The azure-native:compute:CloudService resource, part of the Pulumi Azure Native provider, defines an Azure Cloud Service (extended support) deployment: its roles, VM sizes, networking, and runtime configuration. This guide focuses on four capabilities: single and multi-role deployments, availability zone placement, Key Vault certificate integration, and extension configuration.
Cloud services require application packages (.cspkg) and configuration files (.cscfg) stored in Azure Storage, plus public IP addresses for load balancer frontends. The examples are intentionally small. Combine them with your own storage accounts, networking infrastructure, and application packages.
Deploy a cloud service with a single role
Most deployments start with a single role that specifies the application package, VM size, and load balancer configuration.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const cloudService = new azure_native.compute.CloudService("cloudService", {
cloudServiceName: "{cs-name}",
location: "westus",
properties: {
configuration: "{ServiceConfiguration}",
networkProfile: {
loadBalancerConfigurations: [{
name: "myLoadBalancer",
properties: {
frontendIpConfigurations: [{
name: "myfe",
properties: {
publicIPAddress: {
id: "/subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.Network/publicIPAddresses/myPublicIP",
},
},
}],
},
}],
},
packageUrl: "{PackageUrl}",
roleProfile: {
roles: [{
name: "ContosoFrontend",
sku: {
capacity: 1,
name: "Standard_D1_v2",
tier: "Standard",
},
}],
},
upgradeMode: azure_native.compute.CloudServiceUpgradeMode.Auto,
},
resourceGroupName: "ConstosoRG",
});
import pulumi
import pulumi_azure_native as azure_native
cloud_service = azure_native.compute.CloudService("cloudService",
cloud_service_name="{cs-name}",
location="westus",
properties={
"configuration": "{ServiceConfiguration}",
"network_profile": {
"load_balancer_configurations": [{
"name": "myLoadBalancer",
"properties": {
"frontend_ip_configurations": [{
"name": "myfe",
"properties": {
"public_ip_address": {
"id": "/subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.Network/publicIPAddresses/myPublicIP",
},
},
}],
},
}],
},
"package_url": "{PackageUrl}",
"role_profile": {
"roles": [{
"name": "ContosoFrontend",
"sku": {
"capacity": 1,
"name": "Standard_D1_v2",
"tier": "Standard",
},
}],
},
"upgrade_mode": azure_native.compute.CloudServiceUpgradeMode.AUTO,
},
resource_group_name="ConstosoRG")
package main
import (
compute "github.com/pulumi/pulumi-azure-native-sdk/compute/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewCloudService(ctx, "cloudService", &compute.CloudServiceArgs{
CloudServiceName: pulumi.String("{cs-name}"),
Location: pulumi.String("westus"),
Properties: &compute.CloudServicePropertiesArgs{
Configuration: pulumi.String("{ServiceConfiguration}"),
NetworkProfile: &compute.CloudServiceNetworkProfileArgs{
LoadBalancerConfigurations: compute.LoadBalancerConfigurationArray{
&compute.LoadBalancerConfigurationArgs{
Name: pulumi.String("myLoadBalancer"),
Properties: &compute.LoadBalancerConfigurationPropertiesArgs{
FrontendIpConfigurations: compute.LoadBalancerFrontendIpConfigurationArray{
&compute.LoadBalancerFrontendIpConfigurationArgs{
Name: pulumi.String("myfe"),
Properties: &compute.LoadBalancerFrontendIpConfigurationPropertiesArgs{
PublicIPAddress: &compute.SubResourceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.Network/publicIPAddresses/myPublicIP"),
},
},
},
},
},
},
},
},
PackageUrl: pulumi.String("{PackageUrl}"),
RoleProfile: &compute.CloudServiceRoleProfileArgs{
Roles: compute.CloudServiceRoleProfilePropertiesArray{
&compute.CloudServiceRoleProfilePropertiesArgs{
Name: pulumi.String("ContosoFrontend"),
Sku: &compute.CloudServiceRoleSkuArgs{
Capacity: pulumi.Float64(1),
Name: pulumi.String("Standard_D1_v2"),
Tier: pulumi.String("Standard"),
},
},
},
},
UpgradeMode: pulumi.String(compute.CloudServiceUpgradeModeAuto),
},
ResourceGroupName: pulumi.String("ConstosoRG"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var cloudService = new AzureNative.Compute.CloudService("cloudService", new()
{
CloudServiceName = "{cs-name}",
Location = "westus",
Properties = new AzureNative.Compute.Inputs.CloudServicePropertiesArgs
{
Configuration = "{ServiceConfiguration}",
NetworkProfile = new AzureNative.Compute.Inputs.CloudServiceNetworkProfileArgs
{
LoadBalancerConfigurations = new[]
{
new AzureNative.Compute.Inputs.LoadBalancerConfigurationArgs
{
Name = "myLoadBalancer",
Properties = new AzureNative.Compute.Inputs.LoadBalancerConfigurationPropertiesArgs
{
FrontendIpConfigurations = new[]
{
new AzureNative.Compute.Inputs.LoadBalancerFrontendIpConfigurationArgs
{
Name = "myfe",
Properties = new AzureNative.Compute.Inputs.LoadBalancerFrontendIpConfigurationPropertiesArgs
{
PublicIPAddress = new AzureNative.Compute.Inputs.SubResourceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.Network/publicIPAddresses/myPublicIP",
},
},
},
},
},
},
},
},
PackageUrl = "{PackageUrl}",
RoleProfile = new AzureNative.Compute.Inputs.CloudServiceRoleProfileArgs
{
Roles = new[]
{
new AzureNative.Compute.Inputs.CloudServiceRoleProfilePropertiesArgs
{
Name = "ContosoFrontend",
Sku = new AzureNative.Compute.Inputs.CloudServiceRoleSkuArgs
{
Capacity = 1,
Name = "Standard_D1_v2",
Tier = "Standard",
},
},
},
},
