Azure Compute Linux Virtual Machine Scale Set
This page shows how to write Terraform and Azure Resource Manager for Compute Linux Virtual Machine Scale Set and write them securely.
azurerm_linux_virtual_machine_scale_set (Terraform)
The Linux Virtual Machine Scale Set in Compute can be configured in Terraform with the resource name azurerm_linux_virtual_machine_scale_set
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "azurerm_linux_virtual_machine_scale_set" "basic_a2" {
name = "basic_a2"
resource_group_name = "fake_resource_group"
location = "eastus"
instances = 3
resource "azurerm_linux_virtual_machine_scale_set" "example" {
name = "example-vmss"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
sku = "Standard_F2"
instances = 1
resource "azurerm_linux_virtual_machine_scale_set" "example" {
name = var.ss_name
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
sku = var.sku
instances = var.instances
resource "azurerm_linux_virtual_machine_scale_set" "example" {
name = var.ss_name
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
sku = var.sku
instances = var.instances
resource "azurerm_linux_virtual_machine_scale_set" "example" {
name = var.ss_name
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
sku = var.sku
instances = var.instances
resource "azurerm_linux_virtual_machine_scale_set" "example" {
name = var.ss_name
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
sku = var.sku
instances = var.instances
resource "azurerm_linux_virtual_machine_scale_set" "example" {
name = var.ss_name
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
sku = var.sku
instances = var.instances
resource "azurerm_linux_virtual_machine_scale_set" "example" {
name = var.ss_name
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
sku = var.sku
instances = var.instances
resource "azurerm_linux_virtual_machine_scale_set" "scaleSet" {
name = var.scaleset["name"]
resource_group_name = azurerm_resource_group.rg.name
location = var.azure["rgLocation"]
sku = var.scaleset["type"]
instances = var.scaleset["count"]
resource "azurerm_linux_virtual_machine_scale_set" "example" {
name = "example-vmss"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
sku = "Standard_F2"
instances = 1
Parameters
-
admin_password
optional - string -
admin_username
required - string -
computer_name_prefix
optional computed - string -
custom_data
optional - string -
disable_password_authentication
optional - bool -
do_not_run_extensions_on_overprovisioned_machines
optional - bool -
encryption_at_host_enabled
optional - bool -
eviction_policy
optional - string -
extensions_time_budget
optional - string -
health_probe_id
optional - string -
id
optional computed - string -
instances
required - number -
location
required - string -
max_bid_price
optional - number -
name
required - string -
overprovision
optional - bool -
platform_fault_domain_count
optional computed - number -
priority
optional - string -
provision_vm_agent
optional - bool -
proximity_placement_group_id
optional - string -
resource_group_name
required - string -
scale_in_policy
optional - string -
single_placement_group
optional - bool -
sku
required - string -
source_image_id
optional - string -
tags
optional - map from string to string -
unique_id
optional computed - string -
upgrade_mode
optional - string -
zone_balance
optional - bool -
zones
optional - list of string -
additional_capabilities
list block-
ultra_ssd_enabled
optional - bool
-
-
admin_ssh_key
set block-
public_key
required - string -
username
required - string
-
-
automatic_instance_repair
list block-
enabled
required - bool -
grace_period
optional - string
-
-
automatic_os_upgrade_policy
list block-
disable_automatic_rollback
required - bool -
enable_automatic_os_upgrade
required - bool
-
-
boot_diagnostics
list block-
storage_account_uri
optional - string
-
-
data_disk
list block-
caching
required - string -
create_option
optional - string -
disk_encryption_set_id
optional - string -
disk_iops_read_write
optional computed - number -
disk_mbps_read_write
optional computed - number -
disk_size_gb
required - number -
lun
required - number -
storage_account_type
required - string -
write_accelerator_enabled
optional - bool
-
-
extension
list block-
auto_upgrade_minor_version
optional - bool -
force_update_tag
optional - string -
name
required - string -
protected_settings
optional - string -
provision_after_extensions
optional - list of string -
publisher
required - string -
settings
optional - string -
type
required - string -
type_handler_version
required - string
-
-
identity
list block-
identity_ids
optional - set of string -
principal_id
optional computed - string -
type
required - string
-
-
network_interface
list block-
dns_servers
optional - list of string -
enable_accelerated_networking
optional - bool -
enable_ip_forwarding
optional - bool -
name
