix | Template for deploying VMSS with Public IP Prefix |
ARM template resource definition
The virtualMachineScaleSets resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Compute/virtualMachineScaleSets resource, add the following JSON to your template.
{
"type": "Microsoft.Compute/virtualMachineScaleSets",
"apiVersion": "2015-06-15",
"name": "string",
"___location": "string",
"properties": {
"overProvision": "bool",
"provisioningState": "string",
"upgradePolicy": {
"mode": "string"
},
"virtualMachineProfile": {
"extensionProfile": {
"extensions": [
{
"id": "string",
"name": "string",
"properties": {
"autoUpgradeMinorVersion": "bool",
"protectedSettings": {},
"publisher": "string",
"settings": {},
"type": "string",
"typeHandlerVersion": "string"
}
}
]
},
"networkProfile": {
"networkInterfaceConfigurations": [
{
"id": "string",
"name": "string",
"properties": {
"ipConfigurations": [
{
"id": "string",
"name": "string",
"properties": {
"loadBalancerBackendAddressPools": [
{
"id": "string"
}
],
"loadBalancerInboundNatPools": [
{
"id": "string"
}
],
"subnet": {
"id": "string"
}
}
}
],
"primary": "bool"
}
}
]
},
"osProfile": {
"adminPassword": "string",
"adminUsername": "string",
"computerNamePrefix": "string",
"customData": "string",
"linuxConfiguration": {
"disablePasswordAuthentication": "bool",
"ssh": {
"publicKeys": [
{
"keyData": "string",
"path": "string"
}
]
}
},
"secrets": [
{
"sourceVault": {
"id": "string"
},
"vaultCertificates": [
{
"certificateStore": "string",
"certificateUrl": "string"
}
]
}
],
"windowsConfiguration": {
"additionalUnattendContent": [
{
"componentName": "Microsoft-Windows-Shell-Setup",
"content": "string",
"passName": "OobeSystem",
"settingName": "string"
}
],
"enableAutomaticUpdates": "bool",
"provisionVMAgent": "bool",
"timeZone": "string",
"winRM": {
"listeners": [
{
"certificateUrl": "string",
"protocol": "string"
}
]
}
}
},
"storageProfile": {
"imageReference": {
"offer": "string",
"publisher": "string",
"sku": "string",
"version": "string"
},
"osDisk": {
"caching": "string",
"createOption": "string",
"image": {
"uri": "string"
},
"name": "string",
"osType": "string",
"vhdContainers": [ "string" ]
}
}
}
},
"sku": {
"capacity": "int",
"name": "string",
"tier": "string"
},
"tags": {
"{customized property}": "string"
}
}
Property Values
Microsoft.Compute/virtualMachineScaleSets
Name | Description | Value |
---|---|---|
apiVersion | The api version | '2015-06-15' |
___location | Resource ___location | string (required) |
name | The resource name | string (required) |
properties | Describes the properties of a Virtual Machine Scale Set. | VirtualMachineScaleSetProperties |
sku | The virtual machine scale set sku. | Sku |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
type | The resource type | 'Microsoft.Compute/virtualMachineScaleSets' |
AdditionalUnattendContent
Name | Description | Value |
---|---|---|
componentName | The component name. Currently, the only allowable value is Microsoft-Windows-Shell-Setup. | 'Microsoft-Windows-Shell-Setup' |
content | Specifies the XML formatted content that is added to the unattend.xml file for the specified path and component. The XML must be less than 4KB and must include the root element for the setting or feature that is being inserted. | string |
passName | The pass name. Currently, the only allowable value is OobeSystem. | 'OobeSystem' |
settingName | Specifies the name of the setting to which the content applies. Possible values are: FirstLogonCommands and AutoLogon. | 'AutoLogon' 'FirstLogonCommands' |
ApiEntityReference
Name | Description | Value |
---|---|---|
id | The ARM resource id in the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/... | string |
ImageReference
Name | Description | Value |
---|---|---|
offer | Specifies the offer of the platform image or marketplace image used to create the virtual machine. | string |
publisher | The image publisher. | string |
sku | The image SKU. | string |
version | Specifies the version of the platform image or marketplace image used to create the virtual machine. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available. | string |
LinuxConfiguration
Name | Description | Value |
---|---|---|
disablePasswordAuthentication | Specifies whether password authentication should be disabled. | bool |
ssh | Specifies the ssh key configuration for a Linux OS. | SshConfiguration |
ResourceTags
Name | Description | Value |
---|
Sku
Name | Description | Value |
---|---|---|
capacity | Specifies the number of virtual machines in the scale set. | int |
name | The sku name. | string |
tier | Specifies the tier of virtual machines in a scale set. Possible Values: Standard Basic |
string |
SshConfiguration
Name | Description | Value |
---|---|---|
publicKeys | The list of SSH public keys used to authenticate with linux based VMs. | SshPublicKey[] |
SshPublicKey
Name | Description | Value |
---|---|---|
keyData | SSH public key certificate used to authenticate with the VM through ssh. The key needs to be at least 2048-bit and in ssh-rsa format. For creating ssh keys, see Create SSH keys on Linux and Mac for Linux VMs in Azure. |
string |
path | Specifies the full path on the created VM where ssh public key is stored. If the file already exists, the specified key is appended to the file. Example: /home/user/.ssh/authorized_keys | string |
SubResource
Name | Description | Value |
---|---|---|
id | Resource Id | string |
UpgradePolicy
Name | Description | Value |
---|---|---|
mode | Specifies the mode of an upgrade to virtual machines in the scale set. Possible values are: Manual - You control the application of updates to virtual machines in the scale set. You do this by using the manualUpgrade action. Automatic - All virtual machines in the scale set are automatically updated at the same time. |
