Bicep resource definition
The virtualMachineScaleSets/virtualMachines/runCommands resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommands resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommands@2024-07-01' = {
  parent: resourceSymbolicName
  ___location: 'string'
  name: 'string'
  properties: {
    asyncExecution: bool
    errorBlobManagedIdentity: {
      clientId: 'string'
      objectId: 'string'
    }
    errorBlobUri: 'string'
    outputBlobManagedIdentity: {
      clientId: 'string'
      objectId: 'string'
    }
    outputBlobUri: 'string'
    parameters: [
      {
        name: 'string'
        value: 'string'
      }
    ]
    protectedParameters: [
      {
        name: 'string'
        value: 'string'
      }
    ]
    runAsPassword: 'string'
    runAsUser: 'string'
    source: {
      commandId: 'string'
      script: 'string'
      scriptUri: 'string'
      scriptUriManagedIdentity: {
        clientId: 'string'
        objectId: 'string'
      }
    }
    timeoutInSeconds: int
    treatFailureAsDeploymentFailure: bool
  }
  tags: {
    {customized property}: 'string'
  }
}
Property Values
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommands
| Name | Description | Value | 
| name | The run command parameter name. | string (required) | 
| value | The run command parameter value. | string (required) | 
RunCommandManagedIdentity
| Name | Description | Value | 
| clientId | Client Id (GUID value) of the user-assigned managed identity. ObjectId should not be used if this is provided. | string | 
| objectId | Object Id (GUID value) of the user-assigned managed identity. ClientId should not be used if this is provided. | string | 
VirtualMachineRunCommandProperties
| Name | Description | Value | 
| asyncExecution | Optional. If set to true, provisioning will complete as soon as the script starts and will not wait for script to complete. | bool | 
| errorBlobManagedIdentity | User-assigned managed identity that has access to errorBlobUri storage blob. Use an empty object in case of system-assigned identity. Make sure managed identity has been given access to blob's container with 'Storage Blob Data Contributor' role assignment. In case of user-assigned identity, make sure you add it under VM's identity. For more info on managed identity and Run Command, refer https://aka.ms/ManagedIdentity and https://aka.ms/RunCommandManaged | RunCommandManagedIdentity | 
| errorBlobUri | Specifies the Azure storage blob where script error stream will be uploaded. Use a SAS URI with read, append, create, write access OR use managed identity to provide the VM access to the blob. Refer errorBlobManagedIdentity parameter. | string | 
| outputBlobManagedIdentity | User-assigned managed identity that has access to outputBlobUri storage blob. Use an empty object in case of system-assigned identity. Make sure managed identity has been given access to blob's container with 'Storage Blob Data Contributor' role assignment. In case of user-assigned identity, make sure you add it under VM's identity. For more info on managed identity and Run Command, refer https://aka.ms/ManagedIdentity and https://aka.ms/RunCommandManaged | RunCommandManagedIdentity | 
| outputBlobUri | Specifies the Azure storage blob where script output stream will be uploaded. Use a SAS URI with read, append, create, write access OR use managed identity to provide the VM access to the blob. Refer outputBlobManagedIdentity parameter. | string | 
| parameters | The parameters used by the script. | RunCommandInputParameter[] | 
| protectedParameters | The parameters used by the script. | RunCommandInputParameter[] | 
| runAsPassword | Specifies the user account password on the VM when executing the run command. | string | 
| runAsUser | Specifies the user account on the VM when executing the run command. | string | 
| source | The source of the run command script. | VirtualMachineRunCommandScriptSource | 
| timeoutInSeconds | The timeout in seconds to execute the run command. | int | 
| treatFailureAsDeploymentFailure | Optional. If set to true, any failure in the script will fail the deployment and ProvisioningState will be marked as Failed. If set to false, ProvisioningState would only reflect whether the run command was run or not by the extensions platform, it would not indicate whether script failed in case of script failures. See instance view of run command in case of script failures to see executionMessage, output, error: https://aka.ms/runcommandmanaged#get-execution-status-and-results | bool | 
VirtualMachineRunCommandScriptSource
| Name | Description | Value | 
| commandId | Specifies a commandId of predefined built-in script. | string | 
| script | Specifies the script content to be executed on the VM. | string | 
| scriptUri | Specifies the script download ___location. It can be either SAS URI of an Azure storage blob with read access or public URI. | string | 
| scriptUriManagedIdentity | User-assigned managed identity that has access to scriptUri in case of Azure storage blob. Use an empty object in case of system-assigned identity. Make sure the Azure storage blob exists, and managed identity has been given access to blob's container with 'Storage Blob Data Reader' role assignment. In case of user-assigned identity, make sure you add it under VM's identity. For more info on managed identity and Run Command, refer https://aka.ms/ManagedIdentity and https://aka.ms/RunCommandManaged. | RunCommandManagedIdentity | 
 
ARM template resource definition
The virtualMachineScaleSets/virtualMachines/runCommands resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommands resource, add the following JSON to your template.
