azurermLinuxVirtualMachineScaleSet
Manages a Linux Virtual Machine Scale Set.
Disclaimers
-> NOTE: As of the v2.86.0 (November 19, 2021) release of the provider this resource will only create Virtual Machine Scale Sets with the Uniform Orchestration Mode.
-> NOTE: All arguments including the administrator login and password will be stored in the raw state as plain-text. Read more about sensitive data in state.
-> NOTE: Terraform will automatically update & reimage the nodes in the Scale Set (if Required) during an Update - this behaviour can be configured using the features
setting within the Provider block.
Example Usage
This example provisions a basic Linux Virtual Machine Scale Set on an internal network. Additional examples of how to use the azurermLinuxVirtualMachineScaleSet
resource can be found in the ./examples/vm-scale-set/linux` directory within the GitHub Repository.
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
new azurerm.provider.AzurermProvider(this, "azurerm", {
features: [{}],
});
const firstPublicKey =
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+wWK73dCr+jgQOAxNsHAnNNNMEMWOHYEccp6wJm2gotpr9katuF/ZAdou5AaW1C61slRkHRkpRRX9FA9CYBiitZgvCCz+3nWNN7l/Up54Zps/pHWGZLHNJZRYyAB6j5yVLMVHIHriY49d/GZTZVNB8GoJv9Gakwc/fuEZYYl4YDFiGMBP///TzlI4jhiJzjKnEvqPFki5p2ZRJqcbCiF4pJrxUQR/RXqVFQdbRLZgYfJ8xGB878RENq3yQ39d8dVOkq4edbkzwcUmwwwkYVPIoDGsYLaRHnG+To7FvMeyO7xDVQkMKzopTQV8AuKpyvpqu0a9pWOMaiCyDytO7GGN you@me.com";
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example",
{
location: "West Europe",
name: "example-resources",
}
);
const azurermVirtualNetworkExample = new azurerm.virtualNetwork.VirtualNetwork(
this,
"example_2",
{
address_space: ["10.0.0.0/16"],
location: azurermResourceGroupExample.location,
name: "example-network",
resource_group_name: azurermResourceGroupExample.name,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualNetworkExample.overrideLogicalId("example");
const azurermSubnetInternal = new azurerm.subnet.Subnet(this, "internal", {
address_prefixes: ["10.0.2.0/24"],
name: "internal",
resource_group_name: azurermResourceGroupExample.name,
virtual_network_name: azurermVirtualNetworkExample.name,
});
const azurermLinuxVirtualMachineScaleSetExample =
new azurerm.linuxVirtualMachineScaleSet.LinuxVirtualMachineScaleSet(
this,
"example_4",
{
admin_ssh_key: [
{
public_key: firstPublicKey,
username: "adminuser",
},
],
admin_username: "adminuser",
instances: 1,
location: azurermResourceGroupExample.location,
name: "example-vmss",
network_interface: [
{
ip_configuration: [
{
name: "internal",
primary: true,
subnet_id: azurermSubnetInternal.id,
},
],
name: "example",
primary: true,
},
],
os_disk: [
{
caching: "ReadWrite",
storage_account_type: "Standard_LRS",
},
],
resource_group_name: azurermResourceGroupExample.name,
sku: "Standard_F2",
source_image_reference: [
{
offer: "UbuntuServer",
publisher: "Canonical",
sku: "16.04-LTS",
version: "latest",
},
],
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermLinuxVirtualMachineScaleSetExample.overrideLogicalId("example");
Argument Reference
-
name
- (Required) The name of the Linux Virtual Machine Scale Set. Changing this forces a new resource to be created. -
location
- (Required) The Azure location where the Linux Virtual Machine Scale Set should exist. Changing this forces a new resource to be created. -
resourceGroupName
- (Required) The name of the Resource Group in which the Linux Virtual Machine Scale Set should be exist. Changing this forces a new resource to be created. -
adminUsername
- (Required) The username of the local administrator on each Virtual Machine Scale Set instance. Changing this forces a new resource to be created. -
instances
- (Optional) The number of Virtual Machines in the Scale Set. Defaults to0
.
