The azure-native:compute:GalleryImageVersion resource, part of the Pulumi Azure Native provider, defines a versioned snapshot of a gallery image, capturing OS and data disk state for distribution across Azure regions. This guide focuses on four capabilities: creating versions from VMs, snapshots, and VHDs; regional replication with encryption; shallow replication and Direct Drive replicas; and UEFI secure boot key configuration.
Gallery image versions require a pre-existing gallery and image definition, plus source infrastructure such as VMs, snapshots, managed images, or VHDs in storage accounts. The examples are intentionally small. Combine them with your own gallery infrastructure and distribution policies.
Create a version from a running VM
Teams building golden images often capture a configured VM as a gallery image version, preserving its OS and data disk state for reuse across deployments.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const galleryImageVersion = new azure_native.compute.GalleryImageVersion("galleryImageVersion", {
galleryImageName: "myGalleryImageName",
galleryImageVersionName: "1.0.0",
galleryName: "myGalleryName",
location: "West US",
publishingProfile: {
targetRegions: [
{
encryption: {
dataDiskImages: [
{
diskEncryptionSetId: "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myOtherWestUSDiskEncryptionSet",
lun: 0,
},
{
diskEncryptionSetId: "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet",
lun: 1,
},
],
osDiskImage: {
diskEncryptionSetId: "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet",
},
},
excludeFromLatest: false,
name: "West US",
regionalReplicaCount: 2,
},
{
encryption: {
dataDiskImages: [
{
diskEncryptionSetId: "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myOtherEastUSDiskEncryptionSet",
lun: 0,
},
{
diskEncryptionSetId: "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet",
lun: 1,
},
],
osDiskImage: {
diskEncryptionSetId: "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet",
},
},
excludeFromLatest: false,
name: "East US",
regionalReplicaCount: 2,
storageAccountType: azure_native.compute.StorageAccountType.Standard_ZRS,
},
],
},
resourceGroupName: "myResourceGroup",
safetyProfile: {
allowDeletionOfReplicatedLocations: false,
blockDeletionBeforeEndOfLife: false,
},
storageProfile: {
source: {
virtualMachineId: "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/virtualMachines/{vmName}",
},
},
});
import pulumi
import pulumi_azure_native as azure_native
gallery_image_version = azure_native.compute.GalleryImageVersion("galleryImageVersion",
gallery_image_name="myGalleryImageName",
gallery_image_version_name="1.0.0",
gallery_name="myGalleryName",
location="West US",
publishing_profile={
"target_regions": [
{
"encryption": {
"data_disk_images": [
{
"disk_encryption_set_id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myOtherWestUSDiskEncryptionSet",
"lun": 0,
},
{
"disk_encryption_set_id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet",
"lun": 1,
},
],
"os_disk_image": {
"disk_encryption_set_id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet",
},
},
"exclude_from_latest": False,
"name": "West US",
"regional_replica_count": 2,
},
{
"encryption": {
"data_disk_images": [
{
"disk_encryption_set_id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myOtherEastUSDiskEncryptionSet",
"lun": 0,
},
{
"disk_encryption_set_id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet",
"lun": 1,
},
],
"os_disk_image": {
"disk_encryption_set_id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet",
},
},
"exclude_from_latest": False,
"name": "East US",
"regional_replica_count": 2,
"storage_account_type": azure_native.compute.StorageAccountType.STANDARD_ZRS,
},
],
},
resource_group_name="myResourceGroup",
safety_profile={
"allow_deletion_of_replicated_locations": False,
"block_deletion_before_end_of_life": False,
},
storage_profile={
"source": {
"virtual_machine_id": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/virtualMachines/{vmName}",
},
})
package main
import (
compute "github.com/pulumi/pulumi-azure-native-sdk/compute/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewGalleryImageVersion(ctx, "galleryImageVersion", &compute.GalleryImageVersionArgs{
GalleryImageName: pulumi.String("myGalleryImageName"),
GalleryImageVersionName: pulumi.String("1.0.0"),
GalleryName: pulumi.String("myGalleryName"),
Location: pulumi.String("West US"),
PublishingProfile: &compute.GalleryImageVersionPublishingProfileArgs{
TargetRegions: compute.TargetRegionArray{
&compute.TargetRegionArgs{
Encryption: &compute.EncryptionImagesArgs{
DataDiskImages: compute.DataDiskImageEncryptionArray{
&compute.DataDiskImageEncryptionArgs{
DiskEncryptionSetId: pulumi.String("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myOtherWestUSDiskEncryptionSet"),
Lun: pulumi.Int(0),
},
&compute.DataDiskImageEncryptionArgs{
DiskEncryptionSetId: pulumi.String("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet"),
Lun: pulumi.Int(1),
},
},
OsDiskImage: &compute.OSDiskImageEncryptionArgs{
DiskEncryptionSetId: pulumi.String("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet"),
},
},
ExcludeFromLatest: pulumi.Bool(false),
Name: pulumi.String("West US"),
RegionalReplicaCount: pulumi.Int(2),
},
&compute.TargetRegionArgs{
Encryption: &compute.EncryptionImagesArgs{
DataDiskImages: compute.DataDiskImageEncryptionArray{
&compute.DataDiskImageEncryptionArgs{
DiskEncryptionSetId: pulumi.String("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myOtherEastUSDiskEncryptionSet"),
Lun: pulumi.Int(0),
},
&compute.DataDiskImageEncryptionArgs{
DiskEncryptionSetId: pulumi.String("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet"),
Lun: pulumi.Int(1),
},
},
OsDiskImage: &compute.OSDiskImageEncryptionArgs{
DiskEncryptionSetId: pulumi.String("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet"),
},
},
ExcludeFromLatest: pulumi.Bool(false),
Name: pulumi.String("East US"),
RegionalReplicaCount: pulumi.Int(2),
StorageAccountType: pulumi.String(compute.StorageAccountType_Standard_ZRS),
},
},
},
ResourceGroupName: pulumi.String("myResourceGroup"),
SafetyProfile: &compute.GalleryImageVersionSafetyProfileArgs{
AllowDeletionOfReplicatedLocations: pulumi.Bool(false),
BlockDeletionBeforeEndOfLife: pulumi.Bool(false),
},
StorageProfile: &compute.GalleryImageVersionStorageProfileArgs{
Source: &compute.GalleryArtifactVersionFullSourceArgs{
VirtualMachineId: pulumi.String("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/virtualMachines/{vmName}"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var galleryImageVersion = new AzureNative.Compute.GalleryImageVersion("galleryImageVersion", new()
{
GalleryImageName = "myGalleryImageName",
GalleryImageVersionName = "1.0.0",
GalleryName = "myGalleryName",
Location = "West US",
PublishingProfile = new AzureNative.Compute.Inputs.GalleryImageVersionPublishingProfileArgs
{
TargetRegions = new[]
{
new AzureNative.Compute.Inputs.TargetRegionArgs
{
Encryption = new AzureNative.Compute.Inputs.EncryptionImagesArgs
{
DataDiskImages = new[]
{
new AzureNative.Compute.Inputs.DataDiskImageEncryptionArgs
{
DiskEncryptionSetId = "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myOtherWestUSDiskEncryptionSet",
Lun = 0,
},
new AzureNative.Compute.Inputs.DataDiskImageEncryptionArgs
{
DiskEncryptionSetId = "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet",
Lun = 1,
},
},
OsDiskImage = new AzureNative.Compute.Inputs.OSDiskImageEncryptionArgs
{
DiskEncryptionSetId = "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet",
},
},
ExcludeFromLatest = false,
Name = "West US",
RegionalReplicaCount = 2,
},
new AzureNative.Compute.Inputs.TargetRegionArgs
{
Encryption = new AzureNative.Compute.Inputs.EncryptionImagesArgs
{
DataDiskImages = new[]
{
new AzureNative.Compute.Inputs.DataDiskImageEncryptionArgs
{
DiskEncryptionSetId = "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myOtherEastUSDiskEncryptionSet",
Lun = 0,
},
new AzureNative.Compute.Inputs.DataDiskImageEncryptionArgs
{
DiskEncryptionSetId = "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet",
Lun = 1,
},
},
OsDiskImage = new AzureNative.Compute.Inputs.OSDiskImageEncryptionArgs
{
DiskEncryptionSetId = "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet",
},
},
ExcludeFromLatest = false,
Name = "East US",
RegionalReplicaCount = 2,
StorageAccountType = AzureNative.Compute.StorageAccountType.Standard_ZRS,
},
},
},
ResourceGroupName = "myResourceGroup",