UpgradeMode = AzureNative.Compute.CloudServiceUpgradeMode.Auto,
},
ResourceGroupName = "ConstosoRG",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.CloudService;
import com.pulumi.azurenative.compute.CloudServiceArgs;
import com.pulumi.azurenative.compute.inputs.CloudServicePropertiesArgs;
import com.pulumi.azurenative.compute.inputs.CloudServiceNetworkProfileArgs;
import com.pulumi.azurenative.compute.inputs.CloudServiceRoleProfileArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var cloudService = new CloudService("cloudService", CloudServiceArgs.builder()
.cloudServiceName("{cs-name}")
.location("westus")
.properties(CloudServicePropertiesArgs.builder()
.configuration("{ServiceConfiguration}")
.networkProfile(CloudServiceNetworkProfileArgs.builder()
.loadBalancerConfigurations(LoadBalancerConfigurationArgs.builder()
.name("myLoadBalancer")
.properties(LoadBalancerConfigurationPropertiesArgs.builder()
.frontendIpConfigurations(LoadBalancerFrontendIpConfigurationArgs.builder()
.name("myfe")
.properties(LoadBalancerFrontendIpConfigurationPropertiesArgs.builder()
.publicIPAddress(SubResourceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.Network/publicIPAddresses/myPublicIP")
.build())
.build())
.build())
.build())
.build())
.build())
.packageUrl("{PackageUrl}")
.roleProfile(CloudServiceRoleProfileArgs.builder()
.roles(CloudServiceRoleProfilePropertiesArgs.builder()
.name("ContosoFrontend")
.sku(CloudServiceRoleSkuArgs.builder()
.capacity(1.0)
.name("Standard_D1_v2")
.tier("Standard")
.build())
.build())
.build())
.upgradeMode("Auto")
.build())
.resourceGroupName("ConstosoRG")
.build());
}
}
resources:
cloudService:
type: azure-native:compute:CloudService
properties:
cloudServiceName: '{cs-name}'
location: westus
properties:
configuration: '{ServiceConfiguration}'
networkProfile:
loadBalancerConfigurations:
- name: myLoadBalancer
properties:
frontendIpConfigurations:
- name: myfe
properties:
publicIPAddress:
id: /subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.Network/publicIPAddresses/myPublicIP
packageUrl: '{PackageUrl}'
roleProfile:
roles:
- name: ContosoFrontend
sku:
capacity: 1
name: Standard_D1_v2
tier: Standard
upgradeMode: Auto
resourceGroupName: ConstosoRG
The configuration property points to your .cscfg XML file, while packageUrl references the .cspkg application package in Azure Storage. The roleProfile defines the role name, VM size (sku), and instance count (capacity). The networkProfile creates a load balancer with a public IP frontend. The upgradeMode controls how Azure applies updates to role instances.
Scale with multiple roles in one service
Applications with distinct tiers can deploy multiple roles within a single cloud service, each with independent scaling.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const cloudService = new azure_native.compute.CloudService("cloudService", {
cloudServiceName: "{cs-name}",
location: "westus",
properties: {
configuration: "{ServiceConfiguration}",
networkProfile: {
loadBalancerConfigurations: [{
name: "contosolb",
properties: {
frontendIpConfigurations: [{
name: "contosofe",
properties: {
publicIPAddress: {
id: "/subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.Network/publicIPAddresses/contosopublicip",
},
},
}],
},
}],
},
packageUrl: "{PackageUrl}",
roleProfile: {
roles: [
{
name: "ContosoFrontend",
sku: {
capacity: 1,
name: "Standard_D1_v2",
tier: "Standard",
},
},
{
name: "ContosoBackend",
sku: {
capacity: 1,
name: "Standard_D1_v2",
tier: "Standard",
},
},
],
},
upgradeMode: azure_native.compute.CloudServiceUpgradeMode.Auto,
},
resourceGroupName: "ConstosoRG",
});
import pulumi
import pulumi_azure_native as azure_native
cloud_service = azure_native.compute.CloudService("cloudService",
cloud_service_name="{cs-name}",
location="westus",
properties={
"configuration": "{ServiceConfiguration}",
"network_profile": {
"load_balancer_configurations": [{
"name": "contosolb",
"properties": {
"frontend_ip_configurations": [{
"name": "contosofe",
"properties": {
"public_ip_address": {
"id": "/subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.Network/publicIPAddresses/contosopublicip",
},
},
}],
},
}],
},
"package_url": "{PackageUrl}",
"role_profile": {
"roles": [
{
"name": "ContosoFrontend",
"sku": {
"capacity": 1,
"name": "Standard_D1_v2",
"tier": "Standard",
},
},
{
"name": "ContosoBackend",
"sku": {
"capacity": 1,
"name": "Standard_D1_v2",
"tier": "Standard",
},
},
],
},
"upgrade_mode": azure_native.compute.CloudServiceUpgradeMode.AUTO,
},
resource_group_name="ConstosoRG")
package main
import (
compute "github.com/pulumi/pulumi-azure-native-sdk/compute/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewCloudService(ctx, "cloudService", &compute.CloudServiceArgs{
CloudServiceName: pulumi.String("{cs-name}"),
Location: pulumi.String("westus"),
Properties: &compute.CloudServicePropertiesArgs{
Configuration: pulumi.String("{ServiceConfiguration}"),
NetworkProfile: &compute.CloudServiceNetworkProfileArgs{
LoadBalancerConfigurations: compute.LoadBalancerConfigurationArray{
&compute.LoadBalancerConfigurationArgs{
Name: pulumi.String("contosolb"),
Properties: &compute.LoadBalancerConfigurationPropertiesArgs{
FrontendIpConfigurations: compute.LoadBalancerFrontendIpConfigurationArray{
&compute.LoadBalancerFrontendIpConfigurationArgs{
Name: pulumi.String("contosofe"),