'Automatic' 'Manual' |
VaultCertificate
Name | Description | Value |
---|---|---|
certificateStore | For Windows VMs, specifies the certificate store on the Virtual Machine to which the certificate should be added. The specified certificate store is implicitly in the LocalMachine account. For Linux VMs, the certificate file is placed under the /var/lib/waagent directory, with the file name <UppercaseThumbprint>.crt for the X509 certificate file and <UppercaseThumbprint>.prv for private key. Both of these files are .pem formatted. |
string |
certificateUrl | This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8: { "data":"<Base64-encoded-certificate>", "dataType":"pfx", "password":"<pfx-file-password>" } |
string |
VaultSecretGroup
Name | Description | Value |
---|---|---|
sourceVault | The relative URL of the Key Vault containing all of the certificates in VaultCertificates. | SubResource |
vaultCertificates | The list of key vault references in SourceVault which contain certificates. | VaultCertificate[] |
VirtualHardDisk
Name | Description | Value |
---|---|---|
uri | Specifies the virtual hard disk's uri. | string |
VirtualMachineScaleSetExtension
Name | Description | Value |
---|---|---|
id | Resource Id | string |
name | The name of the extension. | string |
properties | Describes the properties of a Virtual Machine Scale Set Extension. | VirtualMachineScaleSetExtensionProperties |
VirtualMachineScaleSetExtensionProfile
Name | Description | Value |
---|---|---|
extensions | The virtual machine scale set child extension resources. | VirtualMachineScaleSetExtension[] |
VirtualMachineScaleSetExtensionProperties
Name | Description | Value |
---|---|---|
autoUpgradeMinorVersion | Whether the extension handler should be automatically upgraded across minor versions. | bool |
protectedSettings | Json formatted protected settings for the extension. | any |
publisher | The name of the extension handler publisher. | string |
settings | Json formatted public settings for the extension. | any |
type | The type of the extension handler. | string |
typeHandlerVersion | The type version of the extension handler. | string |
VirtualMachineScaleSetIPConfiguration
Name | Description | Value |
---|---|---|
id | Resource Id | string |
name | The IP configuration name. | string (required) |
properties | Describes a virtual machine scale set network profile's IP configuration properties. | VirtualMachineScaleSetIPConfigurationProperties |
VirtualMachineScaleSetIPConfigurationProperties
Name | Description | Value |
---|---|---|
loadBalancerBackendAddressPools | The load balancer backend address pools. | SubResource[] |
loadBalancerInboundNatPools | The load balancer inbound nat pools. | SubResource[] |
subnet | The subnet. | ApiEntityReference (required) |
VirtualMachineScaleSetNetworkConfiguration
Name | Description | Value |
---|---|---|
id | Resource Id | string |
name | The network configuration name. | string (required) |
properties | Describes a virtual machine scale set network profile's IP configuration. | VirtualMachineScaleSetNetworkConfigurationProperties |
VirtualMachineScaleSetNetworkConfigurationProperties
Name | Description | Value |
---|---|---|
ipConfigurations | The virtual machine scale set IP Configuration. | VirtualMachineScaleSetIPConfiguration[] (required) |
primary | Whether this is a primary NIC on a virtual machine. | bool |
VirtualMachineScaleSetNetworkProfile
Name | Description | Value |
---|---|---|
networkInterfaceConfigurations | The list of network configurations. | VirtualMachineScaleSetNetworkConfiguration[] |
VirtualMachineScaleSetOSDisk
Name | Description | Value |
---|---|---|
caching | Specifies the caching requirements. Possible values are: None ReadOnly ReadWrite Default: None for Standard storage. ReadOnly for Premium storage |
'None' 'ReadOnly' 'ReadWrite' |
createOption | Specifies how the virtual machines in the scale set should be created. The only allowed value is: FromImage \u2013 This value is used when you are using an image to create the virtual machine. If you are using a platform image, you also use the imageReference element described above. If you are using a marketplace image, you also use the plan element previously described. |
'Attach' 'Empty' 'FromImage' (required) |
image | The Source User Image VirtualHardDisk. This VirtualHardDisk will be copied before using it to attach to the Virtual Machine. If SourceImage is provided, the destination VirtualHardDisk should not exist. | VirtualHardDisk |
name | The disk name. | string (required) |
osType | This property allows you to specify the type of the OS that is included in the disk if creating a VM from user-image or a specialized VHD. Possible values are: Windows Linux |
'Linux' 'Windows' |
vhdContainers | The list of virtual hard disk container uris. | string[] |
VirtualMachineScaleSetOSProfile
Name | Description | Value |
---|---|---|
adminPassword | Specifies the password of the administrator account. Minimum-length (Windows): 8 characters Minimum-length (Linux): 6 characters Max-length (Windows): 123 characters Max-length (Linux): 72 characters Complexity requirements: 3 out of 4 conditions below need to be fulfilled Has lower characters Has upper characters Has a digit Has a special character (Regex match [\W_]) Disallowed values: "abc@123", "P@$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!" For resetting the password, see How to reset the Remote Desktop service or its login password in a Windows VM For resetting root password, see Manage users, SSH, and check or repair disks on Azure Linux VMs using the VMAccess Extension |