required - string -
network_security_group_id
optional - string -
primary
optional - bool -
ip_configuration
list block-
application_gateway_backend_address_pool_ids
optional - set of string -
application_security_group_ids
optional - set of string -
load_balancer_backend_address_pool_ids
optional - set of string -
load_balancer_inbound_nat_rules_ids
optional - set of string -
name
required - string -
primary
optional - bool -
subnet_id
optional - string -
version
optional - string -
public_ip_address
list block-
domain_name_label
optional - string -
idle_timeout_in_minutes
optional computed - number -
name
required - string -
public_ip_prefix_id
optional - string -
ip_tag
list block
-
-
-
-
os_disk
list block-
caching
required - string -
disk_encryption_set_id
optional - string -
disk_size_gb
optional computed - number -
storage_account_type
required - string -
write_accelerator_enabled
optional - bool -
diff_disk_settings
list block-
option
required - string
-
-
-
plan
list block -
rolling_upgrade_policy
list block-
max_batch_instance_percent
required - number -
max_unhealthy_instance_percent
required - number -
max_unhealthy_upgraded_instance_percent
required - number -
pause_time_between_batches
required - string
-
-
secret
list block-
key_vault_id
required - string -
certificate
set block-
url
required - string
-
-
-
source_image_reference
list block -
terminate_notification
list block -
timeouts
single block
Explanation in Terraform Registry
Manages a Linux Virtual Machine Scale Set.
Tips: Best Practices for The Other Azure Compute Resources
In addition to the azurerm_linux_virtual_machine, Azure Compute has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
azurerm_linux_virtual_machine
Ensure to use SSH authentication for virtual machines
It is better to use SSH authentication for virtual machines instead of password authentication to enforce more secure ways.
azurerm_managed_disk
Ensure to enable the encryption on managed disks
It is better to enable the encryption on managed disks.
azurerm_virtual_machine
Ensure to use SSH authentication for virtual machines
It is better to use SSH authentication for virtual machines instead of password authentication to enforce more secure ways.
Microsoft.Compute/virtualMachineScaleSets (Azure Resource Manager)
The virtualMachineScaleSets in Microsoft.Compute can be configured in Azure Resource Manager with the resource name Microsoft.Compute/virtualMachineScaleSets
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
"type": "Microsoft.Compute/virtualMachineScaleSets",
"name": "[parameters('vmssName')]",
"location": "[resourceGroup().location]",
"apiVersion": "2018-06-01",
"properties": {
"virtualMachineProfile": {
"type": "Microsoft.Compute/virtualMachineScaleSets",
"name": "[parameters('vmssName')]",
"location": "[resourceGroup().location]",
"apiVersion": "2018-06-01",
"properties": {
"virtualMachineProfile": {
"equals": "Microsoft.Compute/virtualMachineScaleSets"
},
{
"field": "Microsoft.Compute/VirtualMachineScaleSets/osProfile.linuxConfiguration",
"exists": "true"
}
Parameters
apiVersion
required - stringextendedLocation
optionalname
optional - stringThe name of the extended location.
type
optional - stringThe type of the extended location.
identity
optionaltype
optional - stringThe type of identity used for the virtual machine scale set. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine scale set.
userAssignedIdentities
optional - undefinedThe list of user identities associated with the virtual machine scale set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
location
required - stringResource location
name
required - stringThe name of the VM scale set to create or update.
plan
optionalname
optional - stringThe plan ID.
product
optional - stringSpecifies the product of the image from the marketplace. This is the same value as Offer under the imageReference element.
promotionCode
optional - stringThe promotion code.
publisher
optional - stringThe publisher ID.
properties
requiredadditionalCapabilities
optionalhibernationEnabled
optional - booleanThe flag that enables or disables hibernation capability on the VM.
ultraSSDEnabled
optional - booleanThe flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled.
automaticRepairsPolicy
optionalenabled
optional - booleanSpecifies whether automatic repairs should be enabled on the virtual machine scale set. The default value is false.
gracePeriod
optional - stringThe amount of time for which automatic repairs are suspended due to a state change on VM. The grace time starts after the state change has completed. This helps avoid premature or accidental repairs. The time duration should be specified in ISO 8601 format. The minimum allowed grace period is 30 minutes (PT30M), which is also the default value. The maximum allowed grace period is 90 minutes (PT90M).