Properties: &compute.LoadBalancerFrontendIpConfigurationPropertiesArgs{
PublicIPAddress: &compute.SubResourceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.Network/publicIPAddresses/contosopublicip"),
},
},
},
},
},
},
},
},
PackageUrl: pulumi.String("{PackageUrl}"),
RoleProfile: &compute.CloudServiceRoleProfileArgs{
Roles: compute.CloudServiceRoleProfilePropertiesArray{
&compute.CloudServiceRoleProfilePropertiesArgs{
Name: pulumi.String("ContosoFrontend"),
Sku: &compute.CloudServiceRoleSkuArgs{
Capacity: pulumi.Float64(1),
Name: pulumi.String("Standard_D1_v2"),
Tier: pulumi.String("Standard"),
},
},
&compute.CloudServiceRoleProfilePropertiesArgs{
Name: pulumi.String("ContosoBackend"),
Sku: &compute.CloudServiceRoleSkuArgs{
Capacity: pulumi.Float64(1),
Name: pulumi.String("Standard_D1_v2"),
Tier: pulumi.String("Standard"),
},
},
},
},
UpgradeMode: pulumi.String(compute.CloudServiceUpgradeModeAuto),
},
ResourceGroupName: pulumi.String("ConstosoRG"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var cloudService = new AzureNative.Compute.CloudService("cloudService", new()
{
CloudServiceName = "{cs-name}",
Location = "westus",
Properties = new AzureNative.Compute.Inputs.CloudServicePropertiesArgs
{
Configuration = "{ServiceConfiguration}",
NetworkProfile = new AzureNative.Compute.Inputs.CloudServiceNetworkProfileArgs
{
LoadBalancerConfigurations = new[]
{
new AzureNative.Compute.Inputs.LoadBalancerConfigurationArgs
{
Name = "contosolb",
Properties = new AzureNative.Compute.Inputs.LoadBalancerConfigurationPropertiesArgs
{
FrontendIpConfigurations = new[]
{
new AzureNative.Compute.Inputs.LoadBalancerFrontendIpConfigurationArgs
{
Name = "contosofe",
Properties = new AzureNative.Compute.Inputs.LoadBalancerFrontendIpConfigurationPropertiesArgs
{
PublicIPAddress = new AzureNative.Compute.Inputs.SubResourceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.Network/publicIPAddresses/contosopublicip",
},
},
},
},
},
},
},
},
PackageUrl = "{PackageUrl}",
RoleProfile = new AzureNative.Compute.Inputs.CloudServiceRoleProfileArgs
{
Roles = new[]
{
new AzureNative.Compute.Inputs.CloudServiceRoleProfilePropertiesArgs
{
Name = "ContosoFrontend",
Sku = new AzureNative.Compute.Inputs.CloudServiceRoleSkuArgs
{
Capacity = 1,
Name = "Standard_D1_v2",
Tier = "Standard",
},
},
new AzureNative.Compute.Inputs.CloudServiceRoleProfilePropertiesArgs
{
Name = "ContosoBackend",
Sku = new AzureNative.Compute.Inputs.CloudServiceRoleSkuArgs
{
Capacity = 1,
Name = "Standard_D1_v2",
Tier = "Standard",
},
},
},
},
UpgradeMode = AzureNative.Compute.CloudServiceUpgradeMode.Auto,
},
ResourceGroupName = "ConstosoRG",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.CloudService;
import com.pulumi.azurenative.compute.CloudServiceArgs;
import com.pulumi.azurenative.compute.inputs.CloudServicePropertiesArgs;
import com.pulumi.azurenative.compute.inputs.CloudServiceNetworkProfileArgs;
import com.pulumi.azurenative.compute.inputs.CloudServiceRoleProfileArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var cloudService = new CloudService("cloudService", CloudServiceArgs.builder()
.cloudServiceName("{cs-name}")
.location("westus")
.properties(CloudServicePropertiesArgs.builder()
.configuration("{ServiceConfiguration}")
.networkProfile(CloudServiceNetworkProfileArgs.builder()
.loadBalancerConfigurations(LoadBalancerConfigurationArgs.builder()
.name("contosolb")
.properties(LoadBalancerConfigurationPropertiesArgs.builder()
.frontendIpConfigurations(LoadBalancerFrontendIpConfigurationArgs.builder()
.name("contosofe")
.properties(LoadBalancerFrontendIpConfigurationPropertiesArgs.builder()
.publicIPAddress(SubResourceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.Network/publicIPAddresses/contosopublicip")
.build())
.build())
.build())
.build())
.build())
.build())
.packageUrl("{PackageUrl}")
.roleProfile(CloudServiceRoleProfileArgs.builder()
.roles(
CloudServiceRoleProfilePropertiesArgs.builder()
.name("ContosoFrontend")
.sku(CloudServiceRoleSkuArgs.builder()
.capacity(1.0)
.name("Standard_D1_v2")
.tier("Standard")
.build())
.build(),
CloudServiceRoleProfilePropertiesArgs.builder()
.name("ContosoBackend")
.sku(CloudServiceRoleSkuArgs.builder()
.capacity(1.0)
.name("Standard_D1_v2")
.tier("Standard")
.build())
.build())
.build())
.upgradeMode("Auto")
.build())
.resourceGroupName("ConstosoRG")
.build());
}
}
resources:
cloudService:
type: azure-native:compute:CloudService
properties:
cloudServiceName: '{cs-name}'
location: westus
properties:
configuration: '{ServiceConfiguration}'
networkProfile:
loadBalancerConfigurations:
- name: contosolb
properties:
frontendIpConfigurations:
- name: contosofe
properties:
publicIPAddress:
id: /subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.Network/publicIPAddresses/contosopublicip
packageUrl: '{PackageUrl}'
roleProfile:
roles:
- name: ContosoFrontend
sku:
capacity: 1
name: Standard_D1_v2
tier: Standard
- name: ContosoBackend
sku:
capacity: 1
name: Standard_D1_v2
tier: Standard
upgradeMode: Auto
resourceGroupName: ConstosoRG
The roleProfile accepts an array of role definitions, each with its own name, sku, and capacity. Here, ContosoFrontend and ContosoBackend run as separate roles with independent instance counts. Both roles share the same load balancer configuration but can scale independently based on demand.