string |
adminUsername | Specifies the name of the administrator account. Windows-only restriction: Cannot end in "." Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". Minimum-length (Linux): 1 character Max-length (Linux): 64 characters Max-length (Windows): 20 characters <li> For root access to the Linux VM, see Using root privileges on Linux virtual machines in Azure <li> For a list of built-in system users on Linux that should not be used in this field, see Selecting User Names for Linux on Azure |
string |
computerNamePrefix | Specifies the computer name prefix for all of the virtual machines in the scale set. Computer name prefixes must be 1 to 15 characters long. | string |
customData | A base-64 encoded string of custom data. | string |
linuxConfiguration | The Linux Configuration of the OS profile. | LinuxConfiguration |
secrets | The List of certificates for addition to the VM. | VaultSecretGroup[] |
windowsConfiguration | The Windows Configuration of the OS profile. | WindowsConfiguration |
VirtualMachineScaleSetProperties
Name | Description | Value |
---|---|---|
overProvision | Specifies whether the Virtual Machine Scale Set should be overprovisioned. | bool |
provisioningState | The provisioning state, which only appears in the response. | string |
upgradePolicy | The upgrade policy. | UpgradePolicy |
virtualMachineProfile | The virtual machine profile. | VirtualMachineScaleSetVMProfile |
VirtualMachineScaleSetStorageProfile
Name | Description | Value |
---|---|---|
imageReference | The image reference. | ImageReference |
osDisk | The OS disk. | VirtualMachineScaleSetOSDisk |
VirtualMachineScaleSetVMProfile
Name | Description | Value |
---|---|---|
extensionProfile | The virtual machine scale set extension profile. | VirtualMachineScaleSetExtensionProfile |
networkProfile | The virtual machine scale set network profile. | VirtualMachineScaleSetNetworkProfile |
osProfile | The virtual machine scale set OS profile. | VirtualMachineScaleSetOSProfile |
storageProfile | The virtual machine scale set storage profile. | VirtualMachineScaleSetStorageProfile |
WindowsConfiguration
Name | Description | Value |
---|---|---|
additionalUnattendContent | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. | AdditionalUnattendContent[] |
enableAutomaticUpdates | Indicates whether virtual machine is enabled for automatic updates. | bool |
provisionVMAgent | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. |
bool |
timeZone | Specifies the time zone of the virtual machine. e.g. "Pacific Standard Time" | string |
winRM | Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. | WinRMConfiguration |
WinRMConfiguration
Name | Description | Value |
---|---|---|
listeners | The list of Windows Remote Management listeners | WinRMListener[] |
WinRMListener
Name | Description | Value |
---|---|---|
certificateUrl | This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8: { "data":"<Base64-encoded-certificate>", "dataType":"pfx", "password":"<pfx-file-password>" } |
string |
protocol | Specifies the protocol of listener. Possible values are: http https |
'Http' 'Https' |
Usage Examples
Azure Quickstart Templates
The following Azure Quickstart templates deploy this resource type.
Template | Description |
---|---|
Add multiple VMs into a Virtual Machine Scale Set |
This template will create N number of VM's with managed disks, public IPs and network interfaces. It will create the VMs in a Virtual Machine Scale Set in Flexible Orchestration mode. They will be provisioned in a Virtual Network which will also be created as part of the deployment |
Autoscale LANSA Windows VM ScaleSet with Azure SQL Database |
The template deploys a Windows VMSS with a desired count of VMs in the scale set and a LANSA MSI to install into each VM. Once the VM Scale Set is deployed a custom script extension is used to install the LANSA MSI) |
Azure Container Service Engine (acs-engine) - Swarm Mode |
The Azure Container Service Engine (acs-engine) generates ARM (Azure Resource Manager) templates for Docker enabled clusters on Microsoft Azure with your choice of DC/OS, Kubernetes, Swarm Mode, or Swarm orchestrators. The input to the tool is a cluster definition. The cluster definition is very similar to (in many cases the same as) the ARM template syntax used to deploy a Microsoft Azure Container Service cluster. |
Azure Game Developer Virtual Machine Scale Set |
Azure Game Developer Virtual Machine Scale Set includes Licencsed Engines like Unreal. |
Azure VM Scale Set as clients of Intel Lustre |
This template creates a set of Intel Lustre 2.7 clients using Azure VM Scale Sets and Azure gallery OpenLogic CentOS 6.6 or 7.0 images and mounts an existing Intel Lustre filesystem |
Confidential VM Scale Set with confidential disk encryption |
This template allows you to deploy a confidential VM Scale Set with confidential OS disk encryption enabled using the latest patched version of several Windows and Linux image versions. |
Couchbase Enterprise |
Azure Resource Manager (ARM) templates to install Couchbase Enterprise |
Create and encrypt a new Linux VMSS with jumpbox |
This template deploys a Linux VMSS using the latest Linux image, adds data volumes, and then encrypts the data volumes of each Linux VMSS instance. It also deploys a jumpbox with a public IP address in the same virtual network as the Linux VMSS instances with private IP addresses. This allows connecting to the jumpbox via its public IP address, and then connecting to the Linux VMSS instances via private IP addresses. |