-> NOTE: If you are using AutoScaling, you may wish to use Terraform's ignoreChanges
functionality to ignore changes to this field.
-
sku
- (Required) The Virtual Machine SKU for the Scale Set, such asstandardF2
. -
networkInterface
- (Required) One or morenetworkInterface
blocks as defined below. -
osDisk
- (Required) AnosDisk
block as defined below.
-
additionalCapabilities
- (Optional) AnadditionalCapabilities
block as defined below. -
adminPassword
- (Optional) The Password which should be used for the local-administrator on this Virtual Machine. Changing this forces a new resource to be created.
-> NOTE: When an adminPassword
is specified disablePasswordAuthentication
must be set to false
.
-> NOTE: One of either adminPassword
or adminSshKey
must be specified.
adminSshKey
- (Optional) One or moreadminSshKey
blocks as defined below.
-> NOTE: One of either adminPassword
or adminSshKey
must be specified.
-
automaticOsUpgradePolicy
- (Optional) AnautomaticOsUpgradePolicy
block as defined below. This can only be specified whenupgradeMode
is set to eitherautomatic
orrolling
. -
automaticInstanceRepair
- (Optional) AnautomaticInstanceRepair
block as defined below. To enable the automatic instance repair, this Virtual Machine Scale Set must have a validhealthProbeId
or an Application Health Extension.
-> NOTE: For more information about Automatic Instance Repair, please refer to this doc.
-
bootDiagnostics
- (Optional) AbootDiagnostics
block as defined below. -
capacityReservationGroupId
- (Optional) Specifies the ID of the Capacity Reservation Group which the Virtual Machine Scale Set should be allocated to. Changing this forces a new resource to be created.
-> NOTE: capacityReservationGroupId
cannot be used with proximityPlacementGroupId
\~> NOTE: singlePlacementGroup
must be set to false
when capacityReservationGroupId
is specified.
-
computerNamePrefix
- (Optional) The prefix which should be used for the name of the Virtual Machines in this Scale Set. If unspecified this defaults to the value for thename
field. If the value of thename
field is not a validcomputerNamePrefix
, then you must specifycomputerNamePrefix
. Changing this forces a new resource to be created. -
customData
- (Optional) The Base64-Encoded Custom Data which should be used for this Virtual Machine Scale Set.
-> NOTE: When Custom Data has been configured, it's not possible to remove it without tainting the Virtual Machine Scale Set, due to a limitation of the Azure API.
-
dataDisk
- (Optional) One or moredataDisk
blocks as defined below. -
disablePasswordAuthentication
- (Optional) Should Password Authentication be disabled on this Virtual Machine Scale Set? Defaults totrue
.
-> In general we'd recommend using SSH Keys for authentication rather than Passwords - but there's tradeoff's to each - please see this thread for more information.
-> NOTE: When a adminPassword
is specified disablePasswordAuthentication
must be set to false
.
-
doNotRunExtensionsOnOverprovisionedMachines
- (Optional) Should Virtual Machine Extensions be run on Overprovisioned Virtual Machines in the Scale Set? Defaults tofalse
. -
edgeZone
- (Optional) Specifies the Edge Zone within the Azure Region where this Linux Virtual Machine Scale Set should exist. Changing this forces a new Linux Virtual Machine Scale Set to be created. -
encryptionAtHostEnabled
- (Optional) Should all of the disks (including the temp disk) attached to this Virtual Machine be encrypted by enabling Encryption at Host? -
extension
- (Optional) One or moreextension
blocks as defined below -
extensionOperationsEnabled
- (Optional) Should extension operations be allowed on the Virtual Machine Scale Set? Possible values aretrue
orfalse
. Defaults totrue
. Changing this forces a new Linux Virtual Machine Scale Set to be created.
-> NOTE: extensionOperationsEnabled
may only be set to false
if there are no extensions defined in the extension
field.