Pin deployment to an availability zone
For latency-sensitive workloads or compliance requirements, cloud services can be constrained to a specific availability zone.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const cloudService = new azure_native.compute.CloudService("cloudService", {
cloudServiceName: "{cs-name}",
location: "westus",
properties: {
configuration: "{ServiceConfiguration}",
networkProfile: {
loadBalancerConfigurations: [{
name: "contosolb",
properties: {
frontendIpConfigurations: [{
name: "contosofe",
properties: {
publicIPAddress: {
id: "/subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.Network/publicIPAddresses/contosopublicip",
},
},
}],
},
}],
},
packageUrl: "{PackageUrl}",
roleProfile: {
roles: [
{
name: "ContosoFrontend",
sku: {
capacity: 1,
name: "Standard_D1_v2",
tier: "Standard",
},
},
{
name: "ContosoBackend",
sku: {
capacity: 1,
name: "Standard_D1_v2",
tier: "Standard",
},
},
],
},
upgradeMode: azure_native.compute.CloudServiceUpgradeMode.Auto,
},
resourceGroupName: "ConstosoRG",
zones: ["1"],
});
import pulumi
import pulumi_azure_native as azure_native
cloud_service = azure_native.compute.CloudService("cloudService",
cloud_service_name="{cs-name}",
location="westus",
properties={
"configuration": "{ServiceConfiguration}",
"network_profile": {
"load_balancer_configurations": [{
"name": "contosolb",
"properties": {
"frontend_ip_configurations": [{
"name": "contosofe",
"properties": {
"public_ip_address": {
"id": "/subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.Network/publicIPAddresses/contosopublicip",
},
},
}],
},
}],
},
"package_url": "{PackageUrl}",
"role_profile": {
"roles": [
{
"name": "ContosoFrontend",
"sku": {
"capacity": 1,
"name": "Standard_D1_v2",
"tier": "Standard",
},
},
{
"name": "ContosoBackend",
"sku": {
"capacity": 1,
"name": "Standard_D1_v2",
"tier": "Standard",
},
},
],
},
"upgrade_mode": azure_native.compute.CloudServiceUpgradeMode.AUTO,
},
resource_group_name="ConstosoRG",
zones=["1"])
package main
import (
compute "github.com/pulumi/pulumi-azure-native-sdk/compute/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewCloudService(ctx, "cloudService", &compute.CloudServiceArgs{
CloudServiceName: pulumi.String("{cs-name}"),
Location: pulumi.String("westus"),
Properties: &compute.CloudServicePropertiesArgs{
Configuration: pulumi.String("{ServiceConfiguration}"),
NetworkProfile: &compute.CloudServiceNetworkProfileArgs{
LoadBalancerConfigurations: compute.LoadBalancerConfigurationArray{
&compute.LoadBalancerConfigurationArgs{
Name: pulumi.String("contosolb"),
Properties: &compute.LoadBalancerConfigurationPropertiesArgs{
FrontendIpConfigurations: compute.LoadBalancerFrontendIpConfigurationArray{
&compute.LoadBalancerFrontendIpConfigurationArgs{
Name: pulumi.String("contosofe"),
Properties: &compute.LoadBalancerFrontendIpConfigurationPropertiesArgs{
PublicIPAddress: &compute.SubResourceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.Network/publicIPAddresses/contosopublicip"),
},
},
},
},
},
},
},
},
PackageUrl: pulumi.String("{PackageUrl}"),
RoleProfile: &compute.CloudServiceRoleProfileArgs{
Roles: compute.CloudServiceRoleProfilePropertiesArray{
&compute.CloudServiceRoleProfilePropertiesArgs{
Name: pulumi.String("ContosoFrontend"),
Sku: &compute.CloudServiceRoleSkuArgs{
Capacity: pulumi.Float64(1),
Name: pulumi.String("Standard_D1_v2"),
Tier: pulumi.String("Standard"),
},
},
&compute.CloudServiceRoleProfilePropertiesArgs{
Name: pulumi.String("ContosoBackend"),
Sku: &compute.CloudServiceRoleSkuArgs{
Capacity: pulumi.Float64(1),
Name: pulumi.String("Standard_D1_v2"),
Tier: pulumi.String("Standard"),
},
},
},
},
UpgradeMode: pulumi.String(compute.CloudServiceUpgradeModeAuto),
},
ResourceGroupName: pulumi.String("ConstosoRG"),
Zones: pulumi.StringArray{
pulumi.String("1"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var cloudService = new AzureNative.Compute.CloudService("cloudService", new()
{
CloudServiceName = "{cs-name}",
Location = "westus",
Properties = new AzureNative.Compute.Inputs.CloudServicePropertiesArgs
{
Configuration = "{ServiceConfiguration}",
NetworkProfile = new AzureNative.Compute.Inputs.CloudServiceNetworkProfileArgs
{
LoadBalancerConfigurations = new[]
{
new AzureNative.Compute.Inputs.LoadBalancerConfigurationArgs
{
Name = "contosolb",
Properties = new AzureNative.Compute.Inputs.LoadBalancerConfigurationPropertiesArgs
{
FrontendIpConfigurations = new[]
{
new AzureNative.Compute.Inputs.LoadBalancerFrontendIpConfigurationArgs
{
Name = "contosofe",
Properties = new AzureNative.Compute.Inputs.LoadBalancerFrontendIpConfigurationPropertiesArgs
{
PublicIPAddress = new AzureNative.Compute.Inputs.SubResourceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.Network/publicIPAddresses/contosopublicip",
},
},
},
},
},
},
},
},
PackageUrl = "{PackageUrl}",
RoleProfile = new AzureNative.Compute.Inputs.CloudServiceRoleProfileArgs
{
Roles = new[]
{
new AzureNative.Compute.Inputs.CloudServiceRoleProfilePropertiesArgs
{
Name = "ContosoFrontend",
Sku = new AzureNative.Compute.Inputs.CloudServiceRoleSkuArgs
{
Capacity = 1,
Name = "Standard_D1_v2",
Tier = "Standard",
},
},
new AzureNative.Compute.Inputs.CloudServiceRoleProfilePropertiesArgs
{
Name = "ContosoBackend",
Sku = new AzureNative.Compute.Inputs.CloudServiceRoleSkuArgs
{
Capacity = 1,
Name = "Standard_D1_v2",
Tier = "Standard",
},
},
},
},
UpgradeMode = AzureNative.Compute.CloudServiceUpgradeMode.Auto,
},
ResourceGroupName = "ConstosoRG",
Zones = new[]
{
"1",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.CloudService;
import com.pulumi.azurenative.compute.CloudServiceArgs;
import com.pulumi.azurenative.compute.inputs.CloudServicePropertiesArgs;
import com.pulumi.azurenative.compute.inputs.CloudServiceNetworkProfileArgs;
import com.pulumi.azurenative.compute.inputs.CloudServiceRoleProfileArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var cloudService = new CloudService("cloudService", CloudServiceArgs.builder()
.cloudServiceName("{cs-name}")
.location("westus")
.properties(CloudServicePropertiesArgs.builder()
.configuration("{ServiceConfiguration}")
.networkProfile(CloudServiceNetworkProfileArgs.builder()
.loadBalancerConfigurations(LoadBalancerConfigurationArgs.builder()
.name("contosolb")
.properties(LoadBalancerConfigurationPropertiesArgs.builder()
.frontendIpConfigurations(LoadBalancerFrontendIpConfigurationArgs.builder()
.name("contosofe")
.properties(LoadBalancerFrontendIpConfigurationPropertiesArgs.builder()
.publicIPAddress(SubResourceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.Network/publicIPAddresses/contosopublicip")
.build())
.build())
.build())
.build())
.build())
.build())
.packageUrl("{PackageUrl}")
.roleProfile(CloudServiceRoleProfileArgs.builder()
.roles(
CloudServiceRoleProfilePropertiesArgs.builder()
.name("ContosoFrontend")
.sku(CloudServiceRoleSkuArgs.builder()
.capacity(1.0)
.name("Standard_D1_v2")
.tier("Standard")
.build())
.build(),
CloudServiceRoleProfilePropertiesArgs.builder()
.name("ContosoBackend")
.sku(CloudServiceRoleSkuArgs.builder()
.capacity(1.0)
.name("Standard_D1_v2")
.tier("Standard")
.build())
.build())
.build())
.upgradeMode("Auto")
.build())
.resourceGroupName("ConstosoRG")
.zones("1")
.build());
}
}
resources:
cloudService:
type: azure-native:compute:CloudService
properties:
cloudServiceName: '{cs-name}'
location: westus
properties:
configuration: '{ServiceConfiguration}'
networkProfile:
loadBalancerConfigurations:
- name: contosolb
properties:
frontendIpConfigurations:
- name: contosofe
properties:
publicIPAddress:
id: /subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.Network/publicIPAddresses/contosopublicip
packageUrl: '{PackageUrl}'
roleProfile:
roles:
- name: ContosoFrontend
sku:
capacity: 1
name: Standard_D1_v2
tier: Standard
- name: ContosoBackend
sku:
capacity: 1
name: Standard_D1_v2
tier: Standard
upgradeMode: Auto
resourceGroupName: ConstosoRG
zones:
- '1'
The zones property accepts an array with a single zone identifier (e.g., “1”, “2”, or “3”). This pins all role instances to that zone within the region. The region must support availability zones, and the zone choice affects network latency to other resources.