Create and encrypt a new Windows VMSS with jumpbox |
This template allows you to deploy a simple VM Scale Set of Windows VMs using the lastest patched version of serveral Windows versions. This template also deploys a jumpbox with a public IP address in the same virtual network. You can connect to the jumpbox via this public IP address, then connect from there to VMs in the scale set via private IP addresses.This template enables encryption on the VM Scale Set of Windows VMs. |
Deploy a 3 Nodetype Secure Cluster with NSGs enabled |
This template allows you to deploy a secure 3 nodetype Service fabric Cluster running Windows server 2016 Data center on a Standard_D2 Size VMs. Use this template allows you ro control the inbound and outbound network traffic using Network Security Groups. |
Deploy a 5 Node Secure Cluster |
This template allows you to deploy a secure 5 node Service Fabric Cluster running Windows Server 2019 Datacenter on a Standard_D2_v2 Size VMSS. |
Deploy a 5 Node Ubuntu Service Fabric Cluster |
This template allows you to deploy a secure 5 node Service Fabric Cluster running Ubuntu on a Standard_D2_V2 Size VMSS. |
Deploy a Linux VMSS wth primary/secondary architecture |
This template allows you to deploy a Linux VMSS with a Custom Script Extension in primary secondary architecture |
Deploy a Nextflow genomics cluster |
This template deploys a scalable Nextflow cluster with a Jumpbox, n cluster nodes, docker support and shared storage. |
Deploy a Scale Set into an existing vnet |
This template deploys a VM Scale Set into an exsisting vnet. |
Deploy a Scale Set into an existing vnet on Windows |
This template deploys a Windows 2016 Datacenter VM Scale Set into an exsisting resource group, vnet and subnet. |
Deploy a simple VM Scale Set with Linux VMs |
This template allows you to deploy a simple VM Scale Set of Linux VMs using the latest patched version of Ubuntu Linux 14.04.4-LTS or 16.04-LTS. These VMs are behind a load balancer with NAT rules for ssh connections. |
Deploy a simple VM Scale Set with Linux VMs and a Jumpbox |
This template allows you to deploy a simple VM Scale Set of Linux VMs using the latest patched version of Ubuntu Linux 15.10 or 14.04.4-LTS. There is also a jumpbox to enable connections from outside of the VNet the VMs are in. |
Deploy a simple VM Scale Set with Windows VMs |
This template allows you to deploy a simple VM Scale Set of Windows VMs using the lastest patched version of various Windows Versions. These VMs are behind a load balancer with NAT rules for rdp connections. |
Deploy a simple VM Scale Set with Windows VMs and a Jumpbox |
This template allows you to deploy a simple VM Scale Set of Windows VMs using the lastest patched version of serveral Windows versions. This template also deploys a jumpbox with a public IP address in the same virtual network. You can connect to the jumpbox via this public IP address, then connect from there to VMs in the scale set via private IP addresses. |
Deploy a trusted launch capable Windows VM Scale Set |
This template allows you to deploy a trusted launch capable VM Scale Set of Windows VMs using the latest patched version of Windows Server 2016, Windows Server 2019 or Windows Server 2022 Azure Edition. These VMs are behind a load balancer with NAT rules for RDP connections. If you enable Secureboot and vTPM, the Guest Attestation extension will be installed on your VMSS. This extension will perform remote attestation by the cloud. |
Deploy a VM Scale Set from the Azure Data Science VM |
These templates deploy VM scale sets, using the Azure Data Science VMs as a source image. |
Deploy a VM Scale Set with a Linux custom image |
This template allows you to deploy a custom VM Linux image inside an Scale Set. These VMs are behind a load balancer with HTTP load balancing (by default on port 80). The example uses a custom script to do the application deployment and update, you may have to provide your custom script for your own update procedure. You will have to provide a generalized image of your VM in the same subscription and region where you create the VMSS. |
Deploy a VM Scale Set with a Windows custom image |
This template allows you to deploy a simple VM Scale Set usng a custom Windows image. These VMs are behind a load balancer with HTTP load balancing (by default on port 80) |
Deploy a VM Scale Set with Linux VMs and Auto Scale |
This template allows you to deploy a simple VM Scale Set of Linux VMs using the latest patched version of Ubuntu Linux 15.04 or 14.04.4-LTS. These VMs are behind a load balancer with NAT rules for ssh connections.They also have Auto Scale integrated |
Deploy a VM Scale Set with Linux VMs behind ILB |
This template allows you to deploy a VM Scale Set of Linux VMs using the latest patched version of Ubuntu Linux 15.10 or 14.04.4-LTS. These VMs are behind an internal load balancer with NAT rules for ssh connections. |
Deploy a VM Scale Set with Linux VMs in Availabilty Zones |
This template allows you to deploy a simple VM Scale Set of Linux VMs using the latest patched version of Ubuntu Linux 14.04.4-LTS or 16.04-LTS. These VMs are behind a load balancer with NAT rules for ssh connections. |
Deploy a VM Scale Set with Windows VMs and Auto Scale |
This template allows you to deploy a simple VM Scale Set of Windows VMs using the latest patched version of Windows 2008-R2-SP1, 2012-Datacenter, or 2012-R2-Datacenter. These VMs are behind a load balancer with NAT rules for RDP connections. They also have Auto Scale integrated |
Deploy a VM Scale Set with Windows VMs in Availability Zones |