-
extensionsTimeBudget
- (Optional) Specifies the duration allocated for all extensions to start. The time duration should be between15
minutes and120
minutes (inclusive) and should be specified in ISO 8601 format. Defaults to90
minutes (pt1H30M
). -
evictionPolicy
- (Optional) Specifies the eviction policy for Virtual Machines in this Scale Set. Possible values aredeallocate
anddelete
. Changing this forces a new resource to be created.
-> NOTE: This can only be configured when priority
is set to spot
.
-
galleryApplication
- (Optional) AgalleryApplication
block as defined below. -
healthProbeId
- (Optional) The ID of a Load Balancer Probe which should be used to determine the health of an instance. This is Required and can only be specified whenupgradeMode
is set toautomatic
orrolling
. -
hostGroupId
- (Optional) Specifies the ID of the dedicated host group that the virtual machine scale set resides in. Changing this forces a new resource to be created. -
identity
- (Optional) Anidentity
block as defined below. -
maxBidPrice
- (Optional) The maximum price you're willing to pay for each Virtual Machine in this Scale Set, in US Dollars; which must be greater than the current spot price. If this bid price falls below the current spot price the Virtual Machines in the Scale Set will be evicted using theevictionPolicy
. Defaults to1
, which means that each Virtual Machine in this Scale Set should not be evicted for price reasons.
-> NOTE: This can only be configured when priority
is set to spot
.
-
overprovision
- (Optional) Should Azure over-provision Virtual Machines in this Scale Set? This means that multiple Virtual Machines will be provisioned and Azure will keep the instances which become available first - which improves provisioning success rates and improves deployment time. You're not billed for these over-provisioned VM's and they don't count towards the Subscription Quota. Defaults totrue
. -
plan
- (Optional) Aplan
block as defined below. Changing this forces a new resource to be created.
-> NOTE: When using an image from Azure Marketplace a plan
must be specified.
-
platformFaultDomainCount
- (Optional) Specifies the number of fault domains that are used by this Linux Virtual Machine Scale Set. Changing this forces a new resource to be created. -
priority
- (Optional) The Priority of this Virtual Machine Scale Set. Possible values areregular
andspot
. Defaults toregular
. Changing this value forces a new resource.
-> NOTE: When priority
is set to spot
an evictionPolicy
must be specified.
-
provisionVmAgent
- (Optional) Should the Azure VM Agent be provisioned on each Virtual Machine in the Scale Set? Defaults totrue
. Changing this value forces a new resource to be created. -
proximityPlacementGroupId
- (Optional) The ID of the Proximity Placement Group in which the Virtual Machine Scale Set should be assigned to. Changing this forces a new resource to be created. -
rollingUpgradePolicy
- (Optional) ArollingUpgradePolicy
block as defined below. This is Required and can only be specified whenupgradeMode
is set toautomatic
orrolling
. Changing this forces a new resource to be created. -
scaleIn
- (Optional) AscaleIn
block as defined below. -
secret
- (Optional) One or moresecret
blocks as defined below. -
secureBootEnabled
- (Optional) Specifies whether secure boot should be enabled on the virtual machine. Changing this forces a new resource to be created. -
singlePlacementGroup
- (Optional) Should this Virtual Machine Scale Set be limited to a Single Placement Group, which means the number of instances will be capped at 100 Virtual Machines. Defaults totrue
. -
sourceImageId
- (Optional) The ID of an Image which each Virtual Machine in this Scale Set should be based on. Possible Image ID types includeimageId
s,sharedImageId
s,sharedImageVersionId
s,communityGalleryImageId
s,communityGalleryImageVersionId
s,sharedGalleryImageId
s andsharedGalleryImageVersionId
s.
-> NOTE: One of either sourceImageId
or sourceImageReference
must be set.
sourceImageReference
- (Optional) AsourceImageReference
block as defined below.
-> NOTE: One of either sourceImageId
or sourceImageReference
must be set.
-
spotRestore
- (Optional) AspotRestore
block as defined below. -
tags
- (Optional) A mapping of tags which should be assigned to this Virtual Machine Scale Set. -
terminateNotification
- (Optional) AterminateNotification
block as defined below.
-> Note: This property has been deprecated in favour of the terminationNotification
property and will be removed in version 4.0 of the provider.