{
  "type": "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommands",
  "apiVersion": "2024-07-01",
  "name": "string",
  "___location": "string",
  "properties": {
    "asyncExecution": "bool",
    "errorBlobManagedIdentity": {
      "clientId": "string",
      "objectId": "string"
    },
    "errorBlobUri": "string",
    "outputBlobManagedIdentity": {
      "clientId": "string",
      "objectId": "string"
    },
    "outputBlobUri": "string",
    "parameters": [
      {
        "name": "string",
        "value": "string"
      }
    ],
    "protectedParameters": [
      {
        "name": "string",
        "value": "string"
      }
    ],
    "runAsPassword": "string",
    "runAsUser": "string",
    "source": {
      "commandId": "string",
      "script": "string",
      "scriptUri": "string",
      "scriptUriManagedIdentity": {
        "clientId": "string",
        "objectId": "string"
      }
    },
    "timeoutInSeconds": "int",
    "treatFailureAsDeploymentFailure": "bool"
  },
  "tags": {
    "{customized property}": "string"
  }
}
Property Values
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommands
| Name | Description | Value | 
| apiVersion | The api version | '2024-07-01' | 
| ___location | Resource ___location | string (required) | 
| name | The resource name | string (required) | 
| properties | Describes the properties of a Virtual Machine run command. | VirtualMachineRunCommandProperties | 
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates | 
| type | The resource type | 'Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommands' | 
| Name | Description | Value | 
| name | The run command parameter name. | string (required) | 
| value | The run command parameter value. | string (required) | 
RunCommandManagedIdentity
| Name | Description | Value | 
| clientId | Client Id (GUID value) of the user-assigned managed identity. ObjectId should not be used if this is provided. | string | 
| objectId | Object Id (GUID value) of the user-assigned managed identity. ClientId should not be used if this is provided. | string | 
VirtualMachineRunCommandProperties
| Name | Description | Value | 
| asyncExecution | Optional. If set to true, provisioning will complete as soon as the script starts and will not wait for script to complete. | bool | 
| errorBlobManagedIdentity | User-assigned managed identity that has access to errorBlobUri storage blob. Use an empty object in case of system-assigned identity. Make sure managed identity has been given access to blob's container with 'Storage Blob Data Contributor' role assignment. In case of user-assigned identity, make sure you add it under VM's identity. For more info on managed identity and Run Command, refer https://aka.ms/ManagedIdentity and https://aka.ms/RunCommandManaged | RunCommandManagedIdentity | 
| errorBlobUri | Specifies the Azure storage blob where script error stream will be uploaded. Use a SAS URI with read, append, create, write access OR use managed identity to provide the VM access to the blob. Refer errorBlobManagedIdentity parameter. | string | 
| outputBlobManagedIdentity | User-assigned managed identity that has access to outputBlobUri storage blob. Use an empty object in case of system-assigned identity. Make sure managed identity has been given access to blob's container with 'Storage Blob Data Contributor' role assignment. In case of user-assigned identity, make sure you add it under VM's identity. For more info on managed identity and Run Command, refer https://aka.ms/ManagedIdentity and https://aka.ms/RunCommandManaged | RunCommandManagedIdentity | 
| outputBlobUri | Specifies the Azure storage blob where script output stream will be uploaded. Use a SAS URI with read, append, create, write access OR use managed identity to provide the VM access to the blob. Refer outputBlobManagedIdentity parameter. | string | 
| parameters | The parameters used by the script. | RunCommandInputParameter[] | 
| protectedParameters | The parameters used by the script. | RunCommandInputParameter[] | 
| runAsPassword | Specifies the user account password on the VM when executing the run command. | string | 
| runAsUser | Specifies the user account on the VM when executing the run command. | string | 
| source | The source of the run command script. | VirtualMachineRunCommandScriptSource | 
| timeoutInSeconds | The timeout in seconds to execute the run command. | int | 
| treatFailureAsDeploymentFailure | Optional. If set to true, any failure in the script will fail the deployment and ProvisioningState will be marked as Failed. If set to false, ProvisioningState would only reflect whether the run command was run or not by the extensions platform, it would not indicate whether script failed in case of script failures. See instance view of run command in case of script failures to see executionMessage, output, error: https://aka.ms/runcommandmanaged#get-execution-status-and-results | bool | 
VirtualMachineRunCommandScriptSource
| Name | Description | Value | 
| commandId | Specifies a commandId of predefined built-in script. | string | 
| script | Specifies the script content to be executed on the VM. | string | 
| scriptUri | Specifies the script download ___location. It can be either SAS URI of an Azure storage blob with read access or public URI. | string | 
| scriptUriManagedIdentity | User-assigned managed identity that has access to scriptUri in case of Azure storage blob. Use an empty object in case of system-assigned identity. Make sure the Azure storage blob exists, and managed identity has been given access to blob's container with 'Storage Blob Data Reader' role assignment. In case of user-assigned identity, make sure you add it under VM's identity. For more info on managed identity and Run Command, refer https://aka.ms/ManagedIdentity and https://aka.ms/RunCommandManaged. | RunCommandManagedIdentity | 
Usage Examples
 