Attach certificates from Key Vault
Applications requiring TLS/SSL certificates can reference secrets stored in Azure Key Vault, avoiding embedded credentials.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const cloudService = new azure_native.compute.CloudService("cloudService", {
cloudServiceName: "{cs-name}",
location: "westus",
properties: {
configuration: "{ServiceConfiguration}",
networkProfile: {
loadBalancerConfigurations: [{
name: "contosolb",
properties: {
frontendIpConfigurations: [{
name: "contosofe",
properties: {
publicIPAddress: {
id: "/subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.Network/publicIPAddresses/contosopublicip",
},
},
}],
},
}],
},
osProfile: {
secrets: [{
sourceVault: {
id: "/subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.KeyVault/vaults/{keyvault-name}",
},
vaultCertificates: [{
certificateUrl: "https://{keyvault-name}.vault.azure.net:443/secrets/ContosoCertificate/{secret-id}",
}],
}],
},
packageUrl: "{PackageUrl}",
roleProfile: {
roles: [{
name: "ContosoFrontend",
sku: {
capacity: 1,
name: "Standard_D1_v2",
tier: "Standard",
},
}],
},
upgradeMode: azure_native.compute.CloudServiceUpgradeMode.Auto,
},
resourceGroupName: "ConstosoRG",
});
import pulumi
import pulumi_azure_native as azure_native
cloud_service = azure_native.compute.CloudService("cloudService",
cloud_service_name="{cs-name}",
location="westus",
properties={
"configuration": "{ServiceConfiguration}",
"network_profile": {
"load_balancer_configurations": [{
"name": "contosolb",
"properties": {
"frontend_ip_configurations": [{
"name": "contosofe",
"properties": {
"public_ip_address": {
"id": "/subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.Network/publicIPAddresses/contosopublicip",
},
},
}],
},
}],
},
"os_profile": {
"secrets": [{
"source_vault": {
"id": "/subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.KeyVault/vaults/{keyvault-name}",
},
"vault_certificates": [{
"certificate_url": "https://{keyvault-name}.vault.azure.net:443/secrets/ContosoCertificate/{secret-id}",
}],
}],
},
"package_url": "{PackageUrl}",
"role_profile": {
"roles": [{
"name": "ContosoFrontend",
"sku": {
"capacity": 1,
"name": "Standard_D1_v2",
"tier": "Standard",
},
}],
},
"upgrade_mode": azure_native.compute.CloudServiceUpgradeMode.AUTO,
},
resource_group_name="ConstosoRG")
package main
import (
compute "github.com/pulumi/pulumi-azure-native-sdk/compute/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewCloudService(ctx, "cloudService", &compute.CloudServiceArgs{
CloudServiceName: pulumi.String("{cs-name}"),
Location: pulumi.String("westus"),
Properties: &compute.CloudServicePropertiesArgs{
Configuration: pulumi.String("{ServiceConfiguration}"),
NetworkProfile: &compute.CloudServiceNetworkProfileArgs{
LoadBalancerConfigurations: compute.LoadBalancerConfigurationArray{
&compute.LoadBalancerConfigurationArgs{
Name: pulumi.String("contosolb"),
Properties: &compute.LoadBalancerConfigurationPropertiesArgs{
FrontendIpConfigurations: compute.LoadBalancerFrontendIpConfigurationArray{
&compute.LoadBalancerFrontendIpConfigurationArgs{
Name: pulumi.String("contosofe"),
Properties: &compute.LoadBalancerFrontendIpConfigurationPropertiesArgs{
PublicIPAddress: &compute.SubResourceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.Network/publicIPAddresses/contosopublicip"),
},
},
},
},
},
},
},
},
OsProfile: &compute.CloudServiceOsProfileArgs{
Secrets: compute.CloudServiceVaultSecretGroupArray{
&compute.CloudServiceVaultSecretGroupArgs{
SourceVault: &compute.SubResourceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.KeyVault/vaults/{keyvault-name}"),
},
VaultCertificates: compute.CloudServiceVaultCertificateArray{
&compute.CloudServiceVaultCertificateArgs{
CertificateUrl: pulumi.String("https://{keyvault-name}.vault.azure.net:443/secrets/ContosoCertificate/{secret-id}"),
},
},
},
},
},
PackageUrl: pulumi.String("{PackageUrl}"),
RoleProfile: &compute.CloudServiceRoleProfileArgs{
Roles: compute.CloudServiceRoleProfilePropertiesArray{
&compute.CloudServiceRoleProfilePropertiesArgs{
Name: pulumi.String("ContosoFrontend"),
Sku: &compute.CloudServiceRoleSkuArgs{
Capacity: pulumi.Float64(1),
Name: pulumi.String("Standard_D1_v2"),
Tier: pulumi.String("Standard"),
},
},
},
},
UpgradeMode: pulumi.String(compute.CloudServiceUpgradeModeAuto),
},
ResourceGroupName: pulumi.String("ConstosoRG"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var cloudService = new AzureNative.Compute.CloudService("cloudService", new()
{
CloudServiceName = "{cs-name}",
Location = "westus",
Properties = new AzureNative.Compute.Inputs.CloudServicePropertiesArgs
{
Configuration = "{ServiceConfiguration}",
NetworkProfile = new AzureNative.Compute.Inputs.CloudServiceNetworkProfileArgs
{