This template allows you to deploy a VM Scale Set of Windows VMs using the lastest patched version of various Windows Versions. These VMs are behind a load balancer with NAT rules for rdp connections. |
Deploy a VMSS that connects each VM to an Azure Files share |
This template deploys an Ubuntu Virtual Machine Scale Set and uses a custom script extension to connect each VM to an Azure Files share |
Deploy a Windows VM Scale Set with a Custom Script Extension |
This template allows you to deploy a VM Scale Set of Windows VMs using the lastest patched version of various Windows Versions. These VMs have a custom script extension for customization and are behind a load balancer with NAT rules for rdp connections. |
Deploy a Windows VM scale set with Azure Application Gateway |
This template allows you to deploy a simple Windows VM Scale Set integrated with Azure Application Gateway, and supports up to 1000 VMs |
Deploy an Autoscale Setting for Virtual Machine ScaleSet |
This template allows you to deploy an autoscale policy for Virtual Machine ScaleSet resource. |
Deploy an Ubuntu VM scale set with Azure Application Gateway |
This template allows you to deploy a simple Ubuntu VM Scale Set integrated with Azure Application Gateway, and supports up to 1000 VMs |
Deploy Darktrace Autoscaling vSensors |
This template allows you to deploy an automatically autoscaling deployment of Darktrace vSensors |
Deploy Drupal with VM Scale Set, Azure Files and Mysql |
Deploy a VM Scale Set behind a load balancer/NAT & each VM running Drupal (Apache / PHP). All nodes share the created Azure file share storage and MySQL database |
Deploy VM Scale Set with LB probe and automatic repairs |
This template allows you to deploy a VM scale set of Linux VMs behind a load balancer with health probe configured. The scale set also has automatic instance repairs policy enabled with a grace period of 30 minutes. |
Deploy VM Scale Set with Python Bottle server & AutoScale |
Deploy a VM Scale Set behind a load balancer/NAT & each VM running a simple Python Bottle app that does work. With Autoscale configured Scale Set will scale out & in as needed |
Deploy Windows VMSS configure windows featurtes SSL DSC |
This template allows you to deploy two Windows VMSS, configure windows features like IIS/Web Role, .Net Framework 4.5, windows auth, application initialization, download application deployment packages, URL Rewrite & SSL configuration using DSC and Azure Key Vault |
Disable encryption on an existing Linux VMSS |
Disables encryption on an existing Linux VMSS |
Enable data volume encryption on a running Linux VMSS |
Enables data volume encryption on a running Linux VMSS |
Install Elasticsearch cluster on a Virtual Machine Scale Set |
This template deploys an Elasticsearch cluster on a Virtual Machine scale set. The template provisions 3 dedicated master nodes, with an optional number of data nodes, which run on managed disks. |
JBoss EAP on RHEL (clustered, VMSS) |
This template allows you to create RHEL 8.6 VMSS instances running JBoss EAP 7.4 cluster and also deploys a web application called eap-session-replication, you can log into the admin console using the JBoss EAP username and password configured at the time of the deployment. |
Kubernetes cluster with VMSS Cluster Autoscaler |
This template deploys a vanilla kubernetes cluster initialized using kubeadm. It deploys a configured master node with a cluster autoscaler. A pre-configured Virtual Machine Scale Set (VMSS) is also deployed and automatically attached to the cluster. The cluster autoscaler can then automatically scale up/down the cluster depending on the workload of the cluster. |
Simple VM Scale Set with Linux VMs and public IPv4 per VM |
This template demonstrates deploying a simple scale set with load balancer, inbound NAT rules, and public IP per VM. |
SSL enabled VM Scale Set |
Deploys web servers configures with SSL certificates deployed securely form Azure Key Vault |
Virtual Machine Scaleset example using Availability Zones |
This template creates a VMSS placed in separate Availability Zones with a load balancer. |
VM Scale Set with autoscale running an IIS WebApp |
Deploys a Windows VM Scale Set running IIS and a very basic .NET MVC web app. The VMSS PowerShell DSC Extension is leveraged to do the IIS install and WebDeploy package deployment. |
VMSS deploy of IPv6 in Azure Virtual Network (VNET) |
Create VM Scale Set with dual stack IPv4/IPv6 VNET and Std Load Balancer. |
VMSS Flexible Orchestration Mode Quickstart Linux |
This template deploys a simple VM Scale Set with instances behind an Azure Load Balancer. The VM Scale set is in Flexible Orchestration Mode. Use the os parameter to choose Linux (Ubuntu) or Windows (Windows Server Datacenter 2019) deployment. NOTE: This quickstart template enables network access to VM management ports (SSH, RDP) from any internet address, and should not be used for production deployments. |
VMSS with Public IP Prefix |
Template for deploying VMSS with Public IP Prefix |
Terraform (AzAPI provider) resource definition
The virtualMachineScaleSets resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Compute/virtualMachineScaleSets resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Compute/virtualMachineScaleSets@2015-06-15"
name = "string"
parent_id = "string"
___location = "string"
tags = {
{customized property} = "string"
}
body = {
properties = {
overProvision = bool
provisioningState = "string"
upgradePolicy = {
mode = "string"
}
virtualMachineProfile = {
extensionProfile = {
extensions = [
{
id = "string"
name = "string"
properties = {
autoUpgradeMinorVersion = bool
protectedSettings = ?
publisher = "string"
settings = ?