-
terminationNotification
- (Optional) AterminationNotification
block as defined below. -
upgradeMode
- (Optional) Specifies how Upgrades (e.g. changing the Image/SKU) should be performed to Virtual Machine Instances. Possible values areautomatic
,manual
androlling
. Defaults tomanual
. Changing this forces a new resource to be created. -
userData
- (Optional) The Base64-Encoded User Data which should be used for this Virtual Machine Scale Set. -
vtpmEnabled
- (Optional) Specifies whether vTPM should be enabled on the virtual machine. Changing this forces a new resource to be created. -
zoneBalance
- (Optional) Should the Virtual Machines in this Scale Set be strictly evenly distributed across Availability Zones? Defaults tofalse
. Changing this forces a new resource to be created.
-> NOTE: This can only be set to true
when one or more zones
are configured.
zones
- (Optional) Specifies a list of Availability Zones in which this Linux Virtual Machine Scale Set should be located. Changing this forces a new Linux Virtual Machine Scale Set to be created.
An additionalCapabilities
block supports the following:
ultraSsdEnabled
- (Optional) Should the capacity to enable Data Disks of theultraSsdLrs
storage account type be supported on this Virtual Machine Scale Set? Possible values aretrue
orfalse
. Defaults tofalse
. Changing this forces a new resource to be created.
An adminSshKey
block supports the following:
-
publicKey
- (Required) The Public Key which should be used for authentication, which needs to be at least 2048-bit and insshRsa
format. -
username
- (Required) The Username for which this Public SSH Key should be configured.
-> NOTE: The Azure VM Agent only allows creating SSH Keys at the path /home/{username}/Ssh/authorizedKeys
- as such this public key will be added/appended to the authorized keys file.
An automaticOsUpgradePolicy
block supports the following:
-
disableAutomaticRollback
- (Required) Should automatic rollbacks be disabled? -
enableAutomaticOsUpgrade
- (Required) Should OS Upgrades automatically be applied to Scale Set instances in a rolling fashion when a newer version of the OS Image becomes available?
An automaticInstanceRepair
block supports the following:
-
enabled
- (Required) Should the automatic instance repair be enabled on this Virtual Machine Scale Set? -
gracePeriod
- (Optional) Amount of time (in minutes, between 30 and 90, defaults to 30 minutes) for which automatic repairs will be delayed. The grace period starts right after the VM is found unhealthy. The time duration should be specified in ISO 8601 format. Defaults topt30M
.
A bootDiagnostics
block supports the following:
storageAccountUri
- (Optional) The Primary/Secondary Endpoint for the Azure Storage Account which should be used to store Boot Diagnostics, including Console Output and Screenshots from the Hypervisor.
-> NOTE: Passing a null value will utilize a Managed Storage Account to store Boot Diagnostics.
A certificate
block supports the following:
url
- (Required) The Secret URL of a Key Vault Certificate.
-> NOTE: This can be sourced from the secretId
field within the azurermKeyVaultCertificate
Resource.
-> NOTE: The certificate must have been uploaded/created in PFX format, PEM certificates are not currently supported by Azure.
A dataDisk
block supports the following:
-
name
- (Optional) The name of the Data Disk. -
caching
- (Required) The type of Caching which should be used for this Data Disk. Possible values arenone
,readOnly
andreadWrite
. -
createOption
- (Optional) The create option which should be used for this Data Disk. Possible values areempty
andfromImage
. Defaults toempty
. (fromImage
should only be used if the source image includes data disks). -
diskSizeGb
- (Required) The size of the Data Disk which should be created. -
lun
- (Required) The Logical Unit Number of the Data Disk, which must be unique within the Virtual Machine. -
storageAccountType
- (Required) The Type of Storage Account which should back this Data Disk. Possible values includestandardLrs
,standardSsdLrs
,standardSsdZrs
,premiumLrs
,premiumV2Lrs
,premiumZrs
andultraSsdLrs
.
-> NOTE: ultraSsdLrs
is only supported when ultraSsdEnabled
within the additionalCapabilities
block is enabled.
diskEncryptionSetId
- (Optional) The ID of the Disk Encryption Set which should be used to encrypt this Data Disk. Changing this forces a new resource to be created.