doNotRunExtensionsOnOverprovisionedVMs
optional - booleanWhen Overprovision is enabled, extensions are launched only on the requested number of VMs which are finally kept. This property will hence ensure that the extensions do not run on the extra overprovisioned VMs.
hostGroup
optionalid
optional - stringResource Id
orchestrationMode
optional - stringSpecifies the orchestration mode for the virtual machine scale set.
overprovision
optional - booleanSpecifies whether the Virtual Machine Scale Set should be overprovisioned.
platformFaultDomainCount
optional - integerFault Domain count for each placement group.
proximityPlacementGroup
optionalid
optional - stringResource Id
scaleInPolicy
optionalforceDeletion
optional - booleanThis property allows you to specify if virtual machines chosen for removal have to be force deleted when a virtual machine scale set is being scaled-in.(Feature in Preview)
rules
optional - arrayThe rules to be followed when scaling-in a virtual machine scale set. Possible values are: Default When a virtual machine scale set is scaled in, the scale set will first be balanced across zones if it is a zonal scale set. Then, it will be balanced across Fault Domains as far as possible. Within each Fault Domain, the virtual machines chosen for removal will be the newest ones that are not protected from scale-in. OldestVM When a virtual machine scale set is being scaled-in, the oldest virtual machines that are not protected from scale-in will be chosen for removal. For zonal virtual machine scale sets, the scale set will first be balanced across zones. Within each zone, the oldest virtual machines that are not protected will be chosen for removal. NewestVM When a virtual machine scale set is being scaled-in, the newest virtual machines that are not protected from scale-in will be chosen for removal. For zonal virtual machine scale sets, the scale set will first be balanced across zones. Within each zone, the newest virtual machines that are not protected will be chosen for removal.
singlePlacementGroup
optional - booleanWhen true this limits the scale set to a single placement group, of max size 100 virtual machines. NOTE: If singlePlacementGroup is true, it may be modified to false. However, if singlePlacementGroup is false, it may not be modified to true.
spotRestorePolicy
optionalenabled
optional - booleanEnables the Spot-Try-Restore feature where evicted VMSS SPOT instances will be tried to be restored opportunistically based on capacity availability and pricing constraints
restoreTimeout
optional - stringTimeout value expressed as an ISO 8601 time duration after which the platform will not try to restore the VMSS SPOT instances
upgradePolicy
optionalautomaticOSUpgradePolicy
optionaldisableAutomaticRollback
optional - booleanWhether OS image rollback feature should be disabled. Default value is false.
enableAutomaticOSUpgrade
optional - booleanIndicates whether OS upgrades should automatically be applied to scale set instances in a rolling fashion when a newer version of the OS image becomes available. Default value is false. If this is set to true for Windows based scale sets, enableAutomaticUpdates is automatically set to false and cannot be set to true.
mode
optional - stringSpecifies the mode of an upgrade to virtual machines in the scale set. Possible values are: Manual - You control the application of updates to virtual machines in the scale set. You do this by using the manualUpgrade action. Automatic - All virtual machines in the scale set are automatically updated at the same time.
rollingUpgradePolicy
optionalenableCrossZoneUpgrade
optional - booleanAllow VMSS to ignore AZ boundaries when constructing upgrade batches. Take into consideration the Update Domain and maxBatchInstancePercent to determine the batch size.
maxBatchInstancePercent
optional - integerThe maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability. The default value for this parameter is 20%.
maxUnhealthyInstancePercent
optional - integerThe maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. The default value for this parameter is 20%.
maxUnhealthyUpgradedInstancePercent
optional - integerThe maximum percentage of upgraded virtual machine instances that can be found to be in an unhealthy state. This check will happen after each batch is upgraded. If this percentage is ever exceeded, the rolling update aborts. The default value for this parameter is 20%.
pauseTimeBetweenBatches
optional - stringThe wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format. The default value is 0 seconds (PT0S).
prioritizeUnhealthyInstances
optional - booleanUpgrade all unhealthy instances in a scale set before any healthy instances.