type = "string"
typeHandlerVersion = "string"
}
}
]
}
networkProfile = {
networkInterfaceConfigurations = [
{
id = "string"
name = "string"
properties = {
ipConfigurations = [
{
id = "string"
name = "string"
properties = {
loadBalancerBackendAddressPools = [
{
id = "string"
}
]
loadBalancerInboundNatPools = [
{
id = "string"
}
]
subnet = {
id = "string"
}
}
}
]
primary = bool
}
}
]
}
osProfile = {
adminPassword = "string"
adminUsername = "string"
computerNamePrefix = "string"
customData = "string"
linuxConfiguration = {
disablePasswordAuthentication = bool
ssh = {
publicKeys = [
{
keyData = "string"
path = "string"
}
]
}
}
secrets = [
{
sourceVault = {
id = "string"
}
vaultCertificates = [
{
certificateStore = "string"
certificateUrl = "string"
}
]
}
]
windowsConfiguration = {
additionalUnattendContent = [
{
componentName = "Microsoft-Windows-Shell-Setup"
content = "string"
passName = "OobeSystem"
settingName = "string"
}
]
enableAutomaticUpdates = bool
provisionVMAgent = bool
timeZone = "string"
winRM = {
listeners = [
{
certificateUrl = "string"
protocol = "string"
}
]
}
}
}
storageProfile = {
imageReference = {
offer = "string"
publisher = "string"
sku = "string"
version = "string"
}
osDisk = {
caching = "string"
createOption = "string"
image = {
uri = "string"
}
name = "string"
osType = "string"
vhdContainers = [
"string"
]
}
}
}
}
sku = {
capacity = int
name = "string"
tier = "string"
}
}
}
Property Values
Microsoft.Compute/virtualMachineScaleSets
Name | Description | Value |
---|---|---|
___location | Resource ___location | string (required) |
name | The resource name | string (required) |
parent_id | The ID of the resource to apply this extension resource to. | string (required) |
properties | Describes the properties of a Virtual Machine Scale Set. | VirtualMachineScaleSetProperties |
sku | The virtual machine scale set sku. | Sku |
tags | Resource tags | Dictionary of tag names and values. |
type | The resource type | "Microsoft.Compute/virtualMachineScaleSets@2015-06-15" |
AdditionalUnattendContent
Name | Description | Value |
---|---|---|
componentName | The component name. Currently, the only allowable value is Microsoft-Windows-Shell-Setup. | 'Microsoft-Windows-Shell-Setup' |
content | Specifies the XML formatted content that is added to the unattend.xml file for the specified path and component. The XML must be less than 4KB and must include the root element for the setting or feature that is being inserted. | string |
passName | The pass name. Currently, the only allowable value is OobeSystem. | 'OobeSystem' |
settingName | Specifies the name of the setting to which the content applies. Possible values are: FirstLogonCommands and AutoLogon. | 'AutoLogon' 'FirstLogonCommands' |
ApiEntityReference
Name | Description | Value |
---|---|---|
id | The ARM resource id in the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/... | string |
ImageReference
Name | Description | Value |
---|---|---|
offer | Specifies the offer of the platform image or marketplace image used to create the virtual machine. | string |
publisher | The image publisher. | string |
sku | The image SKU. | string |
version | Specifies the version of the platform image or marketplace image used to create the virtual machine. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available. | string |
LinuxConfiguration
Name | Description | Value |
---|---|---|
disablePasswordAuthentication | Specifies whether password authentication should be disabled. | bool |
ssh | Specifies the ssh key configuration for a Linux OS. | SshConfiguration |
ResourceTags
Name | Description | Value |
---|
Sku
Name | Description | Value |
---|---|---|
capacity | Specifies the number of virtual machines in the scale set. | int |
name | The sku name. | string |
tier | Specifies the tier of virtual machines in a scale set. Possible Values: Standard Basic |
string |
SshConfiguration
Name | Description | Value |
---|---|---|
publicKeys | The list of SSH public keys used to authenticate with linux based VMs. | SshPublicKey[] |
SshPublicKey
Name | Description | Value |
---|---|---|
keyData | SSH public key certificate used to authenticate with the VM through ssh. The key needs to be at least 2048-bit and in ssh-rsa format. For creating ssh keys, see Create SSH keys on Linux and Mac for Linux VMs in Azure. |
string |
path | Specifies the full path on the created VM where ssh public key is stored. If the file already exists, the specified key is appended to the file. Example: /home/user/.ssh/authorized_keys | string |
SubResource
Name | Description | Value |
---|---|---|
id | Resource Id | string |
UpgradePolicy
Name | Description | Value |
---|---|---|
mode | Specifies the mode of an upgrade to virtual machines in the scale set. Possible values are: Manual - You control the application of updates to virtual machines in the scale set. You do this by using the manualUpgrade action. Automatic - All virtual machines in the scale set are automatically updated at the same time. |
'Automatic' 'Manual' |
VaultCertificate
Name | Description | Value |
---|---|---|
certificateStore | For Windows VMs, specifies the certificate store on the Virtual Machine to which the certificate should be added. The specified certificate store is implicitly in the LocalMachine account. For Linux VMs, the certificate file is placed under the /var/lib/waagent directory, with the file name <UppercaseThumbprint>.crt for the X509 certificate file and <UppercaseThumbprint>.prv for private key. Both of these files are .pem formatted. |
string |
certificateUrl | This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8: { "data":"<Base64-encoded-certificate>", "dataType":"pfx", "password":"<pfx-file-password>" } |
string |
VaultSecretGroup
Name | Description | Value |
---|---|---|
sourceVault | The relative URL of the Key Vault containing all of the certificates in VaultCertificates. | SubResource |
vaultCertificates | The list of key vault references in SourceVault which contain certificates. | VaultCertificate[] |
VirtualHardDisk
Name | Description | Value |
---|---|---|
uri | Specifies the virtual hard disk's uri. | string |
VirtualMachineScaleSetExtension
Name | Description | Value |
---|---|---|
id | Resource Id | string |
name | The name of the extension. | string |
properties | Describes the properties of a Virtual Machine Scale Set Extension. | VirtualMachineScaleSetExtensionProperties |
VirtualMachineScaleSetExtensionProfile
Name | Description | Value |
---|---|---|
extensions | The virtual machine scale set child extension resources. | VirtualMachineScaleSetExtension[] |
VirtualMachineScaleSetExtensionProperties
Name | Description | Value |
---|---|---|
autoUpgradeMinorVersion | Whether the extension handler should be automatically upgraded across minor versions. | bool |
protectedSettings | Json formatted protected settings for the extension. | any |