LoadBalancerConfigurations = new[]
{
new AzureNative.Compute.Inputs.LoadBalancerConfigurationArgs
{
Name = "contosolb",
Properties = new AzureNative.Compute.Inputs.LoadBalancerConfigurationPropertiesArgs
{
FrontendIpConfigurations = new[]
{
new AzureNative.Compute.Inputs.LoadBalancerFrontendIpConfigurationArgs
{
Name = "contosofe",
Properties = new AzureNative.Compute.Inputs.LoadBalancerFrontendIpConfigurationPropertiesArgs
{
PublicIPAddress = new AzureNative.Compute.Inputs.SubResourceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.Network/publicIPAddresses/contosopublicip",
},
},
},
},
},
},
},
},
OsProfile = new AzureNative.Compute.Inputs.CloudServiceOsProfileArgs
{
Secrets = new[]
{
new AzureNative.Compute.Inputs.CloudServiceVaultSecretGroupArgs
{
SourceVault = new AzureNative.Compute.Inputs.SubResourceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.KeyVault/vaults/{keyvault-name}",
},
VaultCertificates = new[]
{
new AzureNative.Compute.Inputs.CloudServiceVaultCertificateArgs
{
CertificateUrl = "https://{keyvault-name}.vault.azure.net:443/secrets/ContosoCertificate/{secret-id}",
},
},
},
},
},
PackageUrl = "{PackageUrl}",
RoleProfile = new AzureNative.Compute.Inputs.CloudServiceRoleProfileArgs
{
Roles = new[]
{
new AzureNative.Compute.Inputs.CloudServiceRoleProfilePropertiesArgs
{
Name = "ContosoFrontend",
Sku = new AzureNative.Compute.Inputs.CloudServiceRoleSkuArgs
{
Capacity = 1,
Name = "Standard_D1_v2",
Tier = "Standard",
},
},
},
},
UpgradeMode = AzureNative.Compute.CloudServiceUpgradeMode.Auto,
},
ResourceGroupName = "ConstosoRG",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.CloudService;
import com.pulumi.azurenative.compute.CloudServiceArgs;
import com.pulumi.azurenative.compute.inputs.CloudServicePropertiesArgs;
import com.pulumi.azurenative.compute.inputs.CloudServiceNetworkProfileArgs;
import com.pulumi.azurenative.compute.inputs.CloudServiceOsProfileArgs;
import com.pulumi.azurenative.compute.inputs.CloudServiceRoleProfileArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var cloudService = new CloudService("cloudService", CloudServiceArgs.builder()
.cloudServiceName("{cs-name}")
.location("westus")
.properties(CloudServicePropertiesArgs.builder()
.configuration("{ServiceConfiguration}")
.networkProfile(CloudServiceNetworkProfileArgs.builder()
.loadBalancerConfigurations(LoadBalancerConfigurationArgs.builder()
.name("contosolb")
.properties(LoadBalancerConfigurationPropertiesArgs.builder()
.frontendIpConfigurations(LoadBalancerFrontendIpConfigurationArgs.builder()
.name("contosofe")
.properties(LoadBalancerFrontendIpConfigurationPropertiesArgs.builder()
.publicIPAddress(SubResourceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.Network/publicIPAddresses/contosopublicip")
.build())
.build())
.build())
.build())
.build())
.build())
.osProfile(CloudServiceOsProfileArgs.builder()
.secrets(CloudServiceVaultSecretGroupArgs.builder()
.sourceVault(SubResourceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.KeyVault/vaults/{keyvault-name}")
.build())
.vaultCertificates(CloudServiceVaultCertificateArgs.builder()
.certificateUrl("https://{keyvault-name}.vault.azure.net:443/secrets/ContosoCertificate/{secret-id}")
.build())
.build())
.build())
.packageUrl("{PackageUrl}")
.roleProfile(CloudServiceRoleProfileArgs.builder()
.roles(CloudServiceRoleProfilePropertiesArgs.builder()
.name("ContosoFrontend")
.sku(CloudServiceRoleSkuArgs.builder()
.capacity(1.0)
.name("Standard_D1_v2")
.tier("Standard")
.build())
.build())
.build())
.upgradeMode("Auto")
.build())
.resourceGroupName("ConstosoRG")
.build());
}
}
resources:
cloudService:
type: azure-native:compute:CloudService
properties:
cloudServiceName: '{cs-name}'
location: westus
properties:
configuration: '{ServiceConfiguration}'
networkProfile:
loadBalancerConfigurations:
- name: contosolb
properties:
frontendIpConfigurations:
- name: contosofe
properties:
publicIPAddress:
id: /subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.Network/publicIPAddresses/contosopublicip
osProfile:
secrets:
- sourceVault:
id: /subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.KeyVault/vaults/{keyvault-name}
vaultCertificates:
- certificateUrl: https://{keyvault-name}.vault.azure.net:443/secrets/ContosoCertificate/{secret-id}
packageUrl: '{PackageUrl}'
roleProfile:
roles:
- name: ContosoFrontend
sku:
capacity: 1
name: Standard_D1_v2
tier: Standard
upgradeMode: Auto
resourceGroupName: ConstosoRG
The osProfile.secrets array references a Key Vault (sourceVault) and specific certificate URLs (vaultCertificates). The cloud service managed identity must have Get Secrets permission on the vault. Certificates become available to role instances at runtime for HTTPS endpoints or other secure connections.