virtualMachineProfile
optionalapplicationProfile
optionalgalleryApplications
optional arrayconfigurationReference
optional - stringOptional, Specifies the uri to an azure blob that will replace the default configuration for the package if provided
order
optional - integerOptional, Specifies the order in which the packages have to be installed
packageReferenceId
required - stringSpecifies the GalleryApplicationVersion resource id on the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/applications/{application}/versions/{version}
tags
optional - stringOptional, Specifies a passthrough value for more generic context.
billingProfile
optionalmaxPrice
optional - numberSpecifies the maximum price you are willing to pay for a Azure Spot VM/VMSS. This price is in US Dollars. This price will be compared with the current Azure Spot price for the VM size. Also, the prices are compared at the time of create/update of Azure Spot VM/VMSS and the operation will only succeed if the maxPrice is greater than the current Azure Spot price. The maxPrice will also be used for evicting a Azure Spot VM/VMSS if the current Azure Spot price goes beyond the maxPrice after creation of VM/VMSS. Possible values are: - Any decimal value greater than zero. Example: 0.01538 -1 – indicates default price to be up-to on-demand. You can set the maxPrice to -1 to indicate that the Azure Spot VM/VMSS should not be evicted for price reasons. Also, the default max price is -1 if it is not provided by you. Minimum api-version: 2019-03-01.
capacityReservation
optionalcapacityReservationGroup
optionalid
optional - stringResource Id
diagnosticsProfile
optionalbootDiagnostics
optionalenabled
optional - booleanWhether boot diagnostics should be enabled on the Virtual Machine.
storageUri
optional - stringUri of the storage account to use for placing the console output and screenshot. If storageUri is not specified while enabling boot diagnostics, managed storage will be used.
evictionPolicy
optional - stringSpecifies the eviction policy for the Azure Spot virtual machine and Azure Spot scale set. For Azure Spot virtual machines, both 'Deallocate' and 'Delete' are supported and the minimum api-version is 2019-03-01. For Azure Spot scale sets, both 'Deallocate' and 'Delete' are supported and the minimum api-version is 2017-10-30-preview.
extensionProfile
optionalextensions
optional arrayname
optional - stringThe name of the extension.
extensionsTimeBudget
optional - stringSpecifies the time alloted for all extensions to start. The time duration should be between 15 minutes and 120 minutes (inclusive) and should be specified in ISO 8601 format. The default value is 90 minutes (PT1H30M). Minimum api-version: 2020-06-01
licenseType
optional - stringSpecifies that the image or disk that is being used was licensed on-premises. Possible values for Windows Server operating system are: Windows_Client Windows_Server Possible values for Linux Server operating system are: RHEL_BYOS (for RHEL) SLES_BYOS (for SUSE) For more information, see Azure Hybrid Use Benefit for Windows Server Azure Hybrid Use Benefit for Linux Server Minimum api-version: 2015-06-15
networkProfile
optionalhealthProbe
optionalid
optional - stringThe ARM resource id in the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/...
networkApiVersion
optional - stringspecifies the Microsoft.Network API version used when creating networking resources in the Network Interface Configurations for Virtual Machine Scale Set with orchestration mode 'Flexible'.
networkInterfaceConfigurations
optional arrayid
optional - stringResource Id
name
required - stringThe network configuration name.
properties
optionaldeleteOption
optional - stringSpecify what happens to the network interface when the VM is deleted.
dnsSettings
optionaldnsServers
optional - arrayList of DNS servers IP addresses
enableAcceleratedNetworking
optional - booleanSpecifies whether the network interface is accelerated networking-enabled.
enableFpga
optional - booleanSpecifies whether the network interface is FPGA networking-enabled.
enableIPForwarding
optional - booleanWhether IP forwarding enabled on this NIC.
ipConfigurations
required arrayid
optional - stringResource Id
name
required - stringThe IP configuration name.
properties
optionalapplicationGatewayBackendAddressPools
optional arrayid
optional - stringResource Id
applicationSecurityGroups
optional arrayid
optional - stringResource Id
loadBalancerBackendAddressPools
optional arrayid
optional - stringResource Id
loadBalancerInboundNatPools
optional arrayid
optional - stringResource Id
primary
optional - booleanSpecifies the primary network interface in case the virtual machine has more than 1 network interface.
privateIPAddressVersion
optional - stringAvailable from Api-Version 2017-03-30 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'.
publicIPAddressConfiguration
optionalname
required - stringThe publicIP address configuration name.