publisher | The name of the extension handler publisher. | string |
settings | Json formatted public settings for the extension. | any |
type | The type of the extension handler. | string |
typeHandlerVersion | The type version of the extension handler. | string |
VirtualMachineScaleSetIPConfiguration
Name | Description | Value |
---|---|---|
id | Resource Id | string |
name | The IP configuration name. | string (required) |
properties | Describes a virtual machine scale set network profile's IP configuration properties. | VirtualMachineScaleSetIPConfigurationProperties |
VirtualMachineScaleSetIPConfigurationProperties
Name | Description | Value |
---|---|---|
loadBalancerBackendAddressPools | The load balancer backend address pools. | SubResource[] |
loadBalancerInboundNatPools | The load balancer inbound nat pools. | SubResource[] |
subnet | The subnet. | ApiEntityReference (required) |
VirtualMachineScaleSetNetworkConfiguration
Name | Description | Value |
---|---|---|
id | Resource Id | string |
name | The network configuration name. | string (required) |
properties | Describes a virtual machine scale set network profile's IP configuration. | VirtualMachineScaleSetNetworkConfigurationProperties |
VirtualMachineScaleSetNetworkConfigurationProperties
Name | Description | Value |
---|---|---|
ipConfigurations | The virtual machine scale set IP Configuration. | VirtualMachineScaleSetIPConfiguration[] (required) |
primary | Whether this is a primary NIC on a virtual machine. | bool |
VirtualMachineScaleSetNetworkProfile
Name | Description | Value |
---|---|---|
networkInterfaceConfigurations | The list of network configurations. | VirtualMachineScaleSetNetworkConfiguration[] |
VirtualMachineScaleSetOSDisk
Name | Description | Value |
---|---|---|
caching | Specifies the caching requirements. Possible values are: None ReadOnly ReadWrite Default: None for Standard storage. ReadOnly for Premium storage |
'None' 'ReadOnly' 'ReadWrite' |
createOption | Specifies how the virtual machines in the scale set should be created. The only allowed value is: FromImage \u2013 This value is used when you are using an image to create the virtual machine. If you are using a platform image, you also use the imageReference element described above. If you are using a marketplace image, you also use the plan element previously described. |
'Attach' 'Empty' 'FromImage' (required) |
image | The Source User Image VirtualHardDisk. This VirtualHardDisk will be copied before using it to attach to the Virtual Machine. If SourceImage is provided, the destination VirtualHardDisk should not exist. | VirtualHardDisk |
name | The disk name. | string (required) |
osType | This property allows you to specify the type of the OS that is included in the disk if creating a VM from user-image or a specialized VHD. Possible values are: Windows Linux |
'Linux' 'Windows' |
vhdContainers | The list of virtual hard disk container uris. | string[] |
VirtualMachineScaleSetOSProfile
Name | Description | Value |
---|---|---|
adminPassword | Specifies the password of the administrator account. Minimum-length (Windows): 8 characters Minimum-length (Linux): 6 characters Max-length (Windows): 123 characters Max-length (Linux): 72 characters Complexity requirements: 3 out of 4 conditions below need to be fulfilled Has lower characters Has upper characters Has a digit Has a special character (Regex match [\W_]) Disallowed values: "abc@123", "P@$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!" For resetting the password, see How to reset the Remote Desktop service or its login password in a Windows VM For resetting root password, see Manage users, SSH, and check or repair disks on Azure Linux VMs using the VMAccess Extension |
string |
adminUsername | Specifies the name of the administrator account. Windows-only restriction: Cannot end in "." Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". Minimum-length (Linux): 1 character Max-length (Linux): 64 characters Max-length (Windows): 20 characters <li> For root access to the Linux VM, see Using root privileges on Linux virtual machines in Azure <li> For a list of built-in system users on Linux that should not be used in this field, see Selecting User Names for Linux on Azure |
string |
computerNamePrefix | Specifies the computer name prefix for all of the virtual machines in the scale set. Computer name prefixes must be 1 to 15 characters long. | string |
customData | A base-64 encoded string of custom data. | string |
linuxConfiguration | The Linux Configuration of the OS profile. | LinuxConfiguration |
secrets | The List of certificates for addition to the VM. | VaultSecretGroup[] |
windowsConfiguration | The Windows Configuration of the OS profile. | WindowsConfiguration |
VirtualMachineScaleSetProperties
Name | Description | Value |
---|---|---|
overProvision | Specifies whether the Virtual Machine Scale Set should be overprovisioned. | bool |
provisioningState | The provisioning state, which only appears in the response. | string |
upgradePolicy | The upgrade policy. | UpgradePolicy |
virtualMachineProfile | The virtual machine profile. | VirtualMachineScaleSetVMProfile |
VirtualMachineScaleSetStorageProfile
Name | Description | Value |
---|---|---|
imageReference | The image reference. | ImageReference |
osDisk | The OS disk. | VirtualMachineScaleSetOSDisk |
VirtualMachineScaleSetVMProfile
Name | Description | Value |
---|---|---|
extensionProfile | The virtual machine scale set extension profile. | VirtualMachineScaleSetExtensionProfile |
networkProfile | The virtual machine scale set network profile. | VirtualMachineScaleSetNetworkProfile |
osProfile | The virtual machine scale set OS profile. | VirtualMachineScaleSetOSProfile |
storageProfile | The virtual machine scale set storage profile. | VirtualMachineScaleSetStorageProfile |
WindowsConfiguration
Name | Description | Value |
---|---|---|
additionalUnattendContent | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. | AdditionalUnattendContent[] |
enableAutomaticUpdates | Indicates whether virtual machine is enabled for automatic updates. | bool |
provisionVMAgent | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. |
bool |
timeZone | Specifies the time zone of the virtual machine. e.g. "Pacific Standard Time" | string |
winRM | Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. | WinRMConfiguration |
WinRMConfiguration
Name | Description | Value |
---|---|---|
listeners | The list of Windows Remote Management listeners | WinRMListener[] |
WinRMListener
Name | Description | Value |
---|---|---|
certificateUrl | This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8: { "data":"<Base64-encoded-certificate>", "dataType":"pfx", "password":"<pfx-file-password>" } |
string |
protocol | Specifies the protocol of listener. Possible values are: http https |
'Http' 'Https' |
Usage Examples
Terraform Samples
A basic example of deploying Virtual Machine scale set.