The virtualMachineScaleSets/virtualMachines/runCommands resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommands resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommands@2024-07-01"
  name = "string"
  parent_id = "string"
  ___location = "string"
  tags = {
    {customized property} = "string"
  }
  body = {
    properties = {
      asyncExecution = bool
      errorBlobManagedIdentity = {
        clientId = "string"
        objectId = "string"
      }
      errorBlobUri = "string"
      outputBlobManagedIdentity = {
        clientId = "string"
        objectId = "string"
      }
      outputBlobUri = "string"
      parameters = [
        {
          name = "string"
          value = "string"
        }
      ]
      protectedParameters = [
        {
          name = "string"
          value = "string"
        }
      ]
      runAsPassword = "string"
      runAsUser = "string"
      source = {
        commandId = "string"
        script = "string"
        scriptUri = "string"
        scriptUriManagedIdentity = {
          clientId = "string"
          objectId = "string"
        }
      }
      timeoutInSeconds = int
      treatFailureAsDeploymentFailure = bool
    }
  }
}
Property Values
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommands
| Name | Description | Value | 
| ___location | Resource ___location | string (required) | 
| name | The resource name | string (required) | 
| parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: virtualMachineScaleSets/virtualMachines | 
| properties | Describes the properties of a Virtual Machine run command. | VirtualMachineRunCommandProperties | 
| tags | Resource tags | Dictionary of tag names and values. | 
| type | The resource type | "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommands@2024-07-01" | 
| Name | Description | Value | 
| name | The run command parameter name. | string (required) | 
| value | The run command parameter value. | string (required) | 
RunCommandManagedIdentity
| Name | Description | Value | 
| clientId | Client Id (GUID value) of the user-assigned managed identity. ObjectId should not be used if this is provided. | string | 
| objectId | Object Id (GUID value) of the user-assigned managed identity. ClientId should not be used if this is provided. | string | 
VirtualMachineRunCommandProperties
| Name | Description | Value | 
| asyncExecution | Optional. If set to true, provisioning will complete as soon as the script starts and will not wait for script to complete. | bool | 
| errorBlobManagedIdentity | User-assigned managed identity that has access to errorBlobUri storage blob. Use an empty object in case of system-assigned identity. Make sure managed identity has been given access to blob's container with 'Storage Blob Data Contributor' role assignment. In case of user-assigned identity, make sure you add it under VM's identity. For more info on managed identity and Run Command, refer https://aka.ms/ManagedIdentity and https://aka.ms/RunCommandManaged | RunCommandManagedIdentity | 
| errorBlobUri | Specifies the Azure storage blob where script error stream will be uploaded. Use a SAS URI with read, append, create, write access OR use managed identity to provide the VM access to the blob. Refer errorBlobManagedIdentity parameter. | string | 
| outputBlobManagedIdentity | User-assigned managed identity that has access to outputBlobUri storage blob. Use an empty object in case of system-assigned identity. Make sure managed identity has been given access to blob's container with 'Storage Blob Data Contributor' role assignment. In case of user-assigned identity, make sure you add it under VM's identity. For more info on managed identity and Run Command, refer https://aka.ms/ManagedIdentity and https://aka.ms/RunCommandManaged | RunCommandManagedIdentity | 
| outputBlobUri | Specifies the Azure storage blob where script output stream will be uploaded. Use a SAS URI with read, append, create, write access OR use managed identity to provide the VM access to the blob. Refer outputBlobManagedIdentity parameter. | string | 
| parameters | The parameters used by the script. | RunCommandInputParameter[] | 
| protectedParameters | The parameters used by the script. | RunCommandInputParameter[] | 
| runAsPassword | Specifies the user account password on the VM when executing the run command. | string | 
| runAsUser | Specifies the user account on the VM when executing the run command. | string | 
| source | The source of the run command script. | VirtualMachineRunCommandScriptSource | 
| timeoutInSeconds | The timeout in seconds to execute the run command. | int | 
| treatFailureAsDeploymentFailure | Optional. If set to true, any failure in the script will fail the deployment and ProvisioningState will be marked as Failed. If set to false, ProvisioningState would only reflect whether the run command was run or not by the extensions platform, it would not indicate whether script failed in case of script failures. See instance view of run command in case of script failures to see executionMessage, output, error: https://aka.ms/runcommandmanaged#get-execution-status-and-results | bool | 
VirtualMachineRunCommandScriptSource
| Name | Description | Value | 
| commandId | Specifies a commandId of predefined built-in script. | string | 
| script | Specifies the script content to be executed on the VM. | string | 
| scriptUri | Specifies the script download ___location. It can be either SAS URI of an Azure storage blob with read access or public URI. | string | 
| scriptUriManagedIdentity | User-assigned managed identity that has access to scriptUri in case of Azure storage blob. Use an empty object in case of system-assigned identity. Make sure the Azure storage blob exists, and managed identity has been given access to blob's container with 'Storage Blob Data Reader' role assignment. In case of user-assigned identity, make sure you add it under VM's identity. For more info on managed identity and Run Command, refer https://aka.ms/ManagedIdentity and https://aka.ms/RunCommandManaged. | RunCommandManagedIdentity |