Enable remote desktop with extensions
For troubleshooting, the RDP extension configures remote desktop access to role instances.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const cloudService = new azure_native.compute.CloudService("cloudService", {
cloudServiceName: "{cs-name}",
location: "westus",
properties: {
configuration: "{ServiceConfiguration}",
extensionProfile: {
extensions: [{
name: "RDPExtension",
properties: {
autoUpgradeMinorVersion: false,
protectedSettings: "<PrivateConfig><Password>{password}</Password></PrivateConfig>",
publisher: "Microsoft.Windows.Azure.Extensions",
settings: "<PublicConfig><UserName>UserAzure</UserName><Expiration>10/22/2021 15:05:45</Expiration></PublicConfig>",
type: "RDP",
typeHandlerVersion: "1.2",
},
}],
},
networkProfile: {
loadBalancerConfigurations: [{
name: "contosolb",
properties: {
frontendIpConfigurations: [{
name: "contosofe",
properties: {
publicIPAddress: {
id: "/subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.Network/publicIPAddresses/contosopublicip",
},
},
}],
},
}],
},
packageUrl: "{PackageUrl}",
roleProfile: {
roles: [{
name: "ContosoFrontend",
sku: {
capacity: 1,
name: "Standard_D1_v2",
tier: "Standard",
},
}],
},
upgradeMode: azure_native.compute.CloudServiceUpgradeMode.Auto,
},
resourceGroupName: "ConstosoRG",
});
import pulumi
import pulumi_azure_native as azure_native
cloud_service = azure_native.compute.CloudService("cloudService",
cloud_service_name="{cs-name}",
location="westus",
properties={
"configuration": "{ServiceConfiguration}",
"extension_profile": {
"extensions": [{
"name": "RDPExtension",
"properties": {
"auto_upgrade_minor_version": False,
"protected_settings": "<PrivateConfig><Password>{password}</Password></PrivateConfig>",
"publisher": "Microsoft.Windows.Azure.Extensions",
"settings": "<PublicConfig><UserName>UserAzure</UserName><Expiration>10/22/2021 15:05:45</Expiration></PublicConfig>",
"type": "RDP",
"type_handler_version": "1.2",
},
}],
},
"network_profile": {
"load_balancer_configurations": [{
"name": "contosolb",
"properties": {
"frontend_ip_configurations": [{
"name": "contosofe",
"properties": {
"public_ip_address": {
"id": "/subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.Network/publicIPAddresses/contosopublicip",
},
},
}],
},
}],
},
"package_url": "{PackageUrl}",
"role_profile": {
"roles": [{
"name": "ContosoFrontend",
"sku": {
"capacity": 1,
"name": "Standard_D1_v2",
"tier": "Standard",
},
}],
},
"upgrade_mode": azure_native.compute.CloudServiceUpgradeMode.AUTO,
},
resource_group_name="ConstosoRG")
package main
import (
compute "github.com/pulumi/pulumi-azure-native-sdk/compute/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewCloudService(ctx, "cloudService", &compute.CloudServiceArgs{
CloudServiceName: pulumi.String("{cs-name}"),
Location: pulumi.String("westus"),
Properties: &compute.CloudServicePropertiesArgs{
Configuration: pulumi.String("{ServiceConfiguration}"),
ExtensionProfile: &compute.CloudServiceExtensionProfileArgs{
Extensions: compute.ExtensionArray{
&compute.ExtensionArgs{
Name: pulumi.String("RDPExtension"),
Properties: &compute.CloudServiceExtensionPropertiesArgs{
AutoUpgradeMinorVersion: pulumi.Bool(false),
ProtectedSettings: pulumi.Any("<PrivateConfig><Password>{password}</Password></PrivateConfig>"),
Publisher: pulumi.String("Microsoft.Windows.Azure.Extensions"),
Settings: pulumi.Any("<PublicConfig><UserName>UserAzure</UserName><Expiration>10/22/2021 15:05:45</Expiration></PublicConfig>"),
Type: pulumi.String("RDP"),
TypeHandlerVersion: pulumi.String("1.2"),
},
},
},
},
NetworkProfile: &compute.CloudServiceNetworkProfileArgs{
LoadBalancerConfigurations: compute.LoadBalancerConfigurationArray{
&compute.LoadBalancerConfigurationArgs{
Name: pulumi.String("contosolb"),
Properties: &compute.LoadBalancerConfigurationPropertiesArgs{
FrontendIpConfigurations: compute.LoadBalancerFrontendIpConfigurationArray{
&compute.LoadBalancerFrontendIpConfigurationArgs{
Name: pulumi.String("contosofe"),
Properties: &compute.LoadBalancerFrontendIpConfigurationPropertiesArgs{
PublicIPAddress: &compute.SubResourceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.Network/publicIPAddresses/contosopublicip"),
},
},
},
},
},
},
},
},
PackageUrl: pulumi.String("{PackageUrl}"),
RoleProfile: &compute.CloudServiceRoleProfileArgs{
Roles: compute.CloudServiceRoleProfilePropertiesArray{
&compute.CloudServiceRoleProfilePropertiesArgs{
Name: pulumi.String("ContosoFrontend"),
Sku: &compute.CloudServiceRoleSkuArgs{
Capacity: pulumi.Float64(1),
Name: pulumi.String("Standard_D1_v2"),
Tier: pulumi.String("Standard"),
},
},
},
},
UpgradeMode: pulumi.String(compute.CloudServiceUpgradeModeAuto),
},
ResourceGroupName: pulumi.String("ConstosoRG"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var cloudService = new AzureNative.Compute.CloudService("cloudService", new()
{
CloudServiceName = "{cs-name}",
Location = "westus",
Properties = new AzureNative.Compute.Inputs.CloudServicePropertiesArgs
{
Configuration = "{ServiceConfiguration}",
ExtensionProfile = new AzureNative.Compute.Inputs.CloudServiceExtensionProfileArgs
{
Extensions = new[]
{
new AzureNative.Compute.Inputs.ExtensionArgs
{
Name = "RDPExtension",
Properties = new AzureNative.Compute.Inputs.CloudServiceExtensionPropertiesArgs
{
AutoUpgradeMinorVersion = false,
ProtectedSettings = "<PrivateConfig><Password>{password}</Password></PrivateConfig>",
Publisher = "Microsoft.Windows.Azure.Extensions",
Settings = "<PublicConfig><UserName>UserAzure</UserName><Expiration>10/22/2021 15:05:45</Expiration></PublicConfig>",
Type = "RDP",
TypeHandlerVersion = "1.2",
},
},
},
},
NetworkProfile = new AzureNative.Compute.Inputs.CloudServiceNetworkProfileArgs
{
LoadBalancerConfigurations = new[]
{
new AzureNative.Compute.Inputs.LoadBalancerConfigurationArgs
{
Name = "contosolb",
Properties = new AzureNative.Compute.Inputs.LoadBalancerConfigurationPropertiesArgs
{
FrontendIpConfigurations = new[]
{
new AzureNative.Compute.Inputs.LoadBalancerFrontendIpConfigurationArgs
{
Name = "contosofe",
Properties = new AzureNative.Compute.Inputs.LoadBalancerFrontendIpConfigurationPropertiesArgs
{
PublicIPAddress = new AzureNative.Compute.Inputs.SubResourceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.Network/publicIPAddresses/contosopublicip",
},
},
},
},
},
},
},
},
PackageUrl = "{PackageUrl}",
RoleProfile = new AzureNative.Compute.Inputs.CloudServiceRoleProfileArgs
{
Roles = new[]
{
new AzureNative.Compute.Inputs.CloudServiceRoleProfilePropertiesArgs
{
Name = "ContosoFrontend",
Sku = new AzureNative.Compute.Inputs.CloudServiceRoleSkuArgs
{
Capacity = 1,
Name = "Standard_D1_v2",