properties
optionaldeleteOption
optional - stringSpecify what happens to the public IP when the VM is deleted.
dnsSettings
optionaldomainNameLabel
required - stringThe Domain name label.The concatenation of the domain name label and vm index will be the domain name labels of the PublicIPAddress resources that will be created
idleTimeoutInMinutes
optional - integerThe idle timeout of the public IP address.
ipTags
optional arrayipTagType
optional - stringIP tag type. Example: FirstPartyUsage.
tag
optional - stringIP tag associated with the public IP. Example: SQL, Storage etc.
publicIPAddressVersion
optional - stringAvailable from Api-Version 2019-07-01 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'.
publicIPPrefix
optionalid
optional - stringResource Id
sku
optionalname
optional - stringSpecify public IP sku name.
tier
optional - stringSpecify public IP sku tier.
subnet
optionalid
optional - stringThe ARM resource id in the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/...
networkSecurityGroup
optionalid
optional - stringResource Id
primary
optional - booleanSpecifies the primary network interface in case the virtual machine has more than 1 network interface.
osProfile
optionaladminPassword
optional - stringSpecifies the password of the administrator account. Minimum-length (Windows): 8 characters Minimum-length (Linux): 6 characters Max-length (Windows): 123 characters Max-length (Linux): 72 characters Complexity requirements: 3 out of 4 conditions below need to be fulfilled Has lower characters Has upper characters Has a digit Has a special character (Regex match [\W_]) Disallowed values: "abc@123", "P@$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!" For resetting the password, see How to reset the Remote Desktop service or its login password in a Windows VM For resetting root password, see Manage users, SSH, and check or repair disks on Azure Linux VMs using the VMAccess Extension
adminUsername
optional - stringSpecifies the name of the administrator account. Windows-only restriction: Cannot end in "." Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". Minimum-length (Linux): 1 character Max-length (Linux): 64 characters Max-length (Windows): 20 characters
computerNamePrefix
optional - stringSpecifies the computer name prefix for all of the virtual machines in the scale set. Computer name prefixes must be 1 to 15 characters long.
customData
optional - stringSpecifies a base-64 encoded string of custom data. The base-64 encoded string is decoded to a binary array that is saved as a file on the Virtual Machine. The maximum length of the binary array is 65535 bytes. For using cloud-init for your VM, see Using cloud-init to customize a Linux VM during creation
linuxConfiguration
optionaldisablePasswordAuthentication
optional - booleanSpecifies whether password authentication should be disabled.
patchSettings
optionalassessmentMode
optional - stringSpecifies the mode of VM Guest Patch Assessment for the IaaS virtual machine. Possible values are: ImageDefault - You control the timing of patch assessments on a virtual machine. AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true.
patchMode
optional - stringSpecifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible. Possible values are: ImageDefault - The virtual machine's default patching configuration is used. AutomaticByPlatform - The virtual machine will be automatically updated by the platform. The property provisionVMAgent must be true.
provisionVMAgent
optional - booleanIndicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later.
ssh
optionalpublicKeys
optional arraykeyData
optional - stringSSH public key certificate used to authenticate with the VM through ssh. The key needs to be at least 2048-bit and in ssh-rsa format. For creating ssh keys, see [Create SSH keys on Linux and Mac for Linux VMs in Azure]https://docs.microsoft.com/azure/virtual-machines/linux/create-ssh-keys-detailed).
path
optional - stringSpecifies the full path on the created VM where ssh public key is stored. If the file already exists, the specified key is appended to the file. Example: /home/user/.ssh/authorized_keys
secrets
optional arraysourceVault
optionalid
optional - stringResource Id
vaultCertificates
optional arraycertificateStore
optional - stringFor Windows VMs, specifies the certificate store on the Virtual Machine to which the certificate should be added. The specified certificate store is implicitly in the LocalMachine account. For Linux VMs, the certificate file is placed under the /var/lib/waagent directory, with the file name <UppercaseThumbprint>.crt for the X509 certificate file and <UppercaseThumbprint>.prv for private key. Both of these files are .pem formatted.
certificateUrl
optional - stringThis is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8: { "data":"<Base64-encoded-certificate>", "dataType":"pfx", "password":"<pfx-file-password>" } To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows.