-> NOTE: The Disk Encryption Set must have the reader
Role Assignment scoped on the Key Vault - in addition to an Access Policy to the Key Vault
-> NOTE: Disk Encryption Sets are in Public Preview in a limited set of regions
-
ultraSsdDiskIopsReadWrite
- (Optional) Specifies the Read-Write IOPS for this Data Disk. Only settable for UltraSSD disks. -
ultraSsdDiskMbpsReadWrite
- (Optional) Specifies the bandwidth in MB per second for this Data Disk. Only settable for UltraSSD disks. -
writeAcceleratorEnabled
- (Optional) Should Write Accelerator be enabled for this Data Disk? Defaults tofalse
.
-> NOTE: This requires that the storageAccountType
is set to premiumLrs
and that caching
is set to none
.
A diffDiskSettings
block supports the following:
-
option
- (Required) Specifies the Ephemeral Disk Settings for the OS Disk. At this time the only possible value islocal
. Changing this forces a new resource to be created. -
placement
- (Optional) Specifies where to store the Ephemeral Disk. Possible values arecacheDisk
andresourceDisk
. Defaults tocacheDisk
. Changing this forces a new resource to be created.
An extension
block supports the following:
-
name
- (Required) The name for the Virtual Machine Scale Set Extension. -
publisher
- (Required) Specifies the Publisher of the Extension. -
type
- (Required) Specifies the Type of the Extension. -
typeHandlerVersion
- (Required) Specifies the version of the extension to use, available versions can be found using the Azure CLI. -
autoUpgradeMinorVersion
- (Optional) Should the latest version of the Extension be used at Deployment Time, if one is available? This won't auto-update the extension on existing installation. Defaults totrue
. -
automaticUpgradeEnabled
- (Optional) Should the Extension be automatically updated whenever the Publisher releases a new version of this VM Extension? -
forceUpdateTag
- (Optional) A value which, when different to the previous value can be used to force-run the Extension even if the Extension Configuration hasn't changed. -
protectedSettings
- (Optional) A JSON String which specifies Sensitive Settings (such as Passwords) for the Extension.
-> NOTE: Keys within the protectedSettings
block are notoriously case-sensitive, where the casing required (e.g. TitleCase vs snakeCase) depends on the Extension being used. Please refer to the documentation for the specific Virtual Machine Extension you're looking to use for more information.
-> NOTE: Rather than defining JSON inline you can use the jsonencode
interpolation function to define this in a cleaner way.
protectedSettingsFromKeyVault
- (Optional) AprotectedSettingsFromKeyVault
block as defined below.
\~> Note: protectedSettingsFromKeyVault
cannot be used with protectedSettings
-
provisionAfterExtensions
- (Optional) An ordered list of Extension names which this should be provisioned after. -
settings
- (Optional) A JSON String which specifies Settings for the Extension.
-> NOTE: Keys within the settings
block are notoriously case-sensitive, where the casing required (e.g. TitleCase vs snakeCase) depends on the Extension being used. Please refer to the documentation for the specific Virtual Machine Extension you're looking to use for more information.
-> NOTE: Rather than defining JSON inline you can use the jsonencode
interpolation function to define this in a cleaner way.
A galleryApplication
block supports the following:
-
versionId
- (Required) Specifies the Gallery Application Version resource ID. Changing this forces a new resource to be created. -
configurationBlobUri
- (Optional) Specifies the URI to an Azure Blob that will replace the default configuration for the package if provided. Changing this forces a new resource to be created. -
order
- (Optional) Specifies the order in which the packages have to be installed. Possible values are between0
and2,147,483,647
. Changing this forces a new resource to be created. -
tag
- (Optional) Specifies a passthrough value for more generic context. This field can be any validstring
value. Changing this forces a new resource to be created.
An identity
block supports the following:
-
type
- (Required) Specifies the type of Managed Service Identity that should be configured on this Linux Virtual Machine Scale Set. Possible values aresystemAssigned
,userAssigned
,systemAssigned,UserAssigned
(to enable both). -
identityIds
- (Optional) Specifies a list of User Assigned Managed Identity IDs to be assigned to this Linux Virtual Machine Scale Set.