Tier = "Standard",
},
},
},
},
UpgradeMode = AzureNative.Compute.CloudServiceUpgradeMode.Auto,
},
ResourceGroupName = "ConstosoRG",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.CloudService;
import com.pulumi.azurenative.compute.CloudServiceArgs;
import com.pulumi.azurenative.compute.inputs.CloudServicePropertiesArgs;
import com.pulumi.azurenative.compute.inputs.CloudServiceExtensionProfileArgs;
import com.pulumi.azurenative.compute.inputs.CloudServiceNetworkProfileArgs;
import com.pulumi.azurenative.compute.inputs.CloudServiceRoleProfileArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var cloudService = new CloudService("cloudService", CloudServiceArgs.builder()
.cloudServiceName("{cs-name}")
.location("westus")
.properties(CloudServicePropertiesArgs.builder()
.configuration("{ServiceConfiguration}")
.extensionProfile(CloudServiceExtensionProfileArgs.builder()
.extensions(ExtensionArgs.builder()
.name("RDPExtension")
.properties(CloudServiceExtensionPropertiesArgs.builder()
.autoUpgradeMinorVersion(false)
.protectedSettings("<PrivateConfig><Password>{password}</Password></PrivateConfig>")
.publisher("Microsoft.Windows.Azure.Extensions")
.settings("<PublicConfig><UserName>UserAzure</UserName><Expiration>10/22/2021 15:05:45</Expiration></PublicConfig>")
.type("RDP")
.typeHandlerVersion("1.2")
.build())
.build())
.build())
.networkProfile(CloudServiceNetworkProfileArgs.builder()
.loadBalancerConfigurations(LoadBalancerConfigurationArgs.builder()
.name("contosolb")
.properties(LoadBalancerConfigurationPropertiesArgs.builder()
.frontendIpConfigurations(LoadBalancerFrontendIpConfigurationArgs.builder()
.name("contosofe")
.properties(LoadBalancerFrontendIpConfigurationPropertiesArgs.builder()
.publicIPAddress(SubResourceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.Network/publicIPAddresses/contosopublicip")
.build())
.build())
.build())
.build())
.build())
.build())
.packageUrl("{PackageUrl}")
.roleProfile(CloudServiceRoleProfileArgs.builder()
.roles(CloudServiceRoleProfilePropertiesArgs.builder()
.name("ContosoFrontend")
.sku(CloudServiceRoleSkuArgs.builder()
.capacity(1.0)
.name("Standard_D1_v2")
.tier("Standard")
.build())
.build())
.build())
.upgradeMode("Auto")
.build())
.resourceGroupName("ConstosoRG")
.build());
}
}
resources:
cloudService:
type: azure-native:compute:CloudService
properties:
cloudServiceName: '{cs-name}'
location: westus
properties:
configuration: '{ServiceConfiguration}'
extensionProfile:
extensions:
- name: RDPExtension
properties:
autoUpgradeMinorVersion: false
protectedSettings: <PrivateConfig><Password>{password}</Password></PrivateConfig>
publisher: Microsoft.Windows.Azure.Extensions
settings: <PublicConfig><UserName>UserAzure</UserName><Expiration>10/22/2021 15:05:45</Expiration></PublicConfig>
type: RDP
typeHandlerVersion: '1.2'
networkProfile:
loadBalancerConfigurations:
- name: contosolb
properties:
frontendIpConfigurations:
- name: contosofe
properties:
publicIPAddress:
id: /subscriptions/{subscription-id}/resourceGroups/ConstosoRG/providers/Microsoft.Network/publicIPAddresses/contosopublicip
packageUrl: '{PackageUrl}'
roleProfile:
roles:
- name: ContosoFrontend
sku:
capacity: 1
name: Standard_D1_v2
tier: Standard
upgradeMode: Auto
resourceGroupName: ConstosoRG
The extensionProfile.extensions array defines VM extensions to install on role instances. The RDP extension requires a publisher, type, and typeHandlerVersion. The settings property contains public configuration (username, expiration), while protectedSettings holds sensitive data (password). The autoUpgradeMinorVersion property controls automatic extension updates.
Beyond these examples
These snippets focus on specific cloud service features: role configuration and scaling, availability zone placement, and Key Vault certificate integration and RDP extensions. They’re intentionally minimal rather than full PaaS deployments.
The examples may reference pre-existing infrastructure such as Azure Storage accounts (for .cspkg and .cscfg files), public IP addresses, and Key Vault with certificates (for certificate example). They focus on configuring the cloud service rather than provisioning everything around it.
To keep things focused, common cloud service patterns are omitted, including:
- Virtual network integration (swappableCloudService)
- Update domains and upgrade policies
- Diagnostics and monitoring configuration
- Custom DNS settings and reserved IPs
These omissions are intentional: the goal is to illustrate how each cloud service feature is wired, not provide drop-in PaaS modules. See the CloudService resource reference for all available configuration options.
Let's deploy Azure Cloud Services
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Resource Configuration & Deployment
What's required to deploy a cloud service?
You need
location, properties.configuration (ServiceConfiguration XML), properties.packageUrl (URL to your .cspkg file), and properties.roleProfile defining your roles.What format does the configuration property expect?
The
configuration property expects ServiceConfiguration XML content, shown as {ServiceConfiguration} in the examples.How do I specify the service package location?
Set
properties.packageUrl to the URL of your cloud service package (.cspkg file).Immutability & Constraints
What properties can't be changed after creation?
Both
cloudServiceName and resourceGroupName are immutable and cannot be modified after the cloud service is created.Can I deploy my cloud service to multiple availability zones?
No, the
zones property must contain only 1 zone. Provide a single-element array like ["1"] if you want zone deployment.Roles & Scaling
How do I configure roles for my cloud service?
Define roles in
properties.roleProfile.roles with a name and sku object containing capacity, name (VM size like Standard_D1_v2), and tier.How do I scale the number of instances for a role?
Set the
capacity property within the role’s sku object. Examples show capacity: 1 for single-instance roles.Networking & Load Balancing
How do I configure load balancing for my cloud service?
Configure
properties.networkProfile.loadBalancerConfigurations with frontend IP configurations that reference public IP addresses.Advanced Features
How do I use certificates from Azure Key Vault?
Configure
properties.osProfile.secrets with a sourceVault ID pointing to your Key Vault and vaultCertificates containing the certificate URL.How do I add extensions like RDP to my cloud service?
Configure
properties.extensionProfile.extensions with the extension name, properties.publisher, properties.type, properties.typeHandlerVersion, and settings.