windowsConfiguration
optionaladditionalUnattendContent
optional arraycomponentName
optional - stringThe component name. Currently, the only allowable value is Microsoft-Windows-Shell-Setup.
content
optional - stringSpecifies the XML formatted content that is added to the unattend.xml file for the specified path and component. The XML must be less than 4KB and must include the root element for the setting or feature that is being inserted.
passName
optional - stringThe pass name. Currently, the only allowable value is OobeSystem.
settingName
optional - stringSpecifies the name of the setting to which the content applies. Possible values are: FirstLogonCommands and AutoLogon.
enableAutomaticUpdates
optional - booleanIndicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning.
patchSettings
optionalassessmentMode
optional - stringSpecifies the mode of VM Guest patch assessment for the IaaS virtual machine. Possible values are: ImageDefault - You control the timing of patch assessments on a virtual machine. AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true.
enableHotpatching
optional - booleanEnables customers to patch their Azure VMs without requiring a reboot. For enableHotpatching, the 'provisionVMAgent' must be set to true and 'patchMode' must be set to 'AutomaticByPlatform'.
patchMode
optional - stringSpecifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible. Possible values are: Manual - You control the application of patches to a virtual machine. You do this by applying patches manually inside the VM. In this mode, automatic updates are disabled; the property WindowsConfiguration.enableAutomaticUpdates must be false AutomaticByOS - The virtual machine will automatically be updated by the OS. The property WindowsConfiguration.enableAutomaticUpdates must be true. AutomaticByPlatform - the virtual machine will automatically updated by the platform. The properties provisionVMAgent and WindowsConfiguration.enableAutomaticUpdates must be true.
provisionVMAgent
optional - booleanIndicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later.
timeZone
optional - stringSpecifies the time zone of the virtual machine. e.g. "Pacific Standard Time". Possible values can be TimeZoneInfo.Id value from time zones returned by TimeZoneInfo.GetSystemTimeZones.
winRM
optionallisteners
optional arraycertificateUrl
optional - stringThis is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8: { "data":"<Base64-encoded-certificate>", "dataType":"pfx", "password":"<pfx-file-password>" } To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows.
protocol
optional - stringSpecifies the protocol of WinRM listener. Possible values are: http https.
priority
optional - stringSpecifies the priority for the virtual machines in the scale set. Minimum api-version: 2017-10-30-preview.
scheduledEventsProfile
optionalterminateNotificationProfile
optionalenable
optional - booleanSpecifies whether the Terminate Scheduled event is enabled or disabled.
notBeforeTimeout
optional - stringConfigurable length of time a Virtual Machine being deleted will have to potentially approve the Terminate Scheduled Event before the event is auto approved (timed out). The configuration must be specified in ISO 8601 format, the default value is 5 minutes (PT5M)
securityProfile
optionalencryptionAtHost
optional - booleanThis property can be used by user in the request to enable or disable the Host Encryption for the virtual machine or virtual machine scale set. This will enable the encryption for all the disks including Resource/Temp disk at host itself. Default: The Encryption at host will be disabled unless this property is set to true for the resource.
securityType
optional - stringSpecifies the SecurityType of the virtual machine. It is set as TrustedLaunch to enable UefiSettings. Default: UefiSettings will not be enabled unless this property is set as TrustedLaunch.
uefiSettings
optionalsecureBootEnabled
optional - booleanSpecifies whether secure boot should be enabled on the virtual machine. Minimum api-version: 2020-12-01
vTpmEnabled
optional - booleanSpecifies whether vTPM should be enabled on the virtual machine. Minimum api-version: 2020-12-01
storageProfile
optionaldataDisks
optional arraycaching
optional - stringSpecifies the caching requirements. Possible values are: None ReadOnly ReadWrite Default: None for Standard storage. ReadOnly for Premium storage.
createOption
required - stringThe create option.
diskIOPSReadWrite
optional - integerSpecifies the Read-Write IOPS for the managed disk. Should be used only when StorageAccountType is UltraSSD_LRS. If not specified, a default value would be assigned based on diskSizeGB.
diskMBpsReadWrite
optional - integerSpecifies the bandwidth in MB per second for the managed disk. Should be used only when StorageAccountType is UltraSSD_LRS. If not specified, a default value would be assigned based on diskSizeGB.
diskSizeGB
optional - integerSpecifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image. This value cannot be larger than 1023 GB
lun
required - integerSpecifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM.