-> NOTE: This is required when type
is set to userAssigned
or systemAssigned,UserAssigned
.
An ipConfiguration
block supports the following:
-
name
- (Required) The Name which should be used for this IP Configuration. -
applicationGatewayBackendAddressPoolIds
- (Optional) A list of Backend Address Pools ID's from a Application Gateway which this Virtual Machine Scale Set should be connected to. -
applicationSecurityGroupIds
- (Optional) A list of Application Security Group ID's which this Virtual Machine Scale Set should be connected to. -
loadBalancerBackendAddressPoolIds
- (Optional) A list of Backend Address Pools ID's from a Load Balancer which this Virtual Machine Scale Set should be connected to.
-> NOTE: When the Virtual Machine Scale Set is configured to have public IPs per instance are created with a load balancer, the SKU of the Virtual Machine instance IPs is determined by the SKU of the Virtual Machine Scale Sets Load Balancer (e.g. basic
or standard
). Alternatively, you may use the publicIpPrefixId
field to generate instance-level IPs in a virtual machine scale set as well. The zonal properties of the prefix will be passed to the Virtual Machine instance IPs, though they will not be shown in the output. To view the public IP addresses assigned to the Virtual Machine Scale Sets Virtual Machine instances use the az vmss list-instance-public-ips --resource-group resourceGroupName
--name virtualMachineScaleSetName
CLI command.
-> NOTE: When using this field you'll also need to configure a Rule for the Load Balancer, and use a dependsOn
between this resource and the Load Balancer Rule.
loadBalancerInboundNatRulesIds
- (Optional) A list of NAT Rule ID's from a Load Balancer which this Virtual Machine Scale Set should be connected to.
-> NOTE: When using this field you'll also need to configure a Rule for the Load Balancer, and use a dependsOn
between this resource and the Load Balancer Rule.
primary
- (Optional) Is this the Primary IP Configuration for this Network Interface? Defaults tofalse
.
-> NOTE: One ipConfiguration
block must be marked as Primary for each Network Interface.
-
publicIpAddress
- (Optional) ApublicIpAddress
block as defined below. -
subnetId
- (Optional) The ID of the Subnet which this IP Configuration should be connected to.
-> subnetId
is required if version
is set to iPv4
.
version
- (Optional) The Internet Protocol Version which should be used for this IP Configuration. Possible values areiPv4
andiPv6
. Defaults toiPv4
.
An ipTag
block supports the following:
-
tag
- (Required) The IP Tag associated with the Public IP, such assql
orstorage
. Changing this forces a new resource to be created. -
type
- (Required) The Type of IP Tag, such asfirstPartyUsage
. Changing this forces a new resource to be created.
A networkInterface
block supports the following:
-
name
- (Required) The Name which should be used for this Network Interface. Changing this forces a new resource to be created. -
ipConfiguration
- (Required) One or moreipConfiguration
blocks as defined above. -
dnsServers
- (Optional) A list of IP Addresses of DNS Servers which should be assigned to the Network Interface. -
enableAcceleratedNetworking
- (Optional) Does this Network Interface support Accelerated Networking? Defaults tofalse
. -
enableIpForwarding
- (Optional) Does this Network Interface support IP Forwarding? Defaults tofalse
. -
networkSecurityGroupId
- (Optional) The ID of a Network Security Group which should be assigned to this Network Interface. -
primary
- (Optional) Is this the Primary IP Configuration?
-> NOTE: If multiple networkInterface
blocks are specified, one must be set to primary
.
An osDisk
block supports the following:
-
caching
- (Required) The Type of Caching which should be used for the Internal OS Disk. Possible values arenone
,readOnly
andreadWrite
. -
storageAccountType
- (Required) The Type of Storage Account which should back this the Internal OS Disk. Possible values includestandardLrs
,standardSsdLrs
,standardSsdZrs
,premiumLrs
andpremiumZrs
. Changing this forces a new resource to be created. -
diffDiskSettings
- (Optional) AdiffDiskSettings
block as defined above. Changing this forces a new resource to be created. -
diskEncryptionSetId
- (Optional) The ID of the Disk Encryption Set which should be used to encrypt this OS Disk. Conflicts withsecureVmDiskEncryptionSetId
. Changing this forces a new resource to be created.