terraform {
required_providers {
azapi = {
source = "Azure/azapi"
}
}
}
provider "azapi" {
skip_provider_registration = false
}
variable "resource_name" {
type = string
default = "acctest0001"
}
variable "___location" {
type = string
default = "westeurope"
}
resource "azapi_resource" "resourceGroup" {
type = "Microsoft.Resources/resourceGroups@2020-06-01"
name = var.resource_name
___location = var.___location
}
resource "azapi_resource" "virtualNetwork" {
type = "Microsoft.Network/virtualNetworks@2022-07-01"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
___location = var.___location
body = {
properties = {
addressSpace = {
addressPrefixes = [
"10.0.0.0/16",
]
}
dhcpOptions = {
dnsServers = [
]
}
subnets = [
]
}
}
schema_validation_enabled = false
response_export_values = ["*"]
lifecycle {
ignore_changes = [body.properties.subnets]
}
}
resource "azapi_resource" "subnet" {
type = "Microsoft.Network/virtualNetworks/subnets@2022-07-01"
parent_id = azapi_resource.virtualNetwork.id
name = "internal"
body = {
properties = {
addressPrefix = "10.0.2.0/24"
delegations = [
]
privateEndpointNetworkPolicies = "Enabled"
privateLinkServiceNetworkPolicies = "Enabled"
serviceEndpointPolicies = [
]
serviceEndpoints = [
]
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
resource "azapi_resource" "virtualMachineScaleSet" {
type = "Microsoft.Compute/virtualMachineScaleSets@2023-03-01"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
___location = var.___location
body = {
properties = {
additionalCapabilities = {
}
doNotRunExtensionsOnOverprovisionedVMs = false
orchestrationMode = "Uniform"
overprovision = true
scaleInPolicy = {
forceDeletion = false
rules = [
"Default",
]
}
singlePlacementGroup = true
upgradePolicy = {
mode = "Manual"
}
virtualMachineProfile = {
diagnosticsProfile = {
bootDiagnostics = {
enabled = false
storageUri = ""
}
}
extensionProfile = {
extensionsTimeBudget = "PT1H30M"
}
networkProfile = {
networkInterfaceConfigurations = [
{
name = "example"
properties = {
dnsSettings = {
dnsServers = [
]
}
enableAcceleratedNetworking = false
enableIPForwarding = false
ipConfigurations = [
{
name = "internal"
properties = {
applicationGatewayBackendAddressPools = [
]
applicationSecurityGroups = [
]
loadBalancerBackendAddressPools = [
]
loadBalancerInboundNatPools = [
]
primary = true
privateIPAddressVersion = "IPv4"
subnet = {
id = azapi_resource.subnet.id
}
}
},
]
primary = true
}
},
]
}
osProfile = {
adminUsername = "adminuser"
computerNamePrefix = var.resource_name
linuxConfiguration = {
disablePasswordAuthentication = true
provisionVMAgent = true
ssh = {
publicKeys = [
{
keyData = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+wWK73dCr+jgQOAxNsHAnNNNMEMWOHYEccp6wJm2gotpr9katuF/ZAdou5AaW1C61slRkHRkpRRX9FA9CYBiitZgvCCz+3nWNN7l/Up54Zps/pHWGZLHNJZRYyAB6j5yVLMVHIHriY49d/GZTZVNB8GoJv9Gakwc/fuEZYYl4YDFiGMBP///TzlI4jhiJzjKnEvqPFki5p2ZRJqcbCiF4pJrxUQR/RXqVFQdbRLZgYfJ8xGB878RENq3yQ39d8dVOkq4edbkzwcUmwwwkYVPIoDGsYLaRHnG+To7FvMeyO7xDVQkMKzopTQV8AuKpyvpqu0a9pWOMaiCyDytO7GGN you@me.com"
path = "/home/adminuser/.ssh/authorized_keys"
},
]
}
}
secrets = [
]
}
priority = "Regular"
storageProfile = {
dataDisks = [
]
imageReference = {
offer = "UbuntuServer"
publisher = "Canonical"
sku = "16.04-LTS"
version = "latest"
}
osDisk = {
caching = "ReadWrite"
createOption = "FromImage"
managedDisk = {
storageAccountType = "Standard_LRS"
}
osType = "Linux"
writeAcceleratorEnabled = false
}
}
}
}
sku = {
capacity = 1
name = "Standard_F2"
tier = "Standard"
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
Module | Description |
---|---|
Virtual Machine Scale Set | AVM Resource Module for Virtual Machine Scale Set |