managedDisk
optionaldiskEncryptionSet
optionalid
optional - stringResource Id
storageAccountType
optional - stringSpecifies the storage account type for the managed disk. NOTE: UltraSSD_LRS can only be used with data disks, it cannot be used with OS Disk.
name
optional - stringThe disk name.
writeAcceleratorEnabled
optional - booleanSpecifies whether writeAccelerator should be enabled or disabled on the disk.
imageReference
optionalid
optional - stringResource Id
offer
optional - stringSpecifies the offer of the platform image or marketplace image used to create the virtual machine.
publisher
optional - stringThe image publisher.
sharedGalleryImageId
optional - stringSpecified the shared gallery image unique id for vm deployment. This can be fetched from shared gallery image GET call.
sku
optional - stringThe image SKU.
version
optional - stringSpecifies the version of the platform image or marketplace image used to create the virtual machine. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available.
osDisk
optionalcaching
optional - stringSpecifies the caching requirements. Possible values are: None ReadOnly ReadWrite Default: None for Standard storage. ReadOnly for Premium storage.
createOption
required - stringSpecifies how the virtual machines in the scale set should be created. The only allowed value is: FromImage \u2013 This value is used when you are using an image to create the virtual machine. If you are using a platform image, you also use the imageReference element described above. If you are using a marketplace image, you also use the plan element previously described.
diffDiskSettings
optionaloption
optional - stringSpecifies the ephemeral disk settings for operating system disk.
placement
optional - stringSpecifies the ephemeral disk placement for operating system disk. Possible values are: CacheDisk ResourceDisk Default: CacheDisk if one is configured for the VM size otherwise ResourceDisk is used. Refer to VM size documentation for Windows VM at https://docs.microsoft.com/azure/virtual-machines/windows/sizes and Linux VM at https://docs.microsoft.com/azure/virtual-machines/linux/sizes to check which VM sizes exposes a cache disk.
diskSizeGB
optional - integerSpecifies the size of the operating system disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image. This value cannot be larger than 1023 GB
image
optionaluri
optional - stringSpecifies the virtual hard disk's uri.
managedDisk
optionaldiskEncryptionSet
optionalid
optional - stringResource Id
storageAccountType
optional - stringSpecifies the storage account type for the managed disk. NOTE: UltraSSD_LRS can only be used with data disks, it cannot be used with OS Disk.
name
optional - stringThe disk name.
osType
optional - stringThis property allows you to specify the type of the OS that is included in the disk if creating a VM from user-image or a specialized VHD. Possible values are: Windows Linux.
vhdContainers
optional - arraySpecifies the container urls that are used to store operating system disks for the scale set.
writeAcceleratorEnabled
optional - booleanSpecifies whether writeAccelerator should be enabled or disabled on the disk.
userData
optional - stringUserData for the virtual machines in the scale set, which must be base-64 encoded. Customer should not pass any secrets in here. Minimum api-version: 2021-03-01
zoneBalance
optional - booleanWhether to force strictly even Virtual Machine distribution cross x-zones in case there is zone outage. zoneBalance property can only be set if the zones property of the scale set contains more than one zone. If there are no zones or only one zone specified, then zoneBalance property should not be set.
sku
optionalcapacity
optional - integerSpecifies the number of virtual machines in the scale set.
name
optional - stringThe sku name.
tier
optional - stringSpecifies the tier of virtual machines in a scale set. Possible Values: Standard Basic
tags
optional - stringResource tags
type
required - stringzones
optional - arrayThe virtual machine scale set zones. NOTE: Availability zones can only be set when you create the scale set
Frequently asked questions
What is Azure Compute Linux Virtual Machine Scale Set?
Azure Compute Linux Virtual Machine Scale Set is a resource for Compute of Microsoft Azure. Settings can be wrote in Terraform.
Where can I find the example code for the Azure Compute Linux Virtual Machine Scale Set?
For Terraform, the gilyas/infracost, azizbekmol/Terraform14 and nuraaly/terraform-azure-ss source code examples are useful. See the Terraform Example section for further details.
For Azure Resource Manager, the Jyotsna-Anand/azure-arm-templates, Jyotsna-Anand/azure-arm-templates and timwebster9/azure-policy source code examples are useful. See the Azure Resource Manager Example section for further details.