-> NOTE: The Disk Encryption Set must have the reader
Role Assignment scoped on the Key Vault - in addition to an Access Policy to the Key Vault
-> NOTE: Disk Encryption Sets are in Public Preview in a limited set of regions
diskSizeGb
- (Optional) The Size of the Internal OS Disk in GB, if you wish to vary from the size used in the image this Virtual Machine Scale Set is sourced from.
-> NOTE: If specified this must be equal to or larger than the size of the Image the VM Scale Set is based on. When creating a larger disk than exists in the image you'll need to repartition the disk to use the remaining space.
secureVmDiskEncryptionSetId
- (Optional) The ID of the Disk Encryption Set which should be used to Encrypt the OS Disk when the Virtual Machine Scale Set is Confidential VMSS. Conflicts withdiskEncryptionSetId
. Changing this forces a new resource to be created.
-> NOTE: secureVmDiskEncryptionSetId
can only be specified when securityEncryptionType
is set to diskWithVmGuestState
.
securityEncryptionType
- (Optional) Encryption Type when the Virtual Machine Scale Set is Confidential VMSS. Possible values arevmGuestStateOnly
anddiskWithVmGuestState
. Changing this forces a new resource to be created.
-> NOTE: vtpmEnabled
must be set to true
when securityEncryptionType
is specified.
-> NOTE: encryptionAtHostEnabled
cannot be set to true
when securityEncryptionType
is set to diskWithVmGuestState
.
writeAcceleratorEnabled
- (Optional) Should Write Accelerator be Enabled for this OS Disk? Defaults tofalse
.
-> NOTE: This requires that the storageAccountType
is set to premiumLrs
and that caching
is set to none
.
A plan
block supports the following:
-
name
- (Required) Specifies the name of the image from the marketplace. Changing this forces a new resource to be created. -
publisher
- (Required) Specifies the publisher of the image. Changing this forces a new resource to be created. -
product
- (Required) Specifies the product of the image from the marketplace. Changing this forces a new resource to be created.
A protectedSettingsFromKeyVault
block supports the following:
-
secretUrl
- (Required) The URL to the Key Vault Secret which stores the protected settings. -
sourceVaultId
- (Required) The ID of the source Key Vault.
A scaleIn
block supports the following:
-
rule
- (Optional) The scale-in policy rule that decides which virtual machines are chosen for removal when a Virtual Machine Scale Set is scaled in. Possible values for the scale-in policy rules aredefault
,newestVm
andoldestVm
, defaults todefault
. For more information about scale in policy, please refer to this doc. -
forceDeletionEnabled
- (Optional) Should the virtual machines chosen for removal be force deleted when the virtual machine scale set is being scaled-in? Possible values aretrue
orfalse
. Defaults tofalse
.
A publicIpAddress
block supports the following:
-
name
- (Required) The Name of the Public IP Address Configuration. -
domainNameLabel
- (Optional) The Prefix which should be used for the Domain Name Label for each Virtual Machine Instance. Azure concatenates the Domain Name Label and Virtual Machine Index to create a unique Domain Name Label for each Virtual Machine. -
idleTimeoutInMinutes
- (Optional) The Idle Timeout in Minutes for the Public IP Address. Possible values are in the range4
to32
. -
ipTag
- (Optional) One or moreipTag
blocks as defined above. Changing this forces a new resource to be created. -
publicIpPrefixId
- (Optional) The ID of the Public IP Address Prefix from where Public IP Addresses should be allocated. Changing this forces a new resource to be created.
-> NOTE: This functionality is in Preview and must be opted into via azFeatureRegisterNamespaceMicrosoftNetworkNameAllowBringYourOwnPublicIpAddress
and then azProviderRegisterNMicrosoftNetwork
.
version
- (Optional) The Internet Protocol Version which should be used for this public IP address. Possible values areiPv4
andiPv6
. Defaults toiPv4
. Changing this forces a new resource to be created.