SafetyProfile = new AzureNative.Compute.Inputs.GalleryImageVersionSafetyProfileArgs
{
AllowDeletionOfReplicatedLocations = false,
BlockDeletionBeforeEndOfLife = false,
},
StorageProfile = new AzureNative.Compute.Inputs.GalleryImageVersionStorageProfileArgs
{
Source = new AzureNative.Compute.Inputs.GalleryArtifactVersionFullSourceArgs
{
VirtualMachineId = "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/virtualMachines/{vmName}",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.GalleryImageVersion;
import com.pulumi.azurenative.compute.GalleryImageVersionArgs;
import com.pulumi.azurenative.compute.inputs.GalleryImageVersionPublishingProfileArgs;
import com.pulumi.azurenative.compute.inputs.GalleryImageVersionSafetyProfileArgs;
import com.pulumi.azurenative.compute.inputs.GalleryImageVersionStorageProfileArgs;
import com.pulumi.azurenative.compute.inputs.GalleryArtifactVersionFullSourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var galleryImageVersion = new GalleryImageVersion("galleryImageVersion", GalleryImageVersionArgs.builder()
.galleryImageName("myGalleryImageName")
.galleryImageVersionName("1.0.0")
.galleryName("myGalleryName")
.location("West US")
.publishingProfile(GalleryImageVersionPublishingProfileArgs.builder()
.targetRegions(
TargetRegionArgs.builder()
.encryption(EncryptionImagesArgs.builder()
.dataDiskImages(
DataDiskImageEncryptionArgs.builder()
.diskEncryptionSetId("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myOtherWestUSDiskEncryptionSet")
.lun(0)
.build(),
DataDiskImageEncryptionArgs.builder()
.diskEncryptionSetId("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet")
.lun(1)
.build())
.osDiskImage(OSDiskImageEncryptionArgs.builder()
.diskEncryptionSetId("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet")
.build())
.build())
.excludeFromLatest(false)
.name("West US")
.regionalReplicaCount(2)
.build(),
TargetRegionArgs.builder()
.encryption(EncryptionImagesArgs.builder()
.dataDiskImages(
DataDiskImageEncryptionArgs.builder()
.diskEncryptionSetId("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myOtherEastUSDiskEncryptionSet")
.lun(0)
.build(),
DataDiskImageEncryptionArgs.builder()
.diskEncryptionSetId("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet")
.lun(1)
.build())
.osDiskImage(OSDiskImageEncryptionArgs.builder()
.diskEncryptionSetId("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet")
.build())
.build())
.excludeFromLatest(false)
.name("East US")
.regionalReplicaCount(2)
.storageAccountType("Standard_ZRS")
.build())
.build())
.resourceGroupName("myResourceGroup")
.safetyProfile(GalleryImageVersionSafetyProfileArgs.builder()
.allowDeletionOfReplicatedLocations(false)
.blockDeletionBeforeEndOfLife(false)
.build())
.storageProfile(GalleryImageVersionStorageProfileArgs.builder()
.source(GalleryArtifactVersionFullSourceArgs.builder()
.virtualMachineId("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/virtualMachines/{vmName}")
.build())
.build())
.build());
}
}
resources:
galleryImageVersion:
type: azure-native:compute:GalleryImageVersion
properties:
galleryImageName: myGalleryImageName
galleryImageVersionName: 1.0.0
galleryName: myGalleryName
location: West US
publishingProfile:
targetRegions:
- encryption:
dataDiskImages:
- diskEncryptionSetId: /subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myOtherWestUSDiskEncryptionSet
lun: 0
- diskEncryptionSetId: /subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet
lun: 1
osDiskImage:
diskEncryptionSetId: /subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet
excludeFromLatest: false
name: West US
regionalReplicaCount: 2
- encryption:
dataDiskImages:
- diskEncryptionSetId: /subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myOtherEastUSDiskEncryptionSet
lun: 0
- diskEncryptionSetId: /subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet
lun: 1
osDiskImage:
diskEncryptionSetId: /subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet
excludeFromLatest: false
name: East US
regionalReplicaCount: 2
storageAccountType: Standard_ZRS
resourceGroupName: myResourceGroup
safetyProfile:
allowDeletionOfReplicatedLocations: false
blockDeletionBeforeEndOfLife: false
storageProfile:
source:
virtualMachineId: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/virtualMachines/{vmName}
The storageProfile.source.virtualMachineId points to the VM to capture. The publishingProfile.targetRegions array defines where replicas are stored, with regionalReplicaCount controlling redundancy. The encryption block specifies disk encryption sets for OS and data disks, applying customer-managed keys to each LUN.
Create a version from disk snapshots
When building images from snapshots, teams can assemble OS and data disk snapshots into a versioned image without requiring a running VM.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const galleryImageVersion = new azure_native.compute.GalleryImageVersion("galleryImageVersion", {
galleryImageName: "myGalleryImageName",
galleryImageVersionName: "1.0.0",
galleryName: "myGalleryName",
location: "West US",
publishingProfile: {
targetRegions: [
{
encryption: {
dataDiskImages: [{
diskEncryptionSetId: "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet",
lun: 1,
}],
osDiskImage: {
diskEncryptionSetId: "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet",
},
},
excludeFromLatest: false,
name: "West US",
regionalReplicaCount: 1,
},
{
encryption: {
dataDiskImages: [{
diskEncryptionSetId: "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet",
lun: 1,
}],
osDiskImage: {
diskEncryptionSetId: "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet",
},
},
excludeFromLatest: false,
name: "East US",
regionalReplicaCount: 2,
storageAccountType: azure_native.compute.StorageAccountType.Standard_ZRS,
},
],
},
resourceGroupName: "myResourceGroup",
safetyProfile: {
allowDeletionOfReplicatedLocations: false,
blockDeletionBeforeEndOfLife: false,
},
storageProfile: {
dataDiskImages: [{
hostCaching: azure_native.compute.HostCaching.None,
lun: 1,
source: {
id: "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/disks/{dataDiskName}",
},
}],
osDiskImage: {
hostCaching: azure_native.compute.HostCaching.ReadOnly,
source: {
id: "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/snapshots/{osSnapshotName}",
},
},
},
});
import pulumi
import pulumi_azure_native as azure_native
gallery_image_version = azure_native.compute.GalleryImageVersion("galleryImageVersion",
gallery_image_name="myGalleryImageName",
gallery_image_version_name="1.0.0",
gallery_name="myGalleryName",
location="West US",
publishing_profile={
"target_regions": [
{
"encryption": {
"data_disk_images": [{
"disk_encryption_set_id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet",
"lun": 1,
}],
"os_disk_image": {
"disk_encryption_set_id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet",
},
},
"exclude_from_latest": False,
"name": "West US",
"regional_replica_count": 1,
},
{
"encryption": {
"data_disk_images": [{
"disk_encryption_set_id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet",
"lun": 1,
}],
"os_disk_image": {
"disk_encryption_set_id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet",
},
},
"exclude_from_latest": False,
"name": "East US",
"regional_replica_count": 2,
"storage_account_type": azure_native.compute.StorageAccountType.STANDARD_ZRS,
},
],
},
resource_group_name="myResourceGroup",
safety_profile={
"allow_deletion_of_replicated_locations": False,
"block_deletion_before_end_of_life": False,
},
storage_profile={
"data_disk_images": [{
"host_caching": azure_native.compute.HostCaching.NONE,
"lun": 1,
"source": {
"id": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/disks/{dataDiskName}",
},
}],
"os_disk_image": {
"host_caching": azure_native.compute.HostCaching.READ_ONLY,
"source": {
"id": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/snapshots/{osSnapshotName}",
},
},
})
package main
import (
compute "github.com/pulumi/pulumi-azure-native-sdk/compute/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewGalleryImageVersion(ctx, "galleryImageVersion", &compute.GalleryImageVersionArgs{
GalleryImageName: pulumi.String("myGalleryImageName"),
GalleryImageVersionName: pulumi.String("1.0.0"),
GalleryName: pulumi.String("myGalleryName"),
Location: pulumi.String("West US"),
PublishingProfile: &compute.GalleryImageVersionPublishingProfileArgs{
TargetRegions: compute.TargetRegionArray{
&compute.TargetRegionArgs{
Encryption: &compute.EncryptionImagesArgs{
DataDiskImages: compute.DataDiskImageEncryptionArray{
&compute.DataDiskImageEncryptionArgs{
DiskEncryptionSetId: pulumi.String("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet"),
Lun: pulumi.Int(1),
},
},
OsDiskImage: &compute.OSDiskImageEncryptionArgs{
DiskEncryptionSetId: pulumi.String("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet"),
},
},
ExcludeFromLatest: pulumi.Bool(false),
Name: pulumi.String("West US"),
RegionalReplicaCount: pulumi.Int(1),
},
&compute.TargetRegionArgs{
Encryption: &compute.EncryptionImagesArgs{
DataDiskImages: compute.DataDiskImageEncryptionArray{
&compute.DataDiskImageEncryptionArgs{
DiskEncryptionSetId: pulumi.String("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet"),
Lun: pulumi.Int(1),
},
},
OsDiskImage: &compute.OSDiskImageEncryptionArgs{
DiskEncryptionSetId: pulumi.String("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet"),
},
},
ExcludeFromLatest: pulumi.Bool(false),
Name: pulumi.String("East US"),
RegionalReplicaCount: pulumi.Int(2),
StorageAccountType: pulumi.String(compute.StorageAccountType_Standard_ZRS),
},
},
},
ResourceGroupName: pulumi.String("myResourceGroup"),
SafetyProfile: &compute.GalleryImageVersionSafetyProfileArgs{
AllowDeletionOfReplicatedLocations: pulumi.Bool(false),
BlockDeletionBeforeEndOfLife: pulumi.Bool(false),
},
StorageProfile: &compute.GalleryImageVersionStorageProfileArgs{
DataDiskImages: compute.GalleryDataDiskImageArray{
&compute.GalleryDataDiskImageArgs{
HostCaching: compute.HostCachingNone,
Lun: pulumi.Int(1),
Source: &compute.GalleryDiskImageSourceArgs{
Id: pulumi.String("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/disks/{dataDiskName}"),
},
},
},
OsDiskImage: &compute.GalleryOSDiskImageArgs{
HostCaching: compute.HostCachingReadOnly,
Source: &compute.GalleryDiskImageSourceArgs{
Id: pulumi.String("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/snapshots/{osSnapshotName}"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var galleryImageVersion = new AzureNative.Compute.GalleryImageVersion("galleryImageVersion", new()
{
GalleryImageName = "myGalleryImageName",
GalleryImageVersionName = "1.0.0",
GalleryName = "myGalleryName",
Location = "West US",
PublishingProfile = new AzureNative.Compute.Inputs.GalleryImageVersionPublishingProfileArgs
{
TargetRegions = new[]
{
new AzureNative.Compute.Inputs.TargetRegionArgs
{
Encryption = new AzureNative.Compute.Inputs.EncryptionImagesArgs
{
DataDiskImages = new[]
{
new AzureNative.Compute.Inputs.DataDiskImageEncryptionArgs
{
DiskEncryptionSetId = "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet",
Lun = 1,
},
},
OsDiskImage = new AzureNative.Compute.Inputs.OSDiskImageEncryptionArgs
{
DiskEncryptionSetId = "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet",
},
},
ExcludeFromLatest = false,
Name = "West US",
RegionalReplicaCount = 1,
},
new AzureNative.Compute.Inputs.TargetRegionArgs
{
Encryption = new AzureNative.Compute.Inputs.EncryptionImagesArgs
{
DataDiskImages = new[]
{
new AzureNative.Compute.Inputs.DataDiskImageEncryptionArgs
{
DiskEncryptionSetId = "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet",
Lun = 1,
},
},
OsDiskImage = new AzureNative.Compute.Inputs.OSDiskImageEncryptionArgs
{
DiskEncryptionSetId = "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet",
},
},
ExcludeFromLatest = false,
Name = "East US",
RegionalReplicaCount = 2,
StorageAccountType = AzureNative.Compute.StorageAccountType.Standard_ZRS,
},
},
},
ResourceGroupName = "myResourceGroup",
SafetyProfile = new AzureNative.Compute.Inputs.GalleryImageVersionSafetyProfileArgs
{
AllowDeletionOfReplicatedLocations = false,
BlockDeletionBeforeEndOfLife = false,
},
StorageProfile = new AzureNative.Compute.Inputs.GalleryImageVersionStorageProfileArgs
{
DataDiskImages = new[]
{
new AzureNative.Compute.Inputs.GalleryDataDiskImageArgs
{
HostCaching = AzureNative.Compute.HostCaching.None,
Lun = 1,
Source = new AzureNative.Compute.Inputs.GalleryDiskImageSourceArgs
{
Id = "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/disks/{dataDiskName}",
},
},
},
OsDiskImage = new AzureNative.Compute.Inputs.GalleryOSDiskImageArgs
{
HostCaching = AzureNative.Compute.HostCaching.ReadOnly,
Source = new AzureNative.Compute.Inputs.GalleryDiskImageSourceArgs
{
Id = "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/snapshots/{osSnapshotName}",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.GalleryImageVersion;
import com.pulumi.azurenative.compute.GalleryImageVersionArgs;
import com.pulumi.azurenative.compute.inputs.GalleryImageVersionPublishingProfileArgs;
import com.pulumi.azurenative.compute.inputs.GalleryImageVersionSafetyProfileArgs;
import com.pulumi.azurenative.compute.inputs.GalleryImageVersionStorageProfileArgs;
import com.pulumi.azurenative.compute.inputs.GalleryOSDiskImageArgs;
import com.pulumi.azurenative.compute.inputs.GalleryDiskImageSourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var galleryImageVersion = new GalleryImageVersion("galleryImageVersion", GalleryImageVersionArgs.builder()
.galleryImageName("myGalleryImageName")
.galleryImageVersionName("1.0.0")
.galleryName("myGalleryName")
.location("West US")
.publishingProfile(GalleryImageVersionPublishingProfileArgs.builder()
.targetRegions(
TargetRegionArgs.builder()
.encryption(EncryptionImagesArgs.builder()
.dataDiskImages(DataDiskImageEncryptionArgs.builder()
.diskEncryptionSetId("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet")
.lun(1)
.build())
.osDiskImage(OSDiskImageEncryptionArgs.builder()
.diskEncryptionSetId("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet")
.build())
.build())
.excludeFromLatest(false)
.name("West US")
.regionalReplicaCount(1)
.build(),
TargetRegionArgs.builder()
.encryption(EncryptionImagesArgs.builder()
.dataDiskImages(DataDiskImageEncryptionArgs.builder()
.diskEncryptionSetId("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet")
.lun(1)
.build())
.osDiskImage(OSDiskImageEncryptionArgs.builder()
.diskEncryptionSetId("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet")
.build())
.build())
.excludeFromLatest(false)
.name("East US")
.regionalReplicaCount(2)
.storageAccountType("Standard_ZRS")
.build())
.build())
.resourceGroupName("myResourceGroup")
.safetyProfile(GalleryImageVersionSafetyProfileArgs.builder()
.allowDeletionOfReplicatedLocations(false)
.blockDeletionBeforeEndOfLife(false)
.build())
.storageProfile(GalleryImageVersionStorageProfileArgs.builder()
.dataDiskImages(GalleryDataDiskImageArgs.builder()
.hostCaching("None")
.lun(1)
.source(GalleryDiskImageSourceArgs.builder()
.id("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/disks/{dataDiskName}")
.build())
.build())
.osDiskImage(GalleryOSDiskImageArgs.builder()
.hostCaching("ReadOnly")
.source(GalleryDiskImageSourceArgs.builder()
.id("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/snapshots/{osSnapshotName}")
.build())
.build())
.build())
.build());
}
}
resources:
galleryImageVersion:
type: azure-native:compute:GalleryImageVersion
properties:
galleryImageName: myGalleryImageName
galleryImageVersionName: 1.0.0
galleryName: myGalleryName
location: West US
publishingProfile:
targetRegions:
- encryption:
dataDiskImages:
- diskEncryptionSetId: /subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet
lun: 1
osDiskImage:
diskEncryptionSetId: /subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet
excludeFromLatest: false
name: West US
regionalReplicaCount: 1
- encryption:
dataDiskImages:
- diskEncryptionSetId: /subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet
lun: 1
osDiskImage:
diskEncryptionSetId: /subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet
excludeFromLatest: false
name: East US
regionalReplicaCount: 2
storageAccountType: Standard_ZRS
resourceGroupName: myResourceGroup
safetyProfile:
allowDeletionOfReplicatedLocations: false
blockDeletionBeforeEndOfLife: false
storageProfile:
dataDiskImages:
- hostCaching: None
lun: 1
source:
id: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/disks/{dataDiskName}
osDiskImage:
hostCaching: ReadOnly
source:
id: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/snapshots/{osSnapshotName}
The storageProfile.osDiskImage and storageProfile.dataDiskImages arrays reference snapshot or disk IDs. Each data disk specifies a lun (logical unit number) to match the original VM configuration. The hostCaching property controls read/write caching behavior for each disk.
Use shallow replication for faster distribution
Shallow replication mode copies only metadata to target regions, reducing replication time when the source image remains accessible.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const galleryImageVersion = new azure_native.compute.GalleryImageVersion("galleryImageVersion", {
galleryImageName: "myGalleryImageName",
galleryImageVersionName: "1.0.0",
galleryName: "myGalleryName",
location: "West US",
publishingProfile: {
replicationMode: azure_native.compute.ReplicationMode.Shallow,
targetRegions: [{
excludeFromLatest: false,
name: "West US",
regionalReplicaCount: 1,
}],
},
resourceGroupName: "myResourceGroup",
safetyProfile: {
allowDeletionOfReplicatedLocations: false,
blockDeletionBeforeEndOfLife: false,
},
storageProfile: {
source: {
id: "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/images/{imageName}",
},
},
});
import pulumi
import pulumi_azure_native as azure_native
gallery_image_version = azure_native.compute.GalleryImageVersion("galleryImageVersion",
gallery_image_name="myGalleryImageName",
gallery_image_version_name="1.0.0",
gallery_name="myGalleryName",
location="West US",
publishing_profile={
"replication_mode": azure_native.compute.ReplicationMode.SHALLOW,
"target_regions": [{
"exclude_from_latest": False,
"name": "West US",
"regional_replica_count": 1,
}],
},
resource_group_name="myResourceGroup",
safety_profile={
"allow_deletion_of_replicated_locations": False,
"block_deletion_before_end_of_life": False,
},
storage_profile={
"source": {
"id": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/images/{imageName}",
},
})
package main
import (
compute "github.com/pulumi/pulumi-azure-native-sdk/compute/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewGalleryImageVersion(ctx, "galleryImageVersion", &compute.GalleryImageVersionArgs{
GalleryImageName: pulumi.String("myGalleryImageName"),
GalleryImageVersionName: pulumi.String("1.0.0"),
GalleryName: pulumi.String("myGalleryName"),
Location: pulumi.String("West US"),
PublishingProfile: &compute.GalleryImageVersionPublishingProfileArgs{
ReplicationMode: pulumi.String(compute.ReplicationModeShallow),
TargetRegions: compute.TargetRegionArray{
&compute.TargetRegionArgs{
ExcludeFromLatest: pulumi.Bool(false),
Name: pulumi.String("West US"),
RegionalReplicaCount: pulumi.Int(1),
},
},
},
ResourceGroupName: pulumi.String("myResourceGroup"),
SafetyProfile: &compute.GalleryImageVersionSafetyProfileArgs{
AllowDeletionOfReplicatedLocations: pulumi.Bool(false),
BlockDeletionBeforeEndOfLife: pulumi.Bool(false),
},
StorageProfile: &compute.GalleryImageVersionStorageProfileArgs{
Source: &compute.GalleryArtifactVersionFullSourceArgs{
Id: pulumi.String("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/images/{imageName}"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var galleryImageVersion = new AzureNative.Compute.GalleryImageVersion("galleryImageVersion", new()
{
GalleryImageName = "myGalleryImageName",
GalleryImageVersionName = "1.0.0",
GalleryName = "myGalleryName",
Location = "West US",
PublishingProfile = new AzureNative.Compute.Inputs.GalleryImageVersionPublishingProfileArgs
{
ReplicationMode = AzureNative.Compute.ReplicationMode.Shallow,
TargetRegions = new[]
{
new AzureNative.Compute.Inputs.TargetRegionArgs
{
ExcludeFromLatest = false,
Name = "West US",
RegionalReplicaCount = 1,
},
},
},
ResourceGroupName = "myResourceGroup",
SafetyProfile = new AzureNative.Compute.Inputs.GalleryImageVersionSafetyProfileArgs
{
AllowDeletionOfReplicatedLocations = false,
BlockDeletionBeforeEndOfLife = false,
},
StorageProfile = new AzureNative.Compute.Inputs.GalleryImageVersionStorageProfileArgs
{
Source = new AzureNative.Compute.Inputs.GalleryArtifactVersionFullSourceArgs
{
Id = "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/images/{imageName}",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.GalleryImageVersion;
import com.pulumi.azurenative.compute.GalleryImageVersionArgs;
import com.pulumi.azurenative.compute.inputs.GalleryImageVersionPublishingProfileArgs;
import com.pulumi.azurenative.compute.inputs.GalleryImageVersionSafetyProfileArgs;
import com.pulumi.azurenative.compute.inputs.GalleryImageVersionStorageProfileArgs;
import com.pulumi.azurenative.compute.inputs.GalleryArtifactVersionFullSourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var galleryImageVersion = new GalleryImageVersion("galleryImageVersion", GalleryImageVersionArgs.builder()
.galleryImageName("myGalleryImageName")
.galleryImageVersionName("1.0.0")
.galleryName("myGalleryName")
.location("West US")
.publishingProfile(GalleryImageVersionPublishingProfileArgs.builder()
.replicationMode("Shallow")
.targetRegions(TargetRegionArgs.builder()
.excludeFromLatest(false)
.name("West US")
.regionalReplicaCount(1)
.build())
.build())
.resourceGroupName("myResourceGroup")
.safetyProfile(GalleryImageVersionSafetyProfileArgs.builder()
.allowDeletionOfReplicatedLocations(false)
.blockDeletionBeforeEndOfLife(false)
.build())
.storageProfile(GalleryImageVersionStorageProfileArgs.builder()
.source(GalleryArtifactVersionFullSourceArgs.builder()
.id("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/images/{imageName}")
.build())
.build())
.build());
}
}
resources:
galleryImageVersion:
type: azure-native:compute:GalleryImageVersion
properties:
galleryImageName: myGalleryImageName
galleryImageVersionName: 1.0.0
galleryName: myGalleryName
location: West US
publishingProfile:
replicationMode: Shallow
targetRegions:
- excludeFromLatest: false
name: West US
regionalReplicaCount: 1
resourceGroupName: myResourceGroup
safetyProfile:
allowDeletionOfReplicatedLocations: false
blockDeletionBeforeEndOfLife: false
storageProfile:
source:
id: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/images/{imageName}
The publishingProfile.replicationMode property set to “Shallow” enables metadata-only replication. This mode requires the source image to remain available in the source region, as target regions reference it rather than storing full copies.
Configure custom UEFI secure boot keys
Organizations with custom secure boot requirements can embed UEFI signature databases and key exchange keys into gallery image versions.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const galleryImageVersion = new azure_native.compute.GalleryImageVersion("galleryImageVersion", {
galleryImageName: "myGalleryImageName",
galleryImageVersionName: "1.0.0",
galleryName: "myGalleryName",
location: "West US",
publishingProfile: {
targetRegions: [
{
encryption: {
dataDiskImages: [{
diskEncryptionSetId: "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myOtherDiskEncryptionSet",
lun: 1,
}],
osDiskImage: {
diskEncryptionSetId: "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myDiskEncryptionSet",
},
},
excludeFromLatest: false,
name: "West US",
regionalReplicaCount: 1,
},
{
excludeFromLatest: false,
name: "East US",
regionalReplicaCount: 2,
storageAccountType: azure_native.compute.StorageAccountType.Standard_ZRS,
},
],
},
resourceGroupName: "myResourceGroup",
safetyProfile: {
allowDeletionOfReplicatedLocations: false,
blockDeletionBeforeEndOfLife: false,
},
securityProfile: {
uefiSettings: {
additionalSignatures: {
db: [{
type: azure_native.compute.UefiKeyType.X509,
value: ["<x509 value>"],
}],
dbx: [{
type: azure_native.compute.UefiKeyType.X509,
value: ["<x509 value>"],
}],
kek: [{
type: azure_native.compute.UefiKeyType.Sha256,
value: ["<sha256 value>"],
}],
},
signatureTemplateNames: [azure_native.compute.UefiSignatureTemplateName.MicrosoftUefiCertificateAuthorityTemplate],
},
},
storageProfile: {
dataDiskImages: [{
hostCaching: azure_native.compute.HostCaching.None,
lun: 1,
source: {
storageAccountId: "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Storage/storageAccounts/{storageAccount}",
uri: "https://gallerysourcencus.blob.core.windows.net/myvhds/Windows-Server-2012-R2-20171216-en.us-128GB.vhd",
},
}],
osDiskImage: {
hostCaching: azure_native.compute.HostCaching.ReadOnly,
source: {
storageAccountId: "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Storage/storageAccounts/{storageAccount}",
uri: "https://gallerysourcencus.blob.core.windows.net/myvhds/Windows-Server-2012-R2-20171216-en.us-128GB.vhd",
},
},
},
});
import pulumi
import pulumi_azure_native as azure_native
gallery_image_version = azure_native.compute.GalleryImageVersion("galleryImageVersion",
gallery_image_name="myGalleryImageName",
gallery_image_version_name="1.0.0",
gallery_name="myGalleryName",
location="West US",
publishing_profile={
"target_regions": [
{
"encryption": {
"data_disk_images": [{
"disk_encryption_set_id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myOtherDiskEncryptionSet",
"lun": 1,
}],
"os_disk_image": {
"disk_encryption_set_id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myDiskEncryptionSet",
},
},
"exclude_from_latest": False,
"name": "West US",
"regional_replica_count": 1,
},
{
"exclude_from_latest": False,
"name": "East US",
"regional_replica_count": 2,
"storage_account_type": azure_native.compute.StorageAccountType.STANDARD_ZRS,
},
],
},
resource_group_name="myResourceGroup",
safety_profile={
"allow_deletion_of_replicated_locations": False,
"block_deletion_before_end_of_life": False,
},
security_profile={
"uefi_settings": {
"additional_signatures": {
"db": [{
"type": azure_native.compute.UefiKeyType.X509,
"value": ["<x509 value>"],
}],
"dbx": [{
"type": azure_native.compute.UefiKeyType.X509,
"value": ["<x509 value>"],
}],
"kek": [{
"type": azure_native.compute.UefiKeyType.SHA256,
"value": ["<sha256 value>"],
}],
},
"signature_template_names": [azure_native.compute.UefiSignatureTemplateName.MICROSOFT_UEFI_CERTIFICATE_AUTHORITY_TEMPLATE],
},
},
storage_profile={
"data_disk_images": [{
"host_caching": azure_native.compute.HostCaching.NONE,
"lun": 1,
"source": {
"storage_account_id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Storage/storageAccounts/{storageAccount}",
"uri": "https://gallerysourcencus.blob.core.windows.net/myvhds/Windows-Server-2012-R2-20171216-en.us-128GB.vhd",
},
}],
"os_disk_image": {
"host_caching": azure_native.compute.HostCaching.READ_ONLY,
"source": {
"storage_account_id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Storage/storageAccounts/{storageAccount}",
"uri": "https://gallerysourcencus.blob.core.windows.net/myvhds/Windows-Server-2012-R2-20171216-en.us-128GB.vhd",
},
},
})
package main
import (
compute "github.com/pulumi/pulumi-azure-native-sdk/compute/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewGalleryImageVersion(ctx, "galleryImageVersion", &compute.GalleryImageVersionArgs{
GalleryImageName: pulumi.String("myGalleryImageName"),
GalleryImageVersionName: pulumi.String("1.0.0"),
GalleryName: pulumi.String("myGalleryName"),
Location: pulumi.String("West US"),
PublishingProfile: &compute.GalleryImageVersionPublishingProfileArgs{
TargetRegions: compute.TargetRegionArray{
&compute.TargetRegionArgs{
Encryption: &compute.EncryptionImagesArgs{
DataDiskImages: compute.DataDiskImageEncryptionArray{
&compute.DataDiskImageEncryptionArgs{
DiskEncryptionSetId: pulumi.String("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myOtherDiskEncryptionSet"),
Lun: pulumi.Int(1),
},
},
OsDiskImage: &compute.OSDiskImageEncryptionArgs{
DiskEncryptionSetId: pulumi.String("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myDiskEncryptionSet"),
},
},
ExcludeFromLatest: pulumi.Bool(false),
Name: pulumi.String("West US"),
RegionalReplicaCount: pulumi.Int(1),
},
&compute.TargetRegionArgs{
ExcludeFromLatest: pulumi.Bool(false),
Name: pulumi.String("East US"),
RegionalReplicaCount: pulumi.Int(2),
StorageAccountType: pulumi.String(compute.StorageAccountType_Standard_ZRS),
},
},
},
ResourceGroupName: pulumi.String("myResourceGroup"),
SafetyProfile: &compute.GalleryImageVersionSafetyProfileArgs{
AllowDeletionOfReplicatedLocations: pulumi.Bool(false),
BlockDeletionBeforeEndOfLife: pulumi.Bool(false),
},
SecurityProfile: &compute.ImageVersionSecurityProfileArgs{
UefiSettings: &compute.GalleryImageVersionUefiSettingsArgs{
AdditionalSignatures: &compute.UefiKeySignaturesArgs{
Db: compute.UefiKeyArray{
&compute.UefiKeyArgs{
Type: pulumi.String(compute.UefiKeyTypeX509),
Value: pulumi.StringArray{
pulumi.String("<x509 value>"),
},
},
},
Dbx: compute.UefiKeyArray{
&compute.UefiKeyArgs{
Type: pulumi.String(compute.UefiKeyTypeX509),
Value: pulumi.StringArray{
pulumi.String("<x509 value>"),
},
},
},
Kek: compute.UefiKeyArray{
&compute.UefiKeyArgs{
Type: pulumi.String(compute.UefiKeyTypeSha256),
Value: pulumi.StringArray{
pulumi.String("<sha256 value>"),
},
},
},
},
SignatureTemplateNames: pulumi.StringArray{
pulumi.String(compute.UefiSignatureTemplateNameMicrosoftUefiCertificateAuthorityTemplate),
},
},
},
StorageProfile: &compute.GalleryImageVersionStorageProfileArgs{
DataDiskImages: compute.GalleryDataDiskImageArray{
&compute.GalleryDataDiskImageArgs{
HostCaching: compute.HostCachingNone,
Lun: pulumi.Int(1),
Source: &compute.GalleryDiskImageSourceArgs{
StorageAccountId: pulumi.String("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Storage/storageAccounts/{storageAccount}"),
Uri: pulumi.String("https://gallerysourcencus.blob.core.windows.net/myvhds/Windows-Server-2012-R2-20171216-en.us-128GB.vhd"),
},
},
},
OsDiskImage: &compute.GalleryOSDiskImageArgs{
HostCaching: compute.HostCachingReadOnly,
Source: &compute.GalleryDiskImageSourceArgs{
StorageAccountId: pulumi.String("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Storage/storageAccounts/{storageAccount}"),
Uri: pulumi.String("https://gallerysourcencus.blob.core.windows.net/myvhds/Windows-Server-2012-R2-20171216-en.us-128GB.vhd"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var galleryImageVersion = new AzureNative.Compute.GalleryImageVersion("galleryImageVersion", new()
{
GalleryImageName = "myGalleryImageName",
GalleryImageVersionName = "1.0.0",
GalleryName = "myGalleryName",
Location = "West US",
PublishingProfile = new AzureNative.Compute.Inputs.GalleryImageVersionPublishingProfileArgs
{
TargetRegions = new[]
{
new AzureNative.Compute.Inputs.TargetRegionArgs
{
Encryption = new AzureNative.Compute.Inputs.EncryptionImagesArgs
{
DataDiskImages = new[]
{
new AzureNative.Compute.Inputs.DataDiskImageEncryptionArgs
{
DiskEncryptionSetId = "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myOtherDiskEncryptionSet",
Lun = 1,
},
},
OsDiskImage = new AzureNative.Compute.Inputs.OSDiskImageEncryptionArgs
{
DiskEncryptionSetId = "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myDiskEncryptionSet",
},
},
ExcludeFromLatest = false,
Name = "West US",
RegionalReplicaCount = 1,
},
new AzureNative.Compute.Inputs.TargetRegionArgs
{
ExcludeFromLatest = false,
Name = "East US",
RegionalReplicaCount = 2,
StorageAccountType = AzureNative.Compute.StorageAccountType.Standard_ZRS,
},
},
},
ResourceGroupName = "myResourceGroup",
SafetyProfile = new AzureNative.Compute.Inputs.GalleryImageVersionSafetyProfileArgs
{
AllowDeletionOfReplicatedLocations = false,
BlockDeletionBeforeEndOfLife = false,
},
SecurityProfile = new AzureNative.Compute.Inputs.ImageVersionSecurityProfileArgs
{
UefiSettings = new AzureNative.Compute.Inputs.GalleryImageVersionUefiSettingsArgs
{
AdditionalSignatures = new AzureNative.Compute.Inputs.UefiKeySignaturesArgs
{
Db = new[]
{
new AzureNative.Compute.Inputs.UefiKeyArgs
{
Type = AzureNative.Compute.UefiKeyType.X509,
Value = new[]
{
"<x509 value>",
},
},
},
Dbx = new[]
{
new AzureNative.Compute.Inputs.UefiKeyArgs
{
Type = AzureNative.Compute.UefiKeyType.X509,
Value = new[]
{
"<x509 value>",
},
},
},
Kek = new[]
{
new AzureNative.Compute.Inputs.UefiKeyArgs
{
Type = AzureNative.Compute.UefiKeyType.Sha256,
Value = new[]
{
"<sha256 value>",
},
},
},
},
SignatureTemplateNames = new[]
{
AzureNative.Compute.UefiSignatureTemplateName.MicrosoftUefiCertificateAuthorityTemplate,
},
},
},
StorageProfile = new AzureNative.Compute.Inputs.GalleryImageVersionStorageProfileArgs
{
DataDiskImages = new[]
{
new AzureNative.Compute.Inputs.GalleryDataDiskImageArgs
{
HostCaching = AzureNative.Compute.HostCaching.None,
Lun = 1,
Source = new AzureNative.Compute.Inputs.GalleryDiskImageSourceArgs
{
StorageAccountId = "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Storage/storageAccounts/{storageAccount}",
Uri = "https://gallerysourcencus.blob.core.windows.net/myvhds/Windows-Server-2012-R2-20171216-en.us-128GB.vhd",
},
},
},
OsDiskImage = new AzureNative.Compute.Inputs.GalleryOSDiskImageArgs
{
HostCaching = AzureNative.Compute.HostCaching.ReadOnly,
Source = new AzureNative.Compute.Inputs.GalleryDiskImageSourceArgs
{
StorageAccountId = "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Storage/storageAccounts/{storageAccount}",
Uri = "https://gallerysourcencus.blob.core.windows.net/myvhds/Windows-Server-2012-R2-20171216-en.us-128GB.vhd",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.GalleryImageVersion;
import com.pulumi.azurenative.compute.GalleryImageVersionArgs;
import com.pulumi.azurenative.compute.inputs.GalleryImageVersionPublishingProfileArgs;
import com.pulumi.azurenative.compute.inputs.GalleryImageVersionSafetyProfileArgs;
import com.pulumi.azurenative.compute.inputs.ImageVersionSecurityProfileArgs;
import com.pulumi.azurenative.compute.inputs.GalleryImageVersionUefiSettingsArgs;
import com.pulumi.azurenative.compute.inputs.UefiKeySignaturesArgs;
import com.pulumi.azurenative.compute.inputs.GalleryImageVersionStorageProfileArgs;
import com.pulumi.azurenative.compute.inputs.GalleryOSDiskImageArgs;
import com.pulumi.azurenative.compute.inputs.GalleryDiskImageSourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var galleryImageVersion = new GalleryImageVersion("galleryImageVersion", GalleryImageVersionArgs.builder()
.galleryImageName("myGalleryImageName")
.galleryImageVersionName("1.0.0")
.galleryName("myGalleryName")
.location("West US")
.publishingProfile(GalleryImageVersionPublishingProfileArgs.builder()
.targetRegions(
TargetRegionArgs.builder()
.encryption(EncryptionImagesArgs.builder()
.dataDiskImages(DataDiskImageEncryptionArgs.builder()
.diskEncryptionSetId("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myOtherDiskEncryptionSet")
.lun(1)
.build())
.osDiskImage(OSDiskImageEncryptionArgs.builder()
.diskEncryptionSetId("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myDiskEncryptionSet")
.build())
.build())
.excludeFromLatest(false)
.name("West US")
.regionalReplicaCount(1)
.build(),
TargetRegionArgs.builder()
.excludeFromLatest(false)
.name("East US")
.regionalReplicaCount(2)
.storageAccountType("Standard_ZRS")
.build())
.build())
.resourceGroupName("myResourceGroup")
.safetyProfile(GalleryImageVersionSafetyProfileArgs.builder()
.allowDeletionOfReplicatedLocations(false)
.blockDeletionBeforeEndOfLife(false)
.build())
.securityProfile(ImageVersionSecurityProfileArgs.builder()
.uefiSettings(GalleryImageVersionUefiSettingsArgs.builder()
.additionalSignatures(UefiKeySignaturesArgs.builder()
.db(UefiKeyArgs.builder()
.type("x509")
.value("<x509 value>")
.build())
.dbx(UefiKeyArgs.builder()
.type("x509")
.value("<x509 value>")
.build())
.kek(UefiKeyArgs.builder()
.type("sha256")
.value("<sha256 value>")
.build())
.build())
.signatureTemplateNames("MicrosoftUefiCertificateAuthorityTemplate")
.build())
.build())
.storageProfile(GalleryImageVersionStorageProfileArgs.builder()
.dataDiskImages(GalleryDataDiskImageArgs.builder()
.hostCaching("None")
.lun(1)
.source(GalleryDiskImageSourceArgs.builder()
.storageAccountId("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Storage/storageAccounts/{storageAccount}")
.uri("https://gallerysourcencus.blob.core.windows.net/myvhds/Windows-Server-2012-R2-20171216-en.us-128GB.vhd")
.build())
.build())
.osDiskImage(GalleryOSDiskImageArgs.builder()
.hostCaching("ReadOnly")
.source(GalleryDiskImageSourceArgs.builder()
.storageAccountId("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Storage/storageAccounts/{storageAccount}")
.uri("https://gallerysourcencus.blob.core.windows.net/myvhds/Windows-Server-2012-R2-20171216-en.us-128GB.vhd")
.build())
.build())
.build())
.build());
}
}
resources:
galleryImageVersion:
type: azure-native:compute:GalleryImageVersion
properties:
galleryImageName: myGalleryImageName
galleryImageVersionName: 1.0.0
galleryName: myGalleryName
location: West US
publishingProfile:
targetRegions:
- encryption:
dataDiskImages:
- diskEncryptionSetId: /subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myOtherDiskEncryptionSet
lun: 1
osDiskImage:
diskEncryptionSetId: /subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myDiskEncryptionSet
excludeFromLatest: false
name: West US
regionalReplicaCount: 1
- excludeFromLatest: false
name: East US
regionalReplicaCount: 2
storageAccountType: Standard_ZRS
resourceGroupName: myResourceGroup
safetyProfile:
allowDeletionOfReplicatedLocations: false
blockDeletionBeforeEndOfLife: false
securityProfile:
uefiSettings:
additionalSignatures:
db:
- type: x509
value:
- <x509 value>
dbx:
- type: x509
value:
- <x509 value>
kek:
- type: sha256
value:
- <sha256 value>
signatureTemplateNames:
- MicrosoftUefiCertificateAuthorityTemplate
storageProfile:
dataDiskImages:
- hostCaching: None
lun: 1
source:
storageAccountId: /subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Storage/storageAccounts/{storageAccount}
uri: https://gallerysourcencus.blob.core.windows.net/myvhds/Windows-Server-2012-R2-20171216-en.us-128GB.vhd
osDiskImage:
hostCaching: ReadOnly
source:
storageAccountId: /subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Storage/storageAccounts/{storageAccount}
uri: https://gallerysourcencus.blob.core.windows.net/myvhds/Windows-Server-2012-R2-20171216-en.us-128GB.vhd
The securityProfile.uefiSettings block defines custom UEFI keys. The additionalSignatures property specifies db (signature database), dbx (forbidden signatures), and kek (key exchange keys) with x509 or sha256 values. The signatureTemplateNames array applies Microsoft’s default UEFI certificate templates alongside custom keys.
Add Direct Drive replicas for performance tiers
Direct Drive replicas use PremiumV2_LRS storage to provide additional performance tiers alongside standard replicas in the same region.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const galleryImageVersion = new azure_native.compute.GalleryImageVersion("galleryImageVersion", {
galleryImageName: "myGalleryImageName",
galleryImageVersionName: "1.0.0",
galleryName: "myGalleryName",
location: "West US",
publishingProfile: {
targetRegions: [
{
additionalReplicaSets: [{
regionalReplicaCount: 1,
storageAccountType: "PreviumV2_LRS",
}],
encryption: {
dataDiskImages: [
{
diskEncryptionSetId: "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myOtherWestUSDiskEncryptionSet",
lun: 0,
},
{
diskEncryptionSetId: "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet",
lun: 1,
},
],
osDiskImage: {
diskEncryptionSetId: "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet",
},
},
excludeFromLatest: false,
name: "West US",
regionalReplicaCount: 1,
},
{
encryption: {
dataDiskImages: [
{
diskEncryptionSetId: "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myOtherEastUSDiskEncryptionSet",
lun: 0,
},
{
diskEncryptionSetId: "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet",
lun: 1,
},
],
osDiskImage: {
diskEncryptionSetId: "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet",
},
},
excludeFromLatest: false,
name: "East US",
regionalReplicaCount: 2,
storageAccountType: azure_native.compute.StorageAccountType.Standard_ZRS,
},
],
},
resourceGroupName: "myResourceGroup",
safetyProfile: {
allowDeletionOfReplicatedLocations: false,
},
storageProfile: {
source: {
id: "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/images/{imageName}",
},
},
});
import pulumi
import pulumi_azure_native as azure_native
gallery_image_version = azure_native.compute.GalleryImageVersion("galleryImageVersion",
gallery_image_name="myGalleryImageName",
gallery_image_version_name="1.0.0",
gallery_name="myGalleryName",
location="West US",
publishing_profile={
"target_regions": [
{
"additional_replica_sets": [{
"regional_replica_count": 1,
"storage_account_type": "PreviumV2_LRS",
}],
"encryption": {
"data_disk_images": [
{
"disk_encryption_set_id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myOtherWestUSDiskEncryptionSet",
"lun": 0,
},
{
"disk_encryption_set_id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet",
"lun": 1,
},
],
"os_disk_image": {
"disk_encryption_set_id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet",
},
},
"exclude_from_latest": False,
"name": "West US",
"regional_replica_count": 1,
},
{
"encryption": {
"data_disk_images": [
{
"disk_encryption_set_id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myOtherEastUSDiskEncryptionSet",
"lun": 0,
},
{
"disk_encryption_set_id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet",
"lun": 1,
},
],
"os_disk_image": {
"disk_encryption_set_id": "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet",
},
},
"exclude_from_latest": False,
"name": "East US",
"regional_replica_count": 2,
"storage_account_type": azure_native.compute.StorageAccountType.STANDARD_ZRS,
},
],
},
resource_group_name="myResourceGroup",
safety_profile={
"allow_deletion_of_replicated_locations": False,
},
storage_profile={
"source": {
"id": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/images/{imageName}",
},
})
package main
import (
compute "github.com/pulumi/pulumi-azure-native-sdk/compute/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewGalleryImageVersion(ctx, "galleryImageVersion", &compute.GalleryImageVersionArgs{
GalleryImageName: pulumi.String("myGalleryImageName"),
GalleryImageVersionName: pulumi.String("1.0.0"),
GalleryName: pulumi.String("myGalleryName"),
Location: pulumi.String("West US"),
PublishingProfile: &compute.GalleryImageVersionPublishingProfileArgs{
TargetRegions: compute.TargetRegionArray{
&compute.TargetRegionArgs{
AdditionalReplicaSets: compute.AdditionalReplicaSetArray{
&compute.AdditionalReplicaSetArgs{
RegionalReplicaCount: pulumi.Int(1),
StorageAccountType: pulumi.String("PreviumV2_LRS"),
},
},
Encryption: &compute.EncryptionImagesArgs{
DataDiskImages: compute.DataDiskImageEncryptionArray{
&compute.DataDiskImageEncryptionArgs{
DiskEncryptionSetId: pulumi.String("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myOtherWestUSDiskEncryptionSet"),
Lun: pulumi.Int(0),
},
&compute.DataDiskImageEncryptionArgs{
DiskEncryptionSetId: pulumi.String("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet"),
Lun: pulumi.Int(1),
},
},
OsDiskImage: &compute.OSDiskImageEncryptionArgs{
DiskEncryptionSetId: pulumi.String("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet"),
},
},
ExcludeFromLatest: pulumi.Bool(false),
Name: pulumi.String("West US"),
RegionalReplicaCount: pulumi.Int(1),
},
&compute.TargetRegionArgs{
Encryption: &compute.EncryptionImagesArgs{
DataDiskImages: compute.DataDiskImageEncryptionArray{
&compute.DataDiskImageEncryptionArgs{
DiskEncryptionSetId: pulumi.String("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myOtherEastUSDiskEncryptionSet"),
Lun: pulumi.Int(0),
},
&compute.DataDiskImageEncryptionArgs{
DiskEncryptionSetId: pulumi.String("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet"),
Lun: pulumi.Int(1),
},
},
OsDiskImage: &compute.OSDiskImageEncryptionArgs{
DiskEncryptionSetId: pulumi.String("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet"),
},
},
ExcludeFromLatest: pulumi.Bool(false),
Name: pulumi.String("East US"),
RegionalReplicaCount: pulumi.Int(2),
StorageAccountType: pulumi.String(compute.StorageAccountType_Standard_ZRS),
},
},
},
ResourceGroupName: pulumi.String("myResourceGroup"),
SafetyProfile: &compute.GalleryImageVersionSafetyProfileArgs{
AllowDeletionOfReplicatedLocations: pulumi.Bool(false),
},
StorageProfile: &compute.GalleryImageVersionStorageProfileArgs{
Source: &compute.GalleryArtifactVersionFullSourceArgs{
Id: pulumi.String("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/images/{imageName}"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var galleryImageVersion = new AzureNative.Compute.GalleryImageVersion("galleryImageVersion", new()
{
GalleryImageName = "myGalleryImageName",
GalleryImageVersionName = "1.0.0",
GalleryName = "myGalleryName",
Location = "West US",
PublishingProfile = new AzureNative.Compute.Inputs.GalleryImageVersionPublishingProfileArgs
{
TargetRegions = new[]
{
new AzureNative.Compute.Inputs.TargetRegionArgs
{
AdditionalReplicaSets = new[]
{
new AzureNative.Compute.Inputs.AdditionalReplicaSetArgs
{
RegionalReplicaCount = 1,
StorageAccountType = "PreviumV2_LRS",
},
},
Encryption = new AzureNative.Compute.Inputs.EncryptionImagesArgs
{
DataDiskImages = new[]
{
new AzureNative.Compute.Inputs.DataDiskImageEncryptionArgs
{
DiskEncryptionSetId = "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myOtherWestUSDiskEncryptionSet",
Lun = 0,
},
new AzureNative.Compute.Inputs.DataDiskImageEncryptionArgs
{
DiskEncryptionSetId = "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet",
Lun = 1,
},
},
OsDiskImage = new AzureNative.Compute.Inputs.OSDiskImageEncryptionArgs
{
DiskEncryptionSetId = "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet",
},
},
ExcludeFromLatest = false,
Name = "West US",
RegionalReplicaCount = 1,
},
new AzureNative.Compute.Inputs.TargetRegionArgs
{
Encryption = new AzureNative.Compute.Inputs.EncryptionImagesArgs
{
DataDiskImages = new[]
{
new AzureNative.Compute.Inputs.DataDiskImageEncryptionArgs
{
DiskEncryptionSetId = "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myOtherEastUSDiskEncryptionSet",
Lun = 0,
},
new AzureNative.Compute.Inputs.DataDiskImageEncryptionArgs
{
DiskEncryptionSetId = "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet",
Lun = 1,
},
},
OsDiskImage = new AzureNative.Compute.Inputs.OSDiskImageEncryptionArgs
{
DiskEncryptionSetId = "/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet",
},
},
ExcludeFromLatest = false,
Name = "East US",
RegionalReplicaCount = 2,
StorageAccountType = AzureNative.Compute.StorageAccountType.Standard_ZRS,
},
},
},
ResourceGroupName = "myResourceGroup",
SafetyProfile = new AzureNative.Compute.Inputs.GalleryImageVersionSafetyProfileArgs
{
AllowDeletionOfReplicatedLocations = false,
},
StorageProfile = new AzureNative.Compute.Inputs.GalleryImageVersionStorageProfileArgs
{
Source = new AzureNative.Compute.Inputs.GalleryArtifactVersionFullSourceArgs
{
Id = "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/images/{imageName}",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.GalleryImageVersion;
import com.pulumi.azurenative.compute.GalleryImageVersionArgs;
import com.pulumi.azurenative.compute.inputs.GalleryImageVersionPublishingProfileArgs;
import com.pulumi.azurenative.compute.inputs.GalleryImageVersionSafetyProfileArgs;
import com.pulumi.azurenative.compute.inputs.GalleryImageVersionStorageProfileArgs;
import com.pulumi.azurenative.compute.inputs.GalleryArtifactVersionFullSourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var galleryImageVersion = new GalleryImageVersion("galleryImageVersion", GalleryImageVersionArgs.builder()
.galleryImageName("myGalleryImageName")
.galleryImageVersionName("1.0.0")
.galleryName("myGalleryName")
.location("West US")
.publishingProfile(GalleryImageVersionPublishingProfileArgs.builder()
.targetRegions(
TargetRegionArgs.builder()
.additionalReplicaSets(AdditionalReplicaSetArgs.builder()
.regionalReplicaCount(1)
.storageAccountType("PreviumV2_LRS")
.build())
.encryption(EncryptionImagesArgs.builder()
.dataDiskImages(
DataDiskImageEncryptionArgs.builder()
.diskEncryptionSetId("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myOtherWestUSDiskEncryptionSet")
.lun(0)
.build(),
DataDiskImageEncryptionArgs.builder()
.diskEncryptionSetId("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet")
.lun(1)
.build())
.osDiskImage(OSDiskImageEncryptionArgs.builder()
.diskEncryptionSetId("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet")
.build())
.build())
.excludeFromLatest(false)
.name("West US")
.regionalReplicaCount(1)
.build(),
TargetRegionArgs.builder()
.encryption(EncryptionImagesArgs.builder()
.dataDiskImages(
DataDiskImageEncryptionArgs.builder()
.diskEncryptionSetId("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myOtherEastUSDiskEncryptionSet")
.lun(0)
.build(),
DataDiskImageEncryptionArgs.builder()
.diskEncryptionSetId("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet")
.lun(1)
.build())
.osDiskImage(OSDiskImageEncryptionArgs.builder()
.diskEncryptionSetId("/subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet")
.build())
.build())
.excludeFromLatest(false)
.name("East US")
.regionalReplicaCount(2)
.storageAccountType("Standard_ZRS")
.build())
.build())
.resourceGroupName("myResourceGroup")
.safetyProfile(GalleryImageVersionSafetyProfileArgs.builder()
.allowDeletionOfReplicatedLocations(false)
.build())
.storageProfile(GalleryImageVersionStorageProfileArgs.builder()
.source(GalleryArtifactVersionFullSourceArgs.builder()
.id("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/images/{imageName}")
.build())
.build())
.build());
}
}
resources:
galleryImageVersion:
type: azure-native:compute:GalleryImageVersion
properties:
galleryImageName: myGalleryImageName
galleryImageVersionName: 1.0.0
galleryName: myGalleryName
location: West US
publishingProfile:
targetRegions:
- additionalReplicaSets:
- regionalReplicaCount: 1
storageAccountType: PreviumV2_LRS
encryption:
dataDiskImages:
- diskEncryptionSetId: /subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myOtherWestUSDiskEncryptionSet
lun: 0
- diskEncryptionSetId: /subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet
lun: 1
osDiskImage:
diskEncryptionSetId: /subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myWestUSDiskEncryptionSet
excludeFromLatest: false
name: West US
regionalReplicaCount: 1
- encryption:
dataDiskImages:
- diskEncryptionSetId: /subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myOtherEastUSDiskEncryptionSet
lun: 0
- diskEncryptionSetId: /subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet
lun: 1
osDiskImage:
diskEncryptionSetId: /subscriptions/{subscriptionId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSet/myEastUSDiskEncryptionSet
excludeFromLatest: false
name: East US
regionalReplicaCount: 2
storageAccountType: Standard_ZRS
resourceGroupName: myResourceGroup
safetyProfile:
allowDeletionOfReplicatedLocations: false
storageProfile:
source:
id: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/images/{imageName}
The targetRegions array includes an additionalReplicaSets property that defines extra replica sets with different storage account types. This allows a single region to offer both Standard_ZRS and PremiumV2_LRS replicas, letting users choose performance tiers at VM creation time.
Beyond these examples
These snippets focus on specific gallery image version features: source types (VMs, snapshots, VHDs, managed images), regional replication and encryption, shallow replication and Direct Drive replicas, and UEFI secure boot configuration. They’re intentionally minimal rather than full image distribution pipelines.
The examples rely on pre-existing infrastructure such as Azure Compute Gallery and image definitions, source VMs, snapshots, managed images, or VHDs, disk encryption sets for customer-managed keys, and storage accounts (for VHD sources). They focus on configuring the version rather than provisioning the surrounding infrastructure.
To keep things focused, common version patterns are omitted, including:
- Lifecycle management (excludeFromLatest, end-of-life dates)
- Safety profiles (allowDeletionOfReplicatedLocations, blockDeletionBeforeEndOfLife)
- Validation profiles and restore operations
- Extended location targeting
These omissions are intentional: the goal is to illustrate how each version feature is wired, not provide drop-in image distribution modules. See the GalleryImageVersion resource reference for all available configuration options.
Let's manage Azure Compute Gallery Image Versions
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Source Configuration
What source types can I use to create a gallery image version?
You can use multiple source types:
- VM - Set
storageProfile.source.virtualMachineId - Community gallery image - Set
storageProfile.source.communityGalleryImageId - Managed or shared image - Set
storageProfile.source.id - Snapshots or disks - Configure
storageProfile.osDiskImageandstorageProfile.dataDiskImageswithsource.id,hostCaching, andlun - VHD - Configure
osDiskImage/dataDiskImageswithsource.uriandsource.storageAccountId
Replication & Distribution
How do I replicate my image version to multiple regions?
Configure
publishingProfile.targetRegions with an array of regions. Each region specifies name, regionalReplicaCount, and optionally storageAccountType and encryption.What storage account types are available for replication?
Examples show
Standard_ZRS for zone-redundant storage and PreviumV2_LRS for Direct Drive replicas.How do I exclude a version from being marked as 'latest'?
Set
excludeFromLatest to true in the target region configuration within publishingProfile.targetRegions.Encryption
How do I encrypt my image version in different regions?
For each target region, set
encryption.osDiskImage.diskEncryptionSetId for the OS disk and encryption.dataDiskImages[].diskEncryptionSetId (with lun) for data disks.Advanced Features
What's shallow replication mode?
Set
publishingProfile.replicationMode to Shallow for faster replication compared to the default mode.What are Direct Drive replicas?
Additional replica sets configured via
targetRegion.additionalReplicaSets, supporting high-performance storage types like PreviumV2_LRS.How do I configure custom UEFI keys for secure boot?
Use
securityProfile.uefiSettings to specify additionalSignatures (db, dbx, kek) with x509 or sha256 types, and signatureTemplateNames like MicrosoftUefiCertificateAuthorityTemplate.Safety & Lifecycle
What does allowDeletionOfReplicatedLocations control?
When set to
false, it prevents deletion of replicated locations. All examples set this to false in safetyProfile for safety.