A rollingUpgradePolicy
block supports the following:
-
crossZoneUpgradesEnabled
- (Optional) Should the Virtual Machine Scale Set ignore the Azure Zone boundaries when constructing upgrade batches? Possible values aretrue
orfalse
. -
maxBatchInstancePercent
- (Required) The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability. -
maxUnhealthyInstancePercent
- (Required) The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. -
maxUnhealthyUpgradedInstancePercent
- (Required) The maximum percentage of upgraded virtual machine instances that can be found to be in an unhealthy state. This check will happen after each batch is upgraded. If this percentage is ever exceeded, the rolling update aborts. -
pauseTimeBetweenBatches
- (Required) The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format. -
prioritizeUnhealthyInstancesEnabled
- (Optional) Upgrade all unhealthy instances in a scale set before any healthy instances. Possible values aretrue
orfalse
.
A secret
block supports the following:
-
certificate
- (Required) One or morecertificate
blocks as defined above. -
keyVaultId
- (Required) The ID of the Key Vault from which all Secrets should be sourced.
A terminateNotification
block supports the following:
-
enabled
- (Required) Should the terminate notification be enabled on this Virtual Machine Scale Set? -
timeout
- (Optional) Length of time (in minutes, between 5 and 15) a notification to be sent to the VM on the instance metadata server till the VM gets deleted. The time duration should be specified in ISO 8601 format. Defaults topt5M
.
-> NOTE: For more information about the terminate notification, please refer to this doc.
A terminationNotification
block supports the following:
-
enabled
- (Required) Should the termination notification be enabled on this Virtual Machine Scale Set? -
timeout
- (Optional) Length of time (in minutes, between 5 and 15) a notification to be sent to the VM on the instance metadata server till the VM gets deleted. The time duration should be specified in ISO 8601 format. Defaults topt5M
.
-> NOTE: For more information about the termination notification, please refer to this doc.
A sourceImageReference
block supports the following:
-
publisher
- (Required) Specifies the publisher of the image used to create the virtual machines. Changing this forces a new resource to be created. -
offer
- (Required) Specifies the offer of the image used to create the virtual machines. Changing this forces a new resource to be created. -
sku
- (Required) Specifies the SKU of the image used to create the virtual machines. -
version
- (Required) Specifies the version of the image used to create the virtual machines.
A spotRestore
block supports the following:
-
enabled
- (Optional) Should the Spot-Try-Restore feature be enabled? The Spot-Try-Restore feature will attempt to automatically restore the evicted Spot Virtual Machine Scale Set VM instances opportunistically based on capacity availability and pricing constraints. Possible values aretrue
orfalse
. Defaults tofalse
. Changing this forces a new resource to be created. -
timeout
- (Optional) The length of time that the Virtual Machine Scale Set should attempt to restore the Spot VM instances which have been evicted. The time duration should be between15
minutes and120
minutes (inclusive). The time duration should be specified in the ISO 8601 format. Defaults to90
minutes (e.g.pt1H30M
). Changing this forces a new resource to be created.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
-
id
- The ID of the Linux Virtual Machine Scale Set. -
identity
- Aidentity
block as defined below. -
uniqueId
- The Unique ID for this Linux Virtual Machine Scale Set.
A identity
block exports the following:
-
principalId
- The Principal ID associated with this Managed Service Identity. -
tenantId
- The Tenant ID associated with this Managed Service Identity.
Timeouts
The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 60 minutes) Used when creating the Linux Virtual Machine Scale Set.read
- (Defaults to 5 minutes) Used when reading the Linux Virtual Machine Scale Set.update
- (Defaults to 60 minutes) Used when updating (and rolling the instances of) the Linux Virtual Machine Scale Set (e.g. when changing SKU).delete
- (Defaults to 60 minutes) Used when deleting the Linux Virtual Machine Scale Set.
Import
Linux Virtual Machine Scale Sets can be imported using the resourceId
